it compiles, but is it correct

Author: acme-cms-challenge

infrastructure/nonprod/etl/main.tf

@@ -132,26 +132,26 @@ resource "aws_ecs_service" "dagster_daemon" {
 }
 
 
-resource "aws_ecs_task_definition" "dagster_webserver" {
-  family                   = "${var.account_name}-dagster-webserver"
+resource "aws_ecs_task_definition" "dagster_ui" {
+  family                   = "${var.account_name}-dagster-ui"
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
   cpu                      = "512"
   memory                   = "1024"
-  task_role_arn            = aws_iam_role.dagster_task_role
-  execution_role_arn       = aws_iam_role.dagster_execution_role
+  task_role_arn            = aws_iam_role.dagster_task_role.arn
+  execution_role_arn       = aws_iam_role.dagster_execution_role.arn
 
   container_definitions = jsonencode([
     {
-      name      = "${var.account_name}-dagster-webserver"
+      name      = "${var.account_name}-dagster-ui"
       image     = var.dagster_image
       essential = true
       logConfiguration = {
         logDriver = "awslogs"
         options = {
-          "awslogs-group"         = "/ecs/${var.account_name}-dagster-webserver-logs"
+          "awslogs-group"         = "/ecs/${var.account_name}-dagster-ui-logs"
           "awslogs-region"        = data.aws_region.current.name
-          "awslogs-stream-prefix" = "${var.account_name}-dagster-webserver-logs"
+          "awslogs-stream-prefix" = "${var.account_name}-dagster-ui-logs"
         }
       }
       portMappings = [
@@ -162,7 +162,7 @@ resource "aws_ecs_task_definition" "dagster_webserver" {
           name          = "http"
         }
       ]
-      command = ["dagster-webserver", "--host", "0.0.0.0", "--port", "80", "-w", "${local.dagster_home}/workspace.yaml"]
+      command = ["dagster-ui", "--host", "0.0.0.0", "--port", "80", "-w", "${local.dagster_home}/workspace.yaml"]
       environment = [
         { name = "DAGSTER_HOME", value = local.dagster_home },
         { name = "DAGSTER_POSTGRES_HOST", value = var.db.db_instance_address },
@@ -182,37 +182,37 @@ resource "aws_ecs_task_definition" "dagster_webserver" {
   ])
 }
 
-resource "aws_ecs_service" "dagster-webserver" {
-  name            = "${var.account_name}-dagster-webserver"
+resource "aws_ecs_service" "dagster-ui" {
+  name            = "${var.account_name}-dagster-ui"
   cluster         = var.ecs_cluster_id
   desired_count   = 1
   launch_type     = "FARGATE"
-  task_definition = aws_ecs_task_definition.dagster_webserver.arn
+  task_definition = aws_ecs_task_definition.dagster_ui.arn
 
   network_configuration {
     subnets         = var.networking.etl_subnet_ids
     security_groups = [var.networking.etl_security_group_id]
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.dagster_webserver
-    container_name   = "${var.account_name}-dagster-webserver"
+    target_group_arn = aws_lb_target_group.dagster_ui.arn
+    container_name   = "${var.account_name}-dagster-ui"
     container_port   = 80
   }
 
   force_new_deployment = true
 }
 
-resource "aws_lb" "dagster_webserver_alb" {
-  name = "${var.account_name}-dagster-webserver-alb"
+resource "aws_lb" "dagster_ui_alb" {
+  name = "${var.account_name}-dagster-ui-alb"
   internal = false # TODO I don't know what this means
   load_balancer_type = "application"
   security_groups = [var.networking.etl_webserver_alb_security_group_id]
   subnets = var.networking.public_subnet_ids
 }
 
