From 065b07613aa99de0383efb32c463eca3edc302a6 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Mon, 8 Jun 2026 11:58:55 +0200 Subject: [PATCH 01/21] Add reuploader builder task to dev --- tf/environments/dev/main.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 84de383f..9b4511cb 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -936,6 +936,21 @@ module "fastpath_builder" { codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket } +module "reuploader_builder" { + source = "../../modules/ooni_docker_build" + trigger_tag = "" + + service_name = "reuploader" + repo = "ooni/backend" + branch_name = "add_fastpath_reuploader" + environment = local.environment + buildspec_path = "reuploader/buildspec.yml" + trigger_path = "fastpath/**" + codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn + + codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket +} + #### OONI Run service module "ooniapi_oonirun_deployer" { From ccda78dd1c82f6766c8746ba09bd46ab74cfd747 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Mon, 8 Jun 2026 12:30:49 +0200 Subject: [PATCH 02/21] fix trigger path --- tf/environments/dev/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 9b4511cb..82b678c1 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -945,7 +945,7 @@ module "reuploader_builder" { branch_name = "add_fastpath_reuploader" environment = local.environment buildspec_path = "reuploader/buildspec.yml" - trigger_path = "fastpath/**" + trigger_path = "reuploader/**" codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket From 01ab56876484898e49182b50199bf4c27735b3ab Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Mon, 8 Jun 2026 14:22:37 +0200 Subject: [PATCH 03/21] Extend ooniapi_service to provide scheduled run --- tf/modules/ooniapi_service/main.tf | 68 ++++++++++++++++++++++++- tf/modules/ooniapi_service/variables.tf | 22 ++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/tf/modules/ooniapi_service/main.tf b/tf/modules/ooniapi_service/main.tf index 84e9f38f..068d1651 100644 --- a/tf/modules/ooniapi_service/main.tf +++ b/tf/modules/ooniapi_service/main.tf @@ -36,6 +36,72 @@ resource "aws_iam_role_policy" "ooniapi_service_task" { policy = templatefile("${path.module}/templates/profile_policy.json", {}) } +resource "aws_iam_role" "events_run_task" { + count = var.run_on_schedule ? 1 : 0 + name = "${local.name}-events-run-task-role" + + assume_role_policy = < Date: Tue, 9 Jun 2026 14:18:25 +0200 Subject: [PATCH 04/21] add scheduled_service module --- tf/modules/scheduled_service/main.tf | 156 ++++++++++++++++++ tf/modules/scheduled_service/outputs.tf | 7 + .../templates/profile_policy.json | 61 +++++++ tf/modules/scheduled_service/variables.tf | 79 +++++++++ 4 files changed, 303 insertions(+) create mode 100644 tf/modules/scheduled_service/main.tf create mode 100644 tf/modules/scheduled_service/outputs.tf create mode 100644 tf/modules/scheduled_service/templates/profile_policy.json create mode 100644 tf/modules/scheduled_service/variables.tf diff --git a/tf/modules/scheduled_service/main.tf b/tf/modules/scheduled_service/main.tf new file mode 100644 index 00000000..19e4a3b1 --- /dev/null +++ b/tf/modules/scheduled_service/main.tf @@ -0,0 +1,156 @@ +locals { + name = "scheduled-service-${var.service_name}" + # We construct a stripped name that is without the "ooni" substring and all + # vocals are stripped. + stripped_name = replace(replace(var.service_name, "ooni", ""), "[aeiou]", "") + # Short prefix should be less than 5 characters + short_prefix = "O${substr(local.stripped_name, 0, 3)}" +} + +resource "aws_iam_role" "scheduled_service_task" { + name = "${local.name}-task-role" + + tags = var.tags + + assume_role_policy = < Date: Tue, 9 Jun 2026 14:47:14 +0200 Subject: [PATCH 05/21] add reuploader scheduled service (hourly) --- tf/environments/dev/main.tf | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 82b678c1..ff4089f2 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -951,6 +951,44 @@ module "reuploader_builder" { codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket } +module "reuploader" { + source = "../../modules/scheduled_service" + + task_memory = 256 + + vpc_id = module.network.vpc_id + + service_name = "reuploader" + default_docker_image_url = "ooni/reuploader:latest" + schedule_expression = "cron(0 * * * ? 