feat: add default resource request (#77)

justtrackio · Jan 11, 2024 · 9e90318 · 9e90318
1 parent 46547bf
commit 9e90318
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 80 deletions.
diff --git a/README.md b/README.md
@@ -45,12 +45,12 @@ Terraform module which creates a ecs app
 | Name | Type |
 |------|------|
 | [aws_cloudwatch_log_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_ssm_parameter.container_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
+| [aws_ssm_parameter.container_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
 | [aws_ecs_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecs_cluster) | data source |
 | [aws_lb.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source |
 | [aws_lb_listener.http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb_listener) | data source |
 | [aws_lb_listener.https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb_listener) | data source |
-| [aws_ssm_parameter.container_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
-| [aws_ssm_parameter.container_memory_reservation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.container_tag](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.grafana_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 | [aws_ssm_parameter.sentry_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
@@ -92,11 +92,11 @@ Terraform module which creates a ecs app
 | <a name="input_circuit_breaker_deployment_enabled"></a> [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no |
 | <a name="input_circuit_breaker_rollback_enabled"></a> [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no |
 | <a name="input_cloudwatch_log_group_enabled"></a> [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
-| <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `128` | no |
+| <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `null` | no |
 | <a name="input_container_map_environment"></a> [container\_map\_environment](#input\_container\_map\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no |
 | <a name="input_container_map_secrets"></a> [container\_map\_secrets](#input\_container\_map\_secrets) | The secrets variables to pass to the container. This is a map of string: {key: value}. map\_secrets overrides secrets | `map(string)` | `null` | no |
 | <a name="input_container_memory"></a> [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `null` | no |
-| <a name="input_container_memory_reservation"></a> [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no |
+| <a name="input_container_memory_reservation"></a> [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `null` | no |
 | <a name="input_container_start_timeout"></a> [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `null` | no |
 | <a name="input_container_stop_timeout"></a> [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `null` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |

diff --git a/data.tf b/data.tf
@@ -8,16 +8,6 @@ module "ssm_label" {
   context = module.this.context
 }
 
-data "aws_ssm_parameter" "container_cpu" {
-  count = var.container_cpu == null ? 1 : 0
-  name  = "/${module.ssm_label.id}/resources/requests/cpu"
-}
-
-data "aws_ssm_parameter" "container_memory_reservation" {
-  count = var.container_memory_reservation == null ? 1 : 0
-  name  = "/${module.ssm_label.id}/resources/requests/memory"
-}
-
 data "aws_ssm_parameter" "container_tag" {
   count = var.app_image_tag == null ? 1 : 0
   name  = "/${module.ssm_label.id}/container_tag"

