forked from valentinc94/aws-ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathecs.tf
104 lines (89 loc) · 2.41 KB
/
ecs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
resource "aws_ecs_cluster" "main" {
name = "cb-cluster"
}
data "template_file" "cb_app" {
template = file("./templates/ecs/cb_app.json.tpl")
vars = {
app_image = var.app_image
app_port = var.app_port
fargate_cpu = var.fargate_cpu
fargate_memory = var.fargate_memory
aws_region = var.aws_region
}
}
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecs_task_execution_role"
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Principal":{
"Service":"ec2.amazonaws.com"
},
"Effect":"Allow",
"Sid":""
}
]
}
EOF
}
resource "aws_iam_policy" "policy" {
name = "test-policy"
description = "A test policy"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = aws_iam_policy.policy.arn
}
resource "aws_ecs_task_definition" "app" {
family = "cb-app-task"
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = var.fargate_cpu
memory = var.fargate_memory
container_definitions = data.template_file.cb_app.rendered
proxy_configuration {
type = "APPMESH"
container_name = "cb-app"
properties = {
AppPorts = "8080"
EgressIgnoredIPs = "169.254.170.2,169.254.169.254"
IgnoredUID = "1337"
ProxyEgressPort = 15001
ProxyIngressPort = 15000
}
}
}
resource "aws_ecs_service" "main" {
name = "cb-service"
cluster = aws_ecs_cluster.main.id
task_definition = aws_ecs_task_definition.app.arn
desired_count = var.app_count
launch_type = "FARGATE"
network_configuration {
security_groups = [aws_security_group.ecs_tasks.id]
subnets = aws_subnet.private.*.id
assign_public_ip = true
}
load_balancer {
target_group_arn = aws_alb_target_group.app.id
container_name = "cb-app"
container_port = var.app_port
}
depends_on = [aws_alb_listener.front_end, aws_iam_role_policy_attachment.ecs_task_execution_role]
}