feat: Added functionality (#1)

## Description  ## Motivation and Context   ## Breaking Changes   ## How Has This Been Tested? - [ ] I have updated at least one of the `examples/*` to demonstrate and validate my change(s) - [ ] I have tested and validated these changes using one or more of the provided `examples/*` projects    - [ ] I have executed `pre-commit run -a` on my pull request
justtrackio · Dec 16, 2022 · 4340030 · 4340030
1 parent dd13a2d
commit 4340030
Show file tree

Hide file tree

Showing 13 changed files with 621 additions and 1 deletion.
diff --git a/.tool-versions b/.tool-versions
@@ -1,4 +1,4 @@
 terragrunt 0.42.2
-terraform 1.3.5
+terraform 1.3.6
 terraform-docs 0.16.0
 tflint 0.43.0
diff --git a/README.md b/README.md
diff --git a/data.tf b/data.tf
@@ -0,0 +1,23 @@
+module "ssm_label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  delimiter = "/"
+
+  context = module.this.context
+}
+
+data "aws_ssm_parameter" "container_cpu" {
+  count = var.container_cpu == null ? 1 : 0
+  name  = "/${module.ssm_label.id}/resources/requests/cpu"
+}
+
+data "aws_ssm_parameter" "container_memory_reservation" {
+  count = var.container_memory_reservation == null ? 1 : 0
+  name  = "/${module.ssm_label.id}/resources/requests/memory"
+}
+
+data "aws_ssm_parameter" "container_tag" {
+  count = var.app_image_tag == null ? 1 : 0
+  name  = "/${module.ssm_label.id}/container_tag"
+}
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -0,0 +1,12 @@
+module "example" {
+  source = "../.."
+
+  name                        = "hello-world"
+  app_image_repository        = "hello-world"
+  app_image_tag               = "latest"
+  log_router_image_repository = "fluent/fluent-bit"
+  log_router_image_tag        = "1.9"
+  ecs_cluster_arn             = "arn:aws:ecs:eu-central-1:123456789123:cluster/my-cluster"
+  schedule_expression         = "cron(* * * * ? *)"
+  region                      = "eu-central-1"
+}
diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf
diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "eu-central-1"
+}
diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.45.0"
+    }
+  }
+
+  required_version = "1.3.6"
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,136 @@
+locals {
+  container_cpu         = var.container_cpu != null ? var.container_cpu : data.aws_ssm_parameter.container_cpu[0].value
+  total_cpu             = local.container_cpu + var.log_router_container_cpu
+  task_cpu              = var.task_cpu != null ? local.total_cpu > var.task_cpu ? local.total_cpu : var.task_cpu : null
+  container_memory      = var.container_memory_reservation != null ? var.container_memory_reservation : data.aws_ssm_parameter.container_memory_reservation[0].value
+  total_memory          = local.container_memory + var.log_router_container_memory_reservation
+  task_memory           = var.task_memory != null ? local.total_memory > var.task_memory ? local.total_memory : var.task_memory : null
+  image_tag             = var.app_image_tag == null ? data.aws_ssm_parameter.container_tag[0].value : var.app_image_tag
+  container_definitions = "[${module.container_definition.json_map_encoded}, ${module.container_definition_fluentbit.json_map_encoded}]"
+  application           = join(module.this.delimiter, concat([module.this.name], module.this.attributes))
+  task_policies         = setunion(var.task_policy_arns, local.default_policies)
+  default_policies = [
+    "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
+    "arn:aws:iam::aws:policy/CloudWatchFullAccess",
+    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+  ]
+  port_mappings = length(var.port_mappings) == 0 ? [
+    {
+      containerPort = var.port_gateway
+      hostPort      = 0
+      protocol      = "tcp"
+    },
+    {
+      containerPort = var.port_metadata
+      hostPort      = 0
+      protocol      = "tcp"
+    },
+    {
+      containerPort = var.port_profiling
+      hostPort      = 0
+      protocol      = "tcp"
+    },
+  ] : var.port_mappings
+  healthcheck = var.healthcheck == null ? {
+    command = [
+      "CMD-SHELL",
+      "wget --spider localhost:${var.port_health}/health || exit 1",
+    ]
+    retries     = 3
+    timeout     = 5
+    interval    = 10
+    startPeriod = 60
+  } : var.healthcheck
+}
+
+module "application_label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  context     = module.this.context
+  label_order = var.application_label_order
+}
+
+resource "aws_cloudwatch_log_group" "default" {
+  count = var.cloudwatch_log_group_enabled ? 1 : 0
+
+  name              = module.this.id
+  tags              = module.this.tags
+  retention_in_days = var.log_retention_in_days
+}
+
+module "container_definition" {
+  source  = "cloudposse/ecs-container-definition/aws"
+  version = "0.58.1"
+
+  container_name               = module.application_label.id
+  container_image              = "${var.app_image_repository}:${local.image_tag}"
