CMS-Enterprise
diff --git a/‎infrastructure/envs/dev/main.tf‎
Lines changed: 23 additions & 1 deletion b/‎infrastructure/envs/dev/main.tf‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎infrastructure/envs/dev/outputs.tf‎
Lines changed: 12 additions & 4 deletions b/‎infrastructure/envs/dev/outputs.tf‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎infrastructure/envs/dev/variables.tf‎
Lines changed: 1 addition & 0 deletions b/‎infrastructure/envs/dev/variables.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎infrastructure/envs/prod/main.tf‎
Lines changed: 22 additions & 1 deletion b/‎infrastructure/envs/prod/main.tf‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎infrastructure/envs/prod/outputs.tf‎
Lines changed: 12 additions & 4 deletions b/‎infrastructure/envs/prod/outputs.tf‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎infrastructure/envs/prod/variables.tf‎
Lines changed: 1 addition & 0 deletions b/‎infrastructure/envs/prod/variables.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎infrastructure/envs/sandbox/main.tf‎
Lines changed: 13 additions & 13 deletions b/‎infrastructure/envs/sandbox/main.tf‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎infrastructure/envs/sandbox/terraform.tfvars‎
Lines changed: 1 addition & 1 deletion b/‎infrastructure/envs/sandbox/terraform.tfvars‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎infrastructure/modules/aws-glue-poc/aws-glue-poc.tf‎
Lines changed: 29 additions & 29 deletions b/‎infrastructure/modules/aws-glue-poc/aws-glue-poc.tf‎
Lines changed: 29 additions & 29 deletions
@@ -31,6 +31,12 @@ data "aws_vpc" "default" {
   }
 }
 
+module "repositories" {
+  source = "../../modules/repositories"
+
+  account_name = local.account_name
+}
+
 module "networking" {
   source = "../../modules/networking"
 
@@ -71,6 +77,7 @@ module "etl-db" {
   allocated_storage       = 100
   publicly_accessible     = false
   username                = "npd_etl"
+  db_name                 = "npd_etl"
   vpc_security_group_ids  = [module.networking.db_security_group_id]
   db_subnet_group_name    = module.networking.db_subnet_group_name
   backup_retention_period = 7             # Remove automated snapshots after 7 days
@@ -122,7 +129,22 @@ module "fhir-api" {
 module "etl" {
   source = "../../modules/etl"
 
-  account_name = local.account_name
+  account_name   = local.account_name
+  dagster_image  = var.dagster_image
+  ecs_cluster_id = module.ecs.cluster_id
+  db = {
+    db_instance_master_user_secret_arn = module.etl-db.db_instance_master_user_secret_arn
+    db_instance_address                = module.etl-db.db_instance_address
+    db_instance_port                   = module.etl-db.db_instance_port
+    db_instance_name                   = module.etl-db.db_instance_name
+  }
+  networking = {
+    etl_subnet_ids            = module.networking.etl_subnet_ids
+    etl_security_group_id     = module.networking.etl_security_group_id
+    etl_alb_security_group_id = module.networking.etl_alb_security_group_id
+    public_subnet_ids         = module.networking.public_subnet_ids
+    vpc_id                    = module.networking.vpc_id
+  }
 }
 
 # Frontend Module
 
@@ -10,10 +10,18 @@ output "etl_db_instance_endpoint" {
   value = module.etl-db.db_instance_endpoint
 }
 
-output "api_ecr_repository_name" {
-  value = module.fhir-api.api_ecr_repository_name
+output "fhir_api_repository_name" {
+  value = module.repositories.fhir_api_repository_name
 }
 
-output "api_migrations_ecr_repository_name" {
-  value = module.fhir-api.api_migrations_ecr_repository_name
+output "fhir_api_migrations_repository_name" {
+  value = module.repositories.fhir_api_migrations_repository_name
+}
+
+output "dagster_repository_name" {
+  value = module.repositories.dagster_repository_name
+}
+
+output "dagster_ui_alb_dns_name" {
+  value = module.etl.dagster_ui_alb_dns_name
 }
@@ -8,3 +8,4 @@ variable "tier" {
 
 variable "migration_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-fhir-api-migrations:latest" }
 variable "fhir_api_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-fhir-api:latest" }
+variable "dagster_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-dagster:latest" }
@@ -31,6 +31,12 @@ data "aws_vpc" "default" {
   }
 }
 
