diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf new file mode 100644 index 0000000..8be1f1d --- /dev/null +++ b/examples/complete-tcp-app/main.tf @@ -0,0 +1,147 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Data +data "aws_route53_zone" "root" { + name = "${var.root_domain_name}." + private_zone = false +} + +# Main +module "vpc" { + source = "registry.terraform.io/terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = "${var.env}-vpc" + cidr = "10.0.0.0/16" + + azs = [ + "${var.aws_region}a", + "${var.aws_region}b" + ] + public_subnets = [ + "10.0.10.0/23", + "10.0.12.0/23" + ] + + private_subnets = [ + "10.0.20.0/23" + ] + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" +} +resource "aws_security_group" "default_permissive" { + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id + + ingress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + +} + +resource "aws_route53_record" "env_ns_record" { + zone_id = data.aws_route53_zone.root.id + name = "${var.env}.${var.root_domain_name}" + type = "NS" + ttl = "60" + records = aws_route53_zone.env_domain.name_servers +} + +resource "aws_route53_zone" "env_domain" { + name = "${var.env}.${var.root_domain_name}" +} + +module "env_acm" { + source = "registry.terraform.io/terraform-aws-modules/acm/aws" + version = "~> 4.0" + + domain_name = "${var.env}.${var.root_domain_name}" + + subject_alternative_names = [ + "*.${var.env}.${var.root_domain_name}" + ] + + zone_id = aws_route53_zone.env_domain.id + + tags = { + Name = "${var.env}.${var.root_domain_name}" + } +} + +module "ecs" { + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" +} + +module "tcp_app" { + source = "../.." + + name = "tcpapp" + app_type = "tcp-app" + env = var.env + namespace = var.namespace + + # Containers + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag + + # Load Balancer + public = true + https_enabled = true + tls_cert_arn = local.tls_cert_arn + + port_mappings = [ + { + container_port = 4442 + host_port = 4442 + }, + { + container_port = 4443 + host_port = 4443 + }, + { + container_port = 4444 + host_port = 4444 + tls = true + } + ] + + # Network + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id + + # Environment variables + app_secrets = [ + ] + environment = { + } +} + diff --git a/examples/complete-tcp-app/output.tf b/examples/complete-tcp-app/output.tf new file mode 100644 index 0000000..c7bd132 --- /dev/null +++ b/examples/complete-tcp-app/output.tf @@ -0,0 +1,16 @@ +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} + +output "private_subnet_cidrs" { + value = module.vpc.private_subnets_cidr_blocks +} + +output "cloudwatch_log_group" { + value = module.tcp_app.cloudwatch_log_group +} + +output "ecs_cluster_name" { + value = module.ecs.cluster_name +} + diff --git a/examples/complete-tcp-app/variables.tf b/examples/complete-tcp-app/variables.tf new file mode 100644 index 0000000..b3ee255 --- /dev/null +++ b/examples/complete-tcp-app/variables.tf @@ -0,0 +1,11 @@ +locals { + tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null +} + +variable "env" {} +variable "namespace" {} +variable "aws_profile" {} +variable "aws_region" {} +variable "docker_registry" {} +variable "docker_image_tag" {} +variable "root_domain_name" {} diff --git a/examples/complete-web-windows/main-windows.tf b/examples/complete-web-windows/main-windows.tf deleted file mode 100644 index 694d6f8..0000000 --- a/examples/complete-web-windows/main-windows.tf +++ /dev/null @@ -1,43 +0,0 @@ -module "web_complete" { - source = "../.." - - name = "app" - app_type = "web" - env = var.env - namespace = var.namespace - ecs_cluster_name = local.ecs_cluster_name - - # Containers - cpu = 1024 - memory = 2048 - operating_system_family = "WINDOWS_SERVER_2019_CORE" - docker_registry = local.docker_registry - image_id = local.image_id - docker_image_tag = local.docker_image_tag - iam_instance_profile = local.iam_instance_profile - key_name = local.key_name - - # Load Balancer - public = true - alb_health_check_path = "/" - alb_security_groups = local.alb_security_groups - tls_cert_arn = local.tls_cert_arn - - # Network - vpc_id = local.vpc_id - public_subnets = local.public_subnets - private_subnets = local.private_subnets - security_groups = local.security_groups - root_domain_name = var.root_domain_name - zone_id = local.zone_id - route53_health_check_enabled = false - - # Environment variables - app_secrets = [ - ] - environment = { - ENV = var.env - APP_NAME = "App" - } -} - diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf new file mode 100644 index 0000000..c06cd15 --- /dev/null +++ b/examples/complete-web-windows/main.tf @@ -0,0 +1,123 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Data +data "aws_route53_zone" "root" { + name = "${var.root_domain_name}." + private_zone = false +} + +# Main +module "vpc" { + source = "registry.terraform.io/terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = "${var.env}-vpc" + cidr = "10.0.0.0/16" + + azs = [ + "${var.aws_region}a", + "${var.aws_region}b" + ] + public_subnets = [ + "10.0.10.0/23", + "10.0.12.0/23" + ] + + private_subnets = [ + "10.0.20.0/23" + ] + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" +} +resource "aws_security_group" "default_permissive" { + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id + + ingress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + +} + +resource "aws_route53_record" "env_ns_record" { + zone_id = data.aws_route53_zone.root.id + name = "${var.env}.${var.root_domain_name}" + type = "NS" + ttl = "60" + records = aws_route53_zone.env_domain.name_servers +} + +resource "aws_route53_zone" "env_domain" { + name = "${var.env}.${var.root_domain_name}" +} + +module "ecs" { + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" +} + +module "web_complete" { + source = "../.." + + name = "app" + app_type = "web" + env = var.env + namespace = var.namespace + + # Containers + cpu = 1024 + memory = 2048 + operating_system_family = "WINDOWS_SERVER_2019_CORE" + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag + + # Load Balancer + public = true + https_enabled = false + alb_health_check_path = "/" + alb_security_groups = [aws_security_group.default_permissive.id] + + # EFS settings + efs_enabled = false + efs_mount_point = "/mnt/efs" + efs_root_directory = "/" + + # Network + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id + + # Environment variables + app_secrets = [ + ] + environment = { + } +} + diff --git a/examples/complete-web-windows/output.tf b/examples/complete-web-windows/output.tf new file mode 100644 index 0000000..12a7c2e --- /dev/null +++ b/examples/complete-web-windows/output.tf @@ -0,0 +1,16 @@ +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} + +output "private_subnet_cidrs" { + value = module.vpc.private_subnets_cidr_blocks +} + +output "cloudwatch_log_group" { + value = module.web_complete.cloudwatch_log_group +} + +output "ecs_cluster_name" { + value = module.ecs.cluster_name +} + diff --git a/examples/complete-web-windows/variables.tf b/examples/complete-web-windows/variables.tf new file mode 100644 index 0000000..97ce6c3 --- /dev/null +++ b/examples/complete-web-windows/variables.tf @@ -0,0 +1,7 @@ +variable "env" {} +variable "namespace" {} +variable "aws_profile" {} +variable "aws_region" {} +variable "docker_registry" {} +variable "docker_image_tag" {} +variable "root_domain_name" {} diff --git a/examples/complete-web/data.tf b/examples/complete-web/data.tf deleted file mode 100644 index 99fa410..0000000 --- a/examples/complete-web/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_availability_zones" "available" {} -data "aws_caller_identity" "current" {} - -data "aws_route53_zone" "root" { - name = "${var.root_domain_name}." - private_zone = false -} diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf index 5a9ea09..2cf50d2 100644 --- a/examples/complete-web/main.tf +++ b/examples/complete-web/main.tf @@ -1,3 +1,20 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Data +data "aws_route53_zone" "root" { + name = "${var.root_domain_name}." + private_zone = false +} + +# Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" version = "~> 3.0" @@ -6,10 +23,12 @@ module "vpc" { cidr = "10.0.0.0/16" azs = [ - "${var.aws_region}a" + "${var.aws_region}a", + "${var.aws_region}b" ] public_subnets = [ - "10.0.10.0/23" + "10.0.10.0/23", + "10.0.12.0/23" ] private_subnets = [ @@ -21,7 +40,6 @@ module "vpc" { resource "aws_security_group" "default_permissive" { name = "${var.env}-default-permissive" vpc_id = module.vpc.vpc_id - description = "Managed by Terraform" ingress { protocol = -1 @@ -65,7 +83,7 @@ module "env_acm" { "*.