-
Notifications
You must be signed in to change notification settings - Fork 0
/
task-definition.tf
118 lines (89 loc) · 4.57 KB
/
task-definition.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#################################################################################################
#
# ECS - Task Definition
#
# IAM Role - Create a role for task-definition
resource "aws_iam_role" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
name = "${var.cluster_name}TaskRole"
assume_role_policy = data.aws_iam_policy_document.main.0.json
path = var.path
description = var.description
tags = var.default_tags
}
# IAM Policy - Create a policy assume-role
data "aws_iam_policy_document" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs-tasks.amazonaws.com"]
}
}
}
data "aws_iam_policy" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
resource "aws_iam_policy" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
name = "${var.cluster_name}TaskPolicy"
policy = data.aws_iam_policy.main.0.policy
path = var.path
description = var.description
}
resource "aws_iam_role_policy_attachment" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
role = aws_iam_role.main.0.name
policy_arn = aws_iam_policy.main.0.arn
}
#
# ECS - Task Definition
#
resource "aws_ecs_task_definition" "main" {
depends_on = [ aws_iam_role.main ]
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.task_definition) : 0
family = lookup(var.task_definition[count.index], "family", null)
container_definitions = lookup(var.task_definition[count.index], "container_definitions", var.container_definitions)
requires_compatibilities = lookup(var.task_definition[count.index], "requires_compatibilities", null)
cpu = lookup(var.task_definition[count.index], "cpu", null)
memory = lookup(var.task_definition[count.index], "memory", null)
task_role_arn = aws_iam_role.main.0.arn
execution_role_arn = aws_iam_role.main.0.arn
network_mode = lookup(var.task_definition[count.index], "network_mode", null)
dynamic "volume" {
for_each = lookup(var.task_definition[count.index], "volume", {} )
content {
name = lookup(volume.value, "name", null)
host_path = lookup(volume.value, "host_path", null)
dynamic "efs_volume_configuration" {
for_each = length(keys(lookup(volume.value, "efs_volume", {}))) == 0 ? [] : [lookup(volume.value, "efs_volume", {})]
content {
file_system_id = lookup(efs_volume_configuration.value, "file_system_id", null)
root_directory = lookup(efs_volume_configuration.value, "root_directory", null)
transit_encryption = lookup(efs_volume_configuration.value, "transit_encryption", null)
transit_encryption_port = lookup(efs_volume_configuration.value, "transit_encryption_port", null)
dynamic "authorization_config" {
for_each = length(keys(lookup(efs_volume_configuration.value, "authorization_config", {}))) == 0 ? [] : [lookup(efs_volume_configuration.value, "authorization_config", {})]
content {
access_point_id = lookup(authorization_config.value, "access_point_id", null)
iam = lookup(authorization_config.value, "iam", null)
}
}
}
}
}
}
tags = var.default_tags
}
#
# CloudWatch Log Group for Task definition
#
resource "aws_cloudwatch_log_group" "main" {
count = var.create && var.cluster_type == "FARGATE" || var.cluster_type == "EC2" ? length(var.log_driver) : 0
name = lookup(var.log_driver[count.index], "log_name", null)
retention_in_days = lookup(var.log_driver[count.index], "retention_in_days", null)
tags = lookup(var.log_driver[count.index], "default_tags", var.default_tags)
depends_on = [ aws_iam_role.main ]
}