Create configuration for data replication

- This produces a replicate DB with a single ECS task connected
- Usefull for testing migrations/sql/etc on a production data without
  actually modifying the production system
- The replicate DB will be spawned from a snapshot which is passed as a
  variable
- Some modification was done to the ecs module to ensure that task
  definitions are distinct

Author: TheOneFromNorway

.github/workflows/deploy-data-replica.yml

@@ -27,7 +27,7 @@ resource "aws_security_group_rule" "egress_all" {
 }
 
 resource "aws_ecs_service" "this" {
-  name                              = "mavis-${var.environment}-${var.server_type}"
+  name                              = "${var.naming_prefix}${var.environment}-${var.server_type}"
   cluster                           = var.cluster_id
   task_definition                   = aws_ecs_task_definition.this.arn
   desired_count                     = var.minimum_replica_count
@@ -70,7 +70,7 @@ resource "aws_ecs_service" "this" {
 }
 
 resource "aws_ecs_task_definition" "this" {
-  family                   = "mavis-${var.server_type}-task-definition-${var.environment}"
+  family                   = "${var.naming_prefix}${var.server_type}-task-definition-${var.environment}"
   requires_compatibilities = ["FARGATE"]
   network_mode             = "awsvpc"
   cpu                      = var.task_config.cpu

terraform/app/modules/ecs_service/main.tf

@@ -26,6 +26,13 @@ variable "maximum_replica_count" {
   }
 }
 
+variable "naming_prefix" {
+  type        = string
+  description = "Prefix to be used for naming the ECS service and task definition"
+  default     = "mavis-"
+  nullable    = false
+}
+
 variable "autoscaling_policies" {
   type = map(object({
     predefined_metric_type = string

terraform/app/modules/ecs_service/variables.tf

@@ -0,0 +1,43 @@
+
+resource "aws_ecs_cluster" "cluster" {
+  name = local.name_prefix
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "ecs_log_group" {
+  name              = "${local.name_prefix}-ecs"
+  retention_in_days = 1
+  skip_destroy      = false
+}
+
+
+module "db_access_service" {
+  source                = "../app/modules/ecs_service"
+  cluster_id            = aws_ecs_cluster.cluster.id
+  cluster_name          = aws_ecs_cluster.cluster.name
+  environment           = var.environment
+  naming_prefix         = "mavis-data-replication-"
+  maximum_replica_count = 1
+  minimum_replica_count = 1
+  network_params = {
+    subnets = local.subnet_list
+    vpc_id  = aws_vpc.vpc.id
+  }
+  server_type = "good-job"
+  task_config = {
+    environment          = local.task_envs
+    secrets              = local.task_secrets
+    cpu                  = 1024
+    memory               = 2048
+    docker_image         = "${var.account_id}.dkr.ecr.eu-west-2.amazonaws.com/${var.docker_image}@${var.image_digest}"
+    execution_role_arn   = aws_iam_role.ecs_task_execution_role.arn
+    task_role_arn        = aws_iam_role.ecs_task_role.arn
+    log_group_name       = aws_cloudwatch_log_group.ecs_log_group.name
+    region               = var.region
+    health_check_command = ["CMD-SHELL", "curl -f http://localhost:4000 || exit 1"]
+  }
+}

terraform/data_replication/ecs.tf

@@ -0,0 +1,4 @@
+bucket         = "nhse-mavis-terraform-state-production"
+key            = "terraform-data-replication-production.tfstate"
+region         = "eu-west-2"
+dynamodb_table = "mavis-terraform-state-lock"

terraform/data_replication/env/production-backend.hcl

@@ -0,0 +1,4 @@
+environment               = "production"
+rails_env                 = "production"
+rails_master_key_path     = "/copilot/mavis/production/secrets/RAILS_MASTER_KEY"
+max_aurora_capacity_units = 16

terraform/data_replication/env/production.tfvars

@@ -0,0 +1,4 @@
+bucket         = "nhse-mavis-terraform-state"
+key            = "terraform-data-replication-qa.tfstate"
+region         = "eu-west-2"
+dynamodb_table = "mavis-terraform-state-lock"

terraform/data_replication/env/qa-backend.hcl

@@ -0,0 +1,2 @@
+environment           = "qa"
+rails_master_key_path = "/copilot/mavis/secrets/STAGING_RAILS_MASTER_KEY"

terraform/data_replication/env/qa.tfvars

@@ -0,0 +1,4 @@
+bucket         = "nhse-mavis-terraform-state"
+key            = "terraform-data-replication-sandbox-alpha.tfstate"
+region         = "eu-west-2"
+dynamodb_table = "mavis-terraform-state-lock"

terraform/data_replication/env/sandbox-alpha-backend.hcl

@@ -0,0 +1,2 @@
+environment           = "sandbox-alpha"
+rails_master_key_path = "/copilot/mavis/secrets/STAGING_RAILS_MASTER_KEY"