More SG work

wri · Aug 27, 2024 · d16816e · d16816e
1 parent 04e9de2
commit d16816e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -32,15 +32,15 @@ locals {
 
 # Docker image for FastAPI app
 module "app_docker_image" {
-  source     = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha"
+  source     = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha4"
   image_name = substr(lower("${local.project}${local.name_suffix}"), 0, 64)
   root_dir   = "${path.root}/../"
   tag        = local.container_tag
 }
 
 # Docker image for GDAL Python Batch jobs
 module "batch_gdal_python_image" {
-  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha"
+  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha4"
   image_name      = substr(lower("${local.project}-gdal_python${local.name_suffix}"), 0, 64)
   root_dir        = "${path.root}/../"
   docker_path     = "batch"
@@ -49,7 +49,7 @@ module "batch_gdal_python_image" {
 
 # Docker image for PixETL Batch jobs
 module "batch_pixetl_image" {
-  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha"
+  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha4"
   image_name      = substr(lower("${local.project}-pixetl${local.name_suffix}"), 0, 64)
   root_dir        = "${path.root}/../"
   docker_path     = "batch"
@@ -58,7 +58,7 @@ module "batch_pixetl_image" {
 
 # Docker image for PostgreSQL Client Batch jobs
 module "batch_postgresql_client_image" {
-  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha"
+  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha4"
   image_name      = substr(lower("${local.project}-postgresql_client${local.name_suffix}"), 0, 64)
   root_dir        = "${path.root}/../"
   docker_path     = "batch"
@@ -67,7 +67,7 @@ module "batch_postgresql_client_image" {
 
 # Docker image for Tile Cache Batch jobs
 module "batch_tile_cache_image" {
-  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha"
+  source          = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/container_registry?ref=v0.4.2.6-alpha4"
   image_name      = substr(lower("${local.project}-tile_cache${local.name_suffix}"), 0, 64)
   root_dir        = "${path.root}/../"
   docker_path     = "batch"
@@ -76,7 +76,7 @@ module "batch_tile_cache_image" {
 
 
 module "fargate_autoscaling" {
-  source                       = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/fargate_autoscaling?ref=v0.4.2.5"
+  source                       = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/fargate_autoscaling?ref=v0.4.2.6-alpha4"
   project                      = local.project
   name_suffix                  = local.name_suffix
   tags                         = local.fargate_tags
@@ -96,7 +96,10 @@ module "fargate_autoscaling" {
   auto_scaling_max_cpu_util    = var.auto_scaling_max_cpu_util
   auto_scaling_min_capacity    = var.auto_scaling_min_capacity
   //  acm_certificate_arn       = var.environment == "dev" ? null : data.terraform_remote_state.core.outputs.acm_certificate
-  security_group_ids = [data.terraform_remote_state.core.outputs.postgresql_security_group_id]
+  security_group_ids = [
+    data.terraform_remote_state.core.outputs.postgresql_security_group_id,
+    data.terraform_remote_state.core.outputs.aws_security_group.ecs_security_group_id
+  ]
   task_role_policies = [
     data.terraform_remote_state.core.outputs.iam_policy_s3_write_data-lake_arn,
     aws_iam_policy.run_batch_jobs.arn,
@@ -121,7 +124,7 @@ module "fargate_autoscaling" {
 
 # Using instance types with 1 core only
 module "batch_aurora_writer" {
-  source = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/compute_environment?ref=v0.4.2.6-alpha"
+  source = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/compute_environment?ref=v0.4.2.6-alpha4"
   ecs_role_policy_arns = [
     data.terraform_remote_state.core.outputs.iam_policy_s3_write_data-lake_arn,
     data.terraform_remote_state.core.outputs.secrets_postgresql-reader_policy_arn,
@@ -140,7 +143,8 @@ module "batch_aurora_writer" {
   project   = local.project
   security_group_ids = [
     data.terraform_remote_state.core.outputs.default_security_group_id,
-    data.terraform_remote_state.core.outputs.postgresql_security_group_id
+    data.terraform_remote_state.core.outputs.postgresql_security_group_id,
+    data.terraform_remote_state.core.outputs.aws_security_group.batch_security_group_id
   ]
   subnets                  = data.terraform_remote_state.core.outputs.private_subnet_ids
   suffix                   = local.name_suffix
@@ -152,7 +156,7 @@ module "batch_aurora_writer" {
 
 
 module "batch_data_lake_writer" {
-  source = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/compute_environment?ref=v0.4.2.6-alpha"
+  source = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/compute_environment?ref=v0.4.2.6-alpha4"
   ecs_role_policy_arns = [
     aws_iam_policy.query_batch_jobs.arn,
     aws_iam_policy.s3_read_only.arn,
@@ -167,7 +171,8 @@ module "batch_data_lake_writer" {
   project   = local.project
   security_group_ids = [
     data.terraform_remote_state.core.outputs.default_security_group_id,
-    data.terraform_remote_state.core.outputs.postgresql_security_group_id
+    data.terraform_remote_state.core.outputs.postgresql_security_group_id,
+    data.terraform_remote_state.core.outputs.aws_security_group.batch_security_group_id
   ]
   subnets               = data.terraform_remote_state.core.outputs.private_subnet_ids
   suffix                = local.name_suffix

diff --git a/terraform/modules/batch/main.tf b/terraform/modules/batch/main.tf
@@ -52,7 +52,6 @@ resource "aws_batch_job_queue" "pixetl" {
   depends_on           = [var.pixetl_compute_environment_arn]
 }
 
-
 resource "aws_batch_job_definition" "tile_cache" {
   name                 = substr("${var.project}-tile_cache${var.name_suffix}", 0, 64)
   type                 = "container"