-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
150 lines (133 loc) · 4.91 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
provider "aws" {
region = "ap-northeast-2"
access_key= var.access_key
secret_key= var.secret_key
}
resource "aws_ecr_repository" "ecr-repo-mahesh" {
name = "ecr-repo-mahesh"
}
resource "aws_ecs_cluster" "flaskapp-cluster" {
name = "flaskapp-cluster2"
}
# Below code is not used to provision ECS Task definitions.
# Instead Task definitions are created using json file from repo using Gitbub Actions
resource "aws_ecs_task_definition" "flaskapp-task" {
family = "flaskapp-img2"
container_definitions = <<DEFINITION
[
{
"name": "flaskapp-img2",
"image": "flaskapp-img2",
"essential": true,
"portMappings": [
{
"containerPort": 5000,
"hostPort": 5000
}
],
"memory": 512,
"cpu": 256,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "flaskapplogsgrp",
"awslogs-region": "ap-northeast-2",
"awslogs-stream-prefix": "flaskapplogs"
}
}
}
]
DEFINITION
requires_compatibilities = ["FARGATE"] # Stating that we are using ECS Fargate
network_mode = "awsvpc" # Using awsvpc as our network mode as this is required for Fargate
memory = 512 # Specifying the memory our container requires
cpu = 256 # Specifying the CPU our container requires
execution_role_arn = data.aws_iam_role.task_ecs.arn
}
resource "aws_ecs_service" "flaskapp-service" {
name = "flaskapp-servic2" # ECS service name
cluster = "${aws_ecs_cluster.flaskapp-cluster.id}" # Referencing our created Cluster
task_definition = flaskappfam-img3 #"${aws_ecs_task_definition.flaskapp-task.id}" # Referencing the task our service will spin up
launch_type = "FARGATE"
desired_count = 2 # Setting the number of containers we want to be deployed
load_balancer {
target_group_arn = "${aws_lb_target_group.target_group.arn}" # Referencing our ALB target group
container_name = "${aws_ecs_task_definition.flaskapp-task.family}"
container_port = 5000 # Specifying the container port
}
network_configuration {
subnets = data.aws_subnet_ids.subnets.ids #Refer subnets from default vpc datasource
assign_public_ip = true # Create public ip for containers
}
}
# Security group for ECS service to allow inbound traffic from ALB security group
resource "aws_security_group" "service_security_group" {
ingress {
from_port = 0
to_port = 0
protocol = "-1"
# Only allow incoming traffic from the load balancer security group
security_groups = ["${aws_security_group.load_balancer_security_group.id}"]
}
egress {
from_port = 0 # Allow any incoming port
to_port = 0 # Allow any outgoing port
protocol = "-1" # Allow any outgoing protocol
cidr_blocks = ["0.0.0.0/0"] # Allow outgoing traffic to all IP
}
}
#Provisioning ALB to expose our ECS service to outside world
resource "aws_alb" "application_load_balancer" {
name = "flaskapp-ecs-lb"
load_balancer_type = "application"
subnets = data.aws_subnet_ids.subnets.ids #Refer subnets from default vpc datasource
# Referencing the LB security group
security_groups = ["${aws_security_group.load_balancer_security_group.id}"]
}
# Security group for the load balancer
resource "aws_security_group" "load_balancer_security_group" {
ingress {
from_port = 80 #Allow incoming traffic from port 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] #Allow incoming traffic from everywhere
}
egress {
from_port = 0 # Allow any incoming port
to_port = 0 # Allow any outgoing port
protocol = "-1" # Allow any outgoing protocol
cidr_blocks = ["0.0.0.0/0"] # Allow outgoing traffic to all IP addresses
}
}
#Target Group for ALB which points to ECS containers
resource "aws_lb_target_group" "target_group" {
name = "flaskapp-ecs-lb-tg"
port = 80
protocol = "HTTP"
target_type = "ip"
vpc_id = "${data.aws_vpc.default_vpc.id}" # Referencing the default VPC
health_check {
matcher = "200,301,302"
path = "/"
timeout = 110
interval = 120
}
}
resource "aws_lb_listener" "listener" {
load_balancer_arn = "${aws_alb.application_load_balancer.arn}" # Referencing our load balancer
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = "${aws_lb_target_group.target_group.arn}" # Referencing our target group
}
}
data "aws_vpc" "default_vpc" { #Reference data source for default vpc (not managed by Terraform)
default = true
}
data "aws_subnet_ids" "subnets" { #Reference data source for subnets from default vpc (not managed by Terraform)
vpc_id = data.aws_vpc.default_vpc.id
}
data "aws_iam_role" "task_ecs" {
name = "ecsTaskExecutionRole"
}