From 83d88273df8f32847f0511aa3082f2980e6d5ba2 Mon Sep 17 00:00:00 2001 From: Andrew Peng Date: Tue, 5 Mar 2024 13:58:28 -0500 Subject: [PATCH] Feature 1137 Create Terraform scripts for ECS backend (#1141) * move backend infra into terraform * django on fargate, training on ec2 --- .github/workflows/push-django-ecs.yml | 97 ++++++++++ dlp-terraform/ecs/alb.tf | 63 +++++++ dlp-terraform/ecs/ecr.tf | 27 +++ dlp-terraform/ecs/ecs.tf | 130 +++++++------ dlp-terraform/ecs/ecs_django_service.tf | 88 +++++++++ dlp-terraform/ecs/ecs_training_service.tf | 212 ++++++++++++++++++++++ dlp-terraform/ecs/main.tf | 71 ++++++++ training/training/core/authenticator.py | 5 +- training/training/settings.py | 12 +- 9 files changed, 624 insertions(+), 81 deletions(-) create mode 100644 .github/workflows/push-django-ecs.yml create mode 100644 dlp-terraform/ecs/alb.tf create mode 100644 dlp-terraform/ecs/ecr.tf create mode 100644 dlp-terraform/ecs/ecs_django_service.tf create mode 100644 dlp-terraform/ecs/ecs_training_service.tf create mode 100644 dlp-terraform/ecs/main.tf diff --git a/.github/workflows/push-django-ecs.yml b/.github/workflows/push-django-ecs.yml new file mode 100644 index 000000000..c5a6752b5 --- /dev/null +++ b/.github/workflows/push-django-ecs.yml @@ -0,0 +1,97 @@ +# This workflow will build and push a new container image to Amazon ECR, +# and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch. +# +# To use this workflow, you will need to complete the following set-up steps: +# +# 1. Create an ECR repository to store your images. +# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`. +# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name. +# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region. +# +# 2. Create an ECS task definition, an ECS cluster, and an ECS service. +# For example, follow the Getting Started guide on the ECS console: +# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun +# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service. +# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster. +# +# 3. Store your ECS task definition as a JSON file in your repository. +# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`. +# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file. +# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container +# in the `containerDefinitions` section of the task definition. +# +# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. +# See the documentation for each action used below for the recommended IAM policies for this IAM user, +# and best practices on handling the access key credentials. + +name: ECS Django Container Deployment + +# Only trigger when user clicks "run workflow" +on: + workflow_dispatch: + +env: + AWS_REGION: "us-east-1" # set this to your preferred AWS region, e.g. us-west-1 + ECR_REPOSITORY: "django" # set this to your Amazon ECR repository name + ECS_SERVICE: "django" # set this to your Amazon ECS service name + ECS_CLUSTER: "backend" # set this to your Amazon ECS cluster name + CONTAINER_NAME: "django" # set this to the name of the container in the containerDefinitions section of your task definition + +permissions: + contents: read + actions: write + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: production + steps: + - name: Get current branch + run: echo running on branch ${GITHUB_REF##*/} + + - name: Checkout + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_DEPLOY_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_DEPLOY_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + # Build a docker container and + # push it to ECR so that it can + # be deployed to ECS. + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG training -f training/Dockerfile.prod + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Download task definition + run: | + aws ecs describe-task-definition --task-definition django --query taskDefinition > temp-task-definition.json + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: temp-task-definition.json + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true diff --git a/dlp-terraform/ecs/alb.tf b/dlp-terraform/ecs/alb.tf new file mode 100644 index 000000000..71640852d --- /dev/null +++ b/dlp-terraform/ecs/alb.tf @@ -0,0 +1,63 @@ +# --- ALB --- +resource "aws_security_group" "http" { + name_prefix = "http-sg-" + description = "Allow all HTTP/HTTPS traffic from public" + vpc_id = aws_vpc.main.id + + dynamic "ingress" { + for_each = [80, 443] + content { + protocol = "tcp" + from_port = ingress.value + to_port = ingress.value + cidr_blocks = ["0.0.0.0/0"] + } + } + + egress { + protocol = "-1" + from_port = 0 + to_port = 0 + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "main" { + name = "alb" + load_balancer_type = "application" + subnets = aws_subnet.public[*].id + security_groups = [aws_security_group.http.id] +} + +resource "aws_lb_target_group" "app" { + name_prefix = "app-" + vpc_id = aws_vpc.main.id + protocol = "HTTP" + port = 8000 + target_type = "ip" + + health_check { + enabled = true + path = "/health" + matcher = 200 + interval = 30 + timeout = 5 + healthy_threshold = 5 + unhealthy_threshold = 2 + } +} + +resource "aws_lb_listener" "http" { + load_balancer_arn = aws_lb.main.id + port = 80 + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.app.id + } +} + +output "alb_url" { + value = aws_lb.main.dns_name +} diff --git a/dlp-terraform/ecs/ecr.tf b/dlp-terraform/ecs/ecr.tf new file mode 100644 index 000000000..c3cf046e5 --- /dev/null +++ b/dlp-terraform/ecs/ecr.tf @@ -0,0 +1,27 @@ +resource "aws_ecr_repository" "training" { + name = "training" + image_tag_mutability = "MUTABLE" + force_delete = true + + image_scanning_configuration { + scan_on_push = true + } +} + +resource "aws_ecr_repository" "django" { + name = "django" + image_tag_mutability = "MUTABLE" + force_delete = true + + image_scanning_configuration { + scan_on_push = true + } +} + +output "training_repo_url" { + value = aws_ecr_repository.training.repository_url +} + +output "django_repo_url" { + value = aws_ecr_repository.django.repository_url +} diff --git a/dlp-terraform/ecs/ecs.tf b/dlp-terraform/ecs/ecs.tf index 133e0faa4..89cdaafdc 100644 --- a/dlp-terraform/ecs/ecs.tf +++ b/dlp-terraform/ecs/ecs.tf @@ -1,89 +1,81 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.16" +resource "aws_ecs_cluster" "main" { + name = "backend" +} + +# --- ECS Node Role --- +data "aws_iam_policy_document" "ecs_node_doc" { + statement { + actions = ["sts:AssumeRole"] + effect = "Allow" + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] } } - - required_version = ">= 1.2.0" } -provider "aws" { - region = "us-west-2" +resource "aws_iam_role" "ecs_node_role" { + name_prefix = "backend-ecs-node-role-" + assume_role_policy = data.aws_iam_policy_document.ecs_node_doc.json } -resource "aws_ecs_cluster" "deep-learning-playground-kernels" { - name = "deep-learning-playground-kernels-test" - setting { - name = "containerInsights" - value = "enabled" - } +resource "aws_iam_role_policy_attachment" "ecs_node_role_policy" { + role = aws_iam_role.ecs_node_role.