Prod terraform definitions (#125)

Create prod terraform definitions
Deploy to prod
redirect ALB requests to CMS strategy page

Co-authored-by: Blaine Price <william.price@cms.hhs.gov>

Author: wbprice

infrastructure/envs/prod/main.tf

@@ -0,0 +1,132 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 6.0"
+    }
+  }
+
+  backend "s3" {
+    bucket       = "npd-east-prod-terraform"
+    key          = "terraform.prod.tfstate"
+    region       = "us-east-1"
+    use_lockfile = true
+  }
+}
+
+provider "aws" {
+  region = var.region
+}
+
+locals {
+  account_name = "npd-east-${var.tier}"
+}
+
+data "aws_vpc" "default" {
+  filter {
+    name   = "tag:Name"
+    values = [local.account_name]
+  }
+}
+
+module "networking" {
+  source = "../../modules/networking"
+
+  vpc_id       = data.aws_vpc.default.id
+  account_name = local.account_name
+}
+
+# Application Database
+module "api-db" {
+  source  = "terraform-aws-modules/rds/aws"
+  version = "6.12.0"
+
+  identifier              = "${local.account_name}-fhir-api-db"
+  engine                  = "postgres"
+  engine_version          = "17"
+  family                  = "postgres17"
+  instance_class          = "db.t3.micro"
+  allocated_storage       = 20
+  publicly_accessible     = false
+  username                = "npd"
+  db_name                 = "npd"
+  vpc_security_group_ids  = [module.networking.db_security_group_id]
+  db_subnet_group_name    = module.networking.db_subnet_group_name
+  backup_retention_period = 7             # Remove automated snapshots after 7 days
+  backup_window           = "03:00-04:00" # 11PM EST
+}
+
+# ETL Database
+module "etl-db" {
+  source  = "terraform-aws-modules/rds/aws"
+  version = "6.12.0"
+
+  identifier              = "${local.account_name}-etl-db"
+  engine                  = "postgres"
+  engine_version          = "17"
+  family                  = "postgres17"
+  instance_class          = "db.t3.micro"
+  allocated_storage       = 100
+  publicly_accessible     = false
+  username                = "npd_etl"
+  vpc_security_group_ids  = [module.networking.db_security_group_id]
+  db_subnet_group_name    = module.networking.db_subnet_group_name
+  backup_retention_period = 7             # Remove automated snapshots after 7 days
+  backup_window           = "03:00-04:00" # 11PM EST
+}
+
+# ECS Cluster
+module "ecs" {
+  source  = "terraform-aws-modules/ecs/aws"
+  version = "6.6.2"
+
+  cluster_name = "${local.account_name}-ecs-cluster"
+  default_capacity_provider_strategy = {
+    FARGATE = {
+      weight = 50
+      base   = 20
+    }
+    FARGATE_SPOT = {
+      weight = 50
+    }
+  }
+}
+
+# FHIR API Module
+module "fhir-api" {
+  source = "../../modules/fhir-api"
+
+  account_name              = local.account_name
+  fhir_api_migration_image  = var.migration_image
+  fhir_api_image            = var.fhir_api_image
+  redirect_to_strategy_page = var.redirect_to_strategy_page
+  ecs_cluster_id            = module.ecs.cluster_id
+  db = {
+    db_instance_master_user_secret_arn = module.api-db.db_instance_master_user_secret_arn
+    db_instance_address                = module.api-db.db_instance_address
+    db_instance_port                   = module.api-db.db_instance_port
+    db_instance_name                   = module.api-db.db_instance_name
+  }
+  networking = {
+    db_subnet_ids         = module.networking.db_subnet_ids
+    public_subnet_ids     = module.networking.public_subnet_ids
+    alb_security_group_id = module.networking.alb_security_group_id
+    api_security_group_id = module.networking.api_security_group_id
+    vpc_id                = module.networking.vpc_id
+  }
+}
+
+# ETL Module
+module "etl" {
+  source = "../../modules/etl"
+
+  account_name = local.account_name
+}
+
+# Frontend Module
+module "frontend" {
+  source       = "../../modules/frontend"
+  account_name = local.account_name
+}

infrastructure/envs/prod/outputs.tf

@@ -0,0 +1,11 @@
+output "api_alb_dns_name" {
+  value = module.fhir-api.api_alb_dns_name
+}
+
+output "api_db_instance_endpoint" {
+  value = module.api-db.db_instance_endpoint
+}
+
+output "etl_db_instance_endpoint" {
+  value = module.etl-db.db_instance_endpoint
+}

infrastructure/envs/prod/terraform.tfvars

@@ -0,0 +1,11 @@
+variable "region" {
+  default = "us-east-1"
+}
+
+variable "tier" {
+  default = "prod"
+}
+
+variable "migration_image" { default = "596240962403.dkr.ecr.us-east-1.amazonaws.com/npd-east-prod-fhir-api-migrations:latest" }
+variable "fhir_api_image" { default = "596240962403.dkr.ecr.us-east-1.amazonaws.com/npd-east-prod-fhir-api:latest" }
+variable "redirect_to_strategy_page" { default = true }

infrastructure/envs/prod/variables.tf

@@ -235,6 +235,7 @@ resource "aws_ecs_task_definition" "app" {
 
 # API ECS Service
 resource "aws_ecs_service" "app" {
+  count = var.redirect_to_strategy_page == true ? 0 : 1
   name            = "${var.account_name}-fhir-api-service"
   cluster         = var.ecs_cluster_id
   task_definition = aws_ecs_task_definition.app.arn
@@ -248,7 +249,7 @@ resource "aws_ecs_service" "app" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.fhir_api_tg.arn
+    target_group_arn = aws_lb_target_group.fhir_api_tg[0].arn
     container_name   = "${var.account_name}-fhir-api"
     container_port   = var.fhir_api_port
   }
@@ -264,6 +265,7 @@ resource "aws_lb" "fhir_api_alb" {
 }
 
 resource "aws_lb_target_group" "fhir_api_tg" {
+  count = var.redirect_to_strategy_page ? 0 : 1
   name        = "${var.account_name}-fhir-api-tg"
   port        = var.fhir_api_port
   protocol    = "HTTP"
@@ -281,13 +283,30 @@ resource "aws_lb_target_group" "fhir_api_tg" {
   }
 }
 
-resource "aws_lb_listener" "http" {
+resource "aws_lb_listener" "forward_to_task_group" {
+  count = var.redirect_to_strategy_page ? 0 : 1
   load_balancer_arn = aws_lb.fhir_api_alb.arn
   port              = 80
   protocol          = "HTTP"
 
   default_action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.fhir_api_tg.arn
+    target_group_arn = aws_lb_target_group.fhir_api_tg[1].arn
+  }
+}
+
+resource "aws_lb_listener" "forward_to_strategy_page" {
+  count = var.redirect_to_strategy_page ? 1 : 0
+  load_balancer_arn = aws_lb.fhir_api_alb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "redirect"
+    redirect {
+      status_code = "HTTP_302"
+      host = "www.cms.gov"
+      path = "/priorities/health-technology-ecosystem/overview"
+    }
   }
 }

infrastructure/modules/fhir-api/main.tf

@@ -4,6 +4,7 @@ variable "fhir_api_migration_image" {}
 variable "fhir_api_port" {
   default = 8000
 }
+variable "redirect_to_strategy_page" {}
 variable "ecs_cluster_id" {}
 variable "db" {
   type = object({