-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## Description <!--- Describe your changes in detail --> ## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here. --> ## Breaking Changes <!-- Does this break backwards compatibility with the current major version? --> <!-- If so, please provide an explanation why it is necessary. --> ## How Has This Been Tested? - [ ] I have updated at least one of the `examples/*` to demonstrate and validate my change(s) - [ ] I have tested and validated these changes using one or more of the provided `examples/*` projects <!--- Users should start with an existing example as its written, deploy it, then check their changes against it --> <!--- This will highlight breaking/disruptive changes. Once you have checked, deploy your changes to verify --> <!--- Please describe how you tested your changes --> - [ ] I have executed `pre-commit run -a` on my pull request <!--- Please see https://github.com/antonbabenko/pre-commit-terraform#how-to-install for how to install -->
- Loading branch information
1 parent
dd13a2d
commit 4340030
Showing
13 changed files
with
621 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
terragrunt 0.42.2 | ||
terraform 1.3.5 | ||
terraform 1.3.6 | ||
terraform-docs 0.16.0 | ||
tflint 0.43.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
module "ssm_label" { | ||
source = "cloudposse/label/null" | ||
version = "0.25.0" | ||
|
||
delimiter = "/" | ||
|
||
context = module.this.context | ||
} | ||
|
||
data "aws_ssm_parameter" "container_cpu" { | ||
count = var.container_cpu == null ? 1 : 0 | ||
name = "/${module.ssm_label.id}/resources/requests/cpu" | ||
} | ||
|
||
data "aws_ssm_parameter" "container_memory_reservation" { | ||
count = var.container_memory_reservation == null ? 1 : 0 | ||
name = "/${module.ssm_label.id}/resources/requests/memory" | ||
} | ||
|
||
data "aws_ssm_parameter" "container_tag" { | ||
count = var.app_image_tag == null ? 1 : 0 | ||
name = "/${module.ssm_label.id}/container_tag" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
module "example" { | ||
source = "../.." | ||
|
||
name = "hello-world" | ||
app_image_repository = "hello-world" | ||
app_image_tag = "latest" | ||
log_router_image_repository = "fluent/fluent-bit" | ||
log_router_image_tag = "1.9" | ||
ecs_cluster_arn = "arn:aws:ecs:eu-central-1:123456789123:cluster/my-cluster" | ||
schedule_expression = "cron(* * * * ? *)" | ||
region = "eu-central-1" | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
provider "aws" { | ||
region = "eu-central-1" | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "4.45.0" | ||
} | ||
} | ||
|
||
required_version = "1.3.6" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
locals { | ||
container_cpu = var.container_cpu != null ? var.container_cpu : data.aws_ssm_parameter.container_cpu[0].value | ||
total_cpu = local.container_cpu + var.log_router_container_cpu | ||
task_cpu = var.task_cpu != null ? local.total_cpu > var.task_cpu ? local.total_cpu : var.task_cpu : null | ||
container_memory = var.container_memory_reservation != null ? var.container_memory_reservation : data.aws_ssm_parameter.container_memory_reservation[0].value | ||
total_memory = local.container_memory + var.log_router_container_memory_reservation | ||
task_memory = var.task_memory != null ? local.total_memory > var.task_memory ? local.total_memory : var.task_memory : null | ||
image_tag = var.app_image_tag == null ? data.aws_ssm_parameter.container_tag[0].value : var.app_image_tag | ||
container_definitions = "[${module.container_definition.json_map_encoded}, ${module.container_definition_fluentbit.json_map_encoded}]" | ||
application = join(module.this.delimiter, concat([module.this.name], module.this.attributes)) | ||
task_policies = setunion(var.task_policy_arns, local.default_policies) | ||
default_policies = [ | ||
"arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", | ||
"arn:aws:iam::aws:policy/CloudWatchFullAccess", | ||
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", | ||
] | ||
port_mappings = length(var.port_mappings) == 0 ? [ | ||
{ | ||
containerPort = var.port_gateway | ||
hostPort = 0 | ||
protocol = "tcp" | ||
}, | ||
{ | ||
containerPort = var.port_metadata | ||
hostPort = 0 | ||
protocol = "tcp" | ||
}, | ||
{ | ||
containerPort = var.port_profiling | ||
hostPort = 0 | ||
protocol = "tcp" | ||
}, | ||
] : var.port_mappings | ||
healthcheck = var.healthcheck == null ? { | ||
command = [ | ||
"CMD-SHELL", | ||
"wget --spider localhost:${var.port_health}/health || exit 1", | ||
] | ||
retries = 3 | ||
timeout = 5 | ||
interval = 10 | ||
startPeriod = 60 | ||
} : var.healthcheck | ||
} | ||
|
||
module "application_label" { | ||
source = "cloudposse/label/null" | ||
version = "0.25.0" | ||
|
||
context = module.this.context | ||
label_order = var.application_label_order | ||
} | ||
|
||
resource "aws_cloudwatch_log_group" "default" { | ||
count = var.cloudwatch_log_group_enabled ? 1 : 0 | ||
|
||
name = module.this.id | ||
tags = module.this.tags | ||
retention_in_days = var.log_retention_in_days | ||
