hotosm · nischalstha9 · Mar 20, 2025 · Mar 19, 2025
diff --git a/scripts/aws/infra/develop/deployment_env.hcl b/scripts/aws/infra/develop/deployment_env.hcl
@@ -0,0 +1,17 @@
+locals {
+  account_name    = "hotosm"
+  aws_profile     = "admin"
+  aws_region      = "us-east-1"
+  team            = get_env("TEAM", "hotosm")
+  owner           = "HOTOSM"
+  environment     = "develop"
+  project         = "tasking-manager"
+  application     = "tasking-manager"
+  short_name      = "tm"
+  maintainer      = "dev@hotosm.org"
+  url             = "https://tasks-dev.hotosm.org"
+  documentation   = "https://hotosm.github.io"
+  IaC_Management  = "Terraform/Terragrunt"
+  cost_center     = "False"
+  version         = "4.8.2"
+}
diff --git a/scripts/aws/infra/develop/non-purgeable/alb/terragrunt.hcl b/scripts/aws/infra/develop/non-purgeable/alb/terragrunt.hcl
@@ -0,0 +1,27 @@
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+include "envcommon" {
+  path = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/alb.hcl"
+  # We want to reference the variables from the included config in this configuration, so we expose it.
+  expose = true
+}
+
+terraform {
+  source = "${include.envcommon.locals.base_source_url}?ref=tasking-manager-infra"
+}
+
+# dependency "vpc" {
+#   config_path = "../vpc"
+# }
+
+# Add in any new inputs that you want to overide.
+inputs = {
+  ## VPC Inputs for RDS Instance
+  vpc_id     = "vpc-08ecfc1c7844c7c5a"
+  alb_subnets = ["subnet-0176ed40bffff6728","subnet-08448f588d40c002e"]
+
+  # TLS and Certificate Configuration
+  acm_tls_cert_backend_arn = get_env("ACM_TLS_CERT_BACKEND_ARN", "arn:aws:acm:us-east-1:670261699094:certificate/1d74321b-1e5b-4e31-b97a-580deb39c539")
+}
diff --git a/scripts/aws/infra/develop/non-purgeable/extras/terragrunt.hcl b/scripts/aws/infra/develop/non-purgeable/extras/terragrunt.hcl
@@ -0,0 +1,61 @@
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+include "envcommon" {
+  path = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/extras.hcl"
+  # We want to reference the variables from the included config in this configuration, so we expose it.
+  expose = true
+}
+
+terraform {
+  source = "${include.envcommon.locals.base_source_url}"
+}
+
+inputs = {
+  ## Override them by exporting the vars to the environment.
+  ## Example:
+  ## export TM_SECRET=`openssl rand -hex 32`
+  container_secrets = [
+    {
+      name      = "TM_SECRET"
+      valueFrom = get_env("TM_SECRET", "default_secret_value")
+    },
+    {
+      name      = "TM_CLIENT_ID"
+      valueFrom = get_env("TM_CLIENT_ID", "default_client_id")
+    },
+    {
+      name      = "TM_CLIENT_SECRET"
+      valueFrom = get_env("TM_CLIENT_SECRET", "default_client_secret")
+    },
+    {
+      name      = "OHSOME_STATS_TOKEN"
+      valueFrom = get_env("OHSOME_STATS_TOKEN", "default_ohsome_stats_token")
+    },
+    {
+      name      = "TM_SMTP_USER"
+      valueFrom = get_env("TM_SMTP_USER", "default_smtp_user")
+    },
+    {
+      name      = "TM_SMTP_PASSWORD"
+      valueFrom = get_env("TM_SMTP_PASSWORD", "default_smtp_password")
+    },
+    {
+      name      = "TM_SENTRY_BACKEND_DSN"
+      valueFrom = get_env("TM_SENTRY_BACKEND_DSN", "https://sentryyourpublickey@o68147.ingest.sentry.io/projectid")
+    },
+    {
+      name      = "TM_IMAGE_UPLOAD_API_URL"
+      valueFrom = get_env("TM_IMAGE_UPLOAD_API_URL", "https://somethinglikethis.execute-api.us-east-1.amazonaws.com/environment/upload")
+    },
+    {
+      name      = "TM_IMAGE_UPLOAD_API_KEY"
+      valueFrom = get_env("TM_IMAGE_UPLOAD_API_KEY", "keytoimageuploadapiurl")
+    },
+    {
+      name      = "NEW_RELIC_LICENSE_KEY"
+      valueFrom = get_env("NEW_RELIC_LICENSE_KEY", "newrelicliscencekey")
+    }
+  ]
+}
diff --git a/scripts/aws/infra/develop/non-purgeable/rds/terragrunt.hcl b/scripts/aws/infra/develop/non-purgeable/rds/terragrunt.hcl
@@ -0,0 +1,41 @@
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+include "envcommon" {
+  path   = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/rds.hcl"
+  expose = true
+}
+
+terraform {
+  source = "${include.envcommon.locals.base_source_url}?ref=tasking-manager-infra"
+}
+
+# dependency "vpc" {
+#   config_path = "../vpc"
+# }
+
+# Add in any new inputs that you want to overide.