${var.env}.${var.root_domain_name}" ] - zone_id = local.zone_id + zone_id = aws_route53_zone.env_domain.id tags = { Name = "${var.env}.${var.root_domain_name}" @@ -93,8 +111,9 @@ module "web_complete" { # Load Balancer public = true + https_enabled = true alb_health_check_path = "/" - alb_security_groups = local.alb_security_groups + alb_security_groups = [aws_security_group.default_permissive.id] tls_cert_arn = local.tls_cert_arn # EFS settings @@ -103,15 +122,12 @@ module "web_complete" { efs_root_directory = "/" # Network - vpc_id = local.vpc_id - public_subnets = local.public_subnets - private_subnets = local.private_subnets - security_groups = local.security_groups + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] root_domain_name = var.root_domain_name - zone_id = local.zone_id - route53_health_check_enabled = false - domain_names = [ - ] + zone_id = aws_route53_zone.env_domain.id # Environment variables app_secrets = [ diff --git a/examples/complete-web/variables.tf b/examples/complete-web/variables.tf index ac744ab..b3ee255 100644 --- a/examples/complete-web/variables.tf +++ b/examples/complete-web/variables.tf @@ -1,19 +1,11 @@ locals { - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - vpc_id = module.vpc.vpc_id - security_groups = [aws_security_group.default_permissive.id] - alb_security_groups = [aws_security_group.default_permissive.id] - zone_id = aws_route53_zone.env_domain.id - - tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null + tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null } variable "env" {} variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} -variable "ssh_public_key" {} variable "docker_registry" {} variable "docker_image_tag" {} variable "root_domain_name" {} diff --git a/examples/complete-web/versions.tf b/examples/complete-web/versions.tf deleted file mode 100644 index 70c797c..0000000 --- a/examples/complete-web/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} diff --git a/examples/complete-worker-ec2/main-ec2.tf b/examples/complete-worker-ec2/main-ec2.tf deleted file mode 100644 index 22e8d75..0000000 --- a/examples/complete-worker-ec2/main-ec2.tf +++ /dev/null @@ -1,55 +0,0 @@ -module "web_complete" { - source = "../.." - - name = "app" - app_type = "worker" - env = var.env - namespace = var.namespace - ecs_cluster_name = local.ecs_cluster_name - - public = false - min_size = 1 - max_size = 1 - desired_capacity = 0 - memory = 8192 - cpu = 1024 - instance_type = "t3.nano" - ecs_launch_type = "EC2" - ec2_service_group = "app" - ecs_network_mode = "bridge" - iam_instance_profile = local.iam_instance_profile - key_name = local.key_name - - # Containers - docker_registry = local.docker_registry - image_id = local.image_id - docker_image_tag = local.docker_image_tag - - docker_container_command = ["rake", "notify:daily"] - cloudwatch_schedule_expressions = ["cron(0 * * * ? *)"] - deployment_minimum_healthy_percent = 0 - - # Network - vpc_id = local.vpc_id - public_subnets = local.public_subnets - private_subnets = local.private_subnets - security_groups = local.security_groups - root_domain_name = var.root_domain_name - zone_id = local.zone_id - - # Environment variables - app_secrets = [ - ] - environment = { - ENV = var.env - APP_NAME = "App" - } - - iam_role_policy_statement = [ - { - Effect = "Allow", - Action = "s3:*", - Resource = "*" - }] -} - diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf new file mode 100644 index 0000000..1f8a086 --- /dev/null +++ b/examples/complete-worker-ec2/main.tf @@ -0,0 +1,130 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Data +data "aws_ami" "amazon_linux_ecs_generic" { + most_recent = true + + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-ecs-hvm-*-x86_64-ebs"] + } + + filter { + name = "owner-alias" + values = ["amazon"] + } +} + +# Main +module "vpc" { + source = "registry.terraform.io/terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = "${var.env}-vpc" + cidr = "10.0.0.0/16" + + azs = [ + "${var.aws_region}a" + ] + public_subnets = [ + "10.0.10.0/23" + ] + + private_subnets = [ + "10.0.20.0/23" + ] + + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" +} +resource "aws_security_group" "default_permissive" { + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id + + ingress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + +} + +resource "aws_key_pair" "root" { + key_name = var.ec2_key_pair_name + public_key = var.ssh_public_key + + lifecycle { + ignore_changes = [ + public_key + ] + } +} + +module "ecs" { + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" +} + +module "worker_complete" { + source = "../.." + + name = "worker" + app_type = "worker" + env = var.env + namespace = var.namespace + + public = false + ecs_launch_type = "EC2" + ecs_network_mode = "host" + instance_type = "t3.medium" + max_size = 1 + desired_capacity = 0 + + + # Containers + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag + + docker_container_command = ["echo", "command-output"] + deployment_minimum_healthy_percent = 0 + + # Network + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + key_name = var.ec2_key_pair_name + create_iam_instance_profile = true + image_id = data.aws_ami.amazon_linux_ecs_generic.id + + # Environment variables + app_secrets = [ + ] + environment = { + } +} + diff --git a/examples/complete-worker-ec2/output.tf b/examples/complete-worker-ec2/output.tf new file mode 100644 index 0000000..f2ad695 --- /dev/null +++ b/examples/complete-worker-ec2/output.tf @@ -0,0 +1,20 @@ +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} + +output "private_subnet_cidrs" { + value = module.vpc.private_subnets_cidr_blocks +} + +output "cloudwatch_log_group" { + value = module.worker_complete.cloudwatch_log_group +} + +output "cloudwatch_event_rule_id" { + value = module.worker_complete.cloudwatch_event_rule_id +} + +output "ecs_cluster_name" { + value = module.ecs.cluster_name +} + diff --git a/examples/complete-worker-ec2/variables.tf b/examples/complete-worker-ec2/variables.tf new file mode 100644 index 0000000..d6621a5 --- /dev/null +++ b/examples/complete-worker-ec2/variables.tf @@ -0,0 +1,8 @@ +variable "env" {} +variable "namespace" {} +variable "aws_profile" {} +variable "aws_region" {} +variable "docker_registry" {} +variable "docker_image_tag" {} +variable "ec2_key_pair_name" {} +variable "ssh_public_key" {} diff --git a/examples/complete-worker/data.tf b/examples/complete-worker/data.tf deleted file mode 100644 index 498ff47..0000000 --- a/examples/complete-worker/data.tf +++ /dev/null @@ -1,4 +0,0 @@ -data "aws_availability_zones" "available" {} -data "aws_caller_identity" "current" {} - - diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf index 0db9ec1..c62fc41 100644 --- a/examples/complete-worker/main.tf +++ b/examples/complete-worker/main.tf @@ -1,3 +1,14 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" version = "~> 3.0" @@ -22,7 +33,6 @@ module "vpc" { resource "aws_security_group" "default_permissive" { name = "${var.env}-default-permissive" vpc_id = module.vpc.vpc_id - description = "Managed by Terraform" ingress { protocol = -1 @@ -58,43 +68,31 @@ module "worker_complete" { app_type = "worker" env = var.env namespace = var.namespace - ecs_cluster_name = local.ecs_cluster_name public = false ecs_launch_type = "FARGATE" - min_size = 1 max_size = 1 desired_capacity = 0 - memory = 2048 - cpu = 1024 + # Containers - ecs_cluster_arn = module.ecs.cluster_arn - docker_registry = local.docker_registry - docker_image_tag = local.