+module "repositories" {
+  source = "../../modules/repositories"
+
+  account_name = local.account_name
+}
+
 module "networking" {
   source = "../../modules/networking"
 
@@ -122,7 +128,22 @@ module "fhir-api" {
 module "etl" {
   source = "../../modules/etl"
 
-  account_name = local.account_name
+  account_name   = local.account_name
+  dagster_image  = var.dagster_image
+  ecs_cluster_id = module.ecs.cluster_id
+  db = {
+    db_instance_master_user_secret_arn = module.etl-db.db_instance_master_user_secret_arn
+    db_instance_address                = module.etl-db.db_instance_address
+    db_instance_port                   = module.etl-db.db_instance_port
+    db_instance_name                   = module.etl-db.db_instance_name
+  }
+  networking = {
+    etl_subnet_ids            = module.networking.etl_subnet_ids
+    etl_security_group_id     = module.networking.etl_security_group_id
+    etl_alb_security_group_id = module.networking.etl_alb_security_group_id
+    public_subnet_ids         = module.networking.public_subnet_ids
+    vpc_id                    = module.networking.vpc_id
+  }
 }
 
 # Frontend Module
 
@@ -10,10 +10,18 @@ output "etl_db_instance_endpoint" {
   value = module.etl-db.db_instance_endpoint
 }
 
-output "api_ecr_repository_name" {
-  value = module.fhir-api.api_ecr_repository_name
+output "fhir_api_repository_name" {
+  value = module.repositories.fhir_api_repository_name
 }
 
-output "api_migrations_ecr_repository_name" {
-  value = module.fhir-api.api_migrations_ecr_repository_name
+output "fhir_api_migrations_repository_name" {
+  value = module.repositories.fhir_api_migrations_repository_name
+}
+
+output "dagster_repository_name" {
+  value = module.repositories.dagster_repository_name
+}
+
+output "dagster_ui_alb_dns_name" {
+  value = module.etl.dagster_ui_alb_dns_name
 }
@@ -8,4 +8,5 @@ variable "tier" {
 
 variable "migration_image" { default = "596240962403.dkr.ecr.us-east-1.amazonaws.com/npd-east-prod-fhir-api-migrations:latest" }
 variable "fhir_api_image" { default = "596240962403.dkr.ecr.us-east-1.amazonaws.com/npd-east-prod-fhir-api:latest" }
+variable "dagster_image" { default = "596240962403.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-dagster:latest" }
 variable "redirect_to_strategy_page" { default = true }
@@ -9,9 +9,9 @@ terraform {
   }
 
   backend "s3" {
-    bucket = "npd-terraform"
-    key = "terraform.tfstate"
-    region = "us-gov-west-1"
+    bucket       = "npd-terraform"
+    key          = "terraform.tfstate"
+    region       = "us-gov-west-1"
     use_lockfile = true
   }
 }
@@ -107,7 +107,7 @@ resource "aws_iam_role_policy_attachment" "ecs_task_execution" {
 }
 
 resource "aws_iam_policy" "ecs_task_can_access_database_secret" {
-  name = "ecs-task-can-access-database-secret"
+  name        = "ecs-task-can-access-database-secret"
   description = "Allows ECS tasks to access the RDS secret from Secrets Manager"
   policy = jsonencode({
     Version = "2012-10-17"
@@ -125,7 +125,7 @@ resource "aws_iam_policy" "ecs_task_can_access_database_secret" {
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_task_can_access_database_secret_attachement" {
-  role = aws_iam_role.ecs_task_execution.name
+  role       = aws_iam_role.ecs_task_execution.name
   policy_arn = aws_iam_policy.ecs_task_can_access_database_secret.arn
 }
 
@@ -168,8 +168,8 @@ resource "aws_secretsmanager_secret" "django_secret" {
 }
 
 resource "aws_secretsmanager_secret_version" "django_secret_version" {
-  secret_id = aws_secretsmanager_secret.django_secret.id
-  secret_string_wo = data.aws_secretsmanager_random_password.django_secret_value.random_password
+  secret_id                = aws_secretsmanager_secret.django_secret.id
+  secret_string_wo         = data.aws_secretsmanager_random_password.django_secret_value.random_password
   secret_string_wo_version = 1
 }
 
