update README and add apprunner folder

UCF · Aug 16, 2024 · 675b203 · 675b203
1 parent d1ac37a
commit 675b203
Show file tree

Hide file tree

Showing 6 changed files with 152 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,5 @@ terraform.tfvars
 terratest_logs/
 infrastructure/.terraform/*
 infrastructure/terraform.tfvars
+apprunner/.terraform/*
+apprunner/terraform.tfvars
diff --git a/README.md b/README.md
@@ -3,24 +3,28 @@
 
 ## Instructions
 
-1. Ensure you are authenticated to your AWS account and have mysql installed on your command line
+1. Ensure you are authenticated to your AWS account and have MySQL and OpenTofu installed on your command line
 
 2. Clone the Repository
 
 3. Go to the infrastructure folder (`cd infrastructure`) 
 
-4. Download `terraform.tfvars` from SecretServer
+4. Download `terraform.tfvars` from SecretServer and place it in that folder
 
 5. Run `tofu init` and then `tofu apply`
 
 6. Check the configuration and confirm the infrastructure before typing 'yes'
 
-7. The process will fail with errors. If the errors are all related to AppRunner, then the process has succeeded.
+7. If the apply succeeded, everything except for the App Runner services and the containers in the ECR repository will have been created
 
 8. It is now necessary to push a container image to the ECR repository with the correct database url attached. To do so, change the `[ENV]_DATABASE_URL` secret in the app's Github Actions secret to a string of the form:
 
 `mysql://admin:password@shared-rds-instance.c9o06ok6uz10.us-east-1.rds.amazonaws.com:3306/announcements_qa`
 
 Replace the URL in the middle with the proper endpoint of your database and replace "announcements" with your app name and "qa" with the environment name.
 
-9. Commit a change to the `stages/dev` branch of the app repository so Github Actions can send the container image to ECR where App Runner will pull it from. 
+9. Commit a change to the `stages/dev` branch of the app repository so Github Actions can send the container image to ECR where App Runner will pull it from.
+
+10. Go to the apprunner folder (`cd ../apprunner`)
+
+11. Run `tofu init` and then `tofu apply` to set up the App Runner services
diff --git a/apprunner/.terraform.lock.hcl b/apprunner/.terraform.lock.hcl
diff --git a/apprunner/01_provider.tf b/apprunner/01_provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.62.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}
diff --git a/apprunner/02_applicationlist.tf b/apprunner/02_applicationlist.tf
@@ -0,0 +1,22 @@
+variable "applications" {
+  type    = list(string)
+  default = ["announcements"]
+}
+
+variable "environments" {
+  type    = list(string)
+  default = ["dev", "qa", "prod"]
+}
+
+locals {
+  app_env_combinations = [
+    for app in var.applications : [
+      for env in var.environments : {
+        app = app
+        env = env
+      }
+    ]
+  ]
+
+  app_env_list = flatten(local.app_env_combinations)
+}
diff --git a/apprunner/03_apprunner.tf b/apprunner/03_apprunner.tf
@@ -0,0 +1,88 @@
+resource "aws_apprunner_service" "app_services" {
+  for_each = { for combo in local.app_env_list : "${combo.app}-${combo.env}" => combo }
+
+  service_name = "${each.value.app}-${each.value.env}-service"
+
+  source_configuration {
+    image_repository {
+      image_configuration {
+        port = "8000"
+      }
+      image_identifier      = "654654512735.dkr.ecr.us-east-1.amazonaws.com/${each.value.app}-${each.value.env}:latest"
+      image_repository_type = "ECR"
+    }
+
+    authentication_configuration {
+      access_role_arn = aws_iam_role.apprunner_role.arn
+    }
+  }
+
+  instance_configuration {
+    cpu    = "1024"
+    memory = "2048"
+  }
+
+  auto_scaling_configuration_arn = aws_apprunner_auto_scaling_configuration_version.app_scaling.arn
+
+  tags = {
+    Environment = each.value.env
+    Application = each.value.app
+  }
+
+}
+
+resource "aws_iam_role" "apprunner_role" {
+  name = "apprunner-access-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "build.apprunner.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      },
+    ]
+  })
+}
+
+
+resource "aws_iam_policy" "ecr_access_policy" {
+  name = "apprunner-ecr-access-policy"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = "*"
+      },
+      {
+        Effect   = "Allow",
+        Action   = "ecr:GetAuthorizationToken",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "apprunner_ecr_policy_attach" {
+  role       = aws_iam_role.apprunner_role.name
+  policy_arn = aws_iam_policy.ecr_access_policy.arn
+}
+
+resource "aws_apprunner_auto_scaling_configuration_version" "app_scaling" {
+  auto_scaling_configuration_name = "app-scaling-config"
+
+  max_concurrency = 100
+  max_size        = 3
+  min_size        = 1
+}
+