feat: add infra for indexer

.github/workflows/deployment-indexer.yml

@@ -0,0 +1,82 @@
+name: deployment-indexer
+run-name: ${{ github.workflow }} (${{ inputs.branch }})
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Environment to deploy'
+        options: 
+        - dev
+        # - prod
+      branch:
+        description: 'Branch name to deploy'
+        required: true
+        default: 'dev'
+
+env:
+  ENVIRONMENT: ${{ github.event.inputs.environment }}
+  AWS_REGION: ap-southeast-1
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Print branch name
+        run: echo "Checked out branch ${{ github.event.inputs.branch }}"
+
+      - name: Specify Deployment Role
+        run: |
+          echo "AWS_ROLE_ARN=${{ secrets.AWS_ROLE_ARN_PLAT }}" >> $GITHUB_ENV
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ env.AWS_ROLE_ARN }}
+          role-session-name: GitHubActionsWorkflow
+          role-duration-seconds: 900
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Set Environments
+        run: |
+          REPOSITORY_NAME="plat-fellowship-${{ env.ENVIRONMENT }}-indexer"
+          echo "REPOSITORY_NAME=${REPOSITORY_NAME}" >> $GITHUB_ENV
+          echo "ECR_REPOSITORY=${{ steps.login-ecr.outputs.registry }}/${REPOSITORY_NAME}" >> $GITHUB_ENV
+          echo "ECS_TASK_SERVICE_NAME=plat-fellowship-${{ env.ENVIRONMENT }}-indexer" >> $GITHUB_ENV
+          echo "ECS_CLUSTER_NAME=plat-fellowship-${{ env.ENVIRONMENT }}-indexer" >> $GITHUB_ENV
+
+      - name: Build Docker image
+        run: |
+          cd indexer && docker build -t ${{ env.ECR_REPOSITORY }}:${{ github.sha }} . -f Dockerfile
+
+      - name: Tag image, and push image to ECR Repository
+        run: |
+          aws ecr put-image-tag-mutability --repository-name ${{ env.REPOSITORY_NAME }} --image-tag-mutability MUTABLE
+          docker tag ${{ env.ECR_REPOSITORY }}:${{ github.sha }} ${{ env.ECR_REPOSITORY }}:latest
+          docker push -a ${{ env.ECR_REPOSITORY }}
+          aws ecr put-image-tag-mutability --repository-name ${{ env.REPOSITORY_NAME }} --image-tag-mutability IMMUTABLE
+
+      - name: Update Amazon ECS Service
+        run: |
+          aws ecs update-service --service ${{ env.ECS_TASK_SERVICE_NAME }} --cluster ${{ env.ECS_CLUSTER_NAME }} --force-new-deployment
+

infra/environments/dev/module_indexer.tf

@@ -0,0 +1,34 @@
+module "indexer_secret_manager" {
+  source           = "../../modules/secret_manager/indexer"
+  environment_name = var.environment_name
+}
+
+module "indexer_ecr" {
+  source           = "../../modules/ecr/indexer"
+  environment_name = var.environment_name
+}
+
+module "indexer_iam" {
+  source           = "../../modules/iam/indexer"
+  environment_name = var.environment_name
+}
+
+module "indexer_network" {
+  source           = "../../modules/network/indexer"
+  environment_name = var.environment_name
+  vpc_id           = var.vpc_id
+  vpc_cidr_block   = module.network.vpc_cidr_block
+}
+
+module "indexer_ecs" {
+  source = "../../modules/ecs/indexer"
+
+  environment_name                = var.environment_name
+  logs_region                     = var.region
+  secret_arn                      = module.indexer_secret_manager.secret_arn
+  ecr_uri                         = module.indexer_ecr.ecr_uri
+  ecs_task_execution_role_arn     = module.indexer_iam.ecs_task_execution_role_arn
+  ecs_task_container_role_arn     = module.indexer_iam.ecs_task_container_role_arn
+  security_group_ecs_task_service = module.indexer_network.ecs_sg_id
+  public_subnet_id                = var.public_subnet_a_id
+}

infra/environments/dev/module_nillion.tf

@@ -1,27 +1,27 @@
-module "nillion_ecr" {
-  source           = "../../modules/ecr/nillion"
-  environment_name = var.environment_name
-}
+# module "nillion_ecr" {
+#   source           = "../../modules/ecr/nillion"
+#   environment_name = var.environment_name
+# }
 
-module "nillion_iam" {
-  source           = "../../modules/iam/nillion"
-  environment_name = var.environment_name
-}
+# module "nillion_iam" {
+#   source           = "../../modules/iam/nillion"
+#   environment_name = var.environment_name
+# }
 
-module "nillion_network" {
-  source           = "../../modules/network/nillion"
-  environment_name = var.environment_name
-  vpc_id           = var.vpc_id
-  vpc_cidr_block   = module.network.vpc_cidr_block
-}
+# module "nillion_network" {
+#   source           = "../../modules/network/nillion"
+#   environment_name = var.environment_name
+#   vpc_id           = var.vpc_id
+#   vpc_cidr_block   = module.network.vpc_cidr_block
+# }
 