@@ -192,10 +192,10 @@ resource "aws_ecs_task_definition" "app" {
       name      = "${var.name}-migrations"
       image     = var.migration_image
       essential = false
-      command = [ "migrate" ]
+      command   = ["migrate"]
       environment = [
         {
-          name = "FLYWAY_URL"
+          name  = "FLYWAY_URL"
           value = "jdbc:postgresql://${module.rds.db_instance_address}:${module.rds.db_instance_port}/${var.app_db_name}"
         }
       ],
@@ -222,7 +222,7 @@ resource "aws_ecs_task_definition" "app" {
       name      = var.name
       image     = var.container_image
       essential = true
-      environment  = [
+      environment = [
         {
           name  = "NPD_DB_NAME"
           value = var.app_db_name
@@ -240,7 +240,7 @@ resource "aws_ecs_task_definition" "app" {
           value = "django.db.backends.postgresql"
         },
         {
-          name = "DEBUG"
+          name  = "DEBUG"
           value = ""
         },
         {
@@ -256,7 +256,7 @@ resource "aws_ecs_task_definition" "app" {
           value = "ndh"
         },
         {
-          name = "CACHE_LOCATION",
+          name  = "CACHE_LOCATION",
           value = ""
         }
       ]
@@ -446,7 +446,7 @@ module "rds" {
   publicly_accessible     = false
   vpc_security_group_ids  = [aws_security_group.rds_sg.id]
   db_subnet_group_name    = aws_db_subnet_group.db.name
-  backup_retention_period = 7 # Remove automated snapshots after 7 days
+  backup_retention_period = 7             # Remove automated snapshots after 7 days
   backup_window           = "03:00-04:00" # 11PM EST
 }
 
 
@@ -1,2 +1,2 @@
-name = "ndh"
+name    = "ndh"
 db_name = "ndh"
@@ -4,35 +4,35 @@ main.tf for the time being.
  */
 
 resource "aws_security_group" "glue_sg" {
-  name = "glue-sg"
+  name        = "glue-sg"
   description = "Common security group for Glue jobs"
-  vpc_id = data.aws_vpc.default.id
+  vpc_id      = data.aws_vpc.default.id
 }
 
 resource "aws_vpc_security_group_ingress_rule" "glue_sg_allow_connections_from_self" {
-  security_group_id = aws_security_group.glue_sg.id
-  ip_protocol = "-1"
+  security_group_id            = aws_security_group.glue_sg.id
+  ip_protocol                  = "-1"
   referenced_security_group_id = aws_security_group.glue_sg.id
 }
 
 resource "aws_vpc_security_group_egress_rule" "glue_gs_allow_outbound_connections" {
   security_group_id = aws_security_group.glue_sg.id
-  ip_protocol = "-1"
-  cidr_ipv4 = "0.0.0.0/0"
+  ip_protocol       = "-1"
+  cidr_ipv4         = "0.0.0.0/0"
 }
 
 resource "aws_s3_bucket" "glue_scripts" {
-  bucket = "${var.name}-glue-scripts-bucket"
+  bucket        = "${var.name}-glue-scripts-bucket"
   force_destroy = true
 }
 
 resource "aws_s3_bucket" "aws_glue_input_bucket" {
-  bucket = "${var.name}-glue-s3-input"
+  bucket        = "${var.name}-glue-s3-input"
   force_destroy = true
 }
 
 resource "aws_s3_bucket" "aws_glue_output_bucket" {
-  bucket = "${var.name}-glue-s3-output"
+  bucket        = "${var.name}-glue-s3-output"
   force_destroy = true
 }
 
