From b1b3ab17ad4f57e44eaddc34024c1e7f9910b050 Mon Sep 17 00:00:00 2001
From: JoshuaLicense <JoshuaLicense@users.noreply.github.com>
Date: Tue, 7 May 2024 09:14:17 +0100
Subject: [PATCH] feat(terraform): add `CDN_URL` to environment variables

---
 infra/terraform/environments/dev/main.tf     | 16 ++++++--
 infra/terraform/modules/service/README.md    |  2 +-
 infra/terraform/modules/service/ecs.tf       | 41 +++++++++++---------
 infra/terraform/modules/service/variables.tf | 18 +++++----
 4 files changed, 46 insertions(+), 31 deletions(-)

diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
index 90d9175abc..74572b9b7f 100644
--- a/infra/terraform/environments/dev/main.tf
+++ b/infra/terraform/environments/dev/main.tf
@@ -74,7 +74,8 @@ module "service" {
       cpu    = 1024
       memory = 4096
 
-      image = "${data.aws_ecr_repository.this["api"].repository_url}:${var.api_image_tag}"
+      version    = var.api_image_tag
+      repository = "${data.aws_ecr_repository.this["api"].repository_url}"
 
       task_iam_role_statements = [
         {
@@ -147,7 +148,8 @@ module "service" {
         data.aws_security_group.this["API"].id
       ]
 
-      lb_listener_arn = data.aws_lb_listener.this["API"].arn
+      lb_listener_arn           = data.aws_lb_listener.this["API"].arn
+      listener_rule_host_header = "api.*"
 
       vpc_id = data.aws_vpc.this.id
     }
@@ -156,7 +158,10 @@ module "service" {
       cpu    = 1024
       memory = 4096
 
-      image = "${data.aws_ecr_repository.this["internal"].repository_url}:${var.internal_image_tag}"
+      version    = var.internal_image_tag
+      repository = "${data.aws_ecr_repository.this["internal"].repository_url}"
+
+      add_cdn_url_to_env = true
 
       task_iam_role_statements = [
         {
@@ -194,7 +199,10 @@ module "service" {
       cpu    = 1024
       memory = 4096
 
-      image = "${data.aws_ecr_repository.this["selfserve"].repository_url}:${var.selfserve_image_tag}"
+      version    = var.selfserve_image_tag
+      repository = "${data.aws_ecr_repository.this["selfserve"].repository_url}"
+
+      add_cdn_url_to_env = true
 
       task_iam_role_statements = [
         {
diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
index cbbe78a7b5..8c523a63f7 100644
--- a/infra/terraform/modules/service/README.md
+++ b/infra/terraform/modules/service/README.md
@@ -44,7 +44,7 @@
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
-| <a name="input_services"></a> [services](#input\_services) | The services to deploy | <pre>map(object({<br>    image              = string<br>    cpu                = number<br>    memory             = number<br>    lb_listener_arn    = string<br>    security_group_ids = list(string)<br>    subnet_ids         = list(string)<br>    vpc_id             = string<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>  }))</pre> | `{}` | no |
+| <a name="input_services"></a> [services](#input\_services) | The services to deploy | <pre>map(object({<br>    version    = string<br>    repository = string<br>    cpu        = number<br>    memory     = number<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    add_cdn_url_to_env        = optional(bool, false)<br>    lb_listener_arn           = string<br>    listener_rule_priority    = optional(number, 10)<br>    listener_rule_host_header = optional(string, "*")<br>    security_group_ids        = list(string)<br>    subnet_ids                = list(string)<br>    vpc_id                    = string<br>  }))</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/infra/terraform/modules/service/ecs.tf b/infra/terraform/modules/service/ecs.tf
index 8ded37a7e3..752d3a2ee7 100644
--- a/infra/terraform/modules/service/ecs.tf
+++ b/infra/terraform/modules/service/ecs.tf
@@ -23,7 +23,7 @@ resource "aws_lb_listener_rule" "this" {
   for_each = var.services
 
   listener_arn = each.value.lb_listener_arn
-  priority     = 10
+  priority     = each.value.listener_rule_priority
 
   action {
     type             = "forward"
@@ -31,9 +31,8 @@ resource "aws_lb_listener_rule" "this" {
   }
 
   condition {
-    query_string {
-      key   = "infra"
-      value = "ecs"
+    host_header {
+      values = [each.value.listener_rule_host_header]
     }
   }
 }
@@ -84,7 +83,7 @@ module "ecs_service" {
       cpu       = try(var.services[each.key].task_cpu_limit, var.services[each.key].cpu / 2)
       memory    = try(var.services[each.key].task_memory_limit, var.services[each.key].memory / 4)
       essential = true
-      image     = var.services[each.key].image
+      image     = "${var.services[each.key].repository}:${var.services[each.key].version}"
       port_mappings = [
         {
           name          = "http"
@@ -97,20 +96,24 @@ module "ecs_service" {
       # Have to explicitly set the user to null to avoid the default user being set to root.
       user = null
 
-      environment = [
-        {
-          name  = "ENVIRONMENT_NAME"
-          value = var.environment
-        },
-        {
-          name  = "APP_VERSION"
-          value = var.services[each.key].image
-        },
-        {
-          name  = "CDN_URL"
-          value = module.cloudfront.cloudfront_distribution_domain_name
-        }
-      ]
+      environment = concat(
+        [
+          {
+            name  = "ENVIRONMENT_NAME"
+            value = var.environment
+          },
+          {
+            name  = "APP_VERSION"
+            value = var.services[each.key].version
+          },
+        ],
+        each.value.add_cdn_url_to_env ? [
+          {
+            name  = "CDN_URL"
+            value = module.cloudfront.cloudfront_distribution_domain_name
+          }
+        ] : []
+      )
 
       readonly_root_filesystem = false
 
diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
index 67482eef01..9f04ca6ffa 100644
--- a/infra/terraform/modules/service/variables.tf
+++ b/infra/terraform/modules/service/variables.tf
@@ -15,18 +15,22 @@ variable "assets_version" {
 
 variable "services" {
   type = map(object({
-    image              = string
-    cpu                = number
-    memory             = number
-    lb_listener_arn    = string
-    security_group_ids = list(string)
-    subnet_ids         = list(string)
-    vpc_id             = string
+    version    = string
+    repository = string
+    cpu        = number
+    memory     = number
     task_iam_role_statements = list(object({
       effect    = string
       actions   = list(string)
       resources = list(string)
     }))
+    add_cdn_url_to_env        = optional(bool, false)
+    lb_listener_arn           = string
+    listener_rule_priority    = optional(number, 10)
+    listener_rule_host_header = optional(string, "*")
+    security_group_ids        = list(string)
+    subnet_ids                = list(string)
+    vpc_id                    = string
   }))
   description = "The services to deploy"
   default     = {}