+inputs = {
+  ## VPC Inputs for RDS Instance
+  vpc_id     = "vpc-08ecfc1c7844c7c5a"
+  subnet_ids = ["subnet-05aa252699783b4cf","subnet-0a75cddfef3213c51","subnet-0a8b06831b3de5f66","subnet-0f76ca222b0544a40",
+  "subnet-03919b5e26cba5733","subnet-0b91332acbe8b1a4c"]
+
+  ## RDS Module inputs
+  serverless_capacity = {
+      minimum = 1   # Lowest possible APU for Aurora Serverless
+      maximum = 4   # Max APU to keep cost low for Stag
+    }
+
+  ## RDS Backup/Snapshot Config
+  backup = {
+    retention_days            = 7
+    skip_final_snapshot       = true
+    final_snapshot_identifier = "final"
+  }
+
+  # RDS Dev Deployment only.
+  public_access     = true
+  deletion_protection     = true
+}
diff --git a/scripts/aws/infra/develop/non-purgeable/vpc/terragrunt.hcl b/scripts/aws/infra/develop/non-purgeable/vpc/terragrunt.hcl
@@ -0,0 +1,19 @@
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+include "envcommon" {
+  path = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/vpc.hcl"
+  # We want to reference the variables from the included config in this configuration, so we expose it.
+  expose = true
+}
+
+terraform {
+  source = "${include.envcommon.locals.base_source_url}?ref=tasking-manager-infra"
+}
+
+## Modify inputs for overriding _envcommon's inputs.
+
+# inputs = {
+#   deployment_environment = "dev" # or any other value you need
+# }
diff --git a/scripts/aws/infra/develop/purgeable/common-ecs-env.hcl b/scripts/aws/infra/develop/purgeable/common-ecs-env.hcl
@@ -0,0 +1,50 @@
+locals {
+  envs = {
+    EXTRA_CORS_ORIGINS            = get_env("EXTRA_CORS_ORIGINS" ,"[\"https://hotosm.github.io\", \"https://tasks-dev.hotosm.org\", \"http://localhost:3000\"]")
+    TM_SMTP_HOST                  = get_env("TM_SMTP_HOST" ,"email-smtp.us-east-1.amazonaws.com")
+    TM_SMTP_PORT                  = get_env("TM_SMTP_PORT" ,"587")
+    TM_SMTP_USE_TLS               = get_env("TM_SMTP_USE_TLS" ,"1")
+    TM_SMTP_USE_SSL               = get_env("TM_SMTP_USE_SSL" ,"0")
+    TM_EMAIL_FROM_ADDRESS         = get_env("TM_EMAIL_FROM_ADDRESS", "noreply@hotosmmail.org")
+    TM_EMAIL_CONTACT_ADDRESS      = get_env("TM_EMAIL_CONTACT_ADDRESS", "sysadmin@hotosm.org")
+    TM_APP_BASE_URL               = get_env("TM_APP_BASE_URL" ,"https://tasks-stage.hotosm.org")
+    TM_APP_API_URL                = get_env("TM_APP_API_URL" ,"https://tasking-manager-staging-api.hotosm.org/api")
+    TM_REDIRECT_URI               = get_env("TM_REDIRECT_URI" ,"https://tasks-stage.hotosm.org/authorized")
+    TM_APP_API_VERSION            = get_env("TM_APP_API_VERSION" ,"v2")
