infra: Add a new specific task definition for the admin API to enable sentry tracing for admin requests

.github/actions/api-deploy-ecs/action.yml

@@ -59,11 +59,19 @@ runs:
         aws-secret-access-key: ${{ inputs.aws_secret_access_key }}
         aws-region: eu-west-2
 
-    - name: Fill in the new image ID in the Amazon ECS API task definition
-      id: task-def-api
+    - name: Render SDK API task definition
+      id: task-def-sdk-api
       uses: aws-actions/amazon-ecs-render-task-definition@v1
       with:
-        task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-web.json
+        task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-sdk-api.json
+        container-name: flagsmith-api
+        image: ${{ inputs.api_ecr_image_url }}
+
+    - name: Render Admin API task definition
+      id: task-def-admin-api
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-admin-api.json
         container-name: flagsmith-api
         image: ${{ inputs.api_ecr_image_url }}
 
@@ -93,21 +101,19 @@ runs:
           }}'
       shell: bash
 
-    - name: Deploy Amazon ECS web task definition
-      id: deploy-api-task-def
+    - name: Deploy Amazon ECS SDK API task definition
       uses: aws-actions/amazon-ecs-deploy-task-definition@v2
       with:
         cluster: ${{ inputs.aws_ecs_cluster_name }}
         service: ${{ inputs.aws_ecs_service_name }}
-        task-definition: ${{ steps.task-def-api.outputs.task-definition }}
+        task-definition: ${{ steps.task-def-sdk-api.outputs.task-definition }}
 
-    - name: Deploy Amazon ECS SDK service with same task definition
-      run: |
-        aws ecs update-service \
-          --cluster ${{ inputs.aws_ecs_cluster_name }} \
-          --service ${{ inputs.aws_ecs_sdk_service_name }} \
-          --task-definition ${{ steps.deploy-api-task-def.outputs.task-definition-arn }}
-      shell: bash
+    - name: Deploy Amazon ECS SDK service
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        cluster: ${{ inputs.aws_ecs_cluster_name }}
+        service: ${{ inputs.aws_ecs_sdk_service_name }}
+        task-definition: ${{ steps.task-def-admin-api.outputs.task-definition }}
 
     # The DynamoDB Identity Migrator uses the same task definition as the SQL schema migrator but overrides the container definition
     # with the new django execute target

