Use latest TF modules to allow greater customisation of services

Bhavik Kumar · Bhavik Kumar · commit 0ad2715f41bc · 2019-11-18T14:01:11.000+13:00
diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf
@@ -1,23 +1,119 @@
-module "ecs_service" {
-  source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.1.0"
-  alarm_actions = [
-    data.terraform_remote_state.market_data.outputs.alert_topic_arn
+data "aws_iam_policy_document" "task_service_assume_role" {
+  statement {
+    sid    = "AllowECSTaskToAssumeRole"
+    effect = "Allow"
+
+    actions = [
+      "sts:AssumeRole"
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = [
+        "ecs-tasks.amazonaws.com"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy" "execution_policy" {
+  arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}
+
+module "container_definition" {
+  source            = "git::https://github.com/bnc-projects/terraform-ecs-container-definition.git?ref=1.0.0"
+  environment       = [
+    {
+      name  = "SPRING_PROFILES_ACTIVE",
+      value = terraform.workspace
+    }
+  ]
+  healthCheck       = {
+    "command"     = [
+      "CMD-SHELL",
+      "curl --silent --fail --max-time 30 http://localhost:8080/actuator/health || exit 1"
+    ],
+    "interval"    = 30,
+    "retries"     = 3,
+    "startPeriod" = 300,
+    "timeout": 5
+  }
+  logConfiguration  = {
+    "logDriver": "splunk",
+    "options": {
+      "splunk-format": "raw",
+      "splunk-insecureskipverify": "true",
+      "splunk-token": var.splunk_token,
+      "splunk-url": var.splunk_url
+    }
+  }
+  image             = format("%s:%s", data.terraform_remote_state.ecr.outputs.repository_url, var.service_version)
+  name              = var.service_name
+  cpu               = var.cpu
+  memory            = var.memory
+  memoryReservation = var.memory_reservation
+  portMappings      = [
+    {
+      containerPort = 8080
+      hostPort      = 8080,
+      protocol      = "tcp"
+    }
   ]
-  application_path         = "/sbjb"
+}
+
+resource "aws_iam_role" "execution_task_role" {
+  name               = format("%s-execution", var.service_name)
+  assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
+  tags               = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_task_default_policy" {
+  role       = aws_iam_role.execution_task_role.name
+  policy_arn = data.aws_iam_policy.execution_policy.arn
+}
+
+resource "aws_iam_role" "task_role" {
+  name               = format("%s-task", var.service_name)
+  assume_role_policy = data.aws_iam_policy_document.task_service_assume_role.json
+  tags               = var.tags
+}
+
+resource "aws_ecs_task_definition" "task_definition" {
+  container_definitions = "[${module.container_definition.container_definition}]"
+  family                = var.service_name
+  cpu                   = var.cpu
+  memory                = var.memory
+  execution_role_arn    = aws_iam_role.execution_task_role.arn
+  task_role_arn         = aws_iam_role.task_role.arn
+  tags                  = merge(local.common_tags, var.tags)
+}
+
+module "ecs_service" {
+  source                   = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.3.2"
+  application_path         = "/v1/sbjb"
+  attach_load_balancer     = true
   cluster_name             = data.terraform_remote_state.market_data.outputs.ecs_cluster_name
-  docker_image             = format("%s:%s", data.terraform_remote_state.ecr.outputs.repository_url, var.service_version)
   external_lb_listener_arn = data.terraform_remote_state.market_data.outputs.external_lb_https_listener_arn
-  external_lb_name         = data.terraform_remote_state.market_data.outputs.external_lb_name
+  external_lb_name         = join("/", [
+    local.variable.external_lb_name_parts[1],
+    local.variable.external_lb_name_parts[2],
+    local.variable.external_lb_name_parts[3]])
   internal_lb_listener_arn = data.terraform_remote_state.market_data.outputs.internal_lb_https_listener_arn
-  internal_lb_name         = data.terraform_remote_state.market_data.outputs.internal_lb_name
-  java_options             = format("-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=%s -Dnewrelic.config.file=newrelic/newrelic.yml", terraform.workspace)
+  internal_lb_name         = join("/", [
+    local.variable.internal_lb_name_parts[1],
+    local.variable.internal_lb_name_parts[2],
+    local.variable.internal_lb_name_parts[3]])
   is_exposed_externally    = false
   priority                 = 50
   service_name             = var.service_name
-  splunk_token             = var.splunk_token
-  splunk_url               = var.splunk_url
-  spring_profile           = terraform.workspace
+  task_definition_arn      = aws_ecs_task_definition.task_definition.arn
   vpc_id                   = data.terraform_remote_state.market_data.outputs.vpc_id
   tags                     = merge(local.common_tags, var.tags)
 }
 
+locals {
+  variable = {
+    internal_lb_name_parts = split("/", data.terraform_remote_state.market_data.outputs.internal_lb_name)
+    external_lb_name_parts = split("/", data.terraform_remote_state.market_data.outputs.external_lb_name)
+  }
+}
diff --git a/deployment/terraform/ecs-service/variables.tf b/deployment/terraform/ecs-service/variables.tf
@@ -3,6 +3,24 @@ variable "aws_default_region" {
   default = "us-west-2"
 }
 
+variable "cpu" {
+  type        = number
+  default     = 128
+  description = "The CPU limit for the task and container."
+}
+
+variable "memory" {
+  type        = number
+  default     = 512
+  description = "The hard memory limit for the task and container"
+}
+
+variable "memory_reservation" {
+  type        = number
+  default     = 512
+  description = "The soft memory limit for the task and container"
+}
+
 variable "profile" {
   type    = string
   default = "default"
