BENCH-302: Terraform Load Balancer with Domain Name (#86)

bethcryer · web-flow · commit 7bd9084d3386 · 2023-02-10T10:14:46.000Z
* added load balancer and eip

* Load balancer working

* Added route53 record linked to elastic ip

* Connected TLS certificate

* Moved sensitive variables to untracked file

* removed health check for now so that it works again

* fixed deploy.yml

* using 1 public+private subnet to cut costs

* actually fixed deploy

* Connected TLS certificate

* removed health check for now so that it works again

* fixed deploy.yml

* using 1 public+private subnet to cut costs
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -61,8 +61,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Download task definition
-          run: |
-            aws ecs describe-task-definition --task-definition answerking-dotnet-api-task --query taskDefinition > ${{ env.ECS_TASK_DEFINITION }}
+        run: aws ecs describe-task-definition --task-definition answerking-dotnet-api-task --query taskDefinition > ${{ env.ECS_TASK_DEFINITION }}
             
       - name: Fill in the new image ID in the Amazon ECS task definition
         id: task-def
diff --git a/.gitignore b/.gitignore
@@ -462,3 +462,4 @@ $RECYCLE.BIN/
 .terraform.lock.hcl
 terraform.tfstate
 terraform.tfstate.backup
+terraform/env_variables.tf
diff --git a/terraform/launch-config.tf b/terraform/launch-config.tf
@@ -32,7 +32,7 @@ resource "aws_autoscaling_group" "failure_analysis_ecs_asg" {
     vpc_zone_identifier       = [module.vpc_subnet.public_subnet_ids[0]]
     launch_configuration      = aws_launch_configuration.ecs_launch_config.name
 
-    desired_capacity          = 2
+    desired_capacity          = 1
     min_size                  = 1
     max_size                  = 5
     health_check_grace_period = 300
diff --git a/terraform/lb.tf b/terraform/lb.tf
@@ -0,0 +1,77 @@
+# Elastic IP
+
+resource "aws_eip" "lb_eip" {
+  vpc = true
+
+  tags = {
+    Name  = "${var.project_name}-eip"
+    Owner = var.owner
+  }
+}
+
+resource "aws_route53_record" "dns_dotnet" {
+  zone_id = "${var.dns_hosted_zone_id}"
+  name    = "${var.dns_record_name}"
+  type    = "A"
+  ttl     = 300
+  records = [aws_eip.lb_eip.public_ip]
+}
+
+# Load Balancer
+
+resource "aws_lb" "load_balancer" {
+  name               = "${var.project_name}-lb"
+  internal           = false
+  load_balancer_type = "network"
+  ip_address_type    = "ipv4"
+
+  subnet_mapping {
+    subnet_id     = "${module.vpc_subnet.public_subnet_ids[0]}"
+    allocation_id = "${aws_eip.lb_eip.id}"
+  }
+
+  tags = {
+    Name = "${var.project_name}-lb"
+  }
+}
+
+resource "aws_lb_target_group" "target_group" {
+  name        = "${var.project_name}-lb-tg-${substr(uuid(), 0, 3)}"
+  port        = 80
+  protocol    = "TCP"
+  target_type = "ip"
+  vpc_id      = module.vpc_subnet.vpc_id
+
+  tags = {
+    Name = "${var.project_name}-lb-tg"
+  }
+
+  lifecycle { 
+    create_before_destroy = true
+    ignore_changes = [name]
+  }
+}
+
+resource "aws_lb_listener" "listener" {
+  load_balancer_arn = aws_lb.load_balancer.id
+  port              = "80"
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group.id
+  }
+}
+
+resource "aws_lb_listener" "listener_443" {
+  load_balancer_arn = aws_lb.load_balancer.id
+  port              = "443"
+  protocol          = "TLS"
+  certificate_arn   = var.tls_certificate_arn
+  alpn_policy       = "HTTP2Preferred"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group.id
+  }
+}
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -186,4 +186,10 @@ resource "aws_ecs_service" "aws_ecs_service" {
     assign_public_ip = true
     security_groups = [aws_security_group.ecs_sg.id]
   }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.target_group.arn
+    container_name   = "${var.project_name}-container"
+    container_port   =  80
+  }
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -16,6 +16,18 @@ variable "owner" {
   default     = "answerking-dotnet-team"
 }
 
+variable "dns_record_name" {
+  type        = string
+  description = "DNS Record Name"
+  default     = "dotnet.answerking.co.uk"
+}
+
+variable "dns_base_domain_name" {
+  type        = string
+  description = "DNS Base Domain Name"
+  default     = "answerking.co.uk"
+}
+
 variable "image_url" {
   type        = string
   description = "AnswerKing C# API image"
@@ -37,13 +49,13 @@ variable "vpc_cidr" {
 variable "num_public_subnets" {
   type        = number
   description = "Number of public subnets"
-  default     = 2
+  default     = 1
 }
 
 variable "num_private_subnets" {
   type        = number
   description = "Number of private subnets"
-  default     = 2
+  default     = 1
 }
 
 variable "aws_cloudwatch_retention_in_days" {

Original file line number	Diff line number	Diff line change
`@@ -186,4 +186,10 @@ resource "aws_ecs_service" "aws_ecs_service" {`
`186`	`186`	`assign_public_ip = true`
`187`	`187`	`security_groups = [aws_security_group.ecs_sg.id]`
`188`	`188`	`}`
	`189`	`+`
	`190`	`+ load_balancer {`
	`191`	`+ target_group_arn = aws_lb_target_group.target_group.arn`
	`192`	`+ container_name = "${var.project_name}-container"`
	`193`	`+ container_port = 80`
	`194`	`+ }`
`189`	`195`	`}`