Propagate tags from ECS services.

main.tf

@@ -42,6 +42,8 @@ module "metaflow-metadata-service" {
   subnet2_id                       = var.subnet2_id
   vpc_cidr_blocks                  = var.vpc_cidr_blocks
   with_public_ip                   = var.with_public_ip
+  nlb_arn                          = var.nlb_arn
+  nlb_dns_name                     = var.nlb_dns_name
 
   standard_tags = var.tags
 }

modules/datastore/rds.tf

@@ -96,24 +96,25 @@ resource "aws_rds_cluster_instance" "cluster_instances" {
  Define rds db instance.
 */
 resource "aws_db_instance" "this" {
-  count                     = local.use_aurora ? 0 : 1
-  publicly_accessible       = false
-  allocated_storage         = 20    # Allocate 20GB
-  storage_type              = "gp2" # general purpose SSD
-  storage_encrypted         = true
-  kms_key_id                = aws_kms_key.rds.arn
-  engine                    = var.db_engine
-  engine_version            = var.db_engine_version
-  instance_class            = var.db_instance_type                                         # Hardware configuration
-  identifier                = "${var.resource_prefix}${var.db_name}${var.resource_suffix}" # used for dns hostname needs to be customer unique in region
-  db_name                   = var.db_name                                                  # unique id for CLI commands (name of DB table which is why we're not adding the prefix as no conflicts will occur and the API expects this table name)
-  username                  = var.db_username
-  password                  = random_password.this.result
-  db_subnet_group_name      = aws_db_subnet_group.this.id
-  max_allocated_storage     = 1000                                                                                                           # Upper limit of automatic scaled storage
-  multi_az                  = true                                                                                                           # Multiple availability zone?
-  final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
-  vpc_security_group_ids    = [aws_security_group.rds_security_group.id]
+  count                       = local.use_aurora ? 0 : 1
+  publicly_accessible         = false
+  allocated_storage           = 20    # Allocate 20GB
+  storage_type                = "gp2" # general purpose SSD
+  storage_encrypted           = true
+  kms_key_id                  = aws_kms_key.rds.arn
+  engine                      = var.db_engine
+  engine_version              = var.db_engine_version
+  instance_class              = var.db_instance_type                                         # Hardware configuration
+  identifier                  = "${var.resource_prefix}${var.db_name}${var.resource_suffix}" # used for dns hostname needs to be customer unique in region
+  db_name                     = var.db_name                                                  # unique id for CLI commands (name of DB table which is why we're not adding the prefix as no conflicts will occur and the API expects this table name)
+  username                    = var.db_username
+  password                    = random_password.this.result
+  db_subnet_group_name        = aws_db_subnet_group.this.id
+  max_allocated_storage       = 1000                                                                                                           # Upper limit of automatic scaled storage
+  multi_az                    = false                                                                                                           # Multiple availability zone?
+  final_snapshot_identifier   = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete
+  vpc_security_group_ids      = [aws_security_group.rds_security_group.id]
+  allow_major_version_upgrade = true
 
   tags = merge(
     var.standard_tags,

modules/datastore/variables.tf

@@ -11,7 +11,7 @@ variable "db_engine" {
 
 variable "db_engine_version" {
   type    = string
-  default = "11"
+  default = "13"
 }
 
 variable "db_name" {

modules/metadata-service/api-gateway.tf

@@ -56,7 +56,7 @@ resource "aws_api_gateway_resource" "db" {
 resource "aws_api_gateway_vpc_link" "this" {
   count       = var.enable_api_gateway ? 1 : 0
   name        = "${var.resource_prefix}vpclink${var.resource_suffix}"
-  target_arns = [aws_lb.this.arn]
+  target_arns = [var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn]
 
   tags = var.standard_tags
 }
@@ -103,7 +103,7 @@ resource "aws_api_gateway_integration" "this" {
   }
 
   type                    = "HTTP_PROXY"
-  uri                     = "http://${aws_lb.this.dns_name}/{proxy}"
+  uri                     = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}/{proxy}"
   integration_http_method = "ANY"
   passthrough_behavior    = "WHEN_NO_MATCH"
   connection_type         = "VPC_LINK"
@@ -118,7 +118,7 @@ resource "aws_api_gateway_integration" "db" {
 
 
   type                    = "HTTP_PROXY"
-  uri                     = "http://${aws_lb.this.dns_name}:8082/db_schema_status"
+  uri                     = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}:8082/db_schema_status"
   integration_http_method = "GET"
   passthrough_behavior    = "WHEN_NO_MATCH"
   connection_type         = "VPC_LINK"

