diff --git a/.github/workflows/sub-validate.yml b/.github/workflows/sub-validate.yml index c372bd3ea..e985312f1 100644 --- a/.github/workflows/sub-validate.yml +++ b/.github/workflows/sub-validate.yml @@ -98,15 +98,7 @@ jobs: - name: Yarn Install run: yarn install - # Temporary ignoring `Sessions tests` for staging until IRN peering for staging is ready - - name: Run Yarn Integration Tests (no IRN tests) - if: ${{ inputs.stage == 'staging' }} - run: yarn integration --testPathIgnorePatterns='sessions.test.ts' - env: - PROJECT_ID: ${{ secrets.PROJECT_ID }} - RPC_URL: ${{ inputs.stage-url }} - name: Yarn Integration Tests - if: ${{ inputs.stage == 'prod' }} run: yarn integration env: PROJECT_ID: ${{ secrets.PROJECT_ID }} diff --git a/terraform/region/output.tf b/terraform/region/output.tf new file mode 100644 index 000000000..3dbbf51df --- /dev/null +++ b/terraform/region/output.tf @@ -0,0 +1,19 @@ +output "database_url" { + description = "The URL used to connect to the cluster" + value = module.postgres[0].database_url +} + +output "database_vpc_id" { + description = "ID of the database VPC" + value = module.vpc.vpc_id +} + +output "database_vpc_cidr" { + description = "CIDR block of the database VPC" + value = module.vpc.intra_subnets_cidr_blocks +} + +output "database_client_vpc_peering_connection" { + description = "Peering connection of database client VPCs" + value = aws_vpc_peering_connection.database[0].id +} diff --git a/terraform/region/res_db.tf b/terraform/region/res_db.tf index 4facfbd60..0802dee44 100644 --- a/terraform/region/res_db.tf +++ b/terraform/region/res_db.tf @@ -9,6 +9,8 @@ module "db_context" { } module "postgres" { + count = var.database_url != null ? 1 : 0 + source = "./postgres" context = module.db_context attributes = ["postgres"] diff --git a/terraform/region/res_db_peering.tf b/terraform/region/res_db_peering.tf new file mode 100644 index 000000000..0055aaed1 --- /dev/null +++ b/terraform/region/res_db_peering.tf @@ -0,0 +1,37 @@ +resource "aws_vpc_peering_connection" "database" { + count = var.database_vpc_id != null && var.database_vpc_region != null ? 1 : 0 + + vpc_id = module.vpc.vpc_id + peer_vpc_id = var.database_vpc_id + peer_region = var.database_vpc_region + # peer_owner_id = var.database_aws_account_id +} + +resource "aws_route" "database" { + count = var.database_vpc_cidr != null ? length(module.vpc.private_route_table_ids) : 0 + + route_table_id = module.vpc.private_route_table_ids[count.index] + vpc_peering_connection_id = aws_vpc_peering_connection.irn.id + destination_cidr_block = var.database_vpc_cidr +} + +resource "aws_vpc_peering_connection_accepter" "database_client" { + for_each = var.database_client_vpc_peering_connections + + vpc_peering_connection_id = each.key + auto_accept = true +} + +resource "aws_route" "database_client" { + for_each = flatten( + [for route in module.vpc.private_route_table_ids : + [for id, cidr in var.database_client_vpc_peering_connections : { + route_table_id = route + vpc_peering_connection_id = id + destination_cidr_block = cidr + }]]) + + route_table_id = each.value.route_table_id + vpc_peering_connection_id = each.value.vpc_peering_connection_id + destination_cidr_block = each.value.destination_cidr_block +} diff --git a/terraform/region/res_ecs.tf b/terraform/region/res_ecs.tf index b9f346a30..9c68e7a77 100644 --- a/terraform/region/res_ecs.tf +++ b/terraform/region/res_ecs.tf @@ -63,7 +63,7 @@ module "ecs" { rate_limiting_cache_endpoint_read = module.redis.endpoint rate_limiting_cache_endpoint_write = module.redis.endpoint ofac_blocked_countries = var.ofac_blocked_countries - postgres_url = module.postgres.database_url + postgres_url = var.database_url != null ? var.database_url : module.postgres.database_url # Providers infura_project_id = var.infura_project_id diff --git a/terraform/region/res_network.tf b/terraform/region/res_network.tf index 3253bc7f6..0ef313735 100644 --- a/terraform/region/res_network.tf +++ b/terraform/region/res_network.tf @@ -1,5 +1,19 @@ locals { vpc_cidr = "10.0.0.0/16" + # https://www.notion.so/walletconnect/Private-IP-range-allocation-5fba8350d0a9453ca589dfa73affd508?pvs=4 + # vpc_cidr = ( + # module.this.stage == "prod" ? { + # "eu-central-1" = "10.0.0.0/16" # "10.7.0.0/16" + # "us-east-1" = "10.8.0.0/16" + # "ap-southeast-1" = "10.9.0.0/16" + # } + # : { + # "eu-central-1" = "10.10.0.0/16" + # "us-east-1" = "10.11.0.0/16" + # "ap-southeast-1" = "10.12.0.0/16" + # } + # )[module.this.region] + vpc_azs = slice(data.aws_availability_zones.available.names, 0, 3) vpc_flow_s3_bucket_name = substr("vpc-flow-logs-${module.this.id}-${random_pet.this.id}", 0, 63) } diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index b0738647e..9d13c9a09 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -236,3 +236,34 @@ variable "irn_namespace_secret" { type = string } +# Postgres VPC peering + +variable "database_url" { + description = "The URL used to connect to the cluster" + type = string + default = null +} + +variable "database_vpc_id" { + description = "ID of the database VPC" + type = string + default = null +} + +variable "database_vpc_cidr" { + description = "CIDR block of the database VPC" + type = string + default = null +} + +variable "database_vpc_region" { + description = "Region of the database VPC" + type = string + default = null +} + +variable "database_client_vpc_peering_connections" { + description = "Peering connections of database client VPCs" + type = map(string) + default = {} +}