From 675b203ee0f1519829ba64150829455b37d2a072 Mon Sep 17 00:00:00 2001
From: Chandra Reddy <ch807460@CMC02WK1HQHTDF.local>
Date: Fri, 16 Aug 2024 15:58:12 -0400
Subject: [PATCH] update README and add apprunner folder

---
 .gitignore                      |  2 +
 README.md                       | 12 +++--
 apprunner/.terraform.lock.hcl   | 20 ++++++++
 apprunner/01_provider.tf        | 12 +++++
 apprunner/02_applicationlist.tf | 22 +++++++++
 apprunner/03_apprunner.tf       | 88 +++++++++++++++++++++++++++++++++
 6 files changed, 152 insertions(+), 4 deletions(-)
 create mode 100644 apprunner/.terraform.lock.hcl
 create mode 100644 apprunner/01_provider.tf
 create mode 100644 apprunner/02_applicationlist.tf
 create mode 100644 apprunner/03_apprunner.tf

diff --git a/.gitignore b/.gitignore
index fee674c..35b5a34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ terraform.tfvars
 terratest_logs/
 infrastructure/.terraform/*
 infrastructure/terraform.tfvars
+apprunner/.terraform/*
+apprunner/terraform.tfvars
diff --git a/README.md b/README.md
index 6bf4e51..269313d 100644
--- a/README.md
+++ b/README.md
@@ -3,19 +3,19 @@
 
 ## Instructions
 
-1. Ensure you are authenticated to your AWS account and have mysql installed on your command line
+1. Ensure you are authenticated to your AWS account and have MySQL and OpenTofu installed on your command line
 
 2. Clone the Repository
 
 3. Go to the infrastructure folder (`cd infrastructure`) 
 
-4. Download `terraform.tfvars` from SecretServer
+4. Download `terraform.tfvars` from SecretServer and place it in that folder
 
 5. Run `tofu init` and then `tofu apply`
 
 6. Check the configuration and confirm the infrastructure before typing 'yes'
 
-7. The process will fail with errors. If the errors are all related to AppRunner, then the process has succeeded.
+7. If the apply succeeded, everything except for the App Runner services and the containers in the ECR repository will have been created
 
 8. It is now necessary to push a container image to the ECR repository with the correct database url attached. To do so, change the `[ENV]_DATABASE_URL` secret in the app's Github Actions secret to a string of the form:
 
@@ -23,4 +23,8 @@
 
 Replace the URL in the middle with the proper endpoint of your database and replace "announcements" with your app name and "qa" with the environment name.
 
-9. Commit a change to the `stages/dev` branch of the app repository so Github Actions can send the container image to ECR where App Runner will pull it from. 
+9. Commit a change to the `stages/dev` branch of the app repository so Github Actions can send the container image to ECR where App Runner will pull it from.
+
+10. Go to the apprunner folder (`cd ../apprunner`)
+
+11. Run `tofu init` and then `tofu apply` to set up the App Runner services
diff --git a/apprunner/.terraform.lock.hcl b/apprunner/.terraform.lock.hcl
new file mode 100644
index 0000000..15f48e6
--- /dev/null
+++ b/apprunner/.terraform.lock.hcl
@@ -0,0 +1,20 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version     = "5.62.0"
+  constraints = "5.62.0"
+  hashes = [
+    "h1:7wg7/a/7B5UKRNpgl4f6xEK4O7A425ZC7xv5ynAOdno=",
+    "zh:2cb519ce7f3cbcb88b2e93dd3b3424ad85a347fc0e7429661945da5df8a20fda",
+    "zh:2fc7ed911cceaa1652d1f4090eaa91e8463aba86873910bccf16601260379886",
+    "zh:395b32d157adeb92571a0efd230c73bbee01744782a50356fb16e8946bd63ffb",
+    "zh:43303d36af40a568cd40bd54dc9e8430e18c4a4d78682b459dca8c755c717a0c",
+    "zh:65b2c6e955deeeffb9d9cd4ed97e8c532a453ba690d0e3d88c740f9036bccc4d",
+    "zh:a9d09dc9daf33b16894ed7d192ceb4c402261da58cded503a3ffa1dd2373e3fb",
+    "zh:c5e9f8bc4397c2075b6dc62458be51b93322517affd760c161633d56b0b9a334",
+    "zh:db0921c091402179edd549f8aa4f12dce18aab09d4302e800c67d6ec6ff88a86",
+    "zh:e7d13f9c0891446d03c29e4fcd60de633f71bbf1bc9786fca47a0ee356ac979a",
+    "zh:f128a725dbdbd31b9ed8ea478782152339c9fab4d635485763c8da2a477fe3f6",
+  ]
+}
diff --git a/apprunner/01_provider.tf b/apprunner/01_provider.tf
new file mode 100644
index 0000000..34edb1b
--- /dev/null
+++ b/apprunner/01_provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.62.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}
diff --git a/apprunner/02_applicationlist.tf b/apprunner/02_applicationlist.tf
new file mode 100644
index 0000000..1fe5c57
--- /dev/null
+++ b/apprunner/02_applicationlist.tf
@@ -0,0 +1,22 @@
+variable "applications" {
+  type    = list(string)
+  default = ["announcements"]
+}
+
+variable "environments" {
+  type    = list(string)
+  default = ["dev", "qa", "prod"]
+}
+
+locals {
+  app_env_combinations = [
+    for app in var.applications : [
+      for env in var.environments : {
+        app = app
+        env = env
+      }
+    ]
+  ]
+
+  app_env_list = flatten(local.app_env_combinations)
+}
diff --git a/apprunner/03_apprunner.tf b/apprunner/03_apprunner.tf
new file mode 100644
index 0000000..55e4a34
--- /dev/null
+++ b/apprunner/03_apprunner.tf
@@ -0,0 +1,88 @@
+resource "aws_apprunner_service" "app_services" {
+  for_each = { for combo in local.app_env_list : "${combo.app}-${combo.env}" => combo }
+
+  service_name = "${each.value.app}-${each.value.env}-service"
+
+  source_configuration {
+    image_repository {
+      image_configuration {
+        port = "8000"
+      }
+      image_identifier      = "654654512735.dkr.ecr.us-east-1.amazonaws.com/${each.value.app}-${each.value.env}:latest"
+      image_repository_type = "ECR"
+    }
+
+    authentication_configuration {
+      access_role_arn = aws_iam_role.apprunner_role.arn
+    }
+  }
+
+  instance_configuration {
+    cpu    = "1024"
+    memory = "2048"
+  }
+
+  auto_scaling_configuration_arn = aws_apprunner_auto_scaling_configuration_version.app_scaling.arn
+
+  tags = {
+    Environment = each.value.env
+    Application = each.value.app
+  }
+
+}
+
+resource "aws_iam_role" "apprunner_role" {
+  name = "apprunner-access-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "build.apprunner.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      },
+    ]
+  })
+}
+
+
+resource "aws_iam_policy" "ecr_access_policy" {
+  name = "apprunner-ecr-access-policy"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = "*"
+      },
+      {
+        Effect   = "Allow",
+        Action   = "ecr:GetAuthorizationToken",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "apprunner_ecr_policy_attach" {
+  role       = aws_iam_role.apprunner_role.name
+  policy_arn = aws_iam_policy.ecr_access_policy.arn
+}
+
+resource "aws_apprunner_auto_scaling_configuration_version" "app_scaling" {
+  auto_scaling_configuration_name = "app-scaling-config"
+
+  max_concurrency = 100
+  max_size        = 3
+  min_size        = 1
+}
+