Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: StayWell/terraform-aws-metabase
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: Budibase/terraform-aws-metabase
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
2 contributors
Loading
Showing with 188 additions and 278 deletions.
  1. +4 −95 alb.tf
  2. +4 −0 data.tf
  3. +50 −62 ecs.tf
  4. +5 −10 outputs.tf
  5. +0 −101 rds.tf
  6. +70 −0 sg.tf
  7. +55 −10 variables.tf
99 changes: 4 additions & 95 deletions alb.tf
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,18 @@
resource "aws_lb" "this" {
count = var.create_alb ? 1 : 0

name_prefix = "mb-"
security_groups = ["${aws_security_group.alb.id}"]
subnets = tolist(var.public_subnet_ids)
tags = var.tags

access_logs {
bucket = aws_s3_bucket.this.bucket
enabled = true
}

lifecycle {
create_before_destroy = true
}
}

resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.this.arn
depends_on = [aws_lb.this] # https://github.com/terraform-providers/terraform-provider-aws/issues/9976
load_balancer_arn = var.alb_arn != "" ? var.alb_arn : aws_lb.this[0].arn
port = "80"
protocol = "HTTP"

@@ -36,8 +32,7 @@ resource "aws_lb_listener" "http" {
}

resource "aws_lb_listener" "https" {
load_balancer_arn = aws_lb.this.arn
depends_on = [aws_lb.this] # https://github.com/terraform-providers/terraform-provider-aws/issues/9976
load_balancer_arn = var.alb_arn != "" ? var.alb_arn : aws_lb.this[0].arn
port = "443"
protocol = "HTTPS"
ssl_policy = var.ssl_policy
@@ -57,89 +52,3 @@ resource "aws_lb_listener" "https" {
create_before_destroy = true
}
}

resource "aws_s3_bucket" "this" {
bucket_prefix = "mb-"
acl = "private"
force_destroy = ! var.protection
tags = var.tags

server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

lifecycle_rule {
enabled = true

expiration {
days = var.log_retention
}
}

lifecycle {
create_before_destroy = true
}
}

resource "aws_s3_bucket_policy" "this" {
bucket = aws_s3_bucket.this.id
policy = data.aws_iam_policy_document.s3.json
}

data "aws_elb_service_account" "this" {}

data "aws_iam_policy_document" "s3" {
statement {
actions = ["s3:PutObject"]
resources = ["${aws_s3_bucket.this.arn}/*"]

principals {
type = "AWS"
identifiers = [data.aws_elb_service_account.this.arn]
}
}
}

resource "aws_security_group" "alb" {
name_prefix = "${var.id}-alb-"
vpc_id = var.vpc_id
tags = var.tags

lifecycle {
create_before_destroy = true
}
}

resource "aws_security_group_rule" "alb_egress_ecs" {
description = "ECS"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
security_group_id = aws_security_group.alb.id
source_security_group_id = aws_security_group.ecs.id
}

resource "aws_security_group_rule" "alb_ingress_http" {
description = "Internet"
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
security_group_id = aws_security_group.alb.id
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "alb_ingress_https" {
description = "Internet"
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
security_group_id = aws_security_group.alb.id
cidr_blocks = ["0.0.0.0/0"]
}
4 changes: 4 additions & 0 deletions data.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
data "aws_ecs_cluster" "this" {
count = var.create_cluster ? 0 : 1
cluster_name = var.cluster_name
}
112 changes: 50 additions & 62 deletions ecs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,26 @@
resource "aws_ecs_cluster" "this" {
name = var.id
capacity_providers = ["FARGATE"]
tags = var.tags
count = var.create_cluster ? 1 : 0
name = var.cluster_name
tags = var.tags

setting {
name = "containerInsights"
value = "enabled"
}
}

resource "aws_ecs_cluster_capacity_providers" "this" {
cluster_name = var.cluster_name

capacity_providers = ["FARGATE"]

default_capacity_provider_strategy {
base = 1
weight = 100
capacity_provider = "FARGATE"
}
}

resource "aws_ecs_task_definition" "this" {
family = var.id
container_definitions = jsonencode(local.container)
@@ -22,17 +34,17 @@ resource "aws_ecs_task_definition" "this" {

