CF: ECS Django admin task

[chrxr]

This ticket provides the CloudFormation for the ECS architecture for the Django backend of the directory screen project.

Infrastructure

The infrastructure will be in the CS2 l4 app subnet. We will need to create an internal ALB in order to allow access only from the Harvard network and VPN.

Access

The docker image runs Django via Gunicorn WSGI (see entrypoint script) on port 8000.

The Django admin interface should be available at https://directory-screen-admin.seas.harvard.edu/admin.

This URL should ideally only be accessible from within the Harvard network or the VPN. If it needs to be public for the sake of an MVP, that is ok. Access to the admin will be password protected.

Static files

We will place the static files in an S3 bucket and indicate the URL of the bucket in the environment variable STATIC_ROOT as documented below.

Docker image

Use latest Docker image hash from here https://github.com/seas-computing/sec-directory-server/pkgs/container/sec-directory-server/versions

Startup script

ECS task should run the script below as the startup command:

https://github.com/seas-computing/sec-directory-server/blob/main/app/entrypoint.prod.sh

Database

This task will connect to the database provided by #29. The credentials for the database need to be provided in the ECS task environment variables as listed below.

ECS task environment variables:

DEBUG=0
SECRET_KEY //Randomly generated characters at least 30 long
DJANGO_ALLOWED_HOSTS //space separated list of hostnames/IPs that will be allowed access to the site e.g. "directory-screen-admin.seas.harvard.edu 10.0.0.1"
DJANGO_SETTINGS_MODULE=app.settings.production
SQL_ENGINE=django.db.backends.postgresql
SQL_DATABASE //Name of the postgres database as defined in RDS
SQL_USER //Name of the user for the postgres database as defined in RDS
SQL_PASSWORD //Password of the user for the postgres database as defined in RDS
SQL_HOST //Host name for the Postgres database in RDS
SQL_PORT //Port number to access postgres database in RDS
DJANGO_SUPERUSER_USERNAME //super user User Name for access to Django admin
DJANGO_SUPERUSER_PASSWORD //super user password for access to Django admin
DJANGO_SUPERUSER_EMAIL //super user email address for access to Django admin (can be anything as emails won't be sent)
ALGOLIA_APP_ID //App ID for either the production or dev env indices in Algolia (Ask @jonseitz for this)
ALGOLIA_INDEX //Index name for either production or dev env indices in Algolia (Ask @jonseitz for this)
ALGOLIA_API_KEY //API key for either production or dev env indices in Algolia (Ask @jonseitz for this)
STATIC_ROOT //URL of the folder within the S3 bucket where the static files are stored
PRODUCTION=true //This flag indicates to the entrypoint file to use Gunicorn rather than the Django default web server

What does this ticket not provide

• This ticket does not provide the syncing of feed data with the database. That functionality will be provided by CF: ECS Feed import task #30, the Feed import task.