feature : terraform modules support (#1006)

* update cloudwatch

* update drafter

* feature : terraform support

src/apps/blazor/nginx.conf

@@ -11,6 +11,13 @@ http {
         listen 80;
         index index.html;
 
+        location /health {
+                # health checks are frequent and boring, so we avoid logging them
+                access_log off;
+                error_log /dev/stderr error;
+                proxy_pass http://api;
+         }
+
         location / {
             root /usr/share/nginx/html;
             try_files $uri $uri/ /index.html =404;

src/aspire/service-defaults/Extensions.cs

@@ -84,7 +84,7 @@ public static IHostApplicationBuilder ConfigureOpenTelemetry(this IHostApplicati
                        .AddProcessInstrumentation()
                        .AddMeter(MetricsConstants.Todos)
                        .AddMeter(MetricsConstants.Catalog);
-                       //.AddConsoleExporter();
+                //.AddConsoleExporter();
             })
             .WithTracing(tracing =>
             {
@@ -97,7 +97,7 @@ public static IHostApplicationBuilder ConfigureOpenTelemetry(this IHostApplicati
                        .AddAspNetCoreInstrumentation(nci => nci.RecordException = true)
                        .AddHttpClientInstrumentation()
                        .AddEntityFrameworkCoreInstrumentation();
-                       //.AddConsoleExporter();
+                //.AddConsoleExporter();
             });
 
         builder.AddOpenTelemetryExporters();
@@ -146,12 +146,11 @@ public static WebApplication MapDefaultEndpoints(this WebApplication app)
 
         // All health checks must pass for app to be considered ready to accept traffic after starting
         app.MapHealthChecks("/health").AllowAnonymous();
-
         // Only health checks tagged with the "live" tag must pass for app to be considered alive
         app.MapHealthChecks("/alive", new HealthCheckOptions
         {
             Predicate = r => r.Tags.Contains("live")
-        }).AllowAnonymous();        
+        }).AllowAnonymous();
 
         return app;
     }

terraform/environments/dev/compute.tf

@@ -0,0 +1,47 @@
+module "cluster" {
+  source       = "../../modules/ecs/cluster"
+  cluster_name = "fullstackhero"
+}
+
+module "webapi" {
+  source          = "../../modules/ecs"
+  vpc_id          = module.vpc.vpc_id
+  environment     = var.environment
+  cluster_id      = module.cluster.id
+  service_name    = "webapi"
+  container_name  = "fsh-webapi"
+  container_image = "ghcr.io/fullstackhero/webapi:latest"
+  subnet_ids      = [module.vpc.private_a_id, module.vpc.private_b_id]
+  environment_variables = {
+    DatabaseOptions__ConnectionString = module.rds.connection_string
+    DatabaseOptions__Provider         = "postgresql"
+    Serilog__MinimumLevel__Default    = "Error"
+    CorsOptions__AllowedOrigins__0    = "http://${module.blazor.endpoint}"
+  }
+}
+
+module "blazor" {
+  source          = "../../modules/ecs"
+  vpc_id          = module.vpc.vpc_id
+  cluster_id      = module.cluster.id
+  environment     = var.environment
+  container_port  = 80
+  service_name    = "blazor"
+  container_name  = "fsh-blazor"
+  container_image = "ghcr.io/fullstackhero/blazor:latest"
+  subnet_ids      = [module.vpc.private_a_id, module.vpc.private_b_id]
+  environment_variables = {
+    Frontend_FSHStarterBlazorClient_Settings__AppSettingsTemplate = "/usr/share/nginx/html/appsettings.json.TEMPLATE"
+    Frontend_FSHStarterBlazorClient_Settings__AppSettingsJson     = "/usr/share/nginx/html/appsettings.json"
+    FSHStarterBlazorClient_ApiBaseUrl                             = "http://${module.webapi.endpoint}:8080"
+    ApiBaseUrl                                                    = "http://${module.webapi.endpoint}:8080"
+  }
+  entry_point = [
+    "/bin/sh",
+    "-c",
+    "envsubst < $${Frontend_FSHStarterBlazorClient_Settings__AppSettingsTemplate} > $${Frontend_FSHStarterBlazorClient_Settings__AppSettingsJson} || echo 'envsubst failed' && find /usr/share/nginx/html -type f | xargs chmod +r || echo 'chmod failed' && echo 'Entry point execution completed' && cat /usr/share/nginx/html/appsettings.json && exec nginx -g 'daemon off;'"
+  ]
+
+
+
+}

