The latest articles on DEV Community by Spike (@hard_coder). https://dev.to/hard_coder https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F978800%2Fa1f43fb5-1748-485a-bfc5-113bb5a9b57d.jpeg https://dev.to/hard_coder en Spike Fri, 07 Jul 2023 12:06:52 +0000 https://dev.to/hard_coder/define-objectid-for-pydantic-compatible-18eb https://dev.to/hard_coder/define-objectid-for-pydantic-compatible-18eb <p>I will update later.</p> <p>For now, use this code.</p> <h2> Test Versions </h2> <ul> <li>FastAPI: 0.100.0</li> <li>python: 3.11.4</li> <li>pydantic: 2.0.2</li> <li>pymongo: 4.4.0</li> <li>pyhumps: 3.8.0</li> </ul> <h2> ✨ Add new type PydanticObjectId </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">collections.abc</span> <span class="kn">import</span> <span class="n">Callable</span> <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Annotated</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">import</span> <span class="nn">humps</span> <span class="kn">from</span> <span class="nn">bson</span> <span class="kn">import</span> <span class="n">ObjectId</span> <span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">ConfigDict</span><span class="p">,</span> <span class="n">GetJsonSchemaHandler</span> <span class="kn">from</span> <span class="nn">pydantic.json_schema</span> <span class="kn">import</span> <span class="n">JsonSchemaValue</span> <span class="kn">from</span> <span class="nn">pydantic_core</span> <span class="kn">import</span> <span class="n">core_schema</span> <span class="k">class</span> <span class="nc">_ObjectIdPydanticAnnotation</span><span class="p">:</span> <span class="o">@</span><span class="nb">classmethod</span> <span class="k">def</span> <span class="nf">__get_pydantic_core_schema__</span><span class="p">(</span> <span class="n">cls</span><span class="p">,</span> <span class="n">_source_type</span><span class="p">:</span> <span class="n">Any</span><span class="p">,</span> <span class="n">_handler</span><span class="p">:</span> <span class="n">Callable</span><span class="p">[[</span><span class="n">Any</span><span class="p">],</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">CoreSchema</span><span class="p">],</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">CoreSchema</span><span class="p">:</span> <span class="k">def</span> <span class="nf">validate_from_str</span><span class="p">(</span><span class="n">v</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">ObjectId</span><span class="p">:</span> <span class="k">return</span> <span class="n">ObjectId</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> <span class="n">from_str_schema</span> <span class="o">=</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">chain_schema</span><span class="p">(</span> <span class="p">[</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">str_schema</span><span class="p">(),</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">no_info_plain_validator_function</span><span class="p">(</span><span class="n">validate_from_str</span><span class="p">),</span> <span class="p">]</span> <span class="p">)</span> <span class="k">return</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">json_or_python_schema</span><span class="p">(</span> <span class="n">json_schema</span><span class="o">=</span><span class="n">from_str_schema</span><span class="p">,</span> <span class="n">python_schema</span><span class="o">=</span><span class="n">core_schema</span><span class="p">.</span><span class="n">union_schema</span><span class="p">(</span> <span class="p">[</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">is_instance_schema</span><span class="p">(</span><span class="n">ObjectId</span><span class="p">),</span> <span class="n">from_str_schema</span><span class="p">,</span> <span class="p">]</span> <span class="p">),</span> <span class="n">serialization</span><span class="o">=</span><span class="n">core_schema</span><span class="p">.</span><span class="n">plain_serializer_function_ser_schema</span><span class="p">(</span><span class="k">lambda</span> <span class="n">v</span><span class="p">:</span> <span class="nb">str</span><span class="p">(</span><span class="n">v</span><span class="p">)),</span> <span class="p">)</span> <span class="o">@</span><span class="nb">classmethod</span> <span class="k">def</span> <span class="nf">__get_pydantic_json_schema__</span><span class="p">(</span> <span class="n">cls</span><span class="p">,</span> <span class="n">_core_schema</span><span class="p">:</span> <span class="n">core_schema</span><span class="p">.</span><span class="n">CoreSchema</span><span class="p">,</span> <span class="n">handler</span><span class="p">:</span> <span class="n">GetJsonSchemaHandler</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="n">JsonSchemaValue</span><span class="p">:</span> <span class="k">return</span> <span class="n">handler</span><span class="p">(</span><span class="n">core_schema</span><span class="p">.</span><span class="n">str_schema</span><span class="p">())</span> <span class="n">PydanticObjectId</span> <span class="o">=</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">ObjectId</span><span class="p">,</span> <span class="n">_ObjectIdPydanticAnnotation</span><span class="p">]</span> <span class="k">class</span> <span class="nc">BaseODM</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">model_config</span> <span class="o">=</span> <span class="n">ConfigDict</span><span class="p">(</span> <span class="n">alias_generator</span><span class="o">=</span><span class="n">humps</span><span class="p">.