resource "aws_ecs_service" "this" {
name = var.id
cluster = aws_ecs_cluster.this.id
cluster = var.create_cluster ? aws_ecs_cluster.this[0].id : data.aws_ecs_cluster.this[0].id
task_definition = aws_ecs_task_definition.this.arn
desired_count = var.desired_count
launch_type = "FARGATE"
propagate_tags = "SERVICE"
health_check_grace_period_seconds = 30
health_check_grace_period_seconds = 600
depends_on = [aws_lb_listener_rule.this]
tags = var.tags

load_balancer {
target_group_arn = aws_lb_target_group.this.id
target_group_arn = aws_lb_target_group.this.arn
container_name = local.container[0].name
container_port = local.container[0].portMappings[0].containerPort
}
@@ -53,13 +65,6 @@ locals {
essential = true
environment = concat(local.environment, var.environment)

secrets = [
{
name = "MB_DB_PASS"
valueFrom = aws_ssm_parameter.this.name
},
]

portMappings = [
{
containerPort = 3000
@@ -75,34 +80,50 @@ locals {
awslogs-stream-prefix = "ecs"
}
}

healthCheck = {
command = ["CMD-SHELL", "curl -f http://localhost:3000/api/health || exit 1"]
interval = 30
timeout = 5
retries = 3
startPeriod = 60
}
}
]

environment = [
{
name = "MB_JETTY_HOST"
value = "0.0.0.0"
},
{
name = "JAVA_TIMEZONE"
value = var.java_timezone
},
{
name = "MB_DB_TYPE"
value = "mysql"
value = "postgres"
},
{
name = "MB_DB_DBNAME"
value = aws_rds_cluster.this.database_name
value = var.db_dbname
},
{
name = "MB_DB_PORT"
value = tostring(aws_rds_cluster.this.port)
value = var.db_port
},
{
name = "MB_DB_USER"
value = aws_rds_cluster.this.master_username
value = var.db_user
},
{
name = "MB_DB_HOST"
value = aws_rds_cluster.this.endpoint
value = var.db_host
},
{
name = "MB_DB_PASS"
value = var.db_pass
}
]
}

@@ -146,7 +167,15 @@ resource "aws_lb_target_group" "this" {
tags = var.tags

health_check {
path = "/"
enabled = true
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 5
interval = 30
path = "/api/health"
matcher = "200"
port = "traffic-port"
protocol = "HTTP"
}
}

@@ -171,8 +200,8 @@ resource "aws_route53_record" "this" {
zone_id = var.zone_id

alias {
name = aws_lb.this.dns_name
zone_id = aws_lb.this.zone_id
name = var.alb_dns_name != "" ? var.alb_dns_name : aws_lb.this[0].dns_name
zone_id = var.alb_zone_id != "" ? var.alb_zone_id : aws_lb.this[0].zone_id
evaluate_target_health = false
}
}
@@ -182,44 +211,3 @@ resource "aws_cloudwatch_log_group" "this" {
retention_in_days = var.log_retention
tags = var.tags
}

resource "aws_security_group" "ecs" {
name_prefix = "${var.id}-ecs-"
vpc_id = var.vpc_id
tags = var.tags

lifecycle {
create_before_destroy = true
}
}

resource "aws_security_group_rule" "ecs_egress_internet" {
count = var.internet_egress ? 1 : 0
description = "Internet"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
security_group_id = aws_security_group.ecs.id
cidr_blocks = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "ecs_egress_rds" {
description = "ALB"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
security_group_id = aws_security_group.ecs.id
source_security_group_id = aws_security_group.rds.id
}

resource "aws_security_group_rule" "ecs_ingress_alb" {
description = "ALB"
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
security_group_id = aws_security_group.ecs.id
source_security_group_id = aws_security_group.alb.id
}
15 changes: 5 additions & 10 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
output "rds_security_group_id" {
description = "https://www.terraform.io/docs/providers/aws/r/security_group.html#id"
value = aws_security_group.rds.id
}

output "rds_port" {
description = "https://www.terraform.io/docs/providers/aws/r/rds_cluster.html#port-1"
value = aws_rds_cluster.this.port
}

output "listener_arn" {
description = "https://www.terraform.io/docs/providers/aws/r/lb_listener.html#arn"
value = aws_lb_listener.https.arn
@@ -17,3 +7,8 @@ output "target_group_arn" {
description = "https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#arn"
value = aws_lb_target_group.this.arn
}

output "security_group_id" {
description = "https://www.terraform.io/docs/providers/aws/r/security_group.html#id"
value = aws_security_group.ecs.id
}
Loading