First version of the module

Author: jnonino

README.md

@@ -4,3 +4,31 @@ This Terraform module deploys an AWS ECS Fargate scheduled task service.
 
 [![CircleCI](https://circleci.com/gh/jnonino/terraform-aws-ecs-fargate-scheduled-task/tree/master.svg?style=svg)](https://circleci.com/gh/jnonino/terraform-aws-ecs-fargate-scheduled-task/tree/master)
 
+## Input values
+
+* name_preffix: Name preffix for resources on AWS.
+* profile: AWS API key credentials to use.
+* region: AWS Region the infrastructure is hosted in.
+* ecs_cluster_arn: The ECS Cluster where the scheduled task will run.
+* event_rule_name: The rule's name.
+* event_rule_description: (Optional) The description of the rule.
+* event_rule_schedule_expression: (Required, if event_pattern isn't specified) The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes).
+* event_rule_event_pattern: (Required, if schedule_expression isn't specified) Event pattern described a JSON object. See full documentation of CloudWatch Events and Event Patterns for details.
+* event_rule_role_arn: (Optional) The Amazon Resource Name (ARN) associated with the role that is used for target invocation.
+* event_rule_is_enabled: (Optional) Whether the rule should be enabled (defaults to true).
+* event_target_target_id: (Optional) The unique target assignment ID. If missing, will generate a random, unique id.
+* event_target_input: (Optional) Valid JSON text passed to the target.
+* event_target_input_path: (Optional) The value of the JSONPath that is used for extracting part of the matched event when passing it to the target.
+* event_target_ecs_target_task_definition_arn: The ARN of the task definition to use if the event target is an Amazon ECS cluster.
+* event_target_ecs_target_subnets: The subnets associated with the task or service.
+* event_target_ecs_target_security_groups: (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
+* event_target_ecs_target_assign_public_ip: (Optional) Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.
+* event_target_ecs_target_task_count: (Optional) The number of tasks to create based on the TaskDefinition. The default is 1.
+* event_target_ecs_target_platform_version: (Optional) Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This is used only if LaunchType is FARGATE.
+* event_target_ecs_target_group: (Optional) Specifies an ECS task group for the task. The maximum length is 255 characters.
+* ecs_execution_task_role_arn: The task definition execution role
+
+## Output values
+
+* aws_cloudwatch_event_rule_event_rule_arn: The Amazon Resource Name (ARN) of the CloudWatch Event Rule.
+

files/iam/scheduled_task_cw_event_role_assume_role_policy.json

@@ -0,0 +1,13 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "events.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}

files/iam/scheduled_task_cw_event_role_cloudwatch_policy.json

@@ -0,0 +1,21 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ecs:RunTask"
+      ],
+      "Resource": [
+        "*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "iam:PassRole",
+      "Resource": [
+        "${TASK_EXECUTION_ROLE_ARN}"
+      ]
+    }
+  ]
+}

main.tf

@@ -0,0 +1,68 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# PROVIDER
+# ---------------------------------------------------------------------------------------------------------------------
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT ROLE
+# ---------------------------------------------------------------------------------------------------------------------
+resource "aws_iam_role" "scheduled_task_cw_event_role" {
+  name               = "${var.name_preffix}-st-cloudwatch-role"
+  assume_role_policy = "${file("${path.module}/files/iam/scheduled_task_cw_event_role_assume_role_policy.json")}"
+}
+
+data "template_file" "scheduled_task_cloudwatch_policy" {
+  template = "${file("${path.module}/files/iam/scheduled_task_cw_event_role_cloudwatch_policy.json")}"
+  vars {
+    TASK_EXECUTION_ROLE_ARN = var.ecs_execution_task_role_arn
+  }
+}
+
+resource "aws_iam_role_policy" "scheduled_task_cloudwatch_policy" {
+  name   = "${var.name_preffix}-st-cloudwatch-policy"
+  role   = "${aws_iam_role.scheduled_task_cloudwatch.id}"
+  policy = "${data.template_file.scheduled_task_cloudwatch_policy.rendered}"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT RULE
+# ---------------------------------------------------------------------------------------------------------------------
+resource "aws_cloudwatch_event_rule" "event_rule" {
+  name                = var.event_rule_name
+  description         = var.event_rule_description
+  schedule_expression = var.event_rule_schedule_expression
+  event_pattern       = var.event_rule_event_pattern
+  role_arn            = var.event_rule_role_arn
+  is_enabled          = var.event_rule_is_enabled
+  tags = {
+    Name = "${var.name_preffix}-cw-event-rule"
+  }
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT TARGET
+# ---------------------------------------------------------------------------------------------------------------------
+resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
+  rule       = aws_cloudwatch_event_rule.event_rule.name
+  target_id  = var.event_target_target_id
+  arn        = var.ecs_cluster_arn
+  input      = var.event_target_input
+  input_path = var.event_target_input_path
+  role_arn   = aws_iam_role.scheduled_task_cw_event_role.arn
+  ecs_target {
+    task_definition_arn   = var.event_target_ecs_target_task_definition_arn
+    task_count            = var.event_target_ecs_target_task_count
+    platform_version      = var.event_target_ecs_target_platform_version
+    launch_type           = "FARGATE"
+    group                 = var.event_target_ecs_target_group
+    network_configuration {
+      subnets          = var.event_target_ecs_target_subnets
+      security_groups  = var.event_target_ecs_target_security_groups
+      assign_public_ip = var.event_target_ecs_target_assign_public_ip
+    }
+  }
+}
+