@@ -41,7 +41,7 @@ resource "aws_glue_catalog_database" "aws_glue_catalog" {
 }
 
 resource "aws_glue_crawler" "aws_glue_crawler" {
-  database_name =  aws_glue_catalog_database.aws_glue_catalog.name
+  database_name = aws_glue_catalog_database.aws_glue_catalog.name
   name          = "${var.name}-glue-data-catalog-crawler"
   role          = aws_iam_role.glue_job_role.arn
   schedule      = "cron(0 12 * * ? *)"
@@ -82,13 +82,13 @@ resource "aws_glue_job" "python_shell_job" {
   }
 
   default_arguments = {
-    "--job-language"                     = "python" # Default is python
-    "--additional-python-modules"        = replace(file(abspath("${path.module}/../etls/loadFIPS/requirements.txt")), "\n", ", ")
-    "--MAX_RETRIES"                      = "3"
-    "--DB_SECRET_ARN"                    = module.rds.db_instance_master_user_secret_arn
-    "--DB_HOST"                          = module.rds.db_instance_address
-    "--DB_PORT"                          = module.rds.db_instance_port
-    "--DB_NAME"                          = var.db_name
+    "--job-language"              = "python" # Default is python
+    "--additional-python-modules" = replace(file(abspath("${path.module}/../etls/loadFIPS/requirements.txt")), "\n", ", ")
+    "--MAX_RETRIES"               = "3"
+    "--DB_SECRET_ARN"             = module.rds.db_instance_master_user_secret_arn
+    "--DB_HOST"                   = module.rds.db_instance_address
+    "--DB_PORT"                   = module.rds.db_instance_port
+    "--DB_NAME"                   = var.db_name
   }
 
   execution_property {
@@ -101,15 +101,15 @@ resource "aws_glue_job" "python_shell_job" {
 }
 
 resource "aws_glue_job" "pyspark_job" {
-  name = "nppes-to-s3-pyspark-job"
-  description = "A simple pyspark job that moves a single table from one location to another"
-  glue_version = "5.0"
-  role_arn     = aws_iam_role.glue_job_role.arn
+  name              = "nppes-to-s3-pyspark-job"
+  description       = "A simple pyspark job that moves a single table from one location to another"
+  glue_version      = "5.0"
+  role_arn          = aws_iam_role.glue_job_role.arn
   number_of_workers = 2
-  worker_type = "G.1X"
-  max_retries  = 0
-  timeout      = 2880
-  connections  = []
+  worker_type       = "G.1X"
+  max_retries       = 0
+  timeout           = 2880
+  connections       = []
 
   command {
     script_location = "s3://${aws_s3_object.glue_job_script.bucket}/${aws_s3_object.glue_job_script_pyspark.key}"
@@ -183,13 +183,13 @@ resource "aws_iam_policy" "glue_job_policy" {
 }
 
 resource "aws_iam_policy_attachment" "glue_job_policy_attachment" {
-  name = "glue_job_policy_attachment"
+  name       = "glue_job_policy_attachment"
   policy_arn = aws_iam_policy.glue_job_policy.arn
-  roles = [aws_iam_role.glue_job_role.name]
+  roles      = [aws_iam_role.glue_job_role.name]
 }
 
