-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathecs.tf
105 lines (96 loc) · 3.59 KB
/
ecs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
data "aws_iam_policy_document" "task_service_assume_role" {
statement {
sid = "AllowECSTaskToAssumeRole"
effect = "Allow"
actions = [
"sts:AssumeRole"
]
principals {
type = "Service"
identifiers = [
"ecs-tasks.amazonaws.com"
]
}
}
}
data "aws_iam_policy" "execution_policy" {
arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
module "container_definition" {
source = "git::https://github.com/bnc-projects/terraform-ecs-container-definition.git?ref=1.0.0"
environment = [
{
name = "SPRING_PROFILES_ACTIVE",
value = terraform.workspace
}
]
healthCheck = {
"command" = [
"CMD-SHELL",
"curl --silent --fail --max-time 30 http://localhost:8080/actuator/health || exit 1"
],
"interval" = 30,
"retries" = 3,
"startPeriod" = 300,
"timeout": 5
}
logConfiguration = {
"logDriver": "splunk",
"options": {
"splunk-format": "raw",
"splunk-insecureskipverify": "true",
"splunk-token": var.splunk_token,
"splunk-url": var.splunk_url
}
}
image = format("%s:%s", data.terraform_remote_state.ecr.outputs.repository_url, var.service_version)
name = var.service_name
cpu = var.cpu
memory = var.memory
memoryReservation = var.memory_reservation
portMappings = [
{
containerPort = 8080
hostPort = 0,
protocol = "tcp"
}
]
}
resource "aws_iam_role" "execution_task_role" {
name = format("%s-execution", var.service_name)
assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
tags = merge(local.common_tags, var.tags)
}
resource "aws_iam_role_policy_attachment" "ecs_task_default_policy" {
role = aws_iam_role.execution_task_role.name
policy_arn = data.aws_iam_policy.execution_policy.arn
}
resource "aws_iam_role" "task_role" {
name = format("%s-task", var.service_name)
assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
tags = merge(local.common_tags, var.tags)
}
resource "aws_ecs_task_definition" "task_definition" {
container_definitions = "[${module.container_definition.container_definition}]"
family = var.service_name
execution_role_arn = aws_iam_role.execution_task_role.arn
task_role_arn = aws_iam_role.task_role.arn
tags = merge(local.common_tags, var.tags)
}
module "ecs_service" {
source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.3.5"
application_path = "/v1/sbjb"
attach_load_balancer = true
cluster = data.terraform_remote_state.market_data.outputs.ecs_cluster_name
external_lb_listener_arn = data.terraform_remote_state.market_data.outputs.external_lb_https_listener_arn
external_lb_name = data.terraform_remote_state.market_data.outputs.external_lb_name
healthcheck_path = "/actuator/health"
internal_lb_listener_arn = data.terraform_remote_state.market_data.outputs.internal_lb_https_listener_arn
internal_lb_name = data.terraform_remote_state.market_data.outputs.internal_lb_name
is_exposed_externally = false
priority = 53
service_name = var.service_name
task_definition_arn = aws_ecs_task_definition.task_definition.arn
vpc_id = data.terraform_remote_state.market_data.outputs.vpc_id
tags = merge(local.common_tags, var.tags)
}