initial cut

Eugene Dementiev · Eugene Dementiev · commit 2af04d419346 · 2019-06-06T15:30:15.000+12:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.terraform/
diff --git a/data.tf b/data.tf
@@ -0,0 +1,12 @@
+data "aws_ecs_cluster" "main" {
+  cluster_name = var.cluster_name
+}
+
+data "aws_region" "current" {}
+
+
+data "aws_lb_target_group" "TG" {
+  count = local.balanced ? 1 : 0
+
+  name = local.target_group_name
+}
diff --git a/iam.tf b/iam.tf
@@ -0,0 +1,66 @@
+data "aws_iam_policy_document" "ecs-assume" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "task-role-alb" {
+  count = local.balanced ? 1 : 0
+
+  name = "${var.cluster_name}-${var.service_name}-alb"
+
+  assume_role_policy = data.aws_iam_policy_document.ecs-assume.json
+}
+
+
+data "aws_iam_policy_document" "service_policy_alb" {
+  count = local.balanced ? 1 : 0
+
+  statement {
+    actions = [
+      "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+      "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
+    ]
+
+    resources = [
+      data.aws_lb_target_group.TG[0].arn,
+    ]
+  }
+
+  statement {
+    actions = [
+      "elasticloadbalancing:DeregisterTargets",
+      "elasticloadbalancing:RegisterTargets",
+    ]
+
+    resources = [
+      "*",
+    ]
+  }
+
+  statement {
+    actions = [
+      "elasticloadbalancing:Describe*",
+      "ec2:Describe*",
+      "ec2:AuthorizeSecurityGroupIngress",
+    ]
+
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "service_policy_alb" {
+  count = local.balanced ? 1 : 0
+
+  name   = "${var.cluster_name}-${var.service_name}-alb"
+  role   = aws_iam_role.task-role-alb[0].name
+  policy = data.aws_iam_policy_document.service_policy_alb[0].json
+}
+
diff --git a/logs.tf b/logs.tf
@@ -0,0 +1,6 @@
+resource "aws_cloudwatch_log_group" "main" {
+  count = local.log_awslogs ? 1 : 0
+
+  name = "awslogs-${var.cluster_name}-${var.service_name}"
+}
+
diff --git a/main.tf b/main.tf
@@ -0,0 +1,54 @@
+resource "aws_ecs_task_definition" "task" {
+  family = "${var.cluster_name}-${var.service_name}"
+  container_definitions = jsonencode([
+    {
+      name              = var.service_name
+      image             = var.image
+      cpu               = var.cpu
+      essential         = var.essential
+      memory            = var.memory
+      memoryReservation = var.memory_reservation
+      portMappings      = local.balanced ? coalescelist(var.port_mappings, local.defaultPortMappings) : []
+      mountPoints       = []
+      logConfiguration  = local.log_configuration
+      environment       = [for k in sort(keys(var.environment)) : { "name" : k, "value" : var.environment[k] }]
+      volumesFrom       = []
+    }
+  ])
+
+  task_role_arn = var.task_role_arn
+
+}
+
+
+resource "aws_ecs_service" "service" {
+  name                               = var.service_name
+  cluster                            = data.aws_ecs_cluster.main.cluster_name
+  task_definition                    = "${aws_ecs_task_definition.task.family}:${aws_ecs_task_definition.task.revision}"
+  desired_count                      = var.desired_count
+  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+  deployment_maximum_percent         = var.deployment_maximum_percent
+
+  iam_role = local.balanced ? aws_iam_role.task-role-alb[0].arn : ""
+
+  ordered_placement_strategy {
+    type  = "spread"
+    field = "attribute:ecs.availability-zone"
+  }
+
+  ordered_placement_strategy {
+    type  = "spread"
+    field = "instanceId"
+  }
+
+  dynamic "load_balancer" {
+    for_each = local.balanced ? [1] : []
+
+    content {
+      target_group_arn = data.aws_lb_target_group.TG[0].arn
+      container_name   = var.service_name
+      container_port   = var.container_port
+    }
+  }
+}
+
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,8 @@
+output "task-definition-arn" {
+  description = "Arn of the task definition"
+  value       = aws_ecs_task_definition.task.arn
+}
+output "task-definition-family" {
+  description = "Family of the task definition"
+  value       = aws_ecs_task_definition.task.family
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,102 @@
+variable "cluster_name" {
+  description = "Name of the ECS cluster"
+}
+
+variable "service_name" {
+  description = "Name of the ECS service"
+}
+
+variable "target_group_name" {
+  description = "Name of the ALB target group. Defaults to the `cluster_name` if not set"
+  default     = ""
+}
+
+variable "environment" {
+  description = "Enviropnment vars to pass to the container. Note: they will be visible in the task definition, so please don't pass any secrets here."
+  type        = map
+  default     = {}
+
+}
+
+variable "image" {
+  description = "The image to use"
+}
+
+variable "cpu" {
+  description = "Amount of CPU to use"
+  default     = 0
+}
+
+variable "essential" {
+  description = "Exit the task if contaner exits"
+  default     = true
+}
+
+variable "memory" {
+  description = "Amount of maximum memory the container can use"
+  default     = 512
+}
+
+variable "memory_reservation" {
+  description = "Amount of reserved memory for the container"
+  default     = 256
+}
+
+variable "container_port" {
+  default = 0
+}
+
+variable "task_role_arn" {
+  type    = string
+  default = ""
+}
+
+variable "port_mappings" {
+  type    = list
+  default = []
+}
+
+variable "log_configuration" {
+  type = object({
+    logDriver = string
+    options   = map(any)
+  })
+  default = { logDriver = "", options = {} }
+}
+
+variable "deployment_minimum_healthy_percent" {
+  description = "Minimum number of healty contianers during deployments"
+  default     = 50
+}
+
+variable "deployment_maximum_percent" {
+  description = "Maximum number of healty contianers during deployments"
+  default     = 200
+}
+
+variable "desired_count" {
+  default = 1
+}
+
+locals {
+  balanced          = var.container_port > 0
+  target_group_name = coalesce(var.target_group_name, var.cluster_name)
+
+  default_log_configuration = {
+    "logDriver" = "awslogs"
+    "options" = {
+      "awslogs-group"         = aws_cloudwatch_log_group.main[0].name
+      "awslogs-region"        = data.aws_region.current.name
+      "awslogs-stream-prefix" = var.service_name
+    }
+  }
+  log_awslogs       = var.log_configuration["logDriver"] == ""
+  log_configuration = local.log_awslogs ? local.default_log_configuration : var.log_configuration
+
+  defaultPortMappings = [
+    {
+      containerPort = var.container_port
+    }
+  ]
+}
+
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +terraform {
 +  required_version = ">= 0.12"
 +}