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" } -resource "aws_ecs_service" "dlp-training-service" { - name = "dlp-training-service-test" - cluster = aws_ecs_cluster.deep-learning-playground-kernels.id - task_definition = "arn:aws:ecs:us-west-2:521654603461:task-definition/dlp-training-task:9" - desired_count = 1 - launch_type = "FARGATE" +resource "aws_iam_instance_profile" "ecs_node" { + name_prefix = "backend-ecs-node-profile-" + path = "/ecs/instance/" + role = aws_iam_role.ecs_node_role.name +} - deployment_maximum_percent = "200" - deployment_minimum_healthy_percent = "100" - scheduling_strategy = "REPLICA" +# --- ECS Task Role --- +data "aws_iam_policy_document" "ecs_task_doc" { + statement { + actions = ["sts:AssumeRole"] + effect = "Allow" - network_configuration { - security_groups = ["sg-09291eb84a19daeed"] - subnets = ["subnet-0bebe768ad78b896c", "subnet-0f3e41ad21cfe6ff5"] - assign_public_ip = true + principals { + type = "Service" + identifiers = ["ecs-tasks.amazonaws.com"] + } } } -resource "aws_appautoscaling_target" "dev_to_target" { - max_capacity = 1 - min_capacity = 1 - resource_id = "service/${aws_ecs_cluster.deep-learning-playground-kernels.name}/${aws_ecs_service.dlp-training-service.name}" - scalable_dimension = "ecs:service:DesiredCount" - service_namespace = "ecs" + +resource "aws_iam_role" "ecs_task_role" { + name_prefix = "backend-ecs-task-role" + assume_role_policy = data.aws_iam_policy_document.ecs_task_doc.json } -resource "aws_appautoscaling_policy" "training_service_auto_scaling_policy" { - name = "TrainingServiceAutoScalingPolicy" - policy_type = "StepScaling" - resource_id = "service/${aws_ecs_cluster.deep-learning-playground-kernels.name}/${aws_ecs_service.dlp-training-service.name}" - scalable_dimension = "ecs:service:DesiredCount" - service_namespace = "ecs" - step_scaling_policy_configuration { - adjustment_type = "ChangeInCapacity" - cooldown = 30 - metric_aggregation_type = "Average" +resource "aws_iam_role_policy_attachment" "ecs_task_role_policy" { + for_each = toset([ + "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", + "arn:aws:iam::aws:policy/SecretsManagerReadWrite" + ]) - step_adjustment { - metric_interval_lower_bound = 0 - scaling_adjustment = 3 - } - } - - depends_on = [ - aws_appautoscaling_target.dev_to_target - ] + role = aws_iam_role.ecs_task_role.name + policy_arn = each.value } -resource "aws_appautoscaling_policy" "dlp-queue-size-too-small-policy" { - name = "DLPQueueSizeTooSmallPolicy" - policy_type = "StepScaling" - resource_id = "service/${aws_ecs_cluster.deep-learning-playground-kernels.name}/${aws_ecs_service.dlp-training-service.name}" - scalable_dimension = "ecs:service:DesiredCount" - service_namespace = "ecs" - step_scaling_policy_configuration { - adjustment_type = "ExactCapacity" - cooldown = 30 - metric_aggregation_type = "Average" - step_adjustment { +resource "aws_iam_role" "ecs_exec_role" { + name_prefix = "backend-ecs-exec-role" + assume_role_policy = data.aws_iam_policy_document.ecs_task_doc.json +} - metric_interval_upper_bound = 0 - scaling_adjustment = 1 - } - } - depends_on = [aws_appautoscaling_target.dev_to_target] +resource "aws_iam_role_policy_attachment" "ecs_exec_role_policy" { + role = aws_iam_role.ecs_exec_role.