outputs.tf

@@ -0,0 +1,8 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT RULE
+# ---------------------------------------------------------------------------------------------------------------------
+output "aws_cloudwatch_event_rule_event_rule_arn" {
+  description = "The Amazon Resource Name (ARN) of the CloudWatch Event Rule."
+  value       = aws_cloudwatch_event_rule.event_rule.arn
+}
+

variables.tf

@@ -0,0 +1,111 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Misc
+# ---------------------------------------------------------------------------------------------------------------------
+variable "name_preffix" {
+  description = "Name preffix for resources on AWS"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# AWS CREDENTIALS AND REGION
+# ---------------------------------------------------------------------------------------------------------------------
+variable "profile" {
+  description = "AWS API key credentials to use"
+}
+
+variable "region" {
+  description = "AWS Region the infrastructure is hosted in"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT RULE
+# ---------------------------------------------------------------------------------------------------------------------
+variable "event_rule_name" {
+  description = "The rule's name."
+}
+
+variable "event_rule_description" {
+  description = "(Optional) The description of the rule."
+}
+
+variable "event_rule_schedule_expression" {
+  description = "(Required, if event_pattern isn't specified) The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes)."
+}
+
+variable "event_rule_event_pattern" {
+  description = "(Required, if schedule_expression isn't specified) Event pattern described a JSON object. See full documentation of CloudWatch Events and Event Patterns for details."
+}
+
+variable "event_rule_role_arn" {
+  description = "(Optional) The Amazon Resource Name (ARN) associated with the role that is used for target invocation."
+  default     = ""
+}
+
+variable "event_rule_is_enabled" {
+  description = "(Optional) Whether the rule should be enabled (defaults to true)."
+  type        = bool
+  default     = true
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUDWATCH EVENT TARGET
+# ---------------------------------------------------------------------------------------------------------------------
+variable "ecs_cluster_arn" {
+  description = "The ECS Cluster where the scheduled task will run"
+}
+
+variable "event_target_target_id" {
+  description = "(Optional) The unique target assignment ID. If missing, will generate a random, unique id."
+  default     = ""
+}
+
+variable "event_target_input" {
+  description = "(Optional) Valid JSON text passed to the target."
+  default     = ""
+}
+
+variable "event_target_input_path" {
+  description = "(Optional) The value of the JSONPath that is used for extracting part of the matched event when passing it to the target."
+  default     = ""
+}
+
+variable "event_target_ecs_target_task_definition_arn" {
+  description = "(Required) The ARN of the task definition to use if the event target is an Amazon ECS cluster."
+}
+
+variable "event_target_ecs_target_subnets" {
+  description = "The subnets associated with the task or service."
+  type        = list
+}
+
+variable "event_target_ecs_target_security_groups" {
+  description = "(Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used."
+  type        = list
+  default     = []
+}
+
+variable "event_target_ecs_target_assign_public_ip" {
+  description = "(Optional) Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false."
+  type        = bool
+  default     = false
+}
+
+variable "event_target_ecs_target_task_count" {
+  description = "(Optional) The number of tasks to create based on the TaskDefinition. The default is 1."
+  type        = number
+  default     = 1
+}
+
+variable "event_target_ecs_target_platform_version" {
+  description = "(Optional) Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions. Default to LATEST"
+  default     = "LATEST"
+}
+
+variable "event_target_ecs_target_group" {
+  description = "(Optional) Specifies an ECS task group for the task. The maximum length is 255 characters."
+  default     = ""
+}
+
+variable "ecs_execution_task_role_arn" {
+  description = "The task definition execution role"
+}
+