2000-2199)" + stage = local.environment + dns_zone_ooni_io = local.dns_zone_ooni_io + key_name = module.adm_iam_roles.oonidevops_key_name + ecs_cluster_id = module.ooniapi_cluster.cluster_id + + task_secrets = { + AWS_ACCESS_KEY_ID = data.aws_ssm_parameter.s3_user_access_id + AWS_SECRET_ACCESS_KEY = data.aws_ssm_parameter.s3_user_secret_key + #ROLE_ARN = + #ROLE_DURATION_SECONDS = "3600" + AWS_REGION = var.aws_region + # required + BUCKET_NAME = "ooniprobe-failed-reports-eu-central-1-1d24426a" + # PREFIX # s3 path prefix + # fastpath API endpoint; use the last (fallback) fastpath instance in set + FASTPATH_API = "http://${local.fastpath_hosts[length(local.fastpath_hosts) - 1]}:8472" + } + + ooniapi_service_security_groups = [ + module.ooniapi_cluster.web_security_group_id + ] + + tags = merge( + local.tags, + { Name = "ooni-tier0-reuploader" } + ) +} + #### OONI Run service module "ooniapi_oonirun_deployer" { From d245b73db9805c7204042d4f34a9e4fb66be9198 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Tue, 9 Jun 2026 16:56:51 +0200 Subject: [PATCH 06/21] set failed reports bucket --- tf/environments/dev/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index ff4089f2..92fd1f27 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -973,7 +973,7 @@ module "reuploader" { #ROLE_DURATION_SECONDS = "3600" AWS_REGION = var.aws_region # required - BUCKET_NAME = "ooniprobe-failed-reports-eu-central-1-1d24426a" + BUCKET_NAME = aws_s3_bucket.ooniprobe_failed_reports.bucket # PREFIX # s3 path prefix # fastpath API endpoint; use the last (fallback) fastpath instance in set FASTPATH_API = "http://${local.fastpath_hosts[length(local.fastpath_hosts) - 1]}:8472" From 4dd954ed217ea3961c29a5e90851589fcc29ddc1 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 09:42:21 +0200 Subject: [PATCH 07/21] reuploader: set DRY_RUN=true --- tf/environments/dev/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 92fd1f27..689d1f6f 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -974,6 +974,7 @@ module "reuploader" { AWS_REGION = var.aws_region # required BUCKET_NAME = aws_s3_bucket.ooniprobe_failed_reports.bucket + DRY_RUN = true # PREFIX # s3 path prefix # fastpath API endpoint; use the last (fallback) fastpath instance in set FASTPATH_API = "http://${local.fastpath_hosts[length(local.fastpath_hosts) - 1]}:8472" From b6e2ba72c0ec9a784d66bddd207472c4e9630b9a Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 09:43:25 +0200 Subject: [PATCH 08/21] reuploader: set BATCH_SIZE=10 --- tf/environments/dev/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 689d1f6f..21dbed28 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -972,6 +972,7 @@ module "reuploader" { #ROLE_ARN = #ROLE_DURATION_SECONDS = "3600" AWS_REGION = var.aws_region + BATCH_SIZE = 10 # required BUCKET_NAME = aws_s3_bucket.ooniprobe_failed_reports.bucket DRY_RUN = true From 0b94e88d3dddb3c3dff62c05243b8ec39a33c424 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 09:43:49 +0200 Subject: [PATCH 09/21] reuploader: set AWS_SECRET_ACCESS_KEY from module --- tf/environments/dev/main.