simpleinfra/terraform/monitorbot/app.tf at master · rust-lang/simpleinfra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// ECS deployment and CI integration of monitorbot.

module "monitorbot" {
  source         = "../shared/modules/ecs-app"
  cluster_config = data.terraform_remote_state.shared.outputs.ecs_cluster_config

  env  = "prod"
  name = "monitorbot"
  repo = "rust-lang/monitorbot"

  cpu              = 256
  memory           = 512
  tasks_count      = 0 # TODO: currently broken, avoid restarting it constantly
  platform_version = "1.4.0"

  environment = {
    MONITORBOT_RUNNERS_REPOS               = "rust-lang/rust"
    MONITORBOT_GH_RATE_LIMIT_STATS_REFRESH = 40
  }

  secrets = {
    MONITORBOT_GITHUB_TOKEN      = "/prod/monitorbot/github-token"
    MONITORBOT_RATE_LIMIT_TOKENS = "/prod/monitorbot/rate-limit-tokens"
  }

  computed_secrets = {
    MONITORBOT_SECRET = aws_ssm_parameter.secret.arn
  }

  expose_http = {
    container_port = 80
    domains        = ["monitorbot.infra.rust-lang.org"]

    prometheus = null

    health_check_path     = "/"
    health_check_interval = 5
    health_check_timeout  = 2
  }
}

// Generate the secret key used to access the metrics and store it in AWS
// Parameter Store. Prometheus will then fetch the credentials from it.

resource "random_password" "secret" {
  length  = 32
  special = true
}

resource "aws_ssm_parameter" "secret" {
  type  = "SecureString"
  name  = "/prod/monitorbot/secret"
  value = random_password.secret.result
}