Skip to content

Commit

Permalink
Merge branch 'main' into feat/dt-freq-cap
Browse files Browse the repository at this point in the history
  • Loading branch information
kookster committed Oct 16, 2024
2 parents 1dd124a + 3c22a58 commit a6321bb
Show file tree
Hide file tree
Showing 13 changed files with 116 additions and 110 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/check-code-freshness.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
name: Check code freshness

on:
workflow_dispatch:
schedule:
- cron: "0 5 * * 1"
# on:
# workflow_dispatch:
# schedule:
# - cron: "0 5 * * 1"

jobs:
check:
Expand Down
7 changes: 5 additions & 2 deletions cdn/publicfeeds-cdn.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,11 @@ Resources:
EnableAcceptEncodingBrotli: true
EnableAcceptEncodingGzip: true
HeadersConfig:
HeaderBehavior: none
# Headers:
HeaderBehavior: whitelist
Headers:
- Origin
- Access-Control-Request-Headers
- Access-Control-Request-Method
QueryStringsConfig:
QueryStringBehavior: none
# QueryStrings:
Expand Down
2 changes: 1 addition & 1 deletion cdn/single-origin.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ Conditions:
HasCloudFrontEncodedPublicKey2: !Not [!Equals [!Ref CloudFrontEncodedPublicKey2, ""]]
HasCloudFrontPublicKey: !Or
- !Condition HasCloudFrontEncodedPublicKey1
- !Condition HasCloudFrontEncodedPublicKey1
- !Condition HasCloudFrontEncodedPublicKey2
HasAcmCertificateArn: !Not [!Equals [!Ref AcmCertificateArn, ""]]
HasNoAcmCertificateArn: !Equals [!Ref AcmCertificateArn, ""]
HasOriginPath: !Not [!Equals [!Ref OriginPath, ""]]
Expand Down
16 changes: 14 additions & 2 deletions dns/earhustlesq.com-hosted_zone.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# dns/radiotopia.com-hosted_zone.yml
# dns/earhustlesq.com-hosted_zone.yml
################################################################################
#### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ########################################
#### THIS FILE IS CONTINUOUSLY DEPLOYED ########################################
Expand Down Expand Up @@ -107,7 +107,7 @@ Resources:
RecordSets:
- Name: !Sub feeds.${Domain}
ResourceRecords:
- ree9fi.feedproxy.ghs.google.com.
- pf3049ehsq.publicfeeds.net
TTL: "3600"
Type: CNAME

Expand Down Expand Up @@ -223,3 +223,15 @@ Resources:
- pm.mtasv.net
TTL: "3600"
Type: CNAME
AwsAcmFeedsProd:
Type: AWS::Route53::RecordSetGroup
Properties:
Comment: AWS ACM validation records for prx-feeds-prod in us-east-1
HostedZoneId: !Ref HostedZone
RecordSets:
# feeds.earhustlesq.com
- Name: !Sub _fa4ed2f27750efa9beed72c6bef56b51.feeds.${Domain}
ResourceRecords:
- _f205bbb65132781c38d4341dfa89ddac.djqtsrsxkq.acm-validations.aws.
TTL: "3600"
Type: CNAME
4 changes: 4 additions & 0 deletions dns/publicfeeds.net-hosted_zone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -531,3 +531,7 @@ Resources:
# Hyperfixed
- { Type: A, Name: !Sub "pf0820hype.${Domain}", AliasTarget: { DNSName: "d58zi02ajbbws.cloudfront.net.", HostedZoneId: Z2FDTNDATAQYW2 } }
- { Type: AAAA, Name: !Sub "pf0820hype.${Domain}", AliasTarget: { DNSName: "d58zi02ajbbws.cloudfront.net.", HostedZoneId: Z2FDTNDATAQYW2 } }