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 21dbed28..7c610dc9 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -967,8 +967,9 @@ module "reuploader" { ecs_cluster_id = module.ooniapi_cluster.cluster_id task_secrets = { - AWS_ACCESS_KEY_ID = data.aws_ssm_parameter.s3_user_access_id - AWS_SECRET_ACCESS_KEY = data.aws_ssm_parameter.s3_user_secret_key + AWS_SECRET_ACCESS_KEY = module.ooniapi_user.aws_secret_access_key_arn + AWS_ACCESS_KEY_ID = module.ooniapi_user.aws_access_key_id_arn + #ROLE_ARN = #ROLE_DURATION_SECONDS = "3600" AWS_REGION = var.aws_region From 22f35d53bfb4f65584a8f135ddeb8bc59c7cb70d Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 10:13:40 +0200 Subject: [PATCH 10/21] reuploader: set scheduled_task_cluster --- tf/environments/dev/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 7c610dc9..94bf5d5a 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -964,6 +964,7 @@ module "reuploader" { stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name + scheduled_task_cluster = module.ooniapi_cluster.cluster_name ecs_cluster_id = module.ooniapi_cluster.cluster_id task_secrets = { From 3a0b89536a5cf3817443c863f3957de3aee34e2e Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 10:14:07 +0200 Subject: [PATCH 11/21] reuploader: remove unused outputs --- tf/modules/scheduled_service/outputs.tf | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tf/modules/scheduled_service/outputs.tf b/tf/modules/scheduled_service/outputs.tf index 85f5994d..e69de29b 100644 --- a/tf/modules/scheduled_service/outputs.tf +++ b/tf/modules/scheduled_service/outputs.tf @@ -1,7 +0,0 @@ -output "ecs_service_name" { - value = aws_ecs_service.ooniapi_service.name -} - -output "alb_target_group_id" { - value = aws_alb_target_group.ooniapi_service.id -} From d171d28fb6248821df8e84a9b1062b4d9036a475 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 10:14:19 +0200 Subject: [PATCH 12/21] reuploader: add first_run to create container definition --- tf/environments/dev/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 94bf5d5a..4cdced80 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -958,6 +958,7 @@ module "reuploader" { vpc_id = module.network.vpc_id + first_run = true service_name = "reuploader" default_docker_image_url = "ooni/reuploader:latest" schedule_expression = "cron(0 * * * ? 2000-2199)" From c2ffbf1275cca3a5b938c2f14fa3621b0a99466a Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 10:16:43 +0200 Subject: [PATCH 13/21] reuploader: pin to tagged container --- tf/environments/dev/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 4cdced80..bd42fd48 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -960,7 +960,7 @@ module "reuploader" { first_run = true service_name = "reuploader" - default_docker_image_url = "ooni/reuploader:latest" + default_docker_image_url = "ooni/reuploader:20260611-f9cf0ff7" schedule_expression = "cron(0 * * * ? 2000-2199)" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io From d55b50225000bded876d7b7bf03b57b8a1a885da Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 12:48:24 +0200 Subject: [PATCH 14/21] remove redundant count --- tf/modules/scheduled_service/main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tf/modules/scheduled_service/main.tf b/tf/modules/scheduled_service/main.tf index 19e4a3b1..9c18fbdc 100644 --- a/tf/modules/scheduled_service/main.tf +++ b/tf/modules/scheduled_service/main.tf @@ -37,7 +37,6 @@ resource "aws_iam_role_policy" "scheduled_service_task" { } resource "aws_iam_role" "events_run_task" { - count = 1 name = "${local.name}-events-run-task-role" assume_role_policy = < Date: Thu, 11 Jun 2026 13:08:55 +0200 Subject: [PATCH 15/21] singleton requires no index --- tf/modules/scheduled_service/main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tf/modules/scheduled_service/main.tf b/tf/modules/scheduled_service/main.tf index 9c18fbdc..b269742b 100644 --- a/tf/modules/scheduled_service/main.tf +++ b/tf/modules/scheduled_service/main.tf @@ -55,7 +55,7 @@ EOF resource "aws_iam_role_policy" "events_run_task_policy" { name = "${local.name}-events-run-task-policy" - role = aws_iam_role.events_run_task[0].id + role = aws_iam_role.events_run_task.id policy = jsonencode({ Version = "2012-10-17" @@ -82,10 +82,10 @@ resource "aws_cloudwatch_event_rule" "scheduled_run" { } resource "aws_cloudwatch_event_target" "run_ecs_task" { - rule = aws_cloudwatch_event_rule.scheduled_run[0].name - arn = data.aws_ecs_cluster.target[0].arn + rule = aws_cloudwatch_event_rule.scheduled_run.name + arn = data.aws_ecs_cluster.target.arn - role_arn = aws_iam_role.events_run_task[0].arn + role_arn = aws_iam_role.events_run_task.arn ecs_target { task_definition_arn = aws_ecs_task_definition.scheduled_service.arn @@ -119,7 +119,7 @@ resource "aws_ecs_task_definition" "scheduled_service" { memory = var.memory_hard_limit essential = true, image = try( - data.aws_ecs_container_definition.scheduled_service_current[0].image, + data.aws_ecs_container_definition.scheduled_service_current.image, var.default_docker_image_url ), name = local.name, From 27f9c59c62cf8c3eeca8dec37bd12238e604facb Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 13:43:12 +0200 Subject: [PATCH 16/21] FIXME: try to add events:PutRule et al to profile I see AccessDeniedException; but this change doesn't fix it --- tf/modules/scheduled_service/main.tf | 7 +++++-- .../scheduled_service/templates/profile_policy.json | 10 ++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/tf/modules/scheduled_service/main.tf b/tf/modules/scheduled_service/main.tf index b269742b..b09cf7d1 100644 --- a/tf/modules/scheduled_service/main.tf +++ b/tf/modules/scheduled_service/main.tf @@ -67,7 +67,10 @@ resource "aws_iam_role_policy" "events_run_task_policy" { "iam:PassRole", "ecs:StartTask", "ecs:DescribeClusters", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "events:TagResource", + "events:PutRule", + "events:PutTargets", ] Resource = "*" } @@ -119,7 +122,7 @@ resource "aws_ecs_task_definition" "scheduled_service" { memory = var.memory_hard_limit essential = true, image = try( - data.aws_ecs_container_definition.scheduled_service_current.image, + data.aws_ecs_container_definition.scheduled_service_current[0].image, var.default_docker_image_url ), name = local.name, diff --git a/tf/modules/scheduled_service/templates/profile_policy.json b/tf/modules/scheduled_service/templates/profile_policy.json index 3a772893..b0a059d2 100644 --- a/tf/modules/scheduled_service/templates/profile_policy.json +++ b/tf/modules/scheduled_service/templates/profile_policy.json @@ -56,6 +56,16 @@ "elasticloadbalancing:RegisterTargets" ], "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "events:TagResource", + "events:PutRule", + "events:PutTargets" + ], + "Resource": "*" } + ] } From 093c98f73383cb077da4abc8ee5ca14961ecb40b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz?= Date: Thu, 11 Jun 2026 14:25:12 +0200 Subject: [PATCH 17/21] Add permission to the ooni_devops role to modify events --- tf/modules/adm_iam_roles/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tf/modules/adm_iam_roles/main.tf b/tf/modules/adm_iam_roles/main.tf index aa5c525f..10fb15f9 100644 --- a/tf/modules/adm_iam_roles/main.tf +++ b/tf/modules/adm_iam_roles/main.tf @@ -53,7 +53,8 @@ resource "aws_iam_policy" "oonidevops" { "secretsmanager:*", "cloudhsm:*", "athena:*", - "glue:*" + "glue:*", + "events:*" ], "Resource": "*" } From 94f3638eedc2d3dad9e9cbf7b3f452312c81f398 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 15:16:01 +0200 Subject: [PATCH 18/21] unmix environment from secrets --- tf/environments/dev/main.tf | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index f17b1a05..dcd73ac6 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -968,15 +968,8 @@ module "reuploader" { scheduled_task_cluster = module.ooniapi_cluster.cluster_name