</span><span class="n">camelize</span><span class="p">,</span> <span class="n">arbitrary_types_allowed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">from_attributes</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">populate_by_name</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">str_strip_whitespace</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="nb">id</span><span class="p">:</span> <span class="n">PydanticObjectId</span> </code></pre> </div> <h2> 👔 You don't have to convert data in FastAPI </h2> <p>With <code>from_attributes=True</code>, formerly known as <code>orm_mode=True</code>, you don't have to use the <code>model_validate</code> method.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">humps</span> <span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">ConfigDict</span> <span class="k">class</span> <span class="nc">EmbeddedBaseModel</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">model_config</span> <span class="o">=</span> <span class="n">ConfigDict</span><span class="p">(</span> <span class="n">alias_generator</span><span class="o">=</span><span class="n">humps</span><span class="p">.</span><span class="n">camelize</span><span class="p">,</span> <span class="n">arbitrary_types_allowed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">from_attributes</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># 🪄 This is magic </span> <span class="n">populate_by_name</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">str_strip_whitespace</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">BaseODM</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">model_config</span> <span class="o">=</span> <span class="n">ConfigDict</span><span class="p">(</span> <span class="n">alias_generator</span><span class="o">=</span><span class="n">humps</span><span class="p">.</span><span class="n">camelize</span><span class="p">,</span> <span class="n">arbitrary_types_allowed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">from_attributes</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># 🪄 This is magic </span> <span class="n">populate_by_name</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">str_strip_whitespace</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="nb">id</span><span class="p">:</span> <span class="n">PydanticObjectId</span> </code></pre> </div> <h2> Reference </h2> <ul> <li><a href="https://docs.pydantic.dev/latest/usage/types/custom/#handling-third-party-types">https://docs.pydantic.dev/latest/usage/types/custom/#handling-third-party-types</a></li> </ul> pydantic mongodb python objectid Spike Fri, 28 Apr 2023 08:21:46 +0000 https://dev.to/hard_coder/migrate-terraform-backend-local-to-s3-and-dynamodb-4nh4 https://dev.to/hard_coder/migrate-terraform-backend-local-to-s3-and-dynamodb-4nh4 <h2> Situation </h2> <p>You were the only developer in your company. You've managed AWS via Terraform and stored it in your local machine. As the company has grown up, you had to work with new colleagues. You needed to bring in a remote backend for several reasons; Collaboration, state management, disaster recovery, etc.</p> <p>It's a widespread situation for early-stage startup companies. So, let's begin.</p> <h2> Multiple AWS accounts </h2> <p>Using multiple accounts often provides many benefits for managing AWS infrastructures. The one is dividing workloads into development and production. In addition, adding an account for common resources like secrets and config makes it better. There are lots of best practices, and you can see them from <a href="https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/recommended-ous-and-accounts.html">Organizing Your AWS Environment Using Multiple Accounts</a>.</p> <h2> Prerequisite </h2> <p>I assume we have two OU(Organizational Units) and three accounts:</p> <ul> <li>Fundamental(OU) <ul> <li>Infrastructure (account_id: <code>999999999999</code>)</li> </ul> </li> <li>Workloads(OU) <ul> <li>development (account_id: <code>111111111111</code>)</li> <li>production (account_id: <code>222222222222</code>)</li> </ul> </li> </ul> <blockquote> <p>account_id is generated by AWS</p> </blockquote> <p>It's not a recommendation but a fundamental OU architecture. We use AWS Identity Center, originally AWS SSO, to ease login to AWS Console and AWS CLI. This article is not about AWS Identity Center so we will skip it. But don't worry, if you are using IAM User, there is no problem to read.</p> <h2> Let's dive in </h2> <p>From now, assume we have terraform project like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>tree <span class="nb">.</span> <span class="nt">-d</span> <span class="nb">.</span> ├── global │   ├── 01-network │   └── 20-ecs └── services    ├── service-a    ├── service-b    └── service-c </code></pre> </div> <h3> Create new terraform project </h3> <p>Create a directory, <code>init</code>, for S3 and DynamoDB and initializing it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>global/init <span class="nv">$ </span><span class="nb">cd </span>global/init <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'provider "aws" {}'</span> <span class="o">&gt;</span> main.tf <span class="nv">$ </span>terraform init </code></pre> </div> <p>You can see the message like "Terraform has been successfully initialized".