# Ear Hustle
- { Type: A, Name: !Sub "pf3049ehsq.${Domain}", AliasTarget: { DNSName: "d1x3slp3rb8etr.cloudfront.net.", HostedZoneId: Z2FDTNDATAQYW2 } }
- { Type: AAAA, Name: !Sub "pf3049ehsq.${Domain}", AliasTarget: { DNSName: "d1x3slp3rb8etr.cloudfront.net.", HostedZoneId: Z2FDTNDATAQYW2 } }
34 changes: 17 additions & 17 deletions iam-roles/PRX-GHA-AccessRole/template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -166,20 +166,20 @@ Resources:

# GH actions push to private ECR repos
PrivateEcrPushPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Allows pushing Docker images to private ECR repositories
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ecr:BatchCheckLayerAvailability
- ecr:CompleteLayerUpload
- ecr:GetAuthorizationToken
- ecr:InitiateLayerUpload
- ecr:PutImage
- ecr:TagResource
- ecr:UploadLayerPart
- sts:GetServiceBearerToken
Resource: "*"
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Allows pushing Docker images to private ECR repositories
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ecr:BatchCheckLayerAvailability
- ecr:CompleteLayerUpload
- ecr:GetAuthorizationToken
- ecr:InitiateLayerUpload
- ecr:PutImage
- ecr:TagResource
- ecr:UploadLayerPart
- sts:GetServiceBearerToken
Resource: "*"
1 change: 0 additions & 1 deletion spire/templates/apps-300A.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ Parameters:
ClickhouseLegacyClientSecurityGroupId: { Type: AWS::EC2::SecurityGroup::Id }
CastlePostgresInstanceEndpointAddress: { Type: String }
CastlePostgresInstanceEndpointPort: { Type: String }
CastlePostgresClientSecurityGroupId: { Type: String }
CastleHostname: { Type: String }
CorporateHostname: { Type: String }
ExchangeHostname: { Type: String }
Expand Down
2 changes: 1 addition & 1 deletion spire/templates/apps/castle.yml
Original file line number Diff line number Diff line change
Expand Up @@ -431,7 +431,7 @@ Resources:
DeletionProtection: true
EnablePerformanceInsights: !If [IsProduction, true, false]
Engine: postgres
EngineVersion: "13.4" # aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}" --output text
EngineVersion: "13.15" # aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}" --output text
MasterUsername: !Ref CastlePostgresUsername # Must be 1 to 63 letters or numbers
MasterUserPassword: !Ref CastlePostgresUserPassword # Must contain from 8 to 128 characters
MultiAZ: false
Expand Down
2 changes: 2 additions & 0 deletions spire/templates/apps/dovetail-cdn-arranger.yml
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,8 @@ Resources:
DOVETAIL_TOKEN: !Ref DovetailRouterToken
TMP_DISK_LIMIT: 500000000
WORKSPACE_S3_BUCKET: !Ref DtCdnArrangerWorkspaceBucket
EphemeralStorage:
Size: 4096
Handler: index.handler
Layers:
- !Ref FfmpegBinaryLayer
Expand Down
2 changes: 1 addition & 1 deletion spire/templates/apps/play.yml
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ Resources:
- { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
- { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
- { Key: prx:ops:environment, Value: !Ref EnvironmentType }
- { Key: prx:dev:application, Value: Dovetail }
- { Key: prx:dev:family, Value: Dovetail }
- { Key: prx:dev:application, Value: Play }
WebTaskDefinition:
Type: AWS::ECS::TaskDefinition
Expand Down
58 changes: 0 additions & 58 deletions spire/templates/eic-endpoints.yml

This file was deleted.

