OperationCode · irvingpop · Aug 31, 2025 · Aug 31, 2025 · Sep 1, 2025 · Sep 1, 2025
diff --git a/terraform/alb.tf b/terraform/alb.tf
@@ -39,6 +39,11 @@ resource "aws_security_group" "lb_security_group" {
 resource "aws_lb" "ecs" {
   name_prefix     = "oc"
   security_groups = [aws_security_group.lb_security_group.id]
+  access_logs {
+    bucket  = "oc-alb-logs"
+    enabled = true
+    prefix  = "2025"
+  }
 
   load_balancer_type = "application"
   internal           = false

diff --git a/terraform/apps.tf b/terraform/apps.tf
@@ -27,7 +27,7 @@ module "python_backend_prod" {
   logs_group          = aws_cloudwatch_log_group.ecslogs.name
   ecs_cluster_id      = module.ecs.cluster_id
   task_execution_role = data.aws_iam_role.ecs_task_execution_role.arn
-  image_tag           = "master"
+  image_tag           = "latest"
 }
 
 resource "aws_lb_listener_rule" "python_backend_prod" {
@@ -46,31 +46,31 @@ resource "aws_lb_listener_rule" "python_backend_prod" {
 }
 
 # Backend Staging
-module "python_backend_staging" {
-  source = "./python_backend"
+# module "python_backend_staging" {
+#   source = "./python_backend"
 
-  env                 = "staging"
-  vpc_id              = data.aws_vpc.use2.id
-  logs_group          = aws_cloudwatch_log_group.ecslogs.name
-  ecs_cluster_id      = module.ecs.cluster_id
-  task_execution_role = data.aws_iam_role.ecs_task_execution_role.arn
-  image_tag           = "staging"
-}
+#   env                 = "staging"
+#   vpc_id              = data.aws_vpc.use2.id
+#   logs_group          = aws_cloudwatch_log_group.ecslogs.name
+#   ecs_cluster_id      = module.ecs.cluster_id
+#   task_execution_role = data.aws_iam_role.ecs_task_execution_role.arn
+#   image_tag           = "latest"
+# }
 
-resource "aws_lb_listener_rule" "python_backend_staging" {
-  listener_arn = aws_lb_listener.default_https.arn
+# resource "aws_lb_listener_rule" "python_backend_staging" {
+#   listener_arn = aws_lb_listener.default_https.arn
 
-  action {
-    type             = "forward"
-    target_group_arn = module.python_backend_staging.lb_tg_arn
-  }
+#   action {
+#     type             = "forward"
+#     target_group_arn = module.python_backend_staging.lb_tg_arn
+#   }
 
-  condition {
-    host_header {
-      values = ["backend-staging.operationcode.org", "api.staging.operationcode.org"]
-    }
-  }
-}
+#   condition {
+#     host_header {
+#       values = ["backend-staging.operationcode.org", "api.staging.operationcode.org"]
+#     }
+#   }
+# }
 
 # Redirector for shut down sites
 resource "aws_lb_listener_rule" "shutdown_sites_redirector" {
@@ -91,9 +91,8 @@ resource "aws_lb_listener_rule" "shutdown_sites_redirector" {
     host_header {
       values = [
         "resources.operationcode.org",
-        "resources.staging.operationcode.org",
         "resources-staging.operationcode.org",
-        "pybot.staging.operationcode.org",
+        "api.staging.operationcode.org",
       ]
     }
   }
@@ -199,7 +198,7 @@ module "pybot_prod" {
   logs_group          = aws_cloudwatch_log_group.ecslogs.name
   ecs_cluster_id      = module.ecs.cluster_id
   task_execution_role = data.aws_iam_role.ecs_task_execution_role.arn
-  image_tag           = "master"
+  image_tag           = "latest"
 }
 
 resource "aws_lb_listener_rule" "pybot_prod" {

diff --git a/terraform/asg.tf b/terraform/asg.tf
@@ -1,7 +1,8 @@
 
 # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux
 data "aws_ssm_parameter" "ecs_optimized_ami" {
-  name = "/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended"
+  # name = "/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended"
+  name = "/aws/service/ecs/optimized-ami/amazon-linux-2023/arm64/recommended"
 }
 
