Stage-to-Main: Enable Multi-Region ECR Deploys #62
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why these changes are being introduced: Once again, the CDPS project is pushing us to update one of our core infrastructure repositories to handle deployment of resources to multiple regions. How this addresses that need: * Create and ADR for this decision * Minor formatting change to the PR template Side effects of this change: None. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
Why these changes are being introduced: Matching files names in the repository to the documentation in the README (expect all the files that create ECR Repositories to end with `_ecr` or `_ecrs`). How this addresses that need: * Rename existing files to include the `_ecr` Side effects of this change: None.
Why these changes are being introduced: We need to ensure that the embedded module can correctly create resources in multiple regions. Since IAM Roles/Policies are "global" we only want to create those resources in the default `us-east-1` region. The ECR Repository is regional, so we create it each time the module is called based on the submitted provider. How this addresses that need: * Add the `aws_region.current` data object so that we can track the region provided when the module is called * Add conditionals to all the "global" resources so that they only get created when the module is called for the us-east-1 region * Reorganize the resource creation in the embedded module slightly Side effects of this change: None Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
Why these changes are being introduced: We need the `s3-bagit-validator` container in ECR Repositories in us-east-1 and us-west-2. How this addresses that need: * Add an additional AWS Provider alias for us-west-2 * Create a new file for the us-west-2 ECR Repository for s3-bagit-validator * Rename the old cdps ECR file to clarify where the resources are getting created * Add a us-west-2 module call for the s3-bagit-validator ECR creation Side effects of this change: None Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
Why these changes are being introduced: Now that we have ECR Repositories in multiple regions, we need to genarate a few additional lines for each workflow and Makefile when we enable an additional region. How this addresses that need: * Create an additional template file for the Makefile add-ins * Create an additional template file for the dev-build add-ins * Create an additional template file for the stage-build add-ins * Create an additional template file for the prod-promote add-ins * Create a new Tf output for the Makefile add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the dev-build add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the stage-build add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the prod-promote add-ins for the bagit Lambda that is deployed in us-west-2 Side effects of this change: None. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
Why these changes are being made: We are no longer using the old Fargate-specific and Lambda-specific template files in any of the ECR modules. How this addresses that need: * Delete the old, no-longer-used template files Side effects: None.
Dev-to-Stage: Update ECR Repository Creation for Multiple Regions
Why these changes are being introduced: I missed three typos, one in a comment and two in the special Tf outputs for stage & prod. How this addresses that need: * Fix this mistaken capital letter in a comment in the providers.tf file * Fix the stage-only output to pull from the correct "extra-region" template file instead of the regular template file for the "west" region workflow lines * Fix the prod-only output to pull from the correct "extra-region" template file intead of the regular template file for the "west" region workflow lines Side effects of this change: None. Only changes outputs. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
Fix Typos!
tim-rix
approved these changes
May 9, 2025
Contributor
tim-rix
left a comment
tim-rix
left a comment
There was a problem hiding this comment.
Everything looks OK to me
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Developer Checklist
What does this PR do?
.tffiles to match the documentation in the README (e.g., add_ecrto the end of most of the files)us-east-1while other resources are created in each region specified in the module call)us-west-2for the s3-bagit-validator applicationHelpful background context
The CDPS-Storage infrastructure needs to run a container-based Lambda in more than one region. This necessitated and update to this repository so that we could easily generate ECR repositories in more than just our default
us-east-1region. As part of this, we also need to generate additional text to go in the various GitHub Actions workflows and Makefiles in the associated application repositories.Note: The changes to the embedded module introduce indexes to many of the resources that are created there (that is an expected consequence of introducing a conditional creation line). The speculative plan in Prod shows a large number of "has moved to" changes to resources. Thankfully, the version of Terraform we are using for this repo in Terraform Cloud can handle this moves automatically without us having to create
moved {}blocks in the code.What are the relevant tickets?
Requires Database Migrations?
NO
Includes new or updated dependencies?
NO