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" +} + +resource "aws_cloudwatch_log_group" "training" { + name = "/ecs/training" + retention_in_days = 14 } + +resource "aws_cloudwatch_log_group" "django" { + name = "/ecs/django" + retention_in_days = 14 +} \ No newline at end of file diff --git a/dlp-terraform/ecs/ecs_django_service.tf b/dlp-terraform/ecs/ecs_django_service.tf new file mode 100644 index 000000000..6a2168d72 --- /dev/null +++ b/dlp-terraform/ecs/ecs_django_service.tf @@ -0,0 +1,88 @@ +resource "aws_ecs_task_definition" "django" { + family = "django" + task_role_arn = aws_iam_role.ecs_task_role.arn + execution_role_arn = aws_iam_role.ecs_exec_role.arn + network_mode = "awsvpc" + requires_compatibilities = ["FARGATE"] + cpu = 1024 + memory = 2048 + + container_definitions = jsonencode([ + { + "name": "django", + "image" : "${aws_ecr_repository.django.repository_url}:latest", + "cpu": 1024, + "memory": 2048, + "essential": true, + "portMappings": [ + { + "name" : "gunicorn-port", + "containerPort" : 8000, + "hostPort" : 8000, + "protocol" : "tcp", + } + ], + "logConfiguration" : { + "logDriver" : "awslogs", + "options" : { + "awslogs-create-group" : "true", + "awslogs-region" : "us-east-1", + "awslogs-group" : aws_cloudwatch_log_group.django.name, + "awslogs-stream-prefix" : "ecs" + } + }, + "environment": [ + { + "name": "ALLOWED_HOST", + "value": "${aws_lb.main.dns_name}" + } + ] + } + ]) +} + +# --- ECS Django Security Group --- +resource "aws_security_group" "ecs_django_sg" { + name_prefix = "backend-ecs-django-sg-" + vpc_id = aws_vpc.main.id +} + +resource "aws_vpc_security_group_ingress_rule" "ecs_django_sg_ingress" { + security_group_id = aws_security_group.ecs_django_sg.id + + ip_protocol = "-1" + referenced_security_group_id = aws_security_group.http.id +} + +resource "aws_vpc_security_group_egress_rule" "ecs_django_sg_egress" { + security_group_id = aws_security_group.ecs_django_sg.id + + ip_protocol = "-1" + cidr_ipv4 = "0.0.0.0/0" +} + +resource "aws_ecs_service" "django" { + name = "django" + cluster = aws_ecs_cluster.main.id + task_definition = aws_ecs_task_definition.django.arn + desired_count = 2 + launch_type = "FARGATE" + + network_configuration { + security_groups = [ aws_security_group.ecs_django_sg.id] + subnets = aws_subnet.public[*].id + assign_public_ip = true + } + + lifecycle { + ignore_changes = [desired_count] + } + + load_balancer { + target_group_arn = aws_lb_target_group.app.arn + container_name = "django" + container_port = 8000 + } + + depends_on = [aws_lb_target_group.app] +} \ No newline at end of file diff --git a/dlp-terraform/ecs/ecs_training_service.tf b/dlp-terraform/ecs/ecs_training_service.tf new file mode 100644 index 000000000..02ebb059b --- /dev/null +++ b/dlp-terraform/ecs/ecs_training_service.tf @@ -0,0 +1,212 @@ +resource "aws_ecs_task_definition" "training" { + family = "training" + task_role_arn = aws_iam_role.ecs_task_role.arn + execution_role_arn = aws_iam_role.ecs_exec_role.arn + network_mode = "bridge" + cpu = 1024 + memory = 4096 + + container_definitions = jsonencode([ + { + "name" : "training", + "image" : "${aws_ecr_repository.training.repository_url}:latest", + "portMappings" : [ + { + "name" : "gunicorn-port", + "containerPort" : 8000, + "hostPort" : 0, + "protocol" : "tcp", + "appProtocol" : "http" + } + ], + "essential" : true, + "environment" : [], + "mountPoints" : [], + "volumesFrom" : [], + "logConfiguration" : { + "logDriver" : "awslogs", + "options" : { + "awslogs-create-group" : "true", + "awslogs-region" : "us-east-1", + "awslogs-group" : aws_cloudwatch_log_group.training.name, + "awslogs-stream-prefix" : "ecs" + } + } + } + ]) +} + +# --- ECS Service --- +resource "aws_ecs_service" "training" { + name = "training" + cluster = aws_ecs_cluster.main.id + task_definition = aws_ecs_task_definition.training.arn + desired_count = 2 + + capacity_provider_strategy { + capacity_provider = aws_ecs_capacity_provider.training.name + base = 1 + weight = 100 + } + + ordered_placement_strategy { + type = "spread" + field = "attribute:ecs.availability-zone" + } + + lifecycle { + ignore_changes = [desired_count] + } + + # load_balancer { + # target_group_arn = aws_lb_target_group.app.arn + # container_name = "training" + # container_port = 8000 + # } + + # depends_on = [aws_lb_target_group.app] +} + +# --- ECS Service Auto Scaling --- +resource "aws_appautoscaling_target" "training_ecs_target" { + service_namespace = "ecs" + scalable_dimension = "ecs:service:DesiredCount" + resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.training.name}" + min_capacity = 0 + max_capacity = 2 +} + +resource "aws_appautoscaling_policy" "training_ecs_target_cpu" { + name = "training-application-scaling-policy-cpu" + policy_type = "TargetTrackingScaling" + service_namespace = aws_appautoscaling_target.training_ecs_target.service_namespace + resource_id = aws_appautoscaling_target.training_ecs_target.resource_id + scalable_dimension = aws_appautoscaling_target.training_ecs_target.scalable_dimension + + target_tracking_scaling_policy_configuration { + predefined_metric_specification { + predefined_metric_type = "ECSServiceAverageCPUUtilization" + } + + target_value = 80 + scale_in_cooldown = 300 + scale_out_cooldown = 300 + } +} + +resource "aws_appautoscaling_policy" "training_ecs_target_memory" { + name = "training-application-scaling-policy-memory" + policy_type = "TargetTrackingScaling" + service_namespace = aws_appautoscaling_target.training_ecs_target.service_namespace + resource_id = aws_appautoscaling_target.training_ecs_target.resource_id + scalable_dimension = aws_appautoscaling_target.training_ecs_target.scalable_dimension + + target_tracking_scaling_policy_configuration { + predefined_metric_specification { + predefined_metric_type = "ECSServiceAverageMemoryUtilization" + } + + target_value = 80 + scale_in_cooldown = 300 + scale_out_cooldown = 300 + } +} + +# --- ECS Training Security Group --- +resource "aws_security_group" "ecs_training_sg" { + name_prefix = "backend-ecs-training-sg-" + vpc_id = aws_vpc.main.id +} + +resource "aws_vpc_security_group_ingress_rule" "ecs_training_sg_ingress" { + security_group_id = aws_security_group.ecs_training_sg.id + + ip_protocol = "-1" + # cidr_blocks = [aws_vpc.main.cidr_block] + referenced_security_group_id = aws_security_group.ecs_django_sg.id +} + +resource "aws_vpc_security_group_egress_rule" "ecs_training_sg_egress" { + security_group_id = aws_security_group.ecs_training_sg.id + + ip_protocol = "-1" + cidr_ipv4 = "0.0.0.0/0" +} + +# --- ECS Launch Template --- +resource "aws_launch_template" "ecs_lt_training" { + name_prefix = "training-ecs-template-" + image_id = "ami-01ff5874b57a57613" + instance_type = "g4dn.xlarge" + + vpc_security_group_ids = [aws_security_group.ecs_training_sg.id] + iam_instance_profile { + arn = aws_iam_instance_profile.ecs_node.arn + } + monitoring { + enabled = true + } + + user_data = base64encode(<<-EOF + #!/bin/bash + echo ECS_CLUSTER=${aws_ecs_cluster.main.name} >> /etc/ecs/ecs.config; + EOF + ) +} + +# --- ECS ASG --- +resource "aws_autoscaling_group" "training" { + name_prefix = "training-ecs-asg-" + vpc_zone_identifier = aws_subnet.public[*].id + min_size = 0 + max_size = 1 + desired_capacity = 1 + health_check_grace_period = 0 + health_check_type = "EC2" + protect_from_scale_in = false + + launch_template { + id = aws_launch_template.ecs_lt_training.id + version = "$Latest" + } + + tag { + key = "Name" + value = "backend-ecs-cluster" + propagate_at_launch = true + } + + tag { + key = "AmazonECSManaged" + value = "" + propagate_at_launch = true + } +} + +# --- ECS Capacity Provider --- +resource "aws_ecs_capacity_provider" "training" { + name = "training-ecs-ec2" + + auto_scaling_group_provider { + auto_scaling_group_arn = aws_autoscaling_group.training.arn + managed_termination_protection = "DISABLED" + + managed_scaling { + maximum_scaling_step_size = 2 + minimum_scaling_step_size = 1 + status = "ENABLED" + target_capacity = 100 + } + } +} + +resource "aws_ecs_cluster_capacity_providers" "main" { + cluster_name = aws_ecs_cluster.main.name + capacity_providers = [aws_ecs_capacity_provider.training.name] + + default_capacity_provider_strategy { + capacity_provider = aws_ecs_capacity_provider.training.name + base = 1 + weight = 100 + } +} \ No newline at end of file diff --git a/dlp-terraform/ecs/main.tf b/dlp-terraform/ecs/main.tf new file mode 100644 index 000000000..f4506a15f --- /dev/null +++ b/dlp-terraform/ecs/main.tf @@ -0,0 +1,71 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws", + version = "5.17.0" + } + } +} + +provider "aws" { + region = "us-east-1" + profile = "DLP_Deploy-521654603461" +} + +# --- VPC -- +data "aws_availability_zones" "available" { + state = "available" +} + +locals { + azs_count = 2 + azs_names = data.aws_availability_zones.available.names +} + +resource "aws_vpc" "main" { + cidr_block = "10.10.0.0/16" + enable_dns_hostnames = true + tags = { + Name = "backend-vpc" + } +} + +resource "aws_subnet" "public" { + count = 2 + + vpc_id = aws_vpc.main.id + availability_zone = local.azs_names[count.index] + cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, 10 + count.index) + map_public_ip_on_launch = true + tags = { + Name = "backend-subnet-public-${local.azs_names[count.index]}" + } +} + +# --- Internet Gateway --- +resource "aws_internet_gateway" "main" { + vpc_id = aws_vpc.main.id + tags = { + Name = "backend-internet-gateway" + } +} + +# --- Public Route Table -- +resource "aws_route_table" "public" { + vpc_id = aws_vpc.main.id + tags = { + Name = "backend-route-table-public" + } + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.main.id + } +} + +resource "aws_route_table_association" "public" { + count = local.azs_count + + subnet_id = aws_subnet.public[count.index].id + route_table_id = aws_route_table.public.id +} diff --git a/training/training/core/authenticator.py b/training/training/core/authenticator.py index 469574ebe..a250215f2 100644 --- a/training/training/core/authenticator.py +++ b/training/training/core/authenticator.py @@ -9,15 +9,16 @@ class FirebaseAuth(HttpBearer): def authenticate(self, request, token): - app = init_firebase() if token is None or not token: return + app = init_firebase() try: firebase_admin.auth.verify_id_token(token) - firebase_admin.delete_app(app) except Exception as e: logger.info(e) return + finally: + firebase_admin.delete_app(app) return token diff --git a/training/training/settings.py b/training/training/settings.py index a50dab7e6..74f789f6c 100644 --- a/training/training/settings.py +++ b/training/training/settings.py @@ -28,16 +28,8 @@ import requests, os ALLOWED_HOSTS = [] -if "ECS_CONTAINER_METADATA_URI" in os.environ: - ELB_HEALTHCHECK_HOSTNAMES = [ - ip - for network in requests.get(os.environ["ECS_CONTAINER_METADATA_URI"]).json()[ - "Networks" - ] - for ip in network["IPv4Addresses"] - ] - ALLOWED_HOSTS += ELB_HEALTHCHECK_HOSTNAMES - ALLOWED_HOSTS.append("backend-load-balancer-296304048.us-east-1.elb.amazonaws.com") +if "ALLOWED_HOST" in os.environ: + ALLOWED_HOSTS.append(os.environ["ALLOWED_HOST"]) # Application definition