diff --git a/.github/workflows/sub-infra-apply.yml b/.github/workflows/sub-infra-apply.yml index 898ad05..555538b 100644 --- a/.github/workflows/sub-infra-apply.yml +++ b/.github/workflows/sub-infra-apply.yml @@ -79,6 +79,7 @@ jobs: id: configure-tfvars working-directory: ${{ vars.TF_DIRECTORY }} run: | + echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars diff --git a/.github/workflows/sub-infra-plan.yml b/.github/workflows/sub-infra-plan.yml index 3674acc..d5c3654 100644 --- a/.github/workflows/sub-infra-plan.yml +++ b/.github/workflows/sub-infra-plan.yml @@ -83,6 +83,7 @@ jobs: - name: Configure Terraform Variables working-directory: ${{ vars.TF_DIRECTORY }} run: | + echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars diff --git a/terraform/README.md b/terraform/README.md index c756d96..00a5fbb 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -26,7 +26,7 @@ Now you can apply the changes: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.12.0 | +| [aws](#provider\_aws) | 5.17.0 | | [random](#provider\_random) | 3.5.1 | | [terraform](#provider\_terraform) | n/a | ## Modules @@ -48,6 +48,7 @@ Now you can apply the changes: |------|-------------|------|---------|:--------:| | [betterstack\_cloudwatch\_webhook](#input\_betterstack\_cloudwatch\_webhook) | The BetterStack webhook to send CloudWatch alerts to |
string
|
n/a
| yes | | [betterstack\_prometheus\_webhook](#input\_betterstack\_prometheus\_webhook) | The BetterStack webhook to send Prometheus alerts to |
string
|
n/a
| yes | +| [geoip\_db\_key](#input\_geoip\_db\_key) | The name to the GeoIP database |
string
|
"GeoLite2-City.mmdb"
| no | | [grafana\_auth](#input\_grafana\_auth) | The API Token for the Grafana instance |
string
|
""
| no | | [image\_version](#input\_image\_version) | The version of the image to deploy |
string
|
n/a
| yes | | [keystore\_primary\_instance\_class](#input\_keystore\_primary\_instance\_class) | The instance class of the primary docdb instances |
string
|
n/a
| yes | @@ -56,6 +57,7 @@ Now you can apply the changes: | [keystore\_replica\_instance\_count](#input\_keystore\_replica\_instance\_count) | The number of replica docdb instances to deploy |
number
|
n/a
| yes | | [log\_level](#input\_log\_level) | Defines logging level for the application |
string
|
n/a
| yes | | [notification\_channels](#input\_notification\_channels) | The notification channels to send alerts to |
list(any)
|
[]
| no | +| [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block |
string
|
""
| no | ## Outputs No outputs. diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md index 8636cab..f353c9e 100644 --- a/terraform/ecs/README.md +++ b/terraform/ecs/README.md @@ -31,11 +31,14 @@ This module creates an ECS cluster and an autoscaling group of EC2 instances to | [allowed\_lb\_ingress\_cidr\_blocks](#input\_allowed\_lb\_ingress\_cidr\_blocks) | A list of CIDR blocks to allow ingress access to the load-balancer. |
string
|
n/a
| yes | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes and tags, which are merged. |
any
|
n/a
| yes | | [ecr\_repository\_url](#input\_ecr\_repository\_url) | The URL of the ECR repository where the app image is stored |
string
|
n/a
| yes | +| [geoip\_db\_bucket\_name](#input\_geoip\_db\_bucket\_name) | The name of the S3 bucket where the GeoIP database is stored |
string
|
n/a
| yes | +| [geoip\_db\_key](#input\_geoip\_db\_key) | The key of the GeoIP database in the S3 bucket |
string
|
n/a
| yes | | [image\_version](#input\_image\_version) | The version of the app image to deploy |
string
|
n/a
| yes | | [keystore\_addr](#input\_keystore\_addr) | The address of the MongoDB instance to use for the persistent keystore |
string
|
n/a
| yes | | [log\_level](#input\_log\_level) | Defines logging level for the application |
string
|
n/a
| yes | | [max\_capacity](#input\_max\_capacity) | Maximum number of instances in the autoscaling group |
number
|
8
| no | | [min\_capacity](#input\_min\_capacity) | Minimum number of instances in the autoscaling group |
number
|
2
| no | +| [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block |
string
|
n/a
| yes | | [port](#input\_port) | The port the app listens on |
number
|
n/a
| yes | | [private\_subnets](#input\_private\_subnets) | The IDs of the private subnets to deploy to |
list(string)
|
n/a
| yes | | [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint of the Prometheus server to use for monitoring |
string
|
n/a
| yes | diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf index c37e454..1f80d31 100644 --- a/terraform/ecs/cluster.tf +++ b/terraform/ecs/cluster.tf @@ -81,7 +81,7 @@ resource "aws_ecs_task_definition" "app_task" { { "name" = "GEOIP_DB_BUCKET", "value" = var.geoip_db_bucket_name }, { "name" = "GEOIP_DB_KEY", "value" = var.geoip_db_key }, - { "name" = "BLOCKED_COUNTRIES", "value" = "KP,IR,CU,SY" }, + { "name" = "BLOCKED_COUNTRIES", "value" = var.ofac_blocked_countries }, ], portMappings = [ diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf index 8c06c4e..c42c771 100644 --- a/terraform/ecs/variables.tf +++ b/terraform/ecs/variables.tf @@ -91,6 +91,11 @@ variable "log_level" { type = string } +variable "ofac_blocked_countries" { + description = "The list of countries to block" + type = string +} + #--------------------------------------- # Monitoring diff --git a/terraform/monitoring/README.md b/terraform/monitoring/README.md index 26dc7b6..9b707cc 100644 --- a/terraform/monitoring/README.md +++ b/terraform/monitoring/README.md @@ -38,9 +38,7 @@ Configure the Grafana dashboards for the application | [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint for the Prometheus server. |
string
|
n/a
| yes | ## Outputs -| Name | Description | -|------|-------------| -| [dashboard\_definition](#output\_dashboard\_definition) | The JSON definition of the dashboard. | +No outputs. diff --git a/terraform/res_application.tf b/terraform/res_application.tf index 286a767..8bf3656 100644 --- a/terraform/res_application.tf +++ b/terraform/res_application.tf @@ -27,9 +27,10 @@ module "ecs" { allowed_lb_ingress_cidr_blocks = module.vpc.vpc_cidr_block # Application - port = 8080 - keystore_addr = module.keystore.connection_url - log_level = var.log_level + port = 8080 + keystore_addr = module.keystore.connection_url + log_level = var.log_level + ofac_blocked_countries = var.ofac_blocked_countries # Monitoring prometheus_endpoint = aws_prometheus_workspace.prometheus.prometheus_endpoint diff --git a/terraform/variables.tf b/terraform/variables.tf index 968d8fb..9224ae4 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -31,6 +31,11 @@ variable "log_level" { type = string } +variable "ofac_blocked_countries" { + description = "The list of countries to block" + type = string + default = "" +} #------------------------------------------------------------------------------- # Keystore