 resource "aws_iam_policy_attachment" "glue_job_managed_policy_attachment" {
-  name = "glue_job_managed_policy_attachment"
+  name       = "glue_job_managed_policy_attachment"
   policy_arn = "arn:aws-us-gov:iam::aws:policy/service-role/AWSGlueServiceRole"
-  roles = [aws_iam_role.glue_job_role.name]
+  roles      = [aws_iam_role.glue_job_role.name]
 }
Original file line number	Diff line number	Diff line change
`@@ -8,3 +8,4 @@ variable "tier" {`
`8`	`8`
`9`	`9`	`variable "migration_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-fhir-api-migrations:latest" }`
`10`	`10`	`variable "fhir_api_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-fhir-api:latest" }`
	`11`	`+variable "dagster_image" { default = "575012135727.dkr.ecr.us-east-1.amazonaws.com/npd-east-dev-dagster:latest" }`
Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,9 @@ terraform {`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`backend "s3" {`
`12`		`- bucket = "npd-terraform"`
`13`		`- key = "terraform.tfstate"`
`14`		`- region = "us-gov-west-1"`
	`12`	`+ bucket = "npd-terraform"`
	`13`	`+ key = "terraform.tfstate"`
	`14`	`+ region = "us-gov-west-1"`
`15`	`15`	`use_lockfile = true`
`16`	`16`	`}`
`17`	`17`	`}`
`@@ -107,7 +107,7 @@ resource "aws_iam_role_policy_attachment" "ecs_task_execution" {`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`resource "aws_iam_policy" "ecs_task_can_access_database_secret" {`
`110`		`- name = "ecs-task-can-access-database-secret"`
	`110`	`+ name = "ecs-task-can-access-database-secret"`
`111`	`111`	`description = "Allows ECS tasks to access the RDS secret from Secrets Manager"`
`112`	`112`	`policy = jsonencode({`
`113`	`113`	`Version = "2012-10-17"`
`@@ -125,7 +125,7 @@ resource "aws_iam_policy" "ecs_task_can_access_database_secret" {`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`resource "aws_iam_role_policy_attachment" "ecs_task_can_access_database_secret_attachement" {`
`128`		`- role = aws_iam_role.ecs_task_execution.name`
	`128`	`+ role = aws_iam_role.ecs_task_execution.name`
`129`	`129`	`policy_arn = aws_iam_policy.ecs_task_can_access_database_secret.arn`
`130`	`130`	`}`
`131`	`131`
`@@ -168,8 +168,8 @@ resource "aws_secretsmanager_secret" "django_secret" {`
`168`	`168`	`}`
`169`	`169`
`170`	`170`	`resource "aws_secretsmanager_secret_version" "django_secret_version" {`
`171`		`- secret_id = aws_secretsmanager_secret.django_secret.id`
`172`		`- secret_string_wo = data.aws_secretsmanager_random_password.django_secret_value.random_password`
	`171`	`+ secret_id = aws_secretsmanager_secret.django_secret.id`
	`172`	`+ secret_string_wo = data.aws_secretsmanager_random_password.django_secret_value.random_password`
`173`	`173`	`secret_string_wo_version = 1`
`174`	`174`	`}`
`175`	`175`
`@@ -192,10 +192,10 @@ resource "aws_ecs_task_definition" "app" {`
`192`	`192`	`name = "${var.name}-migrations"`
`193`	`193`	`image = var.migration_image`
`194`	`194`	`essential = false`
`195`		`- command = [ "migrate" ]`
	`195`	`+ command = ["migrate"]`
`196`	`196`	`environment = [`
`197`	`197`	`{`
`198`		`- name = "FLYWAY_URL"`
	`198`	`+ name = "FLYWAY_URL"`
`199`	`199`	`value = "jdbc:postgresql://${module.rds.db_instance_address}:${module.rds.db_instance_port}/${var.app_db_name}"`
`200`	`200`	`}`
`201`	`201`	`],`
`@@ -222,7 +222,7 @@ resource "aws_ecs_task_definition" "app" {`
`222`	`222`	`name = var.name`
`223`	`223`	`image = var.container_image`
`224`	`224`	`essential = true`
`225`		`- environment = [`
	`225`	`+ environment = [`
`226`	`226`	`{`
`227`	`227`	`name = "NPD_DB_NAME"`
`228`	`228`	`value = var.app_db_name`
`@@ -240,7 +240,7 @@ resource "aws_ecs_task_definition" "app" {`
`240`	`240`	`value = "django.db.backends.postgresql"`
`241`	`241`	`},`
`242`	`242`	`{`
`243`		`- name = "DEBUG"`
	`243`	`+ name = "DEBUG"`
`244`	`244`	`value = ""`
`245`	`245`	`},`
`246`	`246`	`{`
`@@ -256,7 +256,7 @@ resource "aws_ecs_task_definition" "app" {`
`256`	`256`	`value = "ndh"`
`257`	`257`	`},`
`258`	`258`	`{`
`259`		`- name = "CACHE_LOCATION",`
	`259`	`+ name = "CACHE_LOCATION",`
`260`	`260`	`value = ""`
`261`	`261`	`}`
`262`	`262`	`]`
`@@ -446,7 +446,7 @@ module "rds" {`
`446`	`446`	`publicly_accessible = false`
`447`	`447`	`vpc_security_group_ids = [aws_security_group.rds_sg.id]`
`448`	`448`	`db_subnet_group_name = aws_db_subnet_group.db.name`
`449`		`- backup_retention_period = 7 # Remove automated snapshots after 7 days`
	`449`	`+ backup_retention_period = 7 # Remove automated snapshots after 7 days`
`450`	`450`	`backup_window = "03:00-04:00" # 11PM EST`
`451`	`451`	`}`
`452`	`452`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-name = "ndh"`
	`1`	`+name = "ndh"`
`2`	`2`	`db_name = "ndh"`