infrastructure/aws/production/ecs-task-definition-admin-api.json

@@ -0,0 +1,310 @@
+{
+    "family": "flagsmith-api",
+    "networkMode": "awsvpc",
+    "executionRoleArn": "arn:aws:iam::084060095745:role/task-exec-role-741a7e3",
+    "taskRoleArn": "arn:aws:iam::084060095745:role/task-exec-role-741a7e3",
+    "containerDefinitions": [
+        {
+            "name": "flagsmith-api",
+            "command": [
+                "serve"
+            ],
+            "cpu": 0,
+            "portMappings": [
+                {
+                    "containerPort": 8000,
+                    "hostPort": 8000,
+                    "protocol": "tcp"
+                }
+            ],
+            "healthCheck": {
+                "command": [
+                    "CMD-SHELL",
+                    "flagsmith healthcheck tcp"
+                ],
+                "interval": 10,
+                "timeout": 2,
+                "retries": 5,
+                "startPeriod": 5
+            },
+            "essential": true,
+            "environment": [
+                {
+                    "name": "LOG_LEVEL",
+                    "value": "INFO"
+                },
+                {
+                    "name": "AWS_REGION",
+                    "value": "eu-west-2"
+                },
+                {
+                    "name": "AWS_DEFAULT_REGION",
+                    "value": "eu-west-2"
+                },
+                {
+                    "name": "DJANGO_ALLOWED_HOSTS",
+                    "value": "*"
+                },
+                {
+                    "name": "DJANGO_SETTINGS_MODULE",
+                    "value": "app.settings.production"
+                },
+                {
+                    "name": "CACHE_FLAGS_SECONDS",
+                    "value": "10"
+                },
+                {
+                    "name": "CACHE_PROJECT_SEGMENTS_SECONDS",
+                    "value": "10"
+                },
+                {
+                    "name": "CACHE_ENVIRONMENT_SEGMENTS_SECONDS",
+                    "value": "30"
+                },
+                {
+                    "name": "CHARGEBEE_SITE",
+                    "value": "flagsmith"
+                },
+                {
+                    "name": "DJANGO_SETTINGS_MODULE",
+                    "value": "app.settings.production"
+                },
+                {
+                    "name": "ENABLE_CHARGEBEE",
+                    "value": "True"
+                },
+                {
+                    "name": "ENABLE_TELEMETRY",
+                    "value": "False"
+                },
+                {
+                    "name": "ENVIRONMENT",
+                    "value": "production"
+                },
+                {
+                    "name": "ENVIRONMENTS_TABLE_NAME_DYNAMO",
+                    "value": "flagsmith_environments"
+                },
+                {
+                    "name": "ENVIRONMENTS_V2_TABLE_NAME_DYNAMO",
+                    "value": "flagsmith_environments_v2"
+                },
+                {
+                    "name": "ENABLE_FE_E2E",
+                    "value": "True"
+                },
+                {
+                    "name": "GITHUB_CLIENT_ID",
+                    "value": "b706a0da3e9d3115ea9d"
+                },
+                {
+                    "name": "GUNICORN_WORKERS",
+                    "value": "3"
+                },
+                {
+                    "name": "GUNICORN_THREADS",
+                    "value": "15"
+                },
+                {
+                    "name": "GUNICORN_KEEP_ALIVE",
+                    "value": "60"
+                },
+                {
+                    "name": "IDENTITIES_TABLE_NAME_DYNAMO",
+                    "value": "flagsmith_identities"
+                },
+                {
+                    "name": "INFLUXDB_BUCKET",
+                    "value": "api_prod"
+                },
+                {
+                    "name": "INFLUXDB_ORG",
+                    "value": "ben.rometsch@bullet-train.io"
+                },
+                {
+                    "name": "INFLUXDB_URL",
+                    "value": "https://eu-central-1-1.aws.cloud2.influxdata.com"
+                },
+                {
+                    "name": "DEFAULT_THROTTLE_CLASSES",
+                    "value": "core.throttling.UserRateThrottle"
+                },
+                {
+                    "name": "USER_THROTTLE_RATE",
+                    "value": "10/sec"
+                },
+                {
+                    "name": "OAUTH_CLIENT_ID",
+                    "value": "232959427810-br6ltnrgouktp0ngsbs04o14ueb9rch0.apps.googleusercontent.com"
+                },
+                {
+                    "name": "PROJECT_METADATA_TABLE_NAME_DYNAMO",
+                    "value": "flagsmith_project_metadata"
+                },
+                {
+                    "name": "SECURE_PROXY_SSL_HEADER_NAME",
+                    "value": "HTTP_CLOUDFRONT_FORWARDED_PROTO"
+                },
+                {
+                    "name": "SENDER_EMAIL",
+                    "value": "Flagsmith <support@flagsmith.com>"
+                },
+                {
+                    "name": "SLACK_CLIENT_ID",
+                    "value": "937916178726.1924685747446"
+                },
+                {
+                    "name": "IDENTITY_MIGRATION_EVENT_BUS_NAME",
+                    "value": "identity_migration-d46ed1a"
+                },
+                {
+                    "name": "ENVIRONMENTS_API_KEY_TABLE_NAME_DYNAMO",
+                    "value": "flagsmith_environment_api_key"
+                },
+                {
+                    "name": "CACHE_BAD_ENVIRONMENTS_SECONDS",
+                    "value": "60"
+                },
