ExternalVendorCode/sondehub-infra
1
0
Fork 0
mirror of https://github.com/projecthorus/sondehub-infra.git synced 2025-01-18 02:39:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Continue adding websockets to terraform

Browse Source
This commit is contained in:
Michaela 2021-10-26 11:45:51 +11:00
parent f261530d83
commit 630493cb6d
3 changed files with 192 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
predictor.tf
View File

@ -257,9 +257,9 @@ resource "aws_ecs_task_definition" "tawhiri" {
name = "srv"
efs_volume_configuration {
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
authorization_config {
iam = "DISABLED"
@ -320,9 +320,9 @@ resource "aws_ecs_task_definition" "tawhiri_downloader" {
name = "srv"
efs_volume_configuration {
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
authorization_config {
iam = "DISABLED"
@ -378,9 +378,9 @@ resource "aws_ecs_task_definition" "tawhiri_ruaumoko" {
name = "srv"
efs_volume_configuration {
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
file_system_id = aws_efs_file_system.tawhiri.id
root_directory = "srv"
transit_encryption = "DISABLED"
authorization_config {
iam = "DISABLED"

3
sonde-api-to-iot-core/lambda_function.py
View File

@ -331,10 +331,9 @@ def upload(event, context):
)
to_sns.append(payload)
# limit payloads to 3
if to_sns:
last = to_sns.pop()
to_sns = to_sns[::5]
to_sns = to_sns[::3]
to_sns.append(last)
post(to_sns)
return errors

185
websockets.tf
View File

@ -335,8 +335,187 @@ resource "aws_ecs_task_definition" "ws" {
}
}
# service, reader, writer
resource "aws_ecs_cluster" "ws" {
name = "ws"
capacity_providers = ["FARGATE", "FARGATE_SPOT"]
}
resource "aws_lb_target_group" "ws" {
name = "ws"
port = 8080
protocol = "HTTP"
vpc_id = aws_vpc.main.id
target_type = "ip"
health_check {
enabled = true
healthy_threshold = 5
interval = 30
matcher = "200"
path = "/health"
port = "traffic-port"
protocol = "HTTP"
timeout = 5
unhealthy_threshold = 2
}
}
resource "aws_lb_target_group" "ws_reader" {
name = "ws-reader"
port = 8061
protocol = "HTTP"
vpc_id = aws_vpc.main.id
target_type = "ip"
health_check {
enabled = true
healthy_threshold = 5
interval = 30
matcher = "200"
path = "/health"
port = "traffic-port"
protocol = "HTTP"
timeout = 5
unhealthy_threshold = 2
}
}
resource "aws_ecs_service" "ws_reader" {
name = "ws-reader"
cluster = aws_ecs_cluster.ws.id
task_definition = aws_ecs_task_definition.ws_reader.arn
enable_ecs_managed_tags = true
health_check_grace_period_seconds = 60
iam_role = "aws-service-role"
launch_type = "FARGATE"
platform_version = "LATEST"
desired_count = 1
load_balancer {
container_name = "mqtt"
container_port = 8080
target_group_arn = aws_lb_target_group.ws_reader.arn
}
lifecycle {
ignore_changes = [desired_count]
}
network_configuration {
assign_public_ip = true
security_groups = [
aws_security_group.ws_reader.id
]
subnets = values(aws_subnet.public)[*].id
}
}
resource "aws_ecs_service" "ws_writer" {
name = "ws-writer"
cluster = aws_ecs_cluster.ws.id
task_definition = aws_ecs_task_definition.ws.arn
enable_ecs_managed_tags = true
health_check_grace_period_seconds = 60
iam_role = "aws-service-role"
launch_type = "FARGATE"
platform_version = "LATEST"
desired_count = 1
load_balancer {
container_name = "mqtt"
container_port = 8080
target_group_arn = aws_lb_target_group.ws.arn
}
lifecycle {
ignore_changes = [desired_count]
}
network_configuration {
assign_public_ip = true
security_groups = [
aws_security_group.ws_writer.id
]
subnets = [aws_subnet.ws_main.id]
}
}
resource "aws_security_group" "ws_reader" {
ingress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = []
ipv6_cidr_blocks = []
description = ""
prefix_list_ids = []
self = true
security_groups = [aws_security_group.ws_writer.id, aws_security_group.lb.id]
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = ""
prefix_list_ids = []
self = false
security_groups = []
}
]
vpc_id = aws_vpc.main.id
lifecycle {
ignore_changes = [description, name]
}
}
resource "aws_security_group" "ws_writer" {
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = ""
prefix_list_ids = []
self = false
security_groups = []
}
]
vpc_id = aws_vpc.main.id
lifecycle {
ignore_changes = [description, name]
}
}
resource "aws_security_group_rule" "ws_writer_reader" {
security_group_id = aws_security_group.ws_writer.id
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
description = ""
source_security_group_id = aws_security_group.ws_reader.id
}
resource "aws_security_group_rule" "ws_writer_lb" {
security_group_id = aws_security_group.ws_writer.id
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
description = ""
source_security_group_id = aws_security_group.lb.id
}
# TODO
# s3 config bucket
# iam roles
# security group
# reader autoscaling
# reader autoscaling