terraform/environments/dev/database.tf

@@ -0,0 +1,9 @@
+module "rds" {
+  environment   = var.environment
+  source        = "../../modules/rds"
+  vpc_id        = module.vpc.vpc_id
+  subnet_ids    = [module.vpc.private_a_id, module.vpc.private_b_id]
+  multi_az      = false
+  database_name = "fsh"
+  cidr_block    = module.vpc.cidr_block
+}

terraform/environments/dev/network.tf

@@ -0,0 +1,3 @@
+module "vpc" {
+  source = "../../modules/vpc"
+}

terraform/environments/dev/outputs.tf

@@ -0,0 +1,3 @@
+output "vpc_id" {
+  value = module.vpc.vpc_id
+}

terraform/environments/dev/providers.tf

@@ -10,7 +10,7 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
-  # default_tags {
-  #   tags = merge(local.common_tags)
-  # }
+  default_tags {
+    tags = merge(local.common_tags)
+  }
 }

terraform/environments/dev/variables.tf

@@ -8,24 +8,24 @@ variable "environment" {
   type    = string
   default = "dev"
 }
-# variable "owner" {
-#   type = string
-# }
+variable "owner" {
+  type = string
+}
 
-# variable "project_name" {
-#   type = string
-# }
+variable "project_name" {
+  type = string
+}
 
-# variable "repository" {
-#   type = string
-# }
+variable "repository" {
+  type = string
+}
 
 
-# locals {
-#   common_tags = {
-#     Environment = var.environment
-#     Owner       = var.owner
-#     Project     = var.project_name
-#     Repository  = var.repository
-#   }
-# }
+locals {
+  common_tags = {
+    Environment = var.environment
+    Owner       = var.owner
+    Project     = var.project_name
+    Repository  = var.repository
+  }
+}

terraform/modules/cloudwatch/main.tf

@@ -1,4 +1,4 @@
-resource "aws_cloudwatch_log_group" "log_group" {
+resource "aws_cloudwatch_log_group" "this" {
   name              = var.log_group_name
-  retention_in_days = 60
+  retention_in_days = var.retention_period
 }

terraform/modules/cloudwatch/variables.tf

@@ -1,3 +1,8 @@
 variable "log_group_name" {
-  type        = string
+  type = string
+}
+
+variable "retention_period" {
+  type    = number
+  default = 60
 }

terraform/modules/ecs/cluster/main.tf

@@ -0,0 +1,13 @@
+resource "aws_ecs_cluster" "this" {
+  name = var.cluster_name
+}
+
+resource "aws_ecs_cluster_capacity_providers" "this" {
+  cluster_name       = aws_ecs_cluster.this.name
+  capacity_providers = ["FARGATE"]
+  default_capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = "FARGATE"
+  }
+}

terraform/modules/ecs/cluster/outputs.tf

@@ -0,0 +1,3 @@
+output "id" {
+  value = aws_ecs_cluster.this.id
+}

terraform/modules/ecs/cluster/variables.tf

@@ -0,0 +1,3 @@
+variable "cluster_name" {
+  type = string
+}

terraform/modules/ecs/iam.tf

@@ -0,0 +1,41 @@
+resource "aws_iam_role" "ecs_task_execution_role" {
+  name               = "${var.service_name}-ecs-ter"
+  assume_role_policy = <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+   {
+     "Action": "sts:AssumeRole",
+     "Principal": {
+       "Service": "ecs-tasks.amazonaws.com"
+     },
+     "Effect": "Allow",
+     "Sid": ""
+   }
+ ]
+}
+EOF
+}
+resource "aws_iam_role" "ecs_task_role" {
+  name               = "${var.service_name}-ecs-tr"
+  assume_role_policy = <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+   {
+     "Action": "sts:AssumeRole",
+     "Principal": {
+       "Service": "ecs-tasks.amazonaws.com"
+     },
+     "Effect": "Allow",
+     "Sid": ""
+   }
+ ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "ecs-task-execution-role-policy-attachment" {
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}