+  container_memory             = var.container_memory
+  container_memory_reservation = var.container_memory_reservation
+  container_cpu                = var.container_cpu
+  start_timeout                = var.container_start_timeout
+  stop_timeout                 = var.container_stop_timeout
+  healthcheck                  = local.healthcheck
+  environment                  = var.container_environment
+  map_environment              = var.map_container_environment
+  port_mappings                = local.port_mappings
+  secrets                      = var.secrets
+  map_secrets                  = var.map_secrets
+  ulimits                      = var.ulimits
+  working_directory            = var.working_directory
+
+  log_configuration = {
+    logDriver     = var.log_driver
+    options       = {}
+    secretOptions = null
+  }
+}
+
+module "container_definition_fluentbit" {
+  source  = "cloudposse/ecs-container-definition/aws"
+  version = "0.58.1"
+
+  container_name               = "log_router"
+  container_image              = "${var.log_router_image_repository}:${var.log_router_image_tag}"
+  container_cpu                = var.log_router_container_cpu
+  container_memory_reservation = var.log_router_container_memory_reservation
+  firelens_configuration = {
+    type = "fluentbit"
+    options = {
+      config-file-type  = "file",
+      config-file-value = "/fluent-bit/etc/extra.conf"
+    }
+  }
+
+  log_configuration = {
+    logDriver = "awslogs"
+    options = {
+      awslogs-group  = try(aws_cloudwatch_log_group.default[0].name, ""),
+      awslogs-region = var.region
+    }
+  }
+
+  map_environment = {
+    ENVIRONMENT = module.this.environment
+    PROJECT     = module.this.namespace
+    FAMILY      = module.this.stage
+    APPLICATION = local.application
+  }
+}
+
+module "service_task" {
+  source = "github.com/justtrackio/terraform-aws-ecs-scheduled-task?ref=v1.0.0"
+
+  container_definition_json = local.container_definitions
+  task_count                = var.task_count
+  task_cpu                  = local.task_cpu
+  task_memory               = local.task_memory
+  ecs_cluster_arn           = var.ecs_cluster_arn
+  task_policy_arns          = local.task_policies
+  task_exec_policy_arns     = local.task_policies
+  cloudwatch_event_role_arn = var.cloudwatch_event_policy_arns
+  schedule_expression       = var.schedule_expression
+  is_enabled                = var.is_enabled
+
+  context = module.this.context
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,72 @@
+output "cloudwatch_log_group" {
+  description = "All outputs from `aws_cloudwatch_log_group.default`"
+  value       = aws_cloudwatch_log_group.default
+}
+
+output "cloudwatch_log_group_arn" {
+  description = "Cloudwatch log group ARN"
+  value       = try(aws_cloudwatch_log_group.default[0].arn, "")
+}
+
+output "cloudwatch_log_group_name" {
+  description = "Cloudwatch log group name"
+  value       = try(aws_cloudwatch_log_group.default[0].name, "")
+}
+
+output "container_definition" {
+  description = "All outputs from `module.container_definition`"
+  value       = module.container_definition
+  sensitive   = true
+}
+
+output "container_definition_json" {
+  description = "JSON encoded list of container definitions for use with other terraform resources such as aws_task_definition"
+  value       = module.container_definition.json_map_encoded_list
+  sensitive   = true
+}
+
+output "container_definition_json_map" {
+  description = "JSON encoded container definitions for use with other terraform resources such as aws_task_definition"
+  value       = module.container_definition.json_map_encoded
+  sensitive   = true
+}
+
+output "exec_role_policy_id" {
+  description = "The ECS execution role policy ID, in the form of `role_name:role_policy_name`"
+  value       = module.service_task.exec_role_policy_id
+}
+
+output "exec_role_policy_name" {
+  description = "The ECS execution role policy name"
+  value       = module.service_task.exec_role_policy_name
+}
+
+output "service_task" {
+  description = "All outputs from `module.service_task`"
+  value       = module.service_task
+}
+
+output "task_definition_family" {
+  description = "The ECS task definition family"
+  value       = module.service_task.task_definition_family
+}
+
+output "task_definition_revision" {
+  description = "The ECS task definition revision"
+  value       = module.service_task.task_definition_revision
+}
+
+output "task_role_arn" {
+  description = "The ECS task role ARN"
+  value       = module.service_task.task_role_arn
+}
+
+output "task_role_id" {
+  description = "The ECS task role id"
+  value       = module.service_task.task_role_id
+}
+
+output "task_role_name" {
+  description = "The ECS task role name"
+  value       = module.service_task.task_role_name
+}
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}