</p> <h3> Configure AWS SSO profiles </h3> <p>Create three profiles, <code>dev</code>, <code>prod</code>, <code>infra</code> via AWS CLI. See details in <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html">AWS CLI Configure SSO</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws sso configure </code></pre> </div> <p>You can see profiles via:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws configure list-profiles dev prod infra </code></pre> </div> <h3> Create S3 and DynamoDB </h3> <p>We are going to create S3 bucket and DynamoDB table in <code>infra</code> profile. Modify <code>main.tf</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># main.tf</span> <span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"ap-northeast-2"</span> <span class="c1"># rewrite your region</span> <span class="nx">profile</span> <span class="p">=</span> <span class="s2">"infra"</span> <span class="c1"># You must use `infra` profile which is in Fundamental OU</span> <span class="p">}</span> <span class="nx">locals</span> <span class="p">{</span> <span class="c1"># Use other ways to hide sensitive info e.g. `terraform.tfvars`</span> <span class="nx">principals</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">dev</span> <span class="p">=</span> <span class="s2">"arn:aws:iam::111111111111:role/aws-reserved/sso.amazonaws.com/ap-northeast-2/AWSReservedSSO_AdministratorAccess_dev"</span> <span class="nx">prod</span> <span class="p">=</span> <span class="s2">"arn:aws:iam::222222222222:role/aws-reserved/sso.amazonaws.com/ap-northeast-2/AWSReservedSSO_AdministratorAccess_prod"</span> <span class="nx">infra</span> <span class="p">=</span> <span class="s2">"arn:aws:iam::999999999999:role/aws-reserved/sso.amazonaws.com/ap-northeast-2/AWSReservedSSO_AdministratorAccess_infra"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"tfstate"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"tfstate-bucket"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket_versioning"</span> <span class="s2">"this"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">tfstate</span><span class="p">.</span><span class="nx">id</span> <span class="nx">versioning_configuration</span> <span class="p">{</span> <span class="nx">status</span> <span class="p">=</span> <span class="s2">"Enabled"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_dynamodb_table"</span> <span class="s2">"tfstate_lock"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tfstate-lock"</span> <span class="nx">billing_mode</span> <span class="p">=</span> <span class="s2">"PAY_PER_REQUEST"</span> <span class="nx">hash_key</span> <span class="p">=</span> <span class="s2">"LockID"</span> <span class="nx">attribute</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"LockID"</span> <span class="c1"># Same as hash_key above</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"S"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket_policy"</span> <span class="s2">"this"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">tfstate</span><span class="p">.</span><span class="nx">id</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="s2">"s3:ListBucket"</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">tfstate</span><span class="p">.</span><span class="nx">bucket</span><span class="k">}</span><span class="s2">"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">AWS</span> <span class="p">=</span> <span class="p">[</span><span class="nx">for</span> <span class="nx">_</span><span class="p">,</span> <span class="nx">v</span> <span class="nx">in</span> <span class="kd">local</span><span class="p">.</span><span class="nx">principals</span> <span class="err">:</span> <span class="nx">v</span><span class="p">]</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Sid</span> <span class="p">=</span> <span class="s2">"AllowAllS3ActionsInDev"</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"s3:GetObject"</span><span class="p">,</span> <span class="s2">"s3:PutObject"</span><span class="p">,</span> <span class="s2">"s3:DeleteObject"</span><span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">tfstate</span><span class="p">.</span><span class="nx">bucket</span><span class="k">}</span><span class="s2">/services/dev/*"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">AWS</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">principals</span><span class="p">.</span><span class="nx">dev</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Sid</span> <span class="p">=</span> <span class="s2">"AllowAllS3ActionsInProd"</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"s3:GetObject"</span><span class="p">,</span> <span class="s2">"s3:PutObject"</span><span class="p">,</span> <span class="s2">"s3:DeleteObject"</span><span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">tfstate</span><span class="p">.</span><span class="nx">bucket</span><span class="k">}</span><span class="s2">/services/prod/*"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">AWS</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">principals</span><span class="p">.