Merge pull request #6 from langchain-ai/infra/final-cleanup

chore: final cleanup
langchain-ai · Aug 19, 2024 · fdaea1e · fdaea1e
2 parents bc998d7 + bb2d521
commit fdaea1e
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/modules/langgraph_cloud_setup/README.md b/modules/langgraph_cloud_setup/README.md
@@ -0,0 +1,16 @@
+# LangGraph Cloud BYOC Setup
+This module sets up the LangGraph Cloud BYOC (Bring Your Own Cloud) environment.
+It will provision the necessary resources in your account and also grant the necessary permissions to the LangSmith Role.
+This role will be used by the LangSmith service to interact with your cloud environment.
+
+## Usage
+```hcl
+module "langgraph_cloud_setup" {
+  source = "github.com/langchain-ai/terraform//modules/langgraph_cloud_setup"
+
+  vpc_id                 = "YOUR VPC ID"
+  private_subnet_ids     = ["YOUR PRIVATE SUBNET IDS"]
+  public_subnet_ids      = ["YOUR PUBLIC SUBNET IDS"]
+  langgraph_role_arn     = "arn:aws:iam::640174622193:role/HostBackendRoleProd"
+  langgraph_external_ids = ["Your Organization ID"]
+}
diff --git a/modules/langgraph_cloud_setup/main.tf b/modules/langgraph_cloud_setup/main.tf
@@ -42,6 +42,29 @@ resource "aws_iam_policy_attachment" "role_attachments" {
   roles      = [aws_iam_role.langgraph_cloud_role.name]
 }
 
+resource "aws_iam_policy" "custom_permissions" {
+  name = "LangGraphCloudCustomPermissions"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "application-autoscaling:*",
+        ],
+        Resource = "*",
+      },
+    ],
+  })
+}
+
+resource "aws_iam_policy_attachment" "custom_policy" {
+  name       = "LangGraphCloudRoleAttachment-CustomPermissions"
+  policy_arn = aws_iam_policy.custom_permissions.arn
+  roles      = [aws_iam_role.langgraph_cloud_role.name]
+}
+
+
 // Allow LangGraph Cloud role to assume role in the account
 data "aws_iam_policy_document" "assume_role" {
   statement {
@@ -67,9 +90,15 @@ resource "aws_cloudwatch_log_group" "langgraph_cloud_log_group" {
 // Create an ECS cluster
 resource "aws_ecs_cluster" "langgraph_cloud_cluster" {
   name = "langgraph-cloud-cluster"
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+
 }
 
-// Create ECS role with ECR access
+// Create ECS role with ECR access and access to its own secret
 resource "aws_iam_role" "langgraph_cloud_ecs_role" {
   name               = "LangGraphCloudECSTaskExecutionRole"
   assume_role_policy = data.aws_iam_policy_document.ecs_assume_role.json