 # https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/latest
@@ -10,12 +11,51 @@ module "autoscaling" {
   version = "~> 6.5"
 
   name             = "${local.name}-spot"
-  instance_type    = "t3.small"
-  min_size         = 1
-  max_size         = 2
-  desired_capacity = 1
-  instance_market_options = {
-    market_type = "spot"
+  min_size         = 2
+  max_size         = 4
+  desired_capacity = 2
+
+  # Enable mixed instances policy
+  use_mixed_instances_policy = true
+
+  # Mixed Instances Policy for better availability
+  mixed_instances_policy = {
+    instances_distribution = {
+      on_demand_base_capacity                  = 0
+      on_demand_percentage_above_base_capacity = 0
+      spot_allocation_strategy                 = "capacity-optimized"
+    }
+
+    override = [
+      {
+        instance_type     = "t4g.small"
+        weighted_capacity = "1"
+      },
+      {
+        instance_type     = "t4g.micro"
+        weighted_capacity = "1"
+      }
+    ]
+
+    #amd64 options
+    # override = [
+    #   {
+    #     instance_type     = "t3.small"
+    #     weighted_capacity = "2"
+    #   },
+    #   {
+    #     instance_type     = "t3a.small"
+    #     weighted_capacity = "2"
+    #   },
+    #   {
+    #     instance_type     = "t3.micro"
+    #     weighted_capacity = "1"
+    #   },
+    #   {
+    #     instance_type     = "t3a.micro"
+    #     weighted_capacity = "1"
+    #   }
+    # ]
   }
 
   image_id                        = jsondecode(data.aws_ssm_parameter.ecs_optimized_ami.value)["image_id"]
@@ -37,7 +77,7 @@ module "autoscaling" {
     {
       delete_on_termination       = true
       device_index                = 0
-      associate_public_ip_address = false
+      associate_public_ip_address = true
       security_groups             = [module.autoscaling_sg.security_group_id]
     }
   ]
@@ -67,6 +107,21 @@ module "autoscaling" {
   # reduce cloudwatch costs
   enable_monitoring = false
 
+  # Enable essential autoscaling metrics
+  enabled_metrics = [
+    "GroupDesiredCapacity",
+    "GroupInServiceCapacity",
+    "GroupInServiceInstances",
+    "GroupMaxSize",
+    "GroupMinSize",
+    "GroupPendingCapacity",
+    "GroupPendingInstances",
+    "GroupTerminatingCapacity",
+    "GroupTerminatingInstances",
+    "GroupTotalCapacity",
+    "GroupTotalInstances"
+  ]
+
   tags = local.tags
 }
 

diff --git a/terraform/pybot/main.tf b/terraform/pybot/main.tf
@@ -11,7 +11,7 @@ locals {
 
   # CHANGEME once infra scales up
   cpu    = var.env == "prod" ? 256 : 256
-  memory = var.env == "prod" ? 512 : 256
+  memory = var.env == "prod" ? 256 : 128
   count  = var.env == "prod" ? 1 : 1
 
 
@@ -52,6 +52,14 @@ resource "aws_ecs_task_definition" "pybot" {
         }
       }
 
+      healthCheck = {
+        command     = ["CMD-SHELL", "wget -q -O /dev/null http://localhost:5000/health"]
+        interval    = 30
+        timeout     = 5
+        retries     = 3
+        startPeriod = 60
+      }
+
       secrets = local.secrets_env
 
       mountPoints = []

diff --git a/terraform/python_backend/main.tf b/terraform/python_backend/main.tf
@@ -33,7 +33,7 @@ resource "aws_ecs_task_definition" "python_backend" {
   container_definitions = jsonencode([
     {
       name      = "python_backend_${var.env}"
-      image     = "operationcode/back-end:${var.image_tag}"
+      image     = "633607774026.dkr.ecr.us-east-2.amazonaws.com/back-end:${var.image_tag}"
       essential = true
 
       portMappings = [
@@ -53,6 +53,13 @@ resource "aws_ecs_task_definition" "python_backend" {
         }
       }
 
+      healthCheck = {
+        command     = ["CMD-SHELL", "wget -q -O /dev/null http://localhost:8000/healthz"]
+        interval    = 30
+        timeout     = 5
+        retries     = 3
+        startPeriod = 60
+      }
 
       environment = [
         {