ecs_cluster_id = module.ooniapi_cluster.cluster_id - task_secrets = { - AWS_SECRET_ACCESS_KEY = module.ooniapi_user.aws_secret_access_key_arn - AWS_ACCESS_KEY_ID = module.ooniapi_user.aws_access_key_id_arn - - #ROLE_ARN = - #ROLE_DURATION_SECONDS = "3600" - AWS_REGION = var.aws_region + task_environment = { BATCH_SIZE = 10 - # required BUCKET_NAME = aws_s3_bucket.ooniprobe_failed_reports.bucket DRY_RUN = true # PREFIX # s3 path prefix @@ -984,6 +977,12 @@ module "reuploader" { FASTPATH_API = "http://${local.fastpath_hosts[length(local.fastpath_hosts) - 1]}:8472" } + task_secrets = { + AWS_SECRET_ACCESS_KEY = module.ooniapi_user.aws_secret_access_key_arn + AWS_ACCESS_KEY_ID = module.ooniapi_user.aws_access_key_id_arn + AWS_REGION = var.aws_region + } + ooniapi_service_security_groups = [ module.ooniapi_cluster.web_security_group_id ] From 92fb38aee75614bd0f1fd8a356c4613fdebb05d6 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 15:42:38 +0200 Subject: [PATCH 19/21] use bucket from https://github.com/ooni/devops/issues/398 --- tf/environments/dev/main.tf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index dcd73ac6..d69c3683 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -961,7 +961,7 @@ module "reuploader" { first_run = true service_name = "reuploader" default_docker_image_url = "ooni/reuploader:20260611-f9cf0ff7" - schedule_expression = "cron(0 * * * ? 2000-2199)" + schedule_expression = "cron(42 * * * ? 2000-2199)" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -970,10 +970,8 @@ module "reuploader" { task_environment = { BATCH_SIZE = 10 - BUCKET_NAME = aws_s3_bucket.ooniprobe_failed_reports.bucket + BUCKET_NAME = "ooniprobe-failed-reports-eu-central-1-1d24426a" DRY_RUN = true - # PREFIX # s3 path prefix - # fastpath API endpoint; use the last (fallback) fastpath instance in set FASTPATH_API = "http://${local.fastpath_hosts[length(local.fastpath_hosts) - 1]}:8472" } From bafa1755bf0f2eaa9fe8e0ffa31407290a029eae Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 16:18:25 +0200 Subject: [PATCH 20/21] update reuploader, fix env --- tf/environments/dev/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index d69c3683..d922aa2e 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -960,8 +960,8 @@ module "reuploader" { first_run = true service_name = "reuploader" - default_docker_image_url = "ooni/reuploader:20260611-f9cf0ff7" - schedule_expression = "cron(42 * * * ? 2000-2199)" + default_docker_image_url = "ooni/reuploader:20260611-840e1b63" + schedule_expression = "cron(0 * * * ? 2000-2199)" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name From ed341e5b72dc2b52dcae1749cf332331ec40ebb2 Mon Sep 17 00:00:00 2001 From: Aaron Gibson Date: Thu, 11 Jun 2026 16:49:50 +0200 Subject: [PATCH 21/21] add AWS_REGION to task_environment --- tf/environments/dev/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index d922aa2e..c9a70776 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -961,7 +961,7 @@ module "reuploader" { first_run = true service_name = "reuploader" default_docker_image_url = "ooni/reuploader:20260611-840e1b63" - schedule_expression = "cron(0 * * * ? 2000-2199)" + schedule_expression = "cron(0/5 * * * ? 2000-2199)" stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io key_name = module.adm_iam_roles.oonidevops_key_name @@ -969,6 +969,7 @@ module "reuploader" { ecs_cluster_id = module.ooniapi_cluster.cluster_id task_environment = { + AWS_REGION = var.aws_region BATCH_SIZE = 10 BUCKET_NAME = "ooniprobe-failed-reports-eu-central-1-1d24426a" DRY_RUN = true @@ -978,7 +979,6 @@ module "reuploader" { task_secrets = { AWS_SECRET_ACCESS_KEY = module.ooniapi_user.aws_secret_access_key_arn AWS_ACCESS_KEY_ID = module.ooniapi_user.aws_access_key_id_arn - AWS_REGION = var.aws_region } ooniapi_service_security_groups = [