Merge pull request #108 from pbs/CAT-24419-v2

CAT-24419 Added CW Application Signals setup
pbs · Sep 30, 2024 · 67a2336 · 67a2336
2 parents 77b30b7 + 6a16c0d
commit 67a2336
Show file tree

Hide file tree

Showing 12 changed files with 195 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 ### Using the Repo Source
 
 ```hcl
-github.com/pbs/terraform-aws-ecs-service-module?ref=6.0.1
+github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z
 ```
 
 ### Alternative Installation Methods
@@ -26,7 +26,7 @@ Integrate this module like so:
 
 ```hcl
 module "service" {
-  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.0.1"
+  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
 
   # Required
   hosted_zone = "example.com"
@@ -49,7 +49,7 @@ This module will create an ECS cluster if one is not provided. If you would like
 
 ```hcl
 module "service" {
-  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.0.1"
+  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
 
   # Required
   hosted_zone = "example.com"
@@ -73,7 +73,7 @@ module "service" {
 
 If this repo is added as a subtree, then the version of the module should be close to the version shown here:
 
-`6.0.1`
+`x.y.z`
 
 Note, however that subtrees can be altered as desired within repositories.
 
@@ -103,7 +103,7 @@ Below is automatically generated documentation on this Terraform module using [t
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_cluster"></a> [cluster](#module\_cluster) | github.com/pbs/terraform-aws-ecs-cluster-module | 1.0.2 |
-| <a name="module_task"></a> [task](#module\_task) | github.com/pbs/terraform-aws-ecs-task-definition-module | 2.0.0 |
+| <a name="module_task"></a> [task](#module\_task) | github.com/pbs/terraform-aws-ecs-task-definition-module | 2.0.2 |
 
 ## Resources
 
@@ -162,6 +162,7 @@ Below is automatically generated documentation on this Terraform module using [t
 | <a name="input_organization"></a> [organization](#input\_organization) | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | `string` | n/a | yes |
 | <a name="input_product"></a> [product](#input\_product) | Tag used to group resources according to product | `string` | n/a | yes |
 | <a name="input_repo"></a> [repo](#input\_repo) | Tag used to point to the repo using this module | `string` | n/a | yes |
+| <a name="input_PYTHONPATH"></a> [PYTHONPATH](#input\_PYTHONPATH) | (optional) PYTHONPATH of the application; required by the cwagent sidecar container | `string` | `":"` | no |
 | <a name="input_acm_arn"></a> [acm\_arn](#input\_acm\_arn) | ARN of the ACM certificate to use for the service. If null, one will be guessed based on the primary hosted zone of the service. | `string` | `null` | no |
 | <a name="input_alb_ssl_policy"></a> [alb\_ssl\_policy](#input\_alb\_ssl\_policy) | SSL policy to use for an Application Load Balancer application. | `string` | `"ELBSecurityPolicy-2016-08"` | no |
 | <a name="input_aliases"></a> [aliases](#input\_aliases) | CNAME(s) that are allowed to be used for this service. Default is `product`.`hosted_zone`. e.g. [product.example.com] --> [product.example.com] | `list(string)` | `null` | no |
@@ -194,6 +195,7 @@ Below is automatically generated documentation on this Terraform module using [t
 | <a name="input_deployment_minimum_healthy_percent"></a> [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no |
 | <a name="input_dns_evaluate_target_health"></a> [dns\_evaluate\_target\_health](#input\_dns\_evaluate\_target\_health) | evaluate health of endpoints by querying DNS records | `bool` | `false` | no |
 | <a name="input_efs_mounts"></a> [efs\_mounts](#input\_efs\_mounts) | (optional) efs mount set of objects. Components should include dns\_name, container\_mount\_point, efs\_mount\_point | <pre>set(object({<br>    file_system_id = string<br>    efs_path       = string<br>    container_path = string<br>  }))</pre> | `[]` | no |
+| <a name="input_enable_application_signals"></a> [enable\_application\_signals](#input\_enable\_application\_signals) | (optional) if set to true, will enable CW Application Signals | `bool` | `false` | no |
 | <a name="input_enable_circuit_breaker"></a> [enable\_circuit\_breaker](#input\_enable\_circuit\_breaker) | Enables ECS circuit breaker | `bool` | `true` | no |
 | <a name="input_enable_circuit_breaker_rollback"></a> [enable\_circuit\_breaker\_rollback](#input\_enable\_circuit\_breaker\_rollback) | Enables ECS circuit breaker rollback | `bool` | `true` | no |
 | <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Enable cross-zone load balancing for NLBs. ALB have this enabled by default and cannot be disabled. | `string` | `true` | no |

