-
Notifications
You must be signed in to change notification settings - Fork 76
/
Copy pathmain.tf
142 lines (115 loc) · 3.06 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# ----------------------------------------
# Create a ecs service using fargate
# ----------------------------------------
terraform {
required_version = ">= 0.14"
}
provider "aws" {
region = var.region
}
data "aws_vpc" "main" {
default = true
}
data "aws_subnet_ids" "main" {
vpc_id = data.aws_vpc.main.id
}
module "fargate_alb" {
source = "telia-oss/loadbalancer/aws"
version = "3.0.0"
name_prefix = var.name_prefix
type = "application"
internal = false
vpc_id = data.aws_vpc.main.id
subnet_ids = data.aws_subnet_ids.main.ids
tags = {
environment = "dev"
terraform = "True"
}
}
resource "aws_lb_listener" "alb" {
load_balancer_arn = module.fargate_alb.arn
port = 80
protocol = "HTTP"
default_action {
target_group_arn = module.fargate.target_group_arn
type = "forward"
}
}
resource "aws_security_group_rule" "task_ingress_8000" {
security_group_id = module.fargate.service_sg_id
type = "ingress"
protocol = "tcp"
from_port = 8000
to_port = 8000
source_security_group_id = module.fargate_alb.security_group_id
}
resource "aws_security_group_rule" "alb_ingress_80" {
security_group_id = module.fargate_alb.security_group_id
type = "ingress"
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
resource "aws_efs_file_system" "efs" {
encrypted = true
}
resource "aws_efs_access_point" "efs" {
file_system_id = aws_efs_file_system.efs.id
}
resource "aws_ecs_cluster" "cluster" {
name = "${var.name_prefix}-cluster"
}
module "fargate" {
source = "../../"
name_prefix = var.name_prefix
vpc_id = data.aws_vpc.main.id
private_subnet_ids = data.aws_subnet_ids.main.ids
lb_arn = module.fargate_alb.arn
cluster_id = aws_ecs_cluster.cluster.id
task_container_image = "crccheck/hello-world:latest"
// public ip is needed for default vpc, default is false
task_container_assign_public_ip = true
// port, default protocol is HTTP
task_container_port = 8000
task_container_port_mappings = [
{
containerPort = 9000
hostPort = 9000
protocol = "tcp"
}
]
extra_target_groups = [
{
port = 3000,
arn = aws_lb_target_group.extra.arn
}
]
task_container_environment = {
TEST_VARIABLE = "TEST_VALUE"
}
task_container_health_check = {
retries = 3,
command = ["CMD-SHELL", "curl -f http://localhost:9000/ || exit 1"],
timeout = 5,
interval = 30,
startPeriod = 15
}
health_check = {
port = "traffic-port"
path = "/"
}
efs_volumes = [{
name = "storage"
file_system_id = aws_efs_file_system.efs.id
root_directory = "/"
mount_point = "/opt/files/"
readOnly = false
access_point_id = aws_efs_access_point.efs.id
}]
tags = {
environment = "dev"
terraform = "True"
}
}