-module "nillion_ecs" {
-  source                          = "../../modules/ecs/nillion"
-  environment_name                = var.environment_name
-  logs_region                     = var.region
-  ecr_uri                         = module.nillion_ecr.ecr_uri
-  ecs_task_execution_role_arn     = module.nillion_iam.ecs_task_execution_role_arn
-  ecs_task_container_role_arn     = module.nillion_iam.ecs_task_container_role_arn
-  security_group_ecs_task_service = module.nillion_network.ecs_sg_id
-  public_subnet_id                = var.public_subnet_a_id
-}
+# module "nillion_ecs" {
+#   source                          = "../../modules/ecs/nillion"
+#   environment_name                = var.environment_name
+#   logs_region                     = var.region
+#   ecr_uri                         = module.nillion_ecr.ecr_uri
+#   ecs_task_execution_role_arn     = module.nillion_iam.ecs_task_execution_role_arn
+#   ecs_task_container_role_arn     = module.nillion_iam.ecs_task_container_role_arn
+#   security_group_ecs_task_service = module.nillion_network.ecs_sg_id
+#   public_subnet_id                = var.public_subnet_a_id
+# }

infra/modules/ecs/indexer/cluster.tf

@@ -0,0 +1,8 @@
+resource "aws_ecs_cluster" "cluster" {
+  name = "plat-fellowship-${var.environment_name}-indexer"
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+}

infra/modules/ecs/indexer/service.tf

@@ -0,0 +1,14 @@
+# service for repo api
+resource "aws_ecs_service" "service" {
+  name            = "plat-fellowship-${var.environment_name}-indexer"
+  cluster         = aws_ecs_cluster.cluster.id
+  task_definition = aws_ecs_task_definition.core.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = [var.public_subnet_id]
+    security_groups  = [var.security_group_ecs_task_service]
+    assign_public_ip = true
+  }
+}

infra/modules/ecs/indexer/task_definition.tf

@@ -0,0 +1,95 @@
+# task definition for repo api
+resource "aws_ecs_task_definition" "core" {
+  family                   = aws_ecs_cluster.cluster.name
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  cpu                      = 256
+  memory                   = 512
+  container_definitions = jsonencode([
+    {
+      name         = "plat-fellowship-${var.environment_name}-indexer"
+      image        = "${var.ecr_uri}:latest"
+      links        = []
+      portMappings = []
+      essential    = true
+      entryPoint   = []
+      command      = []
+      environment = [
+        {
+          "name" : "RPC_URL",
+          "value" : "https://api.devnet.solana.com"
+        },
+        {
+          "name" : "BACKEND_URL",
+          "value" : "http://172.31.21.6"
+        }
+      ]
+      environmentFiles = []
+      mountPoints      = []
+      volumesFrom      = []
+      secrets = [
+        {
+          name      = "REDIS_HOST",
+          valueFrom = "${var.secret_arn}:redisHost::"
+        },
+        {
+          name      = "REDIS_PORT",
+          valueFrom = "${var.secret_arn}:redisPort::"
+        },
+        {
+          name      = "REDIS_DB",
+          valueFrom = "${var.secret_arn}:redisDb::"
+        },
+        {
+          name      = "REDIS_PASSWORD",
+          valueFrom = "${var.secret_arn}:redisPassword::"
+        }
+      ]
+      dnsServers            = []
+      dnsSearchDomains      = []
+      extraHosts            = []
+      dockerSecurityOptions = []
+      dockerLabels          = {}
+      ulimits               = []
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          awslogs-group         = "/aws/ecs/${aws_ecs_cluster.cluster.name}"
+          awslogs-create-group  = "true"
+          awslogs-region        = var.logs_region
+          awslogs-stream-prefix = "core"
+        },
+        secretOptions = []
+      }
+      systemControls  = []
+      credentialSpecs = []
+      # healthCheck = {
+      #   retries = 3
+      #   command = [
+      #     "CMD-SHELL",
+      #     "curl -f http://localhost/_health || exit 1"
+      #   ],
+      #   timeout     = 5
+      #   interval    = 60
+      #   startPeriod = null
+      # }
+    }
+  ])
+  # The task execution role grants the Amazon ECS container and Fargate agents permission to make AWS API calls on your behalf.
+  execution_role_arn = var.ecs_task_execution_role_arn
+  # This role allows your application code (on the container) to use other AWS services
+  task_role_arn = var.ecs_task_container_role_arn
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
+  }
+  ephemeral_storage {
+    size_in_gib = 21
+  }
+  tags = {
+    Environment = var.environment_name
+    SystemName  = "plat"
+    ProductName = "plat-fellowship"
+    Service     = "indexer"
+  }
+}

infra/modules/ecs/indexer/variables.tf

@@ -0,0 +1,43 @@
+# env
+variable "environment_name" {
+  type        = string
+  description = "This is environment name [prod | stag | dev]"
+}
+
+# region
+variable "logs_region" {
+  type        = string
+  description = "Region where CloudWatch Logs resides"
+}
+
+# secret
+variable "secret_arn" {
+  type        = string
+  description = "ARN for getting value by key in secret manager"
+}
+
+# erc
+variable "ecr_uri" {
+  type        = string
+  description = "ECR uri for image in ECS task definition"
+}
+
+# iam
+variable "ecs_task_execution_role_arn" {
+  type        = string
+  description = "ecs task execution role arn"
+}
+variable "ecs_task_container_role_arn" {
+  type        = string
+  description = "ecs task container role arn"
+}
+
+# network
+variable "security_group_ecs_task_service" {
+  type        = string
+  description = "ecs task container role arn"
+}
+variable "public_subnet_id" {
+  type        = string
+  description = "ecs task container role arn"
+}

infra/modules/iam/indexer/main.tf

@@ -0,0 +1,12 @@
+
+# AssumeRole for ECS
+data "aws_iam_policy_document" "ecs_instance_assume_role_policy" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}

infra/modules/iam/indexer/output.tf

@@ -0,0 +1,7 @@
+output "ecs_task_execution_role_arn" {
+  value = aws_iam_role.ecs_task_execution_role.arn
+}
+
+output "ecs_task_container_role_arn" {
+  value = aws_iam_role.ecs_task_container_role.arn
+}