forked from madagra/terraform-aws-single-task-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
152 lines (121 loc) · 3.64 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# ========= security group ==========
resource "aws_security_group" "security_group" {
description = "The security group of the ECS task allowing traffic only on the container ports"
vpc_id = var.vpc_id
dynamic "ingress" {
for_each = var.open_ports
content {
protocol = "tcp"
from_port = ingress.value
to_port = ingress.value
cidr_blocks = var.vpc_cidr
}
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.task_name}-sg"
Terraform = "true"
}
}
# ========= service discovery ==========
resource "aws_service_discovery_service" "discovery_name" {
count = var.has_discovery == false ? 0 : 1
name = var.task_name
dns_config {
namespace_id = var.dns_namespace
dns_records {
ttl = 10
type = "A"
}
routing_policy = "MULTIVALUE"
}
}
# ========= task definition ==========
locals {
log_configuration = {
"logDriver" = "awslogs"
"options" = {
"awslogs-group" : "${var.task_name}-logs"
"awslogs-create-group" : "true"
"awslogs-region" : var.logs_region,
"awslogs-stream-prefix" : var.task_name
}
}
}
module "task_definition" {
source = "github.com/mongodb/terraform-aws-ecs-task-definition"
name = var.task_name
image = var.container_image
family = "${var.task_name}-definition"
requires_compatibilities = [var.task_launch_type]
execution_role_arn = var.task_exec_role
network_mode = var.task_network_mode
cpu = var.task_cpu
memory = var.task_memory
# container port mappings
portMappings = [
for port in var.open_ports :
{
containerPort = port
hostPort = port
protocol = "tcp"
}
]
# container log redirection
logConfiguration = var.has_logs == true ? local.log_configuration : null
# environmental variables to pass to the container
environment = var.environment
tags = {
Name = "${var.task_name}-definition"
Terraform = "true"
}
}
resource "aws_ecs_service" "service" {
name = var.task_name
cluster = var.ecs_cluster
task_definition = module.task_definition.arn
desired_count = var.desired_count
launch_type = var.capacity_provider == null ? var.task_launch_type : null
deployment_maximum_percent = var.deployment_maximum_percent
deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
network_configuration {
security_groups = concat([aws_security_group.security_group.id], var.security_groups)
subnets = var.vpc_subnets
assign_public_ip = false
}
dynamic "service_registries" {
for_each = var.has_discovery == false ? [] : list(var.has_discovery)
content {
registry_arn = aws_service_discovery_service.discovery_name[0].arn
container_name = var.task_name
}
}
dynamic "capacity_provider_strategy" {
for_each = var.has_asg == false ? [] : list(var.has_asg)
content {
capacity_provider = var.capacity_provider
weight = 1
}
}
dynamic "load_balancer" {
for_each = var.has_alb == false ? [] : list(var.has_alb)
content {
container_name = var.task_name
target_group_arn = var.alb_target_group
container_port = var.alb_port
}
}
ordered_placement_strategy {
type = "binpack"
field = "cpu"
}
tags = {
Name = "${var.task_name}-service"
Terraform = "true"
}
}