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 # Network - vpc_id = local.vpc_id - public_subnets = local.public_subnets - private_subnets = local.private_subnets - security_groups = local.security_groups - root_domain_name = var.root_domain_name - zone_id = local.zone_id + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] # Environment variables app_secrets = [ ] environment = { } - - iam_role_policy_statement = [ - { - Effect = "Allow", - Action = "s3:*", - Resource = "*" - }] } diff --git a/examples/complete-worker/variables.tf b/examples/complete-worker/variables.tf index e1be7e1..7b9fd62 100644 --- a/examples/complete-worker/variables.tf +++ b/examples/complete-worker/variables.tf @@ -1,26 +1,6 @@ -locals { - env = var.env - namespace = var.namespace - - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - vpc_id = module.vpc.vpc_id - security_groups = [aws_security_group.default_permissive.id] - alb_security_groups = [aws_security_group.default_permissive.id] - root_domain_name = var.root_domain_name - zone_id = aws_route53_zone.env_domain.id - - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag - - ecs_cluster_name = module.ecs.cluster_name -} - variable "env" {} variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} -variable "ssh_public_key" {} variable "docker_registry" {} variable "docker_image_tag" {} -variable "root_domain_name" {} diff --git a/examples/complete-worker/versions.tf b/examples/complete-worker/versions.tf deleted file mode 100644 index 70c797c..0000000 --- a/examples/complete-worker/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf new file mode 100644 index 0000000..d449b91 --- /dev/null +++ b/examples/worker-scheduled-autoscale/main.tf @@ -0,0 +1,118 @@ +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Main +module "vpc" { + source = "registry.terraform.io/terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = "${var.env}-vpc" + cidr = "10.0.0.0/16" + + azs = [ + "${var.aws_region}a" + ] + public_subnets = [ + "10.0.10.0/23" + ] + + private_subnets = [ + "10.0.20.0/23" + ] + + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" +} +resource "aws_security_group" "default_permissive" { + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id + + ingress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + +} + +module "ecs" { + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" +} + +module "worker_scheduled" { + source = "../.." + + name = "worker" + app_type = "worker" + env = var.env + namespace = var.namespace + + public = false + ecs_launch_type = "FARGATE" + + # Containers + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag + + docker_container_command = ["echo", "command-output"] + deployment_minimum_healthy_percent = 0 + + # Autoscaling + autoscale_enabled = true + min_size = 1 + max_size = 1 + desired_capacity = 1 + + # Scheduled ECS scaling up/down + autoscaling_min_size = 1 + autoscaling_max_size = 4 + autoscale_scheduled_timezone = "America/Los_Angeles" + + # Scaling to the value of autoscaling_max_size + # Time is in PST here (see `autoscale_scheduled_timezone` parameter) + autoscale_scheduled_up = [ + "cron(30 21 * * ? *)", + "cron(30 13 * * ? *)", + ] + + # Scaling down - back to default autoscaling_min_size + autoscale_scheduled_down = [ + "cron(00 03 * * ? *)", + "cron(00 15 * * ? *)", + ] + + # Network + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + + # Environment variables + app_secrets = [ + ] + environment = { + } +} + diff --git a/examples/worker-scheduled-autoscale/output.tf b/examples/worker-scheduled-autoscale/output.tf new file mode 100644 index 0000000..839cf4b --- /dev/null +++ b/examples/worker-scheduled-autoscale/output.tf @@ -0,0 +1,20 @@ +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} + +output "private_subnet_cidrs" { + value = module.vpc.private_subnets_cidr_blocks +} + +output "cloudwatch_log_group" { + value = module.worker_scheduled.cloudwatch_log_group +} + +output "cloudwatch_event_rule_id" { + value = module.worker_scheduled.cloudwatch_event_rule_id +} + +output "ecs_cluster_name" { + value = module.ecs.cluster_name +} + diff --git a/examples/worker-scheduled-autoscale/variables.tf b/examples/worker-scheduled-autoscale/variables.tf new file mode 100644 index 0000000..7b9fd62 --- /dev/null +++ b/examples/worker-scheduled-autoscale/variables.tf @@ -0,0 +1,6 @@ +variable "env" {} +variable "namespace" {} +variable "aws_profile" {} +variable "aws_region" {} +variable "docker_registry" {} +variable "docker_image_tag" {} diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf index 67b9a4f..83eed51 100644 --- a/examples/worker-scheduled/main.tf +++ b/examples/worker-scheduled/main.tf @@ -1,41 +1,98 @@ -module "web_complete" { +# Versions +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.0" +} + +# Main +module "vpc" { + source = "registry.terraform.io/terraform-aws-modules/vpc/aws" + version = "~> 3.0" + + name = "${var.env}-vpc" + cidr = "10.0.0.0/16" + + azs = [ + "${var.aws_region}a" + ] + public_subnets = [ + "10.0.10.0/23" + ] + + private_subnets = [ + "10.0.20.0/23" + ] + + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" +} +resource "aws_security_group" "default_permissive" { + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id + + ingress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + + egress { + protocol = -1 + from_port = 0 + to_port = 0 + cidr_blocks = [ + "0.0.0.0/0" + ] + } + +} + +module "ecs" { + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" +} + +module "worker_scheduled" { source = "../.." name = "worker" app_type = "worker" env = var.env namespace = var.namespace - ecs_cluster_name = local.ecs_cluster_name public = false ecs_launch_type = "FARGATE" min_size = 1 max_size = 1 desired_capacity = 0 - memory = 2048 - cpu = 1024 # Containers - ecs_cluster_arn = module.ecs.cluster_arn - docker_registry = local.docker_registry - image_id = local.image_id - docker_image_tag = local.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag - docker_container_command = ["echo", "here-is-the-output"] - cloudwatch_schedule_expressions = ["cron(0 * * * ? *)"] + docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 + cloudwatch_schedule_expressions = ["cron(0 * * * ? *)"] # Network - vpc_id = local.vpc_id - public_subnets = local.public_subnets - private_subnets = local.private_subnets - security_groups = local.security_groups - root_domain_name = var.root_domain_name - zone_id = local.zone_id + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] # Environment variables app_secrets = [ ] - + environment = { + } } diff --git a/examples/worker-scheduled/output.tf b/examples/worker-scheduled/output.tf new file mode 100644 index 0000000..839cf4b --- /dev/null +++ b/examples/worker-scheduled/output.tf @@ -0,0 +1,20 @@ +output "vpc_cidr" { + value = module.vpc.vpc_cidr_block +} + +output "private_subnet_cidrs" { + value = module.vpc.private_subnets_cidr_blocks +} + +output "cloudwatch_log_group" { + value = module.worker_scheduled.cloudwatch_log_group +} + +output "cloudwatch_event_rule_id" { + value = module.worker_scheduled.cloudwatch_event_rule_id +} + +output "ecs_cluster_name" { + value = module.ecs.cluster_name +} + diff --git a/examples/worker-scheduled/variables.tf b/examples/worker-scheduled/variables.tf new file mode 100644 index 0000000..7b9fd62 --- /dev/null +++ b/examples/worker-scheduled/variables.tf @@ -0,0 +1,6 @@ +variable "env" {} +variable "namespace" {} +variable "aws_profile" {} +variable "aws_region" {} +variable "docker_registry" {} +variable "docker_image_tag" {} diff --git a/locals.tf b/locals.tf index ca3dd46..7167cc1 100644 --- a/locals.tf +++ b/locals.tf @@ -157,7 +157,7 @@ locals { backend_port = var.web_proxy_enabled ? var.web_proxy_docker_container_port : var.docker_container_port target_type = var.ecs_launch_type == "EC2" ? "instance" : "ip" deregistration_delay = var.alb_deregistration_delay - preserve_client_ip = true + preserve_client_ip = null # This is specified for compatibility with the tcp target groups. It's not actually used in a lookup. health_check = {