diff --git a/main.tf b/main.tf
@@ -1,43 +1,20 @@
 locals {
-  ecs_load_balancers = length(var.alb_name) > 0 ? [{
-    target_group_arn = module.alb_ingress[0].target_group_arn
-    container_name   = module.ecs_label.id
-    elb_name         = null
-    container_port   = var.port_gateway
-    }] : length(var.target_group_arn) > 0 ? [{
-    target_group_arn = var.target_group_arn
-    container_name   = module.ecs_label.id
-    elb_name         = null
-    container_port   = var.port_gateway
-  }] : []
-  container_cpu = var.container_cpu != null ? var.container_cpu : data.aws_ssm_parameter.container_cpu[0].value
-  docker_labels = merge({
-    Application                                                                      = "${module.this.name}.${module.this.stage}"
-    Domain                                                                           = "${module.this.environment}.${module.this.organizational_unit}.${module.this.namespace}"
-    "traefik.enable"                                                                 = true
-    "traefik.http.routers.metadata-${module.ecs_label.id}.entrypoints"               = "metadata"
-    "traefik.http.routers.metadata-${module.ecs_label.id}.service"                   = "metadata-${module.ecs_label.id}"
-    "traefik.http.services.metadata-${module.ecs_label.id}.loadbalancer.server.port" = 8070
-    "traefik.http.routers.gateway-${module.ecs_label.id}.entrypoints"                = "gateway"
-    "traefik.http.routers.gateway-${module.ecs_label.id}.service"                    = "gateway-${module.ecs_label.id}"
-    "traefik.http.services.gateway-${module.ecs_label.id}.loadbalancer.server.port"  = 8088
-    "traefik.http.routers.grpc-${module.ecs_label.id}.entrypoints"                   = "grpc"
-    "traefik.http.routers.grpc-${module.ecs_label.id}.service"                       = "grpc-${module.ecs_label.id}"
-    "traefik.http.services.grpc-${module.ecs_label.id}.loadbalancer.server.port"     = 8081
-    "traefik.http.routers.health-${module.ecs_label.id}.entrypoints"                 = "health"
-    "traefik.http.routers.health-${module.ecs_label.id}.service"                     = "health-${module.ecs_label.id}"
-    "traefik.http.services.health-${module.ecs_label.id}.loadbalancer.server.port"   = 8090
-  }, var.docker_labels)
-  total_cpu             = local.container_cpu + var.log_router_container_cpu
-  task_cpu              = var.task_cpu != null ? local.total_cpu > var.task_cpu ? local.total_cpu : var.task_cpu : null
-  container_memory      = var.container_memory_reservation != null ? var.container_memory_reservation : data.aws_ssm_parameter.container_memory_reservation[0].value
-  total_memory          = local.container_memory + var.log_router_container_memory_reservation
-  task_memory           = var.task_memory != null ? local.total_memory > var.task_memory ? local.total_memory : var.task_memory : null
-  image_tag             = var.app_image_tag == null ? data.aws_ssm_parameter.container_tag[0].value : var.app_image_tag
-  port_mappings         = length(var.port_mappings) != 0 ? var.port_mappings : local.default_port_mappings
-  healthcheck           = var.healthcheck != null ? var.healthcheck : local.default_healthcheck
-  container_definitions = "[${module.container_definition.json_map_encoded}, ${module.container_definition_fluentbit.json_map_encoded}]"
-  task_policies         = setunion(var.task_policy_arns, local.default_policies)
+  container_cpu                = var.container_cpu != null ? var.container_cpu : aws_ssm_parameter.container_cpu.value
+  container_definitions        = "[${module.container_definition.json_map_encoded}, ${module.container_definition_fluentbit.json_map_encoded}]"
+  container_memory             = var.container_memory != null ? var.container_memory : local.container_memory_reservation
+  container_memory_reservation = var.container_memory_reservation != null ? var.container_memory_reservation : aws_ssm_parameter.container_memory.value
+  default_healthcheck = {
+    command = [
+      "CMD",
+      "/usr/bin/wget",
+      "--spider",
+      "localhost:${var.port_health}/health"
+    ],
+    retries     = 3
+    timeout     = 5
+    interval    = 10
+    startPeriod = 60
+  }
   default_policies = [
     "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
     "arn:aws:iam::aws:policy/CloudWatchFullAccessV2",
@@ -70,18 +47,42 @@ locals {
       protocol      = "tcp"
     }
   ]
-  default_healthcheck = {
-    command = [
-      "CMD",
-      "/usr/bin/wget",
-      "--spider",
-      "localhost:${var.port_health}/health"
-    ],
-    retries     = 3
-    timeout     = 5
-    interval    = 10
-    startPeriod = 60
-  }
+  docker_labels = merge({
+    Application                                                                      = "${module.this.name}.${module.this.stage}"
+    Domain                                                                           = "${module.this.environment}.${module.this.organizational_unit}.${module.this.namespace}"
+    "traefik.enable"                                                                 = true
+    "traefik.http.routers.metadata-${module.ecs_label.id}.entrypoints"               = "metadata"
+    "traefik.http.routers.metadata-${module.ecs_label.id}.service"                   = "metadata-${module.ecs_label.id}"
+    "traefik.http.services.metadata-${module.ecs_label.id}.loadbalancer.server.port" = 8070
+    "traefik.http.routers.gateway-${module.ecs_label.id}.entrypoints"                = "gateway"
+    "traefik.http.routers.gateway-${module.ecs_label.id}.service"                    = "gateway-${module.ecs_label.id}"
+    "traefik.http.services.gateway-${module.ecs_label.id}.loadbalancer.server.port"  = 8088
+    "traefik.http.routers.grpc-${module.ecs_label.id}.entrypoints"                   = "grpc"
+    "traefik.http.routers.grpc-${module.ecs_label.id}.service"                       = "grpc-${module.ecs_label.id}"
+    "traefik.http.services.grpc-${module.ecs_label.id}.loadbalancer.server.port"     = 8081
+    "traefik.http.routers.health-${module.ecs_label.id}.entrypoints"                 = "health"
+    "traefik.http.routers.health-${module.ecs_label.id}.service"                     = "health-${module.ecs_label.id}"
+    "traefik.http.services.health-${module.ecs_label.id}.loadbalancer.server.port"   = 8090
+  }, var.docker_labels)
+  ecs_load_balancers = length(var.alb_name) > 0 ? [{
+    target_group_arn = module.alb_ingress[0].target_group_arn
+    container_name   = module.ecs_label.id
+    elb_name         = null
+    container_port   = var.port_gateway
+    }] : length(var.target_group_arn) > 0 ? [{
+    target_group_arn = var.target_group_arn
+    container_name   = module.ecs_label.id
+    elb_name         = null
+    container_port   = var.port_gateway
+  }] : []
+  healthcheck   = var.healthcheck != null ? var.healthcheck : local.default_healthcheck
+  image_tag     = var.app_image_tag == null ? data.aws_ssm_parameter.container_tag[0].value : var.app_image_tag
+  port_mappings = length(var.port_mappings) != 0 ? var.port_mappings : local.default_port_mappings
+  task_cpu      = var.task_cpu != null ? local.total_cpu > var.task_cpu ? local.total_cpu : var.task_cpu : null
+  task_memory   = var.task_memory != null ? local.total_memory > var.task_memory ? local.total_memory : var.task_memory : null
+  total_cpu     = local.container_cpu + var.log_router_container_cpu
+  total_memory  = local.container_memory_reservation + var.log_router_container_memory_reservation
+  task_policies = setunion(var.task_policy_arns, local.default_policies)
 }
 