+                {
+                    "name": "FEATURE_EVALUATION_CACHE_SECONDS",
+                    "value": "300"
+                },
+                {
+                    "name": "USE_CACHE_FOR_USAGE_DATA",
+                    "value": "True"
+                },
+                {
+                    "name": "API_USAGE_CACHE_SECONDS",
+                    "value": "300"
+                },
+                {
+                    "name": "EDGE_RELEASE_DATETIME",
+                    "value": "2022-06-07T10:00:00Z"
+                },
+                {
+                    "name": "CACHE_ENVIRONMENT_DOCUMENT_SECONDS",
+                    "value": "60"
+                },
+                {
+                    "name": "TASK_RUN_METHOD",
+                    "value": "TASK_PROCESSOR"
+                },
+                {
+                    "name": "SSE_SERVER_BASE_URL",
+                    "value": "https://origin.realtime.flagsmith.com"
+                },
+                {
+                    "name": "ENABLE_HUBSPOT_LEAD_TRACKING",
+                    "value": "True"
+                },
+                {
+                    "name": "GITHUB_APP_ID",
+                    "value": "811209"
+                },
+                {
+                    "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_OFFLINE_MODE",
+                    "value": "False"
+                },
+                {
+                    "name": "PROMETHEUS_ENABLED",
+                    "value": "True"
+                },
+                {
+                    "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_API_URL",
+                    "value": "https://edge.api.flagsmith.com/api/v1/"
+                },
+                {
+                    "name": "SEGMENT_RULES_CONDITIONS_EXPLICIT_ORDERING_ENABLED",
+                    "value": "True"
+                }
+            ],
+            "secrets": [
+                {
+                    "name": "CHARGEBEE_API_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:CHARGEBEE_API_KEY::"
+                },
+                {
+                    "name": "DATABASE_URL",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:DATABASE_URL::"
+                },
+                {
+                    "name": "DJANGO_SECRET_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:DJANGO_SECRET_KEY::"
+                },
+                {
+                    "name": "E2E_TEST_AUTH_TOKEN",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:E2E_TEST_AUTH_TOKEN::"
+                },
+                {
+                    "name": "FORCE_SENTRY_TRACE_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:FORCE_SENTRY_TRACE_KEY::"
+                },
+                {
+                    "name": "GITHUB_CLIENT_SECRET",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:GITHUB_CLIENT_SECRET::"
+                },
+                {
+                    "name": "INFLUXDB_TOKEN",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:INFLUXDB_TOKEN::"
+                },
+                {
+                    "name": "OAUTH_CLIENT_SECRET",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:OAUTH_CLIENT_SECRET::"
+                },
+                {
+                    "name": "SENDGRID_API_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SENDGRID_API_KEY::"
+                },
+                {
+                    "name": "SENTRY_SDK_DSN",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SENTRY_SDK_DSN::"
+                },
+                {
+                    "name": "SLACK_CLIENT_SECRET",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SLACK_CLIENT_SECRET::"
+                },
+                {
+                    "name": "EDGE_REQUEST_SIGNING_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:EDGE_REQUEST_SIGNING_KEY::"
+                },
+                {
+                    "name": "SSE_AUTHENTICATION_TOKEN",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SSE_AUTHENTICATION_TOKEN::"
+                },
+                {
+                    "name": "GITHUB_WEBHOOK_SECRET",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:GITHUB_WEBHOOK_SECRET::"
+                },
+                {
+                    "name": "GITHUB_PEM",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:GITHUB_PEM-E1Ot8p"
+                },
+                {
+                    "name": "HUBSPOT_ACCESS_TOKEN",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:HUBSPOT_ACCESS_TOKEN::"
+                },
+                {
+                    "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_KEY",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:FLAGSMITH_ON_FLAGSMITH_SERVER_KEY::"
+                },
+                {
+                    "name": "PYLON_IDENTITY_VERIFICATION_SECRET",
+                    "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:PYLON_IDENTITY_VERIFICATION_SECRET::"
+                }
+            ],
+            "logConfiguration": {
+                "logDriver": "awslogs",
+                "options": {
+                    "awslogs-group": "flagsmith-fargate-eu-west-2-e815bfd",
+                    "awslogs-region": "eu-west-2",
+                    "awslogs-stream-prefix": "awslogs-flagsmith"
+                }
+            }
+        }
+    ],
+    "requiresCompatibilities": [
+        "FARGATE"
+    ],
+    "cpu": "1024",
+    "memory": "2048"
+}

infrastructure/aws/production/ecs-task-definition-web.json → infrastructure/aws/production/ecs-task-definition-sdk-api.json

@@ -152,7 +152,7 @@
                 },
                 {
                     "name": "DASHBOARD_ENDPOINTS_SENTRY_TRACE_SAMPLE_RATE",
-                    "value": "0.002"
+                    "value": "0"
                 },
                 {
                     "name": "SLACK_CLIENT_ID",