1 change: 0 additions & 1 deletion spire/templates/root.yml
Original file line number Diff line number Diff line change
Expand Up @@ -841,7 +841,6 @@ Resources:
SharedPostgresqlClientSecurityGroupId: !GetAtt SharedDatabaseSecurityGroupsStack.Outputs.SharedPostgresqlClientSecurityGroupId
CastlePostgresInstanceEndpointAddress: !GetAtt Apps200AStack.Outputs.CastlePostgresInstanceEndpointAddress
CastlePostgresInstanceEndpointPort: !GetAtt Apps200AStack.Outputs.CastlePostgresInstanceEndpointPort
CastlePostgresClientSecurityGroupId: !GetAtt Apps200AStack.Outputs.CastlePostgresClientSecurityGroupId
CastleHostname: !GetAtt Constants2.Outputs.CastleHostname
TheCountHostname: !GetAtt Constants2.Outputs.TheCountHostname
CorporateHostname: !GetAtt Constants2.Outputs.CorporateHostname
Expand Down
89 changes: 67 additions & 22 deletions spire/templates/shared-redis/cluster.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ Resources:
Engine: Redis
EngineVersion: 7.1
MultiAZEnabled: true
# If node groups or replica quanities change, update the memory alarms
NumNodeGroups: 1 # NodeGroups are Shards. This replication group will always use cluster mode due to the parameter group.
ReplicasPerNodeGroup: 1 # **Update requires replacement** Replicas are nodes. N replicas will result in N+1 Nodes Per Shard.
ReplicationGroupDescription: !Sub Dovetail ${EnvironmentType} Redis
Expand All @@ -82,16 +83,39 @@ Resources:
${EnvironmentType} shared Redis's database memory usage has exceeded
the recommended safe level
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: CacheClusterId
Value: !Ref RedisReplicationGroup
- Name: CacheNodeId
Value: "0001"
EvaluationPeriods: 2
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Statistic: Maximum
Metrics:
- Id: node1
MetricStat:
Metric:
Dimensions:
- Name: CacheClusterId
Value: !Sub ${RedisReplicationGroup}-0001-001
- Name: CacheNodeId
Value: "0001"
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Stat: Maximum
Unit: Percent
ReturnData: false
- Id: node2
MetricStat:
Metric:
Dimensions:
- Name: CacheClusterId
Value: !Sub ${RedisReplicationGroup}-0001-002
- Name: CacheNodeId
Value: "0001"
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Stat: Maximum
Unit: Percent
ReturnData: false
- Id: max
Expression: "MAX(METRICS())"
ReturnData: true
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
Expand All @@ -100,9 +124,8 @@ Resources:
- { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
- { Key: prx:ops:environment, Value: !Ref EnvironmentType }
- { Key: prx:dev:application, Value: Common }
Threshold: 0.85
Threshold: 85
TreatMissingData: notBreaching
Unit: Percent

RedisMemoryVeryLowAlarm:
Type: AWS::CloudWatch::Alarm
Expand All @@ -113,16 +136,39 @@ Resources:
${EnvironmentType} shared Redis's database memory usage has reached a
critically high level
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: CacheClusterId
Value: !Ref RedisReplicationGroup
- Name: CacheNodeId
Value: "0001"
EvaluationPeriods: 2
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Statistic: Maximum
Metrics:
- Id: node1
MetricStat:
Metric:
Dimensions:
- Name: CacheClusterId
Value: !Sub ${RedisReplicationGroup}-0001-001
- Name: CacheNodeId
Value: "0001"
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Stat: Maximum
Unit: Percent
ReturnData: false
- Id: node2
MetricStat:
Metric:
Dimensions:
- Name: CacheClusterId
Value: !Sub ${RedisReplicationGroup}-0001-002
- Name: CacheNodeId
Value: "0001"
MetricName: DatabaseMemoryUsagePercentage
Namespace: AWS/ElastiCache
Period: 120
Stat: Maximum
Unit: Percent
ReturnData: false
- Id: max
Expression: "MAX(METRICS())"
ReturnData: true
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
Expand All @@ -131,9 +177,8 @@ Resources:
- { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
- { Key: prx:ops:environment, Value: !Ref EnvironmentType }
- { Key: prx:dev:application, Value: Common }
Threshold: 0.93
Threshold: 93
TreatMissingData: notBreaching
Unit: Percent

Outputs:
ReplicationGroupName:
Expand Down

0 comments on commit a6321bb

Please sign in to comment.