diff --git a/examples/app-signals/.gitignore b/examples/app-signals/.gitignore
@@ -0,0 +1,2 @@
+backend.tf
+provider.tf
diff --git a/examples/app-signals/.terraform.lock.hcl b/examples/app-signals/.terraform.lock.hcl
diff --git a/examples/app-signals/main.tf b/examples/app-signals/main.tf
@@ -0,0 +1,12 @@
+module "service" {
+  source = "../.."
+
+  hosted_zone = var.hosted_zone
+
+  enable_application_signals = true
+
+  organization = var.organization
+  environment  = var.environment
+  product      = var.product
+  repo         = var.repo
+}
diff --git a/examples/app-signals/outputs.tf b/examples/app-signals/outputs.tf
@@ -0,0 +1,3 @@
+output "domain_name" {
+  value = module.service.domain_name
+}
diff --git a/examples/app-signals/sample-backend.tf b/examples/app-signals/sample-backend.tf
@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "my-bucket-tfstate"
+#     key            = "example-terraform-aws-ecs-service-basic"
+#     profile        = "my-profile"
+#     region         = "us-east-1"
+#     dynamodb_table = "terraform-lock"
+#   }
+# }
diff --git a/examples/app-signals/sample-provider.tf b/examples/app-signals/sample-provider.tf
@@ -0,0 +1,12 @@
+# provider "aws" {
+#   region  = "us-east-1"
+#   profile = "my-profile"
+#   default_tags {
+#     tags = {
+#       product      = var.product
+#       environment  = var.environment
+#       repo         = var.repo
+#       organization = var.organization
+#     }
+#   }
+# }
diff --git a/examples/app-signals/tags.tf b/examples/app-signals/tags.tf
@@ -0,0 +1,45 @@
+variable "environment" {
+  description = "Environment (sharedtools, dev, staging, prod)"
+  type        = string
+
+  default = "sharedtools"
+
+  validation {
+    condition     = contains(["sharedtools", "dev", "staging", "prod"], var.environment)
+    error_message = "The environment variable must be one of [sharedtools, dev, staging, prod]."
+  }
+}
+
+variable "product" {
+  description = "Tag used to group resources according to application"
+
+  default = "example-tf-ecs-service-basic"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.product))
+    error_message = "The product variable violates approved regex."
+  }
+}
+
+variable "repo" {
+  description = "Tag used to point to the repo using this module"
+
+  default = "https://github.com/pbs/terraform-ecs-service-module.git"
+
+  validation {
+    condition     = can(regex("(?:git|ssh|https?|git@[-\\w.]+):(\\/\\/)?(.*?)(\\.git)(\\/?|\\#[-\\d\\w._]+?)$", var.repo))
+    error_message = "The repo variable violates approved regex."
+  }
+}
+
+variable "organization" {
+  description = "Organization using this module. Used to prefix tags so that they are easily identified as being from your organization"
+  type        = string
+
+  default = "example"
+
+  validation {
+    condition     = can(regex("[a-z\\-]+", var.organization))
+    error_message = "The organization variable violates approved regex."
+  }
+}
diff --git a/examples/app-signals/vars.tf b/examples/app-signals/vars.tf
@@ -0,0 +1,4 @@
+variable "hosted_zone" {
+  type        = string
+  description = "Primary hosted zone for this service. Populate `TF_VAR_hosted_zone` before running any tests to have this value populated."
+}
diff --git a/locals.tf b/locals.tf
@@ -57,6 +57,63 @@ locals {
 
   creator = "terraform"
 
+  application_signals_envs = var.enable_application_signals == false ? [] : [
+    {
+      "name" : "OTEL_RESOURCE_ATTRIBUTES",
+      "value" : "service.name=${var.product},deployment.environment=${var.environment}"
+    },
+    {
+      "name" : "PYTHONPATH",
+      "value" : var.PYTHONPATH
+    },
+    {
+      "name" : "OTEL_EXPORTER_OTLP_PROTOCOL",
+      "value" : "http/protobuf"
+    },
+    {
+      "name" : "OTEL_TRACES_SAMPLER",
+      "value" : "xray"
+    },
+    {
+      "name" : "OTEL_TRACES_SAMPLER_ARG",
+      "value" : "endpoint=http://localhost:2000"
+    },
+    {
+      "name" : "OTEL_LOGS_EXPORTER",
+      "value" : "none"
+    },
+    {
+      "name" : "OTEL_PYTHON_DISTRO",
+      "value" : "aws_distro"
+    },
+    {
+      "name" : "OTEL_PYTHON_CONFIGURATOR",
+      "value" : "aws_configurator"
+    },
+    {
+      "name" : "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT",
+      "value" : "http://localhost:4316/v1/traces"
+    },
+    {
+      "name" : "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT",
+      "value" : "http://localhost:4316/v1/metrics"
+    },
+    {
+      "name" : "OTEL_METRICS_EXPORTER",
+      "value" : "none"
+    },
+    {
+      "name" : "OTEL_AWS_APPLICATION_SIGNALS_ENABLED",
+      "value" : "true"
+    }
+  ]
+
+  # setunion() cannot use empty sets 
+  env_vars = var.enable_application_signals == false ? var.env_vars : var.env_vars == null || var.env_vars == [] ? local.application_signals_envs : setunion(
+    local.application_signals_envs,
+    var.env_vars
+  )
+
   defaulted_tags = merge(
     var.tags,
     {

diff --git a/optional-task.tf b/optional-task.tf
@@ -157,3 +157,17 @@ variable "awslogs_driver_mode" {
   default     = "non-blocking"
   type        = string
 }
+
+# Clowdwatch Application Signals
+variable "enable_application_signals" {
+  description = "(optional) if set to true, will enable CW Application Signals"
+  default     = false
+  type        = bool
+}
+
+variable "PYTHONPATH" {
+  description = "(optional) PYTHONPATH of the application; required by the cwagent sidecar container"
+  type        = string
+
+  default = ":"
+}
diff --git a/task.tf b/task.tf
@@ -1,6 +1,6 @@
 module "task" {
   count  = var.task_def_arn == null ? 1 : 0
-  source = "github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.0"
+  source = "github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.2"
 
   name = local.name
 
@@ -26,7 +26,7 @@ module "task" {
   virtual_node = var.virtual_node
 
   ssm_path = var.ssm_path
-  env_vars = var.env_vars
+  env_vars = local.env_vars
 
   efs_mounts = var.efs_mounts
 
@@ -35,6 +35,8 @@ module "task" {
 
   use_xray_sidecar = var.use_xray_sidecar
 
+  use_cwagent_sidecar = var.enable_application_signals
+
   envoy_tag = var.envoy_tag
 
   network_mode             = var.network_mode