 module "ecs_label" {
@@ -105,14 +106,19 @@ module "container_definition" {
   source  = "cloudposse/ecs-container-definition/aws"
   version = "0.60.0"
 
-  container_name               = module.ecs_label.id
+  container_name = module.ecs_label.id
+
+  container_cpu                = local.container_cpu
   container_image              = "${module.ecr.repository_url}:${local.image_tag}"
-  container_memory             = var.container_memory
-  container_memory_reservation = var.container_memory_reservation
-  container_cpu                = var.container_cpu
-  start_timeout                = var.container_start_timeout
-  stop_timeout                 = var.container_stop_timeout
+  container_memory             = local.container_memory
+  container_memory_reservation = local.container_memory_reservation
+  docker_labels                = local.docker_labels
   healthcheck                  = local.healthcheck
+  log_configuration = {
+    logDriver     = var.log_driver
+    options       = {}
+    secretOptions = null
+  }
   map_environment = merge({
     AWS_DEFAULT_REGION                                           = module.this.aws_region
     AWS_SDK_RETRIES                                              = 10
@@ -142,15 +148,10 @@ module "container_definition" {
   }, var.container_map_environment)
   map_secrets       = var.container_map_secrets
   port_mappings     = local.port_mappings
+  start_timeout     = var.container_start_timeout
+  stop_timeout      = var.container_stop_timeout
   ulimits           = var.ulimits
   working_directory = var.working_directory
-  docker_labels     = local.docker_labels
-
-  log_configuration = {
-    logDriver     = var.log_driver
-    options       = {}
-    secretOptions = null
-  }
 }
 
 module "container_definition_fluentbit" {

diff --git a/ssm.tf b/ssm.tf
@@ -0,0 +1,23 @@
+resource "aws_ssm_parameter" "container_cpu" {
+  name  = "/${module.ssm_label.id}/resources/requests/cpu"
+  type  = "String"
+  value = "128"
+
+  lifecycle {
+    ignore_changes = [value]
+  }
+
+  tags = module.this.tags
+}
+
+resource "aws_ssm_parameter" "container_memory" {
+  name  = "/${module.ssm_label.id}/resources/requests/memory"
+  type  = "String"
+  value = "128"
+
+  lifecycle {
+    ignore_changes = [value]
+  }
+
+  tags = module.this.tags
+}
diff --git a/variables.tf b/variables.tf
@@ -197,7 +197,7 @@ variable "cloudwatch_log_group_enabled" {
 variable "container_cpu" {
   type        = number
   description = "The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)"
-  default     = 128
+  default     = null
 }
 
 variable "container_map_environment" {
@@ -221,7 +221,7 @@ variable "container_memory" {
 variable "container_memory_reservation" {
   type        = number
   description = "The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set"
-  default     = 128
+  default     = null
 }
 
 variable "container_start_timeout" {