</span><span class="nx">prod</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>We divided development and production into different paths.</p> <ul> <li><code>arn:aws:s3:::${aws_s3_bucket.tfstate.bucket}/services/dev/*</code></li> <li><code>arn:aws:s3:::${aws_s3_bucket.tfstate.bucket}/services/prod/*</code></li> </ul> <p>Also, allow writing actions(<code>s3:PutObjcet</code>, etc.) for own paths. It prevents updating other tfstate which is not own.</p> <h3> Update legacy resource, <code>service-a</code> </h3> <p>Suppose we have an initialized terraform project and terraform file, <code>services/service-a/versions.tf</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># services/service-a/versions.tf</span> <span class="k">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 4.65.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"ap-northeast-2"</span> <span class="p">}</span> </code></pre> </div> <p>It's an old one. Before modifying the file, we are going to create workspaces for <a href="https://en.wikipedia.org/wiki/Single_source_of_truth">SSOT</a>. Create Terraform workspaces <code>dev</code> and <code>prod</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform workspace new dev <span class="nv">$ </span>terraform workspace new prod </code></pre> </div> <p>You can see workspace list via:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform workspace list default dev <span class="k">*</span> prod </code></pre> </div> <blockquote> <p>FYI, <code>default</code> workspace cannot be deleted. </p> </blockquote> <p>Let's modify <code>services/service-a/versions.tf</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># services/service-a/versions.tf</span> <span class="k">terraform</span> <span class="p">{</span> <span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"tfstate-bucket"</span> <span class="nx">workspace_key_prefix</span> <span class="p">=</span> <span class="s2">"services"</span> <span class="c1"># default is `env:`</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"service-a/terraform.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"ap-northeast-2"</span> <span class="nx">profile</span> <span class="p">=</span> <span class="s2">"infra"</span> <span class="p">}</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 4.65.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"ap-northeast-2"</span> <span class="nx">profile</span> <span class="p">=</span> <span class="k">terraform</span><span class="p">.</span><span class="nx">workspace</span> <span class="c1"># It should be one of `dev` and `prod`</span> <span class="p">}</span> </code></pre> </div> <h2> Finally, migration </h2> <p>Enter <code>terraform init</code> in terminal.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform init Initializing the backend... Do you want to migrate all workspaces to <span class="s2">"s3"</span>? Both the existing <span class="s2">"local"</span> backend and the newly configured <span class="s2">"s3"</span> backend support workspaces. When migrating between backends, Terraform will copy all workspaces <span class="o">(</span>with the same names<span class="o">)</span><span class="nb">.</span> THIS WILL OVERWRITE any conflicting states <span class="k">in </span>the destination. Terraform initialization doesn<span class="s1">'t currently migrate only select workspaces. If you want to migrate a select number of workspaces, you must manually pull and push those states. If you answer "yes", Terraform will migrate all states. If you answer "no", Terraform will abort. Enter a value: </span></code></pre> </div> <p>Enter <code>yes</code> and you just have migrate remote backend to S3!🎉</p> <p>If you want to apply other workload, you just change terraform workspace.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>terraform workspace <span class="k">select </span>dev </code></pre> </div> devops terraform aws Spike Fri, 25 Nov 2022 06:57:48 +0000 https://dev.to/hard_coder/aws-ecs-container-health-check-1968 https://dev.to/hard_coder/aws-ecs-container-health-check-1968 <h2> What is Container health check? </h2> <p>Container health check is a feature of Docker. It checks container is healthy or not(unhealthy). You don't have to use it, but it provides container status and is easy to check container status when entering <code>docker ps</code> command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1b5c86ccfa6d redis <span class="s2">"docker-entrypoint.s…"</span> 13 seconds ago Up 13 seconds <span class="o">(</span>healthy<span class="o">)</span> 0.0.0.0:6379-&gt;6379/tcp redis </code></pre> </div> <p>You can see health info from <code>STATUS</code> or use <code>docker inspect</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker inspect redis | jq <span class="s2">".[0].State.Health"</span> <span class="o">{</span> <span class="s2">"Status"</span>: <span class="s2">"healthy"</span>, <span class="s2">"FailingStreak"</span>: 0, <span class="s2">"Log"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"Start"</span>: <span class="s2">"2022-11-25T06:35:47.907103919Z"</span>, <span class="s2">"End"</span>: <span class="s2">"2022-11-25T06:35:47.973231669Z"</span>, <span class="s2">"ExitCode"</span>: 0, <span class="s2">"Output"</span>: <span class="s2">"PONG</span><span class="se">\n</span><span class="s2">"</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> </code></pre> </div> <p><code>ExitCode</code> is the result of the command in <code>HEALTHCHECK</code> instruction. If <code>ExitCode</code> is non-zero, container is unhealthy. I'll explain it in detail below.