Fix networking configuration

ooni · Apr 18, 2024 · f10966a · f10966a
1 parent 82606fa
commit f10966a
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 9 deletions.
diff --git a/tf/modules/ooniapi_service/main.tf b/tf/modules/ooniapi_service/main.tf
@@ -1,5 +1,10 @@
 locals {
   name = "ooniapi-service-${var.service_name}"
+  # We construct a stripped name that is without the "ooni" substring and all
+  # vocals are stripped.
+  stripped_name = replace(replace(var.service_name, "ooni", ""), "[aeiou]", "")
+  # Short prefix should be less than 5 characters
+  short_prefix = "oo${substr(var.service_name, 0, 3)}"
 }
 
 resource "aws_iam_role" "ooniapi_service_task" {
@@ -65,6 +70,7 @@ resource "aws_ecs_task_definition" "ooniapi_service" {
           containerPort = local.container_port,
         }
       ],
+
       environment = [
         for k, v in var.task_environment : {
           name  = k,
@@ -112,6 +118,10 @@ resource "aws_ecs_service" "ooniapi_service" {
     container_port   = "80"
   }
 
+  network_configuration {
+    subnets = var.subnet_ids
+  }
+
   depends_on = [
     aws_alb_listener.ooniapi_service_http,
   ]
@@ -123,20 +133,30 @@ resource "aws_ecs_service" "ooniapi_service" {
 
 # The direct target group is used for the direct domain name mapping
 resource "aws_alb_target_group" "ooniapi_service_direct" {
-  name     = "${local.name}-direct"
-  port     = 80
-  protocol = "HTTP"
-  vpc_id   = var.vpc_id
+  name_prefix = "${local.short_prefix}D"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 
   tags = var.tags
 }
 
 # The mapped target group is used for mapping it in the main API load balancer
 resource "aws_alb_target_group" "ooniapi_service_mapped" {
-  name     = "${local.name}-mapped"
-  port     = 80
-  protocol = "HTTP"
-  vpc_id   = var.vpc_id
+  name_prefix = "${local.short_prefix}M"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 
   tags = var.tags
 }

diff --git a/tf/modules/oonith_service/main.tf b/tf/modules/oonith_service/main.tf
@@ -1,5 +1,10 @@
 locals {
   name = "oonith-service-${var.service_name}"
+  # We construct a stripped name that is without the "ooni" substring and all
+  # vocals are stripped.
+  stripped_name = replace(replace(var.service_name, "ooni", ""), "[aeiou]", "")
+  # Short prefix should be less than 5 characters
+  short_prefix = "oo${substr(var.service_name, 0, 3)}"
 }
 
 resource "aws_iam_role" "oonith_service_task" {
@@ -108,6 +113,10 @@ resource "aws_ecs_service" "oonith_service" {
     container_port   = "80"
   }
 
+  network_configuration {
+    subnets = var.subnet_ids
+  }
+
   depends_on = [
     aws_alb_listener.oonith_service_http,
   ]
@@ -119,12 +128,16 @@ resource "aws_ecs_service" "oonith_service" {
 
 # The direct
 resource "aws_alb_target_group" "oonith_service_direct" {
-  name        = "${local.name}-direct"
+  name_prefix = "${local.short_prefix}D"
   port        = 80
   protocol    = "HTTP"
   vpc_id      = var.vpc_id
   target_type = "ip"
 
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = var.tags
 }