+    TM_ORG_NAME                   = get_env("TM_ORG_NAME" ,"Humanitarian OpenStreetMap Team")
+    TM_ORG_CODE                   = get_env("TM_ORG_CODE" ,"HOT")
+    TM_ORG_LOGO                   = get_env("TM_ORG_LOGO" ,"https://cdn.hotosm.org/tasking-manager/uploads/1588741335578_hot-logo.png")
+    TM_ORG_URL                    = get_env("TM_ORG_URL" ,"https://www.hotosm.org/")
+    TM_ORG_PRIVACY_POLICY_URL     = get_env("TM_ORG_PRIVACY_POLICY_URL" ,"https://www.hotosm.org/privacy")
+    TM_ORG_TWITTER                = get_env("TM_ORG_TWITTER" ,"http://twitter.com/hotosm")
+    TM_ORG_FB                     = get_env("TM_ORG_FB" ,"https://www.facebook.com/hotosm")
+    TM_ORG_INSTAGRAM              = get_env("TM_ORG_INSTAGRAM" ,"https://www.instagram.com/open.mapping.hubs/")
+    TM_ORG_YOUTUBE                = get_env("TM_ORG_YOUTUBE" ,"https://www.youtube.com/user/hotosm")
+    TM_ORG_GITHUB                 = get_env("TM_ORG_GITHUB" ,"https://github.com/hotosm")
+    OSM_SERVER_URL                = get_env("OSM_SERVER_URL" ,"https://www.openstreetmap.org")
+    OSM_SERVER_API_URL            = get_env("OSM_SERVER_API_URL" ,"https://api.openstreetmap.org")
+    OSM_NOMINATIM_SERVER_URL      = get_env("OSM_NOMINATIM_SERVER_URL" ,"https://nominatim.openstreetmap.org")
+    OSM_REGISTER_URL              = get_env("OSM_REGISTER_URL" ,"https://www.openstreetmap.org/user/new")
+    POSTGRES_TEST_DB              = get_env("POSTGRES_TEST_DB" ,"tasking-manager-test")
+    UNDERPASS_URL                 = get_env("UNDERPASS_URL" ,"https://underpass.hotosm.org")
+    TM_SEND_PROJECT_EMAIL_UPDATES = get_env("TM_SEND_PROJECT_EMAIL_UPDATES" ,"1")
+    TM_DEFAULT_LOCALE             = get_env("TM_DEFAULT_LOCALE" ,"en")
+    TM_LOG_LEVEL                  = get_env("TM_LOG_LEVEL" , "10")
+    TM_LOG_DIR                    = get_env("TM_LOG_DIR", "/var/log/tasking-manager-logs")
+    TM_SUPPORTED_LANGUAGES_CODES  = get_env("TM_SUPPORTED_LANGUAGES_CODES", "en, es")
+    TM_SUPPORTED_LANGUAGES        = get_env("TM_SUPPORTED_LANGUAGES", "English, Español")
+    TM_DEFAULT_CHANGESET_COMMENT  = get_env("TM_DEFAULT_CHANGESET_COMMENT", "#hot-tm-stage-project")
+    TM_ENVIRONMENT                = get_env("TM_ENVIRONMENT", "tasking-manager-staging")
+    NEW_RELIC_ENVIRONMENT         = get_env("TM_ENVIRONMENT", "tasking-manager-staging")
+    NEW_RELIC_CONFIG_FILE         = get_env("NEW_RELIC_CONFIG_FILE", "./scripts/aws/cloudformation/newrelic.ini")
+    USE_SENTRY                    = get_env("USE_SENTRY", "false")
+    # Uncomment the following as needed.
