From e8c88ca4c9c9211fd3e3e068d163e63fd40a161a Mon Sep 17 00:00:00 2001 From: James Green Date: Thu, 2 Jan 2025 13:02:26 +0000 Subject: [PATCH 1/2] added new environment vars for health checks --- ...s_manager.admin.tf => environment.admin.tf | 0 ...ets_manager.dhcp.tf => environment.dhcp.tf | 0 secrets_manager.dns.tf => environment.dns.tf | 7 +++++ locals.tf | 5 ++++ modules/dns/ecs_task_definition.tf | 27 +++++++------------ modules/dns/load_balancer.tf | 4 ++- modules/dns/variables.tf | 4 +++ service_dns.tf | 1 + 8 files changed, 29 insertions(+), 19 deletions(-) rename secrets_manager.admin.tf => environment.admin.tf (100%) rename secrets_manager.dhcp.tf => environment.dhcp.tf (100%) rename secrets_manager.dns.tf => environment.dns.tf (79%) diff --git a/secrets_manager.admin.tf b/environment.admin.tf similarity index 100% rename from secrets_manager.admin.tf rename to environment.admin.tf diff --git a/secrets_manager.dhcp.tf b/environment.dhcp.tf similarity index 100% rename from secrets_manager.dhcp.tf rename to environment.dhcp.tf diff --git a/secrets_manager.dns.tf b/environment.dns.tf similarity index 79% rename from secrets_manager.dns.tf rename to environment.dns.tf index fd061a59..695394d2 100644 --- a/secrets_manager.dns.tf +++ b/environment.dns.tf @@ -12,3 +12,10 @@ resource "aws_secretsmanager_secret_version" "staff_device_dns_sentry_dsn" { secret_id = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.id secret_string = "REPLACE_ME" } + +resource "aws_ssm_parameter" "dns_health_check_url" { + provider = aws.env + name = "DNS_HEALTH_CHECK_URL" + type = "String" + value = "gov.uk" +} diff --git a/locals.tf b/locals.tf index 1a94826e..feb1613f 100644 --- a/locals.tf +++ b/locals.tf @@ -37,6 +37,11 @@ locals { tags_dhcp_minus_name = { for k, v in module.dhcp_label.tags : k => v if !contains(["Name"], k) } tags_dns_minus_name = { for k, v in module.dns_label.tags : k => v if !contains(["Name"], k) } + + ssm_arns = { + DNS_HEALTH_CHECK_URL = aws_ssm_parameter.dns_health_check_url.arn + } + secret_manager_arns = { codebuild_dhcp_env_admin_db = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.arn codebuild_dhcp_env_db = aws_secretsmanager_secret.codebuild_dhcp_env_db.arn diff --git a/modules/dns/ecs_task_definition.tf b/modules/dns/ecs_task_definition.tf index 1fa83644..17c0e811 100644 --- a/modules/dns/ecs_task_definition.tf +++ b/modules/dns/ecs_task_definition.tf @@ -17,6 +17,11 @@ resource "aws_ecs_task_definition" "server_task" { "hostPort": 53, "containerPort": 53, "protocol": "udp" + }, + { + "hostPort": 80, + "protocol": "tcp", + "containerPort": 80 } ], "essential": true, @@ -35,6 +40,10 @@ resource "aws_ecs_task_definition" "server_task" { { "name": "SENTRY_DSN", "valueFrom": "${var.secret_arns["staff_device_dns_sentry_dsn"]}" + }, + { + "name": "DNS_HEALTH_CHECK_URL", + "valueFrom": "arn:aws:ssm:eu-west-2:068084030754:parameter/DNS_HEALTH_CHECK_URL" } ], "image": "${module.dns_dhcp_common.ecr.repository_url}", @@ -47,24 +56,6 @@ resource "aws_ecs_task_definition" "server_task" { } }, "expanded": true - }, { - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${module.dns_dhcp_common.cloudwatch.server_nginx_log_group_name}", - "awslogs-region": "eu-west-2", - "awslogs-stream-prefix": "eu-west-2-docker-logs" - } - }, - "portMappings": [ - { - "hostPort": 80, - "protocol": "tcp", - "containerPort": 80 - } - ], - "image": "${module.dns_dhcp_common.ecr.nginx_repository_url}", - "name": "NGINX" } ] EOF diff --git a/modules/dns/load_balancer.tf b/modules/dns/load_balancer.tf index 4b3ab510..6e15e296 100644 --- a/modules/dns/load_balancer.tf +++ b/modules/dns/load_balancer.tf @@ -39,8 +39,10 @@ resource "aws_lb_target_group" "target_group" { deregistration_delay = 300 health_check { + matcher = 200 port = 80 - protocol = "TCP" + protocol = "HTTP" + path = "/health" } tags = var.tags diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index 7381e0ba..edb8d04c 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -49,3 +49,7 @@ variable "shared_services_account_id" { variable "secret_arns" { type = map(any) } + +variable "ssm_arns" { + type = map(any) +} diff --git a/service_dns.tf b/service_dns.tf index 5ab66d1f..af4916b3 100644 --- a/service_dns.tf +++ b/service_dns.tf @@ -14,6 +14,7 @@ module "dns" { vpc_id = module.servers_vpc.vpc_id shared_services_account_id = local.shared_services_account_id secret_arns = local.secret_manager_arns + ssm_arns = local.ssm_arns depends_on = [ module.servers_vpc From d7cb96d7acf8908849a90d7a3496c0deba38b661 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:41:31 +0000 Subject: [PATCH 2/2] Commit changes made by code formatters --- environment.dns.tf | 6 +++--- locals.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/environment.dns.tf b/environment.dns.tf index 695394d2..a325821d 100644 --- a/environment.dns.tf +++ b/environment.dns.tf @@ -15,7 +15,7 @@ resource "aws_secretsmanager_secret_version" "staff_device_dns_sentry_dsn" { resource "aws_ssm_parameter" "dns_health_check_url" { provider = aws.env - name = "DNS_HEALTH_CHECK_URL" - type = "String" - value = "gov.uk" + name = "DNS_HEALTH_CHECK_URL" + type = "String" + value = "gov.uk" } diff --git a/locals.tf b/locals.tf index feb1613f..92dbfb32 100644 --- a/locals.tf +++ b/locals.tf @@ -39,7 +39,7 @@ locals { ssm_arns = { - DNS_HEALTH_CHECK_URL = aws_ssm_parameter.dns_health_check_url.arn + DNS_HEALTH_CHECK_URL = aws_ssm_parameter.dns_health_check_url.arn } secret_manager_arns = {