terraform/modules/ecs/outputs.tf

@@ -0,0 +1,3 @@
+output "endpoint" {
+  value = aws_lb.this.dns_name
+}

terraform/modules/ecs/service.tf

@@ -1,13 +1,13 @@
 resource "aws_ecs_service" "this" {
-  name            = var.service_name
-  cluster         = aws_ecs_cluster.this.id
-  task_definition = aws_ecs_task_definition.this.arn
-  desired_count   = var.desired_count
-  launch_type     = "FARGATE"
-
+  name                 = var.service_name
+  cluster              = var.cluster_id
+  task_definition      = aws_ecs_task_definition.this.arn
+  desired_count        = var.desired_count
+  launch_type          = "FARGATE"
+  force_new_deployment = true
   network_configuration {
-    subnets          = var.subnets
-    security_groups  = var.security_groups
+    subnets          = var.subnet_ids
+    security_groups  = [aws_security_group.this.id]
     assign_public_ip = true
   }
 
@@ -18,33 +18,53 @@ resource "aws_ecs_service" "this" {
   }
 }
 
+resource "aws_security_group" "this" {
+  name   = "${var.service_name}-sg"
+  vpc_id = var.vpc_id
+  ingress {
+    protocol    = "tcp"
+    from_port   = var.container_port
+    to_port     = var.container_port
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
 resource "aws_lb" "this" {
   name               = "${var.service_name}-lb"
   internal           = false
   load_balancer_type = "application"
-  subnets            = var.subnets
+  subnets            = var.subnet_ids
 
-  security_groups = var.security_groups
+  security_groups = [aws_security_group.this.id]
 }
 
 resource "aws_lb_target_group" "this" {
-  name     = "${var.service_name}-tg"
-  port     = var.container_port
-  protocol = "HTTP"
-  vpc_id   = data.aws_vpc.this.id
+  health_check {
+    enabled  = var.enable_health_check
+    path     = var.health_check_endpoint
+    interval = 30
+  }
+  name        = "${var.service_name}-tg"
+  port        = var.container_port
+  protocol    = "HTTP"
+  target_type = "ip"
+  vpc_id      = var.vpc_id
 }
 
 resource "aws_lb_listener" "this" {
   load_balancer_arn = aws_lb.this.arn
-  port              = "80"
+  port              = var.container_port
   protocol          = "HTTP"
 
   default_action {
     type             = "forward"
     target_group_arn = aws_lb_target_group.this.arn
   }
 }
-
-data "aws_vpc" "this" {
-  id = aws_subnet.main[0].vpc_id
-}

terraform/modules/ecs/task-definition.tf

@@ -4,19 +4,35 @@ resource "aws_ecs_task_definition" "this" {
   requires_compatibilities = ["FARGATE"]
   cpu                      = var.cpu
   memory                   = var.memory
-
+  task_role_arn            = aws_iam_role.ecs_task_role.arn
+  execution_role_arn       = aws_iam_role.ecs_task_execution_role.arn
   container_definitions = jsonencode([{
     name  = var.container_name
     image = var.container_image
     portMappings = [{
       containerPort = var.container_port
       hostPort      = var.container_port
     }]
+    essential = true,
+    logConfiguration = {
+      logDriver = "awslogs",
+      options = {
+        awslogs-region        = var.aws_region,
+        awslogs-group         = "${var.environment}/${var.service_name}",
+        awslogs-stream-prefix = "${var.service_name}"
+      }
+    },
+    entryPoint = var.entry_point
     environment = [
-      for key, value in var.environment : {
+      for key, value in var.environment_variables : {
         name  = key
         value = value
       }
     ]
   }])
 }
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "${var.environment}/${var.service_name}"
+  retention_in_days = var.log_retention_period
+}