} | ||
|
||
module "container_definition" { | ||
source = "cloudposse/ecs-container-definition/aws" | ||
version = "0.58.1" | ||
|
||
container_name = module.application_label.id | ||
container_image = "${var.app_image_repository}:${local.image_tag}" | ||
container_memory = var.container_memory | ||
container_memory_reservation = var.container_memory_reservation | ||
container_cpu = var.container_cpu | ||
start_timeout = var.container_start_timeout | ||
stop_timeout = var.container_stop_timeout | ||
healthcheck = local.healthcheck | ||
environment = var.container_environment | ||
map_environment = var.map_container_environment | ||
port_mappings = local.port_mappings | ||
secrets = var.secrets | ||
map_secrets = var.map_secrets | ||
ulimits = var.ulimits | ||
working_directory = var.working_directory | ||
|
||
log_configuration = { | ||
logDriver = var.log_driver | ||
options = {} | ||
secretOptions = null | ||
} | ||
} | ||
|
||
module "container_definition_fluentbit" { | ||
source = "cloudposse/ecs-container-definition/aws" | ||
version = "0.58.1" | ||
|
||
container_name = "log_router" | ||
container_image = "${var.log_router_image_repository}:${var.log_router_image_tag}" | ||
container_cpu = var.log_router_container_cpu | ||
container_memory_reservation = var.log_router_container_memory_reservation | ||
firelens_configuration = { | ||
type = "fluentbit" | ||
options = { | ||
config-file-type = "file", | ||
config-file-value = "/fluent-bit/etc/extra.conf" | ||
} | ||
} | ||
|
||
log_configuration = { | ||
logDriver = "awslogs" | ||
options = { | ||
awslogs-group = try(aws_cloudwatch_log_group.default[0].name, ""), | ||
awslogs-region = var.region | ||
} | ||
} | ||
|
||
map_environment = { | ||
ENVIRONMENT = module.this.environment | ||
PROJECT = module.this.namespace | ||
FAMILY = module.this.stage | ||
APPLICATION = local.application | ||
} | ||
} | ||
|
||
module "service_task" { | ||
source = "github.com/justtrackio/terraform-aws-ecs-scheduled-task?ref=v1.0.0" | ||
|
||
container_definition_json = local.container_definitions | ||
task_count = var.task_count | ||
task_cpu = local.task_cpu | ||
task_memory = local.task_memory | ||
ecs_cluster_arn = var.ecs_cluster_arn | ||
task_policy_arns = local.task_policies | ||
task_exec_policy_arns = local.task_policies | ||
cloudwatch_event_role_arn = var.cloudwatch_event_policy_arns | ||
schedule_expression = var.schedule_expression | ||
is_enabled = var.is_enabled | ||
|
||
context = module.this.context | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
output "cloudwatch_log_group" { | ||
description = "All outputs from `aws_cloudwatch_log_group.default`" | ||
value = aws_cloudwatch_log_group.default | ||
} | ||
|
||
output "cloudwatch_log_group_arn" { | ||
description = "Cloudwatch log group ARN" | ||
value = try(aws_cloudwatch_log_group.default[0].arn, "") | ||
} | ||
|
||
output "cloudwatch_log_group_name" { | ||
description = "Cloudwatch log group name" | ||
value = try(aws_cloudwatch_log_group.default[0].name, "") | ||
} | ||
|
||
output "container_definition" { | ||
description = "All outputs from `module.container_definition`" | ||
value = module.container_definition | ||
sensitive = true | ||
} | ||
|
||
output "container_definition_json" { | ||
description = "JSON encoded list of container definitions for use with other terraform resources such as aws_task_definition" | ||
value = module.container_definition.json_map_encoded_list | ||
sensitive = true | ||
} | ||
|
||
output "container_definition_json_map" { | ||
description = "JSON encoded container definitions for use with other terraform resources such as aws_task_definition" | ||
value = module.container_definition.json_map_encoded | ||
sensitive = true | ||
} | ||
|
||
output "exec_role_policy_id" { | ||
description = "The ECS execution role policy ID, in the form of `role_name:role_policy_name`" | ||
value = module.service_task.exec_role_policy_id | ||
} | ||
|
||
output "exec_role_policy_name" { | ||
description = "The ECS execution role policy name" | ||
value = module.service_task.exec_role_policy_name | ||
} | ||
|
||
output "service_task" { | ||
description = "All outputs from `module.service_task`" | ||
value = module.service_task | ||
} | ||
|
||
output "task_definition_family" { | ||
description = "The ECS task definition family" | ||
value = module.service_task.task_definition_family | ||
} | ||
|
||
output "task_definition_revision" { | ||
description = "The ECS task definition revision" | ||
value = module.service_task.task_definition_revision | ||
} | ||
|
||
output "task_role_arn" { | ||
description = "The ECS task role ARN" | ||
value = module.service_task.task_role_arn | ||
} | ||
|
||
output "task_role_id" { | ||
description = "The ECS task role id" | ||
value = module.service_task.task_role_id | ||
} | ||
|
||
output "task_role_name" { | ||
description = "The ECS task role name" | ||
value = module.service_task.task_role_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"$schema": "https://docs.renovatebot.com/renovate-schema.json" | ||
} |
Oops, something went wrong.