search

aws-games / cloud-game-development-toolkit

A collection of infrastructure as code templates and configurations for deploying game development infrastructure on AWS
https://aws-games.github.io/cloud-game-development-toolkit/
MIT No Attribution
39 stars 8 forks source link

Docs: Updates to the `simple-build-pipeline` example plan to ensure that it works #297

Closed keith-miller closed 1 month ago

keith-miller commented 1 month ago

What were you searching in the docs?

There are two things that should be added to the simple-build-pipeline example plan to ensure that it works:

  1. Add Helix Authentication Service dependency to Helix Core

There is a race condition where Helix Core can be created before Helix Authentication Service is up and running. This breaks the p4_configure.sh script as it initialized the HAS extension.

  1. Add security group rules so that the three Helix services can communicate with each other.

Without the proper security group rules, the services cannot interact, which breaks things.

Is this related to an existing documentation section?

No response

How can we improve?

  1. Add the following to module "perforce_helix_core":
  depends_on = [
    module.perforce_helix_authentication_service,
  ]
  1. Add the following security group rules:
# Helix Swarm -> Helix Core
resource "aws_security_group_rule" "core_sg_internal_rule" {
  type                     = "ingress"
  from_port                = 1666
  to_port                  = 1666
  protocol                 = "tcp"
  source_security_group_id = module.perforce_helix_swarm.service_security_group_id
  security_group_id        = module.perforce_helix_core.security_group_id
}

# Helix Auth -> Helix Core
resource "aws_security_group_rule" "core_sg_internal_auth_rule" {
  type                     = "ingress"
  from_port                = 1666
  to_port                  = 1666
  protocol                 = "tcp"
  source_security_group_id = module.perforce_helix_authentication_service.service_security_group_id
  security_group_id        = module.perforce_helix_core.security_group_id
}

# Helix Core -> Helix Swarm
resource "aws_security_group_rule" "swarm_sg_internal_rule" {
  type                     = "ingress"
  from_port                = 443
  to_port                  = 443
  protocol                 = "tcp"
  cidr_blocks              = ["${module.perforce_helix_core.helix_core_eip_public_ip}/32"]
  security_group_id        = module.perforce_helix_swarm.alb_security_group_id
}

# Helix Core -> Helix Auth
resource "aws_security_group_rule" "auth_sg_internal_rule" {
  type                     = "ingress"
  from_port                = 443
  to_port                  = 443
  protocol                 = "tcp"
  cidr_blocks              = ["${module.perforce_helix_core.helix_core_eip_public_ip}/32"]
  security_group_id        = module.perforce_helix_authentication_service.alb_security_group_id
}

Got a suggestion in mind?

No response

Acknowledgment

henrykie commented 1 month ago

@keith-miller thanks for the heads up on this. Does the security.tf file of the Sample Build Pipeline mirror your expectations for SG creation?

keith-miller commented 1 month ago

@henrykie oh my bad! I see that now. Feel free to ignore that part of this ticket :D