Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue 1037] Allow choosing between multiple VPCs #1052

Merged
merged 7 commits into from
Jan 23, 2024
Merged

[Issue 1037] Allow choosing between multiple VPCs #1052

merged 7 commits into from
Jan 23, 2024

Conversation

coilysiren
Copy link
Collaborator

@coilysiren coilysiren commented Jan 19, 2024
edited
Loading

Summary

In service of, but does not resolve, #1037

Time to review: 5 mins

Changes proposed

  • Changes all 3 terraform apps (frontend, backend, database) to allow them to be deployed from a non-default VPC
  • Deploys the database into the "database" subnets, which have been backfilled into the default VPC

Context for reviewers

The Nava template has been updated to use non-default VPCs as our core networking layer. Migrating to that infrastructure will take quite some time, so I'm doing it piece by piece. The center of this piece is this code:

  network_configs = {
    # TODO(https://github.com/HHS/simpler-grants-gov/issues/1051) deploy to a non-default VPC in every environment
    dev     = { vpc_name = "default" }
    staging = { vpc_name = "staging" }
    prod    = { vpc_name = "default" }
  }

Which maps environment to vpc name. Currently, only staging is using a non-default VPC. I plan on having a long running branch (here: #1044) where I thoroughly test the staging VPC before merging it. This PR allows me to merge code that uses the non-default VPC, exclusively in our staging configuration.

Additional information

Here is the proposed network design that I am working towards:

graph RL;

  subgraph accounts
    shared_account[shared]
  end

  subgraph networks
    dev_network[dev]
    staging_network[staging]
    prod_network[prod]
  end

  subgraph environments
    dev_environment[dev]
    staging_environment[staging]
    prod_environment[prod]
  end

  dev_network --> shared_account
  staging_network --> shared_account
  prod_network --> shared_account

  dev_environment --> dev_network
  staging_environment --> staging_network
  prod_environment --> prod_network
Loading

Here is the temporary network design as of this PR

graph RL;

  subgraph accounts
    shared_account[shared]
  end

  subgraph networks
    staging_network[staging]
    default_network[default]
  end

  subgraph environments
    dev_environment[dev]
    staging_environment[staging]
    prod_environment[prod]
  end

  default_network --> shared_account
  staging_network --> shared_account

  dev_environment --> default_network
  staging_environment --> staging_network
  prod_environment --> default_network
Loading

@coilysiren coilysiren self-assigned this Jan 22, 2024
@coilysiren coilysiren marked this pull request as ready for review January 22, 2024 21:28
@aplybeah
Copy link
Contributor

non-blocking q: what would the order of operations be for deploying in a different non-default environment if we wanted to move resources? (e.g. moving something to the staging vpc so it's covered by a private subnet)

@coilysiren
Copy link
Collaborator Author

coilysiren commented Jan 23, 2024
edited
Loading

@aplybeah order of operations is roughly:

  • allow the apps to be deployed to non default networking confs (this and previous PRs)
  • create a staging VPC
  • deploy an app to staging, test every component so we're sure they're working
  • merge the long running branch I've been using to deploy staging
  • deploy dev, then prod. Will require some downtime

@coilysiren coilysiren merged commit efa17a2 into main Jan 23, 2024
9 checks passed
@coilysiren coilysiren deleted the vpc-switcher branch January 23, 2024 19:02
@coilysiren coilysiren mentioned this pull request Jan 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aplybeah aplybeah aplybeah approved these changes

@jamesbursa jamesbursa Awaiting requested review from jamesbursa

Assignees

@coilysiren coilysiren

Labels
terraform
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coilysiren @aplybeah