</p> <h3> How to use health check </h3> <p>It's straightforward. Use <code>HEALTHCHECK</code> instruction in Dockerfile.</p> <ul> <li>HEALTHCHECK [OPTIONS] CMD command </li> </ul> <p>Details in <a href="https://docs.docker.com/engine/reference/builder/#healthcheck">Dockerfile Docs</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> redis:7-alpine</span> <span class="k">HEALTHCHECK</span><span class="s"> --interval=30s --timeout=5s --start-period=30s --retries=3 \</span> CMD redis-cli ping </code></pre> </div> <p><code>redis-cli ping</code> does a health check. If you want to check the HTTP server, you can write</p> <ul> <li><code>CMD-SHELL curl -f http://localhost:80/ || exit 1</code></li> </ul> <p>instead. <code>CMD-SHELL</code> is similar to <code>CMD</code>, but the former uses the container's default shell.</p> <p><strong>CAUTION</strong>: You should install <code>curl</code> in the container when using <code>curl</code> command. If not, the container will be unhealthy on ECS even if there's no problem in the local environment. Redis in the above has <code>redis-cli</code> command already, so it's okay.</p> <p>The options that can appear before CMD are:</p> <ul> <li> <code>--interval=DURATION</code> default is <code>30s</code> </li> <li> <code>--timeout=DURATION</code> default is <code>30s</code> </li> <li> <code>--start-period=DURATION</code> default is <code>0s</code> </li> <li> <code>--retries=N</code> default is <code>3</code> </li> </ul> <h2> ECS container health check </h2> <p>Okay, it's done, right? Unfortunately, ECS doesn't support container health check from Docker for monitoring.</p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html">AWS Docs</a> says:</p> <blockquote> <p>The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.</p> </blockquote> <p>You have to put it into container definitions in task definition. Below is an incomplete ECS terraform example, so see only how it works.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># Three containers will be deployed: "app", "worker", "redis"</span> <span class="c1"># Only "redis" has `healthCheck`</span> <span class="k">resource</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"this"</span> <span class="p">{</span> <span class="nx">family</span> <span class="p">=</span> <span class="s2">"example"</span> <span class="nx">requires_compatibilities</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"FARGATE"</span><span class="p">]</span> <span class="nx">network_mode</span> <span class="p">=</span> <span class="s2">"awsvpc"</span> <span class="nx">cpu</span> <span class="p">=</span> <span class="mi">1024</span> <span class="nx">memory</span> <span class="p">=</span> <span class="mi">2048</span> <span class="c1"># other settings are omitted..</span> <span class="nx">container_definitions</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">([</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"redis"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"redis:7-alpine"</span> <span class="nx">cpu</span> <span class="p">=</span> <span class="mi">256</span> <span class="nx">memory</span> <span class="p">=</span> <span class="mi">512</span> <span class="nx">essential</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">portMappings</span> <span class="p">=</span> <span class="p">[{</span> <span class="nx">containerPort</span> <span class="p">=</span> <span class="mi">6379</span> <span class="nx">hostPort</span> <span class="p">=</span> <span class="mi">6379</span> <span class="p">}]</span> <span class="nx">healthCheck</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">command</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"CMD"</span><span class="p">,</span> <span class="s2">"redis-cli"</span><span class="p">,</span> <span class="s2">"ping"</span><span class="p">]</span> <span class="nx">interval</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">retries</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">startPeriod</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">5</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"app"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"django:latest"</span> <span class="c1"># other settings are omitted..</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"worker"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"celery:latest"</span> <span class="c1"># other settings are omitted..</span> <span class="p">}</span> <span class="p">])</span> <span class="p">}</span> </code></pre> </div> <p>After deploying the container, you can see <code>redis</code> container is Healthy, unlike the others are Unknown on AWS console.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ezPPraYI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8qw382o6ct539wkmytiw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ezPPraYI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8qw382o6ct539wkmytiw.png" alt="container status" width="880" height="237"></a></p> aws ecs docker terraform