-resource "aws_lb_target_group" "dagster_webserver" {
-  name = "${var.account_name}-dagster-webserver-target-group"
+resource "aws_lb_target_group" "dagster_ui" {
+  name = "${var.account_name}-dagster-ui-tg"
   port = 3001
   protocol = "HTTP"
   vpc_id = var.networking.vpc_id
@@ -222,13 +222,13 @@ resource "aws_lb_target_group" "dagster_webserver" {
 }
 
 resource "aws_alb_listener" "http" {
-  load_balancer_arn = aws_lb.dagster_webserver_alb.arn
+  load_balancer_arn = aws_lb.dagster_ui_alb.arn
   port = 80
   protocol = "HTTP"
 
   default_action {
     type = "forward"
-    target_group_arn = aws_lb_target_group.dagster_webserver.arn
+    target_group_arn = aws_lb_target_group.dagster_ui.arn
   }
 }
 

infrastructure/nonprod/etl/variables.tf

@@ -16,8 +16,6 @@ variable "networking" {
     etl_security_group_id = string
     etl_webserver_alb_security_group_id = string
     public_subnet_ids     = list(string)
-    alb_security_group_id = string
-    api_security_group_id = string
     vpc_id                = string
   })
 }

infrastructure/nonprod/main.tf

@@ -137,9 +137,10 @@ module "etl" {
   }
   networking = {
     etl_subnet_ids = module.networking.etl_subnet_ids
-    vpc_id        = module.networking.vpc_id
     etl_security_group_id = module.networking.etl_security_group_id
     etl_webserver_alb_security_group_id = module.networking.etl_webserver_alb_security_group_id
+    public_subnet_ids = module.networking.public_subnet_ids
+    vpc_id        = module.networking.vpc_id
   }
 }
 

infrastructure/nonprod/networking/main.tf

@@ -116,7 +116,7 @@ resource "aws_vpc_security_group_ingress_rule" "etl_services_to_etl_db" {
   ip_protocol                  = "tcp"
   from_port                    = 5432
   to_port                      = 5432
-  referenced_security_group_id = aws_security_group.fhir_etl_sg
+  referenced_security_group_id = aws_security_group.fhir_etl_sg.id
 }
 
 resource "aws_security_group" "etl_webserver_alb_sg" {
@@ -136,11 +136,11 @@ resource "aws_vpc_security_group_ingress_rule" "cmsvpn_to_etl_webserver_alb_sg"
 
 resource "aws_vpc_security_group_ingress_rule" "dagster_alb_security_group_to_dagster_website" {
   description = "Allows the application load balancer to access the dagster web ui"
-  security_group_id = aws_security_group.fhir_etl_sg
+  security_group_id = aws_security_group.fhir_etl_sg.id
   ip_protocol = "tcp"
   from_port = 80
   to_port = 80
-  referenced_security_group_id = aws_security_group.etl_webserver_alb_sg
+  referenced_security_group_id = aws_security_group.etl_webserver_alb_sg.id
 }
 
 # TODO: There's an argument to make that this should be two security groups
@@ -154,18 +154,18 @@ resource "aws_security_group" "fhir_etl_sg" {
 
 resource "aws_vpc_security_group_ingress_rule" "etl_sg_allow_grpc" {
   description                  = "Allows containers to within the security group to talk to each other by gRPC"
-  security_group_id            = aws_security_group.fhir_etl_sg
+  security_group_id            = aws_security_group.fhir_etl_sg.id
   ip_protocol                  = "tcp"
   from_port                    = 4000
   to_port                      = 4000
-  referenced_security_group_id = aws_security_group.fhir_etl_sg
+  referenced_security_group_id = aws_security_group.fhir_etl_sg.id
 }
 
 resource "aws_vpc_security_group_egress_rule" "etl_sg_allow_outbound_requests" {
   description       = "Allows containers within the security group to make outbound (HTTP, PG, etc) requests"
-  security_group_id = aws_security_group.fhir_etl_sg
+  security_group_id = aws_security_group.fhir_etl_sg.id
   ip_protocol       = "tcp"
   from_port         = 0
   to_port           = 0
-  cidr_ipv4         = ["0.0.0.0/0"] # any external IP
+  cidr_ipv4         = "0.0.0.0/0" # any external IP
 }