-
Notifications
You must be signed in to change notification settings - Fork 12
/
main.tf
142 lines (110 loc) · 5.6 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
null = {
source = "hashicorp/null"
version = "~> 3.1.0"
}
archive = {
source = "hashicorp/archive"
}
}
}
provider "aws" {
region = var.region
profile = var.aws_profile
ignore_tags {
key_prefixes = ["gsfc-ngap"]
}
}
locals {
tags = merge(var.tags, { Deployment = var.prefix })
elasticsearch_alarms = lookup(data.terraform_remote_state.data_persistence.outputs, "elasticsearch_alarms", [])
elasticsearch_domain_arn = lookup(data.terraform_remote_state.data_persistence.outputs, "elasticsearch_domain_arn", null)
elasticsearch_hostname = lookup(data.terraform_remote_state.data_persistence.outputs, "elasticsearch_hostname", null)
elasticsearch_security_group_id = lookup(data.terraform_remote_state.data_persistence.outputs, "elasticsearch_security_group_id", "")
protected_bucket_names = [for k, v in var.buckets : v.name if v.type == "protected"]
public_bucket_names = [for k, v in var.buckets : v.name if v.type == "public"]
rds_security_group = lookup(data.terraform_remote_state.data_persistence.outputs, "rds_security_group", "")
rds_credentials_secret_arn = lookup(data.terraform_remote_state.data_persistence.outputs, "rds_user_access_secret_arn", "")
ecs_cluster_instance_image_id = var.ecs_cluster_instance_image_id != null ? var.ecs_cluster_instance_image_id : (var.deploy_to_ngap ? data.aws_ssm_parameter.ngap_ecs_image_id[0].value : jsondecode(data.aws_ssm_parameter.aws_ecs_image_id[0].value).image_id)
}
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
data "terraform_remote_state" "data_persistence" {
backend = "s3"
config = var.data_persistence_remote_state_config
workspace = terraform.workspace
}
module "cumulus" {
source = "https://github.com/nasa/cumulus/releases/download/v18.4.0/terraform-aws-cumulus.zip//tf-modules/cumulus"
cumulus_message_adapter_lambda_layer_version_arn = aws_lambda_layer_version.cma_layer.arn
prefix = var.prefix
deploy_to_ngap = var.deploy_to_ngap
vpc_id = var.vpc_id
lambda_subnet_ids = var.lambda_subnet_ids
ecs_cluster_instance_image_id = local.ecs_cluster_instance_image_id
ecs_cluster_instance_subnet_ids = length(var.ecs_cluster_instance_subnet_ids) == 0 ? var.lambda_subnet_ids : var.ecs_cluster_instance_subnet_ids
ecs_cluster_min_size = 1
ecs_cluster_desired_size = 1
ecs_cluster_max_size = 2
key_name = var.key_name
rds_security_group = local.rds_security_group
rds_user_access_secret_arn = local.rds_credentials_secret_arn
urs_url = var.urs_url
urs_client_id = var.urs_client_id
urs_client_password = var.urs_client_password
metrics_es_host = var.metrics_es_host
metrics_es_password = var.metrics_es_password
metrics_es_username = var.metrics_es_username
cmr_client_id = var.cmr_client_id
cmr_environment = var.cmr_environment
cmr_username = var.cmr_username
cmr_password = var.cmr_password
cmr_provider = var.cmr_provider
cmr_oauth_provider = var.cmr_oauth_provider
launchpad_api = var.launchpad_api
launchpad_certificate = var.launchpad_certificate
launchpad_passphrase = var.launchpad_passphrase
oauth_provider = var.oauth_provider
oauth_user_group = var.oauth_user_group
saml_entity_id = var.saml_entity_id
saml_assertion_consumer_service = var.saml_assertion_consumer_service
saml_idp_login = var.saml_idp_login
saml_launchpad_metadata_url = var.saml_launchpad_metadata_url
permissions_boundary_arn = var.permissions_boundary_arn
system_bucket = var.system_bucket
buckets = var.buckets
elasticsearch_alarms = local.elasticsearch_alarms
elasticsearch_domain_arn = local.elasticsearch_domain_arn
elasticsearch_hostname = local.elasticsearch_hostname
elasticsearch_security_group_id = local.elasticsearch_security_group_id
dynamo_tables = data.terraform_remote_state.data_persistence.outputs.dynamo_tables
# optional
# default_log_retention_days = var.default_log_retention_days
# cloudwatch_log_retention_periods = var.cloudwatch_log_retention_periods
# Archive API settings
token_secret = random_string.token_secret.result
archive_api_users = var.api_users
archive_api_port = var.archive_api_port
private_archive_api_gateway = var.private_archive_api_gateway
api_gateway_stage = var.api_gateway_stage
# Thin Egress App settings
# Remove if using Cumulus Distribution
# must match stage_name variable for thin-egress-app module
tea_api_gateway_stage = local.tea_stage_name
tea_rest_api_id = module.thin_egress_app.rest_api.id
tea_rest_api_root_resource_id = module.thin_egress_app.rest_api.root_resource_id
tea_internal_api_endpoint = module.thin_egress_app.internal_api_endpoint
tea_external_api_endpoint = module.thin_egress_app.api_endpoint
# Cumulus Distribution settings. Uncomment the following line and remove/comment the above variables if using the Cumulus Distribution API instead of TEA.
# tea_external_api_endpoint = var.cumulus_distribution_url
log_destination_arn = var.log_destination_arn
additional_log_groups_to_elk = var.additional_log_groups_to_elk
deploy_cumulus_distribution = var.deploy_cumulus_distribution
deploy_distribution_s3_credentials_endpoint = var.deploy_distribution_s3_credentials_endpoint
tags = local.tags
}