diff --git a/secrets.tf b/secrets.tf index 48be954..6c25d33 100644 --- a/secrets.tf +++ b/secrets.tf @@ -6,9 +6,10 @@ resource "aws_secretsmanager_secret_version" "mqtt" { secret_id = aws_secretsmanager_secret.mqtt.id secret_string = jsonencode( { - HOST = join(",", local.websocket_host_addresses) - PASSWORD = random_password.mqtt.result - USERNAME = "write" + HOST = join(",", local.websocket_host_addresses) + HOST_MOS_FORMAT = join(" ", [for x in local.websocket_host_addresses : "${x}:1883"]) + PASSWORD = random_password.mqtt.result + USERNAME = "write" } ) } diff --git a/websockets.tf b/websockets.tf index b95445b..5e72135 100644 --- a/websockets.tf +++ b/websockets.tf @@ -183,9 +183,9 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" { }, { command = [ - "cp", - "/config/mosquitto-reader.conf", - "/config/mosquitto.conf", + "sh", + "-c", + "apk add gettext; envsubst < /config/mosquitto-reader-template.conf > /config/mosquitto.conf", ] cpu = 0 dependsOn = [ @@ -214,6 +214,16 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" { name = "config-move" portMappings = [] volumesFrom = [] + secrets = [ + { + name = "PASSWORD" + valueFrom = "${aws_secretsmanager_secret.mqtt.arn}:PASSWORD::" + }, + { + name = "HOST_MOS_FORMAT" + valueFrom = "${aws_secretsmanager_secret.mqtt.arn}:HOST_MOS_FORMAT::" + } + ] }, ] ) @@ -232,6 +242,7 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" { volume { name = "config" } + } resource "aws_ecs_task_definition" "ws" { @@ -277,7 +288,7 @@ resource "aws_ecs_task_definition" "ws" { ] environment = [] essential = true - image = "eclipse-mosquitto:2-openssl" + image = "eclipse-mosquitto:2.0.15" # logConfiguration = { # logDriver = "awslogs" # options = { @@ -571,6 +582,26 @@ resource "aws_iam_role_policy" "efs" { EOF } +resource "aws_iam_role_policy" "secrets" { + name = "secrests" + role = aws_iam_role.ecs_execution.id + + policy = <