update complete example

Author: ivankatliarchuk

.github/workflows/linter.yml

@@ -33,3 +33,20 @@ jobs:
 
       - name: terraform validate
         run: terraform validate
+
+  tflint:
+    name: "tflint"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        name: Cache tflint plugin dir
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+      - uses: terraform-linters/setup-tflint@v1
+        name: Setup TFLint
+      - name: Init TFLint
+        run: tflint --init --config tflint.hcl
+      - name: Run TFLint
+        run: tflint -f compact --config tflint.hcl

examples/basic/locals.tf

@@ -83,4 +83,3 @@ data "aws_subnets" "private" {
 data "aws_ecs_cluster" "this" {
   cluster_name = local.cluster_name
 }
-

examples/complete/iam/ecs-task-default.json

@@ -0,0 +1,33 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AccessSecretsWithTag",
+      "Effect": "Allow",
+      "Action": [
+        "ssm:GetParameters"
+      ],
+      "Resource": [
+        "*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "ssm:ResourceTag/env": "${env}"
+        }
+      }
+    },
+    {
+      "Sid": "SSMExecAccess",
+      "Effect": "Allow",
+      "Action": [
+        "ssmmessages:CreateControlChannel",
+        "ssmmessages:CreateDataChannel",
+        "ssmmessages:OpenControlChannel",
+        "ssmmessages:OpenDataChannel"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}

examples/complete/locals.tf

@@ -0,0 +1,86 @@
+locals {
+  name = "example-ecs"
+  env  = "sandbox"
+  tags = {
+    Stack      = "ecs-services"
+    GithubRepo = "terraform-aws-ecs"
+    GithubOrg  = "terraform-module"
+  }
+
+  private_subnets = data.aws_subnets.private.ids
+  public_subnets  = data.aws_subnets.public.ids
+  cluster_id      = data.aws_ecs_cluster.this.id
+  cluster_name    = var.name
+
+  proxy = {
+    name             = "proxy"
+    create           = true
+    create_log_group = true
+    description      = "Public proxy service"
+    visibility       = "public"
+    exposed_port     = 80
+    health_check = {
+      path = "/healtz"
+    }
+    lb_condition_rule = {
+      host_headers = ["*.${local.env}"]
+    }
+    min_capacity  = 1
+    max_capacity  = 2 // Will scale out up to 2 replicas
+    desired_count = 1
+    cpu           = 256
+    memory        = 512
+    tags          = { service = "proxy", visibility = "public" }
+    container_definitions = [{
+      name      = "proxy"
+      image     = "cloudkats/hello-world-rest:61fe8342"
+      essential = true
+      environment = [
+        { name : "APP_NAME", value : "proxy" },
+        { name : "APP_VISIBILITY", value : "private" },
+      ]
+      linuxParameters : {
+        initProcessEnabled : true
+      },
+      healthCheck : {
+        command : [
+          "CMD-SHELL",
+          "curl -f http://localhost:80/healthz || exit 1"
+        ],
+        retries : 3,
+        timeout : 5,
+        interval : 10,
+        startPeriod : 10
+      },
+      portMappings = [{
+        protocol      = "tcp"
+        containerPort = 80
+        hostPort      = 80
+      }]
+      secrets = [],
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          awslogs-group         = "/ecs/proxy-dev-task"
+          awslogs-stream-prefix = "proxy"
+          awslogs-region        = "us-west-2"
+        }
+      }
+    }]
+  }
+}
+
+data "aws_subnets" "private" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+  filter {
+    name   = "tag:Visibility"
+    values = ["private"]
+  }
+}
+
+data "aws_ecs_cluster" "this" {
+  cluster_name = local.cluster_name
+}

examples/complete/main.tf

@@ -0,0 +1,67 @@
+################################################################################
+# ECS Resources
+################################################################################
+module "ecs" {
+  source  = "terraform-module/ecs/aws"
+  version = "~> 1"
+
+  name = var.name
+
+  container_insights = false
+  capacity_providers = ["FARGATE_SPOT"]
+
+  default_capacity_provider_strategy = [
+    {
+      capacity_provider = "FARGATE_SPOT"
+    }
+  ]
+
+  tags = merge({ Module = "terraform-module/ecs/aws" })
+}
+
+################################################################################
+# LB Resources
+################################################################################
+resource "aws_lb" "this" {
+  name     = "${var.name}-alb"
+  internal = false
+
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.alb.id]
+  subnets            = local.public_subnets
+  enable_http2       = "true"
+
+  enable_cross_zone_load_balancing = true
+  enable_deletion_protection       = false
+  tags                             = { Service = "alb", AlbType = "application" }
+}
+
+resource "aws_security_group" "alb" {
+  name   = "${var.name}-sg-alb-${var.env}"
+  vpc_id = var.vpc_id
+
+  ingress {
+    protocol    = "tcp"
+    from_port   = 80
+    to_port     = 80
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow internet to access port 80 for redirect."
+  }
+
+  ingress {
+    protocol    = "tcp"
+    from_port   = 443
+    to_port     = 443
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow internet to communicate with services over HTTPS."
+  }
+
+  egress {
+    # TEMP for testing, should be locked to just services protocols
+    protocol    = "-1"
+    from_port   = 0
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"] # TODO: make sure only vpc cidr or private sunets cidrs
+    description = "Allow internal communitcations."
+  }
+}

examples/complete/vars.tf

@@ -0,0 +1,9 @@
+variable "name" {
+  description = "Project Name"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC id where to deploy platform."
+  type        = string
+}