+    # TM_TASK_AUTOUNLOCK_AFTER    = get_env("TM_TASK_AUTOUNLOCK_AFTER", "2h")
+    # TM_MAPPER_LEVEL_INTERMEDIATE = get_env("TM_MAPPER_LEVEL_INTERMEDIATE", "250")
+    # TM_MAPPER_LEVEL_ADVANCED   = get_env("TM_MAPPER_LEVEL_ADVANCED", "500")
+    # TM_IMPORT_MAX_FILESIZE     = get_env("TM_IMPORT_MAX_FILESIZE", "1000000")
+    # TM_MAX_AOI_AREA            = get_env("TM_MAX_AOI_AREA", "5000")
+    # EXPORT_TOOL_S3_URL         = get_env("EXPORT_TOOL_S3_URL", "https://foorawdataapi.s3.amazonaws.com")
+    # ENABLE_EXPORT_TOOL         = get_env("ENABLE_EXPORT_TOOL", "1")
+  }
+}
diff --git a/scripts/aws/infra/develop/purgeable/ecs-cron/terragrunt.hcl b/scripts/aws/infra/develop/purgeable/ecs-cron/terragrunt.hcl
@@ -0,0 +1,96 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# TERRAGRUNT CONFIGURATION
+# This is the configuration for Terragrunt, a thin wrapper for Terraform and OpenTofu that helps keep your code DRY and
+# maintainable: https://github.com/gruntwork-io/terragrunt
+# ---------------------------------------------------------------------------------------------------------------------
+
+# Include the root `terragrunt.hcl` configuration. The root configuration contains settings that are common across all
+# components and environments, such as how to configure remote state.
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+# Include the envcommon configuration for the component. The envcommon configuration contains settings that are common
+# for the component across all environments.
+include "envcommon" {
+  path = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/ecs-cron.hcl"
+  # We want to reference the variables from the included config in this configuration, so we expose it.
+  expose = true
+}
+
+# Configure the version of the module to use in this environment. This allows you to promote new versions one
+# environment at a time (e.g., qa -> stage -> prod).
+terraform {
+  source = "${include.envcommon.locals.base_source_url}?ref=v1.0"
+}
+
+locals {
+  # Automatically load environment-level variables
+  environment_vars = read_terragrunt_config(find_in_parent_folders("deployment_env.hcl"))
+  common_ecs_envs  = read_terragrunt_config(find_in_parent_folders("common-ecs-env.hcl"))
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# We don't need to override any of the common parameters for this environment, so we don't specify any other parameters.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# dependency "vpc" {
+#   config_path = "../../non-purgeable/vpc"
+# }
+
+dependency "alb" {
+  config_path = "../../non-purgeable/alb"
+}
+
+dependency "rds" {
+  config_path = "../../non-purgeable/rds"
+}
+
+dependency "extras" {
+  config_path = "../../non-purgeable/extras"
+}
+
+## Add in any new inputs that you want to overide.
+inputs = {
+  # Inputs from dependencies (Rarely changed)
+  service_subnets         = ["subnet-05aa252699783b4cf","subnet-0a75cddfef3213c51","subnet-0a8b06831b3de5f66","subnet-0f76ca222b0544a40",
+  "subnet-03919b5e26cba5733","subnet-0b91332acbe8b1a4c"]
+  aws_vpc_id              = "vpc-08ecfc1c7844c7c5a"
+  service_security_groups = [dependency.alb.outputs.load_balancer_app_security_group]
+  deployment_environment  = local.environment_vars.locals.environment
+
+  task_role_arn = dependency.extras.outputs.ecs_task_role_arn
+
+  service_security_groups = [
+    dependency.alb.outputs.load_balancer_app_security_group
+  ]
+
+  # Merge secrets with: key:ValueFrom together
+  container_secrets = concat(dependency.extras.outputs.container_secrets,
+  dependency.rds.outputs.database_config_as_ecs_secrets_inputs)
+
+  container_commands = [
+    "sh",
+    "-c",
+    "python3 backend/cron_jobs.py"
+  ]
+
+  ## Task count for ECS services.
+  tasks_count = {
+    desired_count   = 1
+    min_healthy_pct = 100
+    max_pct         = 200
+  }
+
+  ## Scaling Policy Target Values
+  scaling_target_values = {
+    container_min_count = 1
+    container_max_count = 1
+  }
+
+  # Merge non-sensetive together
+  container_envvars = merge(
+    dependency.rds.outputs.database_config_as_ecs_inputs,
+    local.common_ecs_envs.locals.envs
+  )
+}