github.com/candidpartners/terraform@v0.9.5-0.20171005231213-29f5f88820f6/examples/aws-ecs-alb/main.tf (about) 1 # Specify the provider and access details 2 provider "aws" { 3 region = "${var.aws_region}" 4 } 5 6 ## EC2 7 8 ### Network 9 10 data "aws_availability_zones" "available" {} 11 12 resource "aws_vpc" "main" { 13 cidr_block = "10.10.0.0/16" 14 } 15 16 resource "aws_subnet" "main" { 17 count = "${var.az_count}" 18 cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}" 19 availability_zone = "${data.aws_availability_zones.available.names[count.index]}" 20 vpc_id = "${aws_vpc.main.id}" 21 } 22 23 resource "aws_internet_gateway" "gw" { 24 vpc_id = "${aws_vpc.main.id}" 25 } 26 27 resource "aws_route_table" "r" { 28 vpc_id = "${aws_vpc.main.id}" 29 30 route { 31 cidr_block = "0.0.0.0/0" 32 gateway_id = "${aws_internet_gateway.gw.id}" 33 } 34 } 35 36 resource "aws_route_table_association" "a" { 37 count = "${var.az_count}" 38 subnet_id = "${element(aws_subnet.main.*.id, count.index)}" 39 route_table_id = "${aws_route_table.r.id}" 40 } 41 42 ### Compute 43 44 resource "aws_autoscaling_group" "app" { 45 name = "tf-test-asg" 46 vpc_zone_identifier = ["${aws_subnet.main.*.id}"] 47 min_size = "${var.asg_min}" 48 max_size = "${var.asg_max}" 49 desired_capacity = "${var.asg_desired}" 50 launch_configuration = "${aws_launch_configuration.app.name}" 51 } 52 53 data "template_file" "cloud_config" { 54 template = "${file("${path.module}/cloud-config.yml")}" 55 56 vars { 57 aws_region = "${var.aws_region}" 58 ecs_cluster_name = "${aws_ecs_cluster.main.name}" 59 ecs_log_level = "info" 60 ecs_agent_version = "latest" 61 ecs_log_group_name = "${aws_cloudwatch_log_group.ecs.name}" 62 } 63 } 64 65 data "aws_ami" "stable_coreos" { 66 most_recent = true 67 68 filter { 69 name = "description" 70 values = ["CoreOS stable *"] 71 } 72 73 filter { 74 name = "architecture" 75 values = ["x86_64"] 76 } 77 78 filter { 79 name = "virtualization-type" 80 values = ["hvm"] 81 } 82 83 owners = ["595879546273"] # CoreOS 84 } 85 86 resource "aws_launch_configuration" "app" { 87 security_groups = [ 88 "${aws_security_group.instance_sg.id}", 89 ] 90 91 key_name = "${var.key_name}" 92 image_id = "${data.aws_ami.stable_coreos.id}" 93 instance_type = "${var.instance_type}" 94 iam_instance_profile = "${aws_iam_instance_profile.app.name}" 95 user_data = "${data.template_file.cloud_config.rendered}" 96 associate_public_ip_address = true 97 98 lifecycle { 99 create_before_destroy = true 100 } 101 } 102 103 ### Security 104 105 resource "aws_security_group" "lb_sg" { 106 description = "controls access to the application ELB" 107 108 vpc_id = "${aws_vpc.main.id}" 109 name = "tf-ecs-lbsg" 110 111 ingress { 112 protocol = "tcp" 113 from_port = 80 114 to_port = 80 115 cidr_blocks = ["0.0.0.0/0"] 116 } 117 118 egress { 119 from_port = 0 120 to_port = 0 121 protocol = "-1" 122 123 cidr_blocks = [ 124 "0.0.0.0/0", 125 ] 126 } 127 } 128 129 resource "aws_security_group" "instance_sg" { 130 description = "controls direct access to application instances" 131 vpc_id = "${aws_vpc.main.id}" 132 name = "tf-ecs-instsg" 133 134 ingress { 135 protocol = "tcp" 136 from_port = 22 137 to_port = 22 138 139 cidr_blocks = [ 140 "${var.admin_cidr_ingress}", 141 ] 142 } 143 144 ingress { 145 protocol = "tcp" 146 from_port = 8080 147 to_port = 8080 148 149 security_groups = [ 150 "${aws_security_group.lb_sg.id}", 151 ] 152 } 153 154 egress { 155 from_port = 0 156 to_port = 0 157 protocol = "-1" 158 cidr_blocks = ["0.0.0.0/0"] 159 } 160 } 161 162 ## ECS 163 164 resource "aws_ecs_cluster" "main" { 165 name = "terraform_example_ecs_cluster" 166 } 167 168 data "template_file" "task_definition" { 169 template = "${file("${path.module}/task-definition.json")}" 170 171 vars { 172 image_url = "ghost:latest" 173 container_name = "ghost" 174 log_group_region = "${var.aws_region}" 175 log_group_name = "${aws_cloudwatch_log_group.app.name}" 176 } 177 } 178 179 resource "aws_ecs_task_definition" "ghost" { 180 family = "tf_example_ghost_td" 181 container_definitions = "${data.template_file.task_definition.rendered}" 182 } 183 184 resource "aws_ecs_service" "test" { 185 name = "tf-example-ecs-ghost" 186 cluster = "${aws_ecs_cluster.main.id}" 187 task_definition = "${aws_ecs_task_definition.ghost.arn}" 188 desired_count = 1 189 iam_role = "${aws_iam_role.ecs_service.name}" 190 191 load_balancer { 192 target_group_arn = "${aws_alb_target_group.test.id}" 193 container_name = "ghost" 194 container_port = "2368" 195 } 196 197 depends_on = [ 198 "aws_iam_role_policy.ecs_service", 199 "aws_alb_listener.front_end", 200 ] 201 } 202 203 ## IAM 204 205 resource "aws_iam_role" "ecs_service" { 206 name = "tf_example_ecs_role" 207 208 assume_role_policy = <<EOF 209 { 210 "Version": "2008-10-17", 211 "Statement": [ 212 { 213 "Sid": "", 214 "Effect": "Allow", 215 "Principal": { 216 "Service": "ecs.amazonaws.com" 217 }, 218 "Action": "sts:AssumeRole" 219 } 220 ] 221 } 222 EOF 223 } 224 225 resource "aws_iam_role_policy" "ecs_service" { 226 name = "tf_example_ecs_policy" 227 role = "${aws_iam_role.ecs_service.name}" 228 229 policy = <<EOF 230 { 231 "Version": "2012-10-17", 232 "Statement": [ 233 { 234 "Effect": "Allow", 235 "Action": [ 236 "ec2:Describe*", 237 "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 238 "elasticloadbalancing:DeregisterTargets", 239 "elasticloadbalancing:Describe*", 240 "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 241 "elasticloadbalancing:RegisterTargets" 242 ], 243 "Resource": "*" 244 } 245 ] 246 } 247 EOF 248 } 249 250 resource "aws_iam_instance_profile" "app" { 251 name = "tf-ecs-instprofile" 252 role = "${aws_iam_role.app_instance.name}" 253 } 254 255 resource "aws_iam_role" "app_instance" { 256 name = "tf-ecs-example-instance-role" 257 258 assume_role_policy = <<EOF 259 { 260 "Version": "2012-10-17", 261 "Statement": [ 262 { 263 "Sid": "", 264 "Effect": "Allow", 265 "Principal": { 266 "Service": "ec2.amazonaws.com" 267 }, 268 "Action": "sts:AssumeRole" 269 } 270 ] 271 } 272 EOF 273 } 274 275 data "template_file" "instance_profile" { 276 template = "${file("${path.module}/instance-profile-policy.json")}" 277 278 vars { 279 app_log_group_arn = "${aws_cloudwatch_log_group.app.arn}" 280 ecs_log_group_arn = "${aws_cloudwatch_log_group.ecs.arn}" 281 } 282 } 283 284 resource "aws_iam_role_policy" "instance" { 285 name = "TfEcsExampleInstanceRole" 286 role = "${aws_iam_role.app_instance.name}" 287 policy = "${data.template_file.instance_profile.rendered}" 288 } 289 290 ## ALB 291 292 resource "aws_alb_target_group" "test" { 293 name = "tf-example-ecs-ghost" 294 port = 80 295 protocol = "HTTP" 296 vpc_id = "${aws_vpc.main.id}" 297 } 298 299 resource "aws_alb" "main" { 300 name = "tf-example-alb-ecs" 301 subnets = ["${aws_subnet.main.*.id}"] 302 security_groups = ["${aws_security_group.lb_sg.id}"] 303 } 304 305 resource "aws_alb_listener" "front_end" { 306 load_balancer_arn = "${aws_alb.main.id}" 307 port = "80" 308 protocol = "HTTP" 309 310 default_action { 311 target_group_arn = "${aws_alb_target_group.test.id}" 312 type = "forward" 313 } 314 } 315 316 ## CloudWatch Logs 317 318 resource "aws_cloudwatch_log_group" "ecs" { 319 name = "tf-ecs-group/ecs-agent" 320 } 321 322 resource "aws_cloudwatch_log_group" "app" { 323 name = "tf-ecs-group/app-ghost" 324 }