modules/metadata-service/ec2.tf

@@ -45,6 +45,7 @@ resource "aws_security_group" "metadata_service_security_group" {
 }
 
 resource "aws_lb" "this" {
+  count              = var.nlb_arn == "" ? 1 : 0
   name               = "${var.resource_prefix}nlb${var.resource_suffix}"
   internal           = true
   load_balancer_type = "network"
@@ -89,7 +90,7 @@ resource "aws_lb_target_group" "db_migrate" {
 }
 
 resource "aws_lb_listener" "this" {
-  load_balancer_arn = aws_lb.this.arn
+  load_balancer_arn = var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn
   port              = "80"
   protocol          = "TCP"
 
@@ -100,7 +101,7 @@ resource "aws_lb_listener" "this" {
 }
 
 resource "aws_lb_listener" "db_migrate" {
-  load_balancer_arn = aws_lb.this.arn
+  load_balancer_arn = var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn
   port              = "8082"
   protocol          = "TCP"
 

modules/metadata-service/ecs.tf

@@ -94,5 +94,6 @@ resource "aws_ecs_service" "this" {
     ignore_changes = [desired_count]
   }
 
+  propagate_tags = "SERVICE"
   tags = var.standard_tags
 }

modules/metadata-service/lambda.tf

@@ -124,7 +124,7 @@ resource "aws_lambda_function" "db_migrate_lambda" {
 
   environment {
     variables = {
-      MD_LB_ADDRESS = "http://${aws_lb.this.dns_name}:8082"
+      MD_LB_ADDRESS = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}:8082"
     }
   }
 

modules/metadata-service/outputs.tf

@@ -1,5 +1,5 @@
 output "METAFLOW_SERVICE_INTERNAL_URL" {
-  value       = "http://${aws_lb.this.dns_name}/"
+  value       = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}/"
   description = "URL for Metadata Service (Accessible in VPC)"
 }
 
@@ -34,6 +34,6 @@ output "metadata_svc_ecs_task_role_arn" {
 }
 
 output "network_load_balancer_dns_name" {
-  value       = aws_lb.this.dns_name
+  value       = var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name
   description = "The DNS addressable name for the Network Load Balancer that accepts requests and forwards them to our Fargate MetaData service instance(s)"
 }

modules/metadata-service/variables.tf

@@ -126,3 +126,13 @@ variable "with_public_ip" {
   type        = bool
   description = "Enable public IP assignment for the Metadata Service. Typically you want this to be set to true if using public subnets as subnet1_id and subnet2_id, and false otherwise"
 }
+
+variable "nlb_arn" {
+  type        = string
+  description = "The ARN of the network load balancer to use for Metaflow. A new resource will be created if unfilled. Must be provided together with nlb_dns_name."
+}
+
+variable "nlb_dns_name" {
+  type        = string
+  description = "The DNS name of the network load balancer to use for Metaflow. Must be provided together with nlb_arn."
+}

modules/ui/ecs_ui_backend.tf

@@ -74,5 +74,6 @@ resource "aws_ecs_service" "ui_backend" {
     ignore_changes = [desired_count]
   }
 
+  propagate_tags = "SERVICE"
   tags = var.standard_tags
 }

modules/ui/ecs_ui_static.tf

@@ -66,5 +66,6 @@ resource "aws_ecs_service" "ui_static" {
     ignore_changes = [desired_count]
   }
 
+  propagate_tags = "SERVICE"
   tags = var.standard_tags
 }

variables.tf

@@ -70,12 +70,12 @@ variable "compute_environment_egress_cidr_blocks" {
 variable "db_instance_type" {
   type        = string
   description = "RDS instance type to launch for PostgresQL database."
-  default     = "db.t2.small"
+  default     = "db.t3.small"
 }
 
 variable "db_engine_version" {
   type    = string
-  default = "11"
+  default = "13"
 }
 
 variable "launch_template_http_endpoint" {
@@ -199,3 +199,15 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "nlb_arn" {
+  type        = string
+  description = "The ARN of the network load balancer to use for Metaflow. A new resource will be created if unfilled. Must be provided together with nlb_dns_name."
+  default     = ""
+}
+
+variable "nlb_dns_name" {
+  type        = string
+  description = "The DNS name of the network load balancer to use for Metaflow. Must be provided together with nlb_arn."
+  default     = ""
+}