Merge pull request #72 from companieshouse/ASM-575/move-ocr-api-to-new-ecs-cluster

ASM-575 Amending the ECS service to match recent standards.

Author: harishkm2k

terraform/groups/ecs-service/data.tf

@@ -34,7 +34,7 @@ data "aws_iam_role" "ecs_cluster_iam_role" {
 }
 
 data "aws_lb" "service_lb" {
-  name = "${var.environment}-chs-internalapi"
+  name = "alb-${var.environment}-ocr-api"
 }
 
 data "aws_lb_listener" "service_lb_listener" {

terraform/groups/ecs-service/locals.tf

@@ -5,7 +5,6 @@ locals {
   global_prefix              = "global-${var.environment}"
   service_name               = "ocr-api"
   container_port             = 8080
-  eric_port                  = "10000"
   docker_repo                = "ocr-api"
   kms_alias                  = "alias/${var.aws_profile}/environment-services-kms"
   lb_listener_rule_priority  = 24
@@ -61,12 +60,8 @@ locals {
   # secrets to go in list
   task_secrets = concat(local.global_secret_list,local.service_secret_list)
 
-  task_environment = concat(local.ssm_global_version_map,local.ssm_service_version_map)
+  task_environment = concat(local.ssm_global_version_map,local.ssm_service_version_map,[
+    { "name" : "PORT", "value" : local.container_port }
+  ])
 
-  # get eric secrets from global secrets map
-  eric_secrets = [
-    { "name": "API_KEY", "valueFrom": local.global_secrets_arn_map.eric_api_key },
-    { "name": "AES256_KEY", "valueFrom": local.global_secrets_arn_map.eric_aes256_key }
-  ]
-  eric_environment_filename = "eric.env"
 }

terraform/groups/ecs-service/main.tf

@@ -19,16 +19,15 @@ terraform {
 }
 
 module "secrets" {
-  source = "[email protected]:companieshouse/terraform-modules//aws/ecs/secrets?ref=1.0.294"
+  source = "[email protected]:companieshouse/terraform-modules//aws/parameter-store?ref=1.0.361"
 
   name_prefix = "${local.service_name}-${var.environment}"
-  environment = var.environment
   kms_key_id  = data.aws_kms_key.kms_key.id
   secrets     = nonsensitive(local.service_secrets)
 }
 
 module "ecs-service" {
-  source = "[email protected]:companieshouse/terraform-modules//aws/ecs/ecs-service?ref=1.0.294"
+  source = "[email protected]:companieshouse/terraform-modules//aws/ecs/ecs-service?ref=1.0.361"
 
   # Environmental configuration
   environment             = var.environment
@@ -42,7 +41,7 @@ module "ecs-service" {
   lb_listener_arn                   = data.aws_lb_listener.service_lb_listener.arn
   lb_listener_rule_priority         = local.lb_listener_rule_priority
   lb_listener_paths                 = local.lb_listener_paths
-  health_check_grace_period_seconds = 240
+  health_check_grace_period_seconds = 300
   healthcheck_healthy_threshold     = "2"
 
   # ECS Task container health check
@@ -59,6 +58,8 @@ module "ecs-service" {
   # Service configuration
   service_name                       = local.service_name
   name_prefix                        = local.name_prefix
+
+  # Service performance and scaling configs
   desired_task_count                 = var.desired_task_count
   max_task_count                     = var.max_task_count
   min_task_count                     = var.min_task_count
@@ -82,11 +83,6 @@ module "ecs-service" {
   use_set_environment_files = local.use_set_environment_files
 
   # eric options for eric running API module
-  use_eric_reverse_proxy    = true
-  eric_version              = var.eric_version
-  eric_cpus                 = var.eric_cpus
-  eric_memory               = var.eric_memory
-  eric_port                 = local.eric_port
-  eric_environment_filename = local.eric_environment_filename
-  eric_secrets              = local.eric_secrets
+  use_eric_reverse_proxy    = false
+
 }

terraform/groups/ecs-service/profiles/development-eu-west-2/cidev/vars

@@ -1,8 +1,8 @@
 environment = "cidev"
 aws_profile = "development-eu-west-2"
 
-# service configs
-log_level = "debug"
+required_cpus   = 2048
+required_memory = 4096
 
 # scaling configs
 service_scaledown_schedule = "55 19 * * ? *"

terraform/groups/ecs-service/profiles/live-eu-west-2/live/vars

@@ -1,15 +1,10 @@
 environment = "live"
 aws_profile = "live-eu-west-2"
 
-# service configs
-log_level = "info"
-
-required_cpus   = 7936
-required_memory = 31744
-
-desired_task_count = 2
-max_task_count     = 3
-min_task_count     = 2
+required_cpus   = 4096
+required_memory = 8192
 
 # scaling configs
 desired_task_count = 2 # use multi instance in Live
+min_task_count     = 2
+max_task_count     = 3

terraform/groups/ecs-service/profiles/staging-eu-west-2/staging/vars

@@ -1,11 +1,8 @@
 environment = "staging"
 aws_profile = "staging-eu-west-2"
 
-# service configs
-log_level = "debug"
-
-required_cpus   = 7936
-required_memory = 31744
+required_cpus   = 4096
+required_memory = 8192
 
 # scaling configs
 service_scaledown_schedule = "55 19 * * ? *"

terraform/groups/ecs-service/variables.tf

@@ -50,31 +50,19 @@ variable "min_task_count" {
 variable "required_cpus" {
   type        = number
   description = "The required cpu resource for this service. 1024 here is 1 vCPU"
-  default     = 1792 # current cpu used by legacy ocr api service pipeline
+  default     = 2048 # current cpu used by legacy ocr api service pipeline
 }
 
 variable "required_memory" {
   type        = number
   description = "The required memory for this service"
-  default     = 7168 # current memory used by legacy ocr api service pipeline
-}
-
-variable "eric_cpus" {
-  type        = number
-  description = "The required cpu resource for eric. 1024 here is 1 vCPU"
-  default     = 256
-}
-
-variable "eric_memory" {
-  type        = number
-  description = "The required memory for eric"
-  default     = 512
+  default     = 7680 # current memory used by legacy ocr api service pipeline
 }
 
 variable "use_fargate" {
   type        = bool
   description = "If true, sets the required capabilities for all containers in the task definition to use FARGATE, false uses EC2"
-  default     = false
+  default     = true
 }
 
 variable "use_capacity_provider" {
@@ -135,14 +123,3 @@ variable "ocr_api_version" {
   type        = string
   description = "The version of the ocr-api container to run."
 }
-
-variable "log_level" {
-  default     = "info"
-  type        = string
-  description = "The log level for services to use: trace, debug, info or error"
-}
-
-variable "eric_version" {
-  type        = string
-  description = "The version of the eric container to run."
-}