github.com/heimweh/terraform@v0.7.4/examples/aws-ecs-alb/main.tf (about) 1 # Specify the provider and access details 2 provider "aws" { 3 region = "${var.aws_region}" 4 } 5 6 ## EC2 7 8 ### Network 9 10 data "aws_availability_zones" "available" {} 11 12 resource "aws_vpc" "main" { 13 cidr_block = "10.10.0.0/16" 14 } 15 16 resource "aws_subnet" "main" { 17 count = "${var.az_count}" 18 cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}" 19 availability_zone = "${data.aws_availability_zones.available.names[count.index]}" 20 vpc_id = "${aws_vpc.main.id}" 21 } 22 23 resource "aws_internet_gateway" "gw" { 24 vpc_id = "${aws_vpc.main.id}" 25 } 26 27 resource "aws_route_table" "r" { 28 vpc_id = "${aws_vpc.main.id}" 29 route { 30 cidr_block = "0.0.0.0/0" 31 gateway_id = "${aws_internet_gateway.gw.id}" 32 } 33 } 34 35 resource "aws_route_table_association" "a" { 36 count = "${var.az_count}" 37 subnet_id = "${element(aws_subnet.main.*.id, count.index)}" 38 route_table_id = "${aws_route_table.r.id}" 39 } 40 41 ### Compute 42 43 resource "aws_autoscaling_group" "app" { 44 name = "tf-test-asg" 45 vpc_zone_identifier = ["${aws_subnet.main.*.id}"] 46 min_size = "${var.asg_min}" 47 max_size = "${var.asg_max}" 48 desired_capacity = "${var.asg_desired}" 49 launch_configuration = "${aws_launch_configuration.app.name}" 50 } 51 52 data "template_file" "cloud_config" { 53 template = "${file("${path.module}/cloud-config.yml")}" 54 vars { 55 aws_region = "${var.aws_region}" 56 ecs_cluster_name = "${aws_ecs_cluster.main.name}" 57 ecs_log_level = "info" 58 ecs_agent_version = "latest" 59 ecs_log_group_name = "${aws_cloudwatch_log_group.ecs.name}" 60 } 61 } 62 63 data "aws_ami" "stable_coreos" { 64 most_recent = true 65 filter { 66 name = "description" 67 values = ["CoreOS stable *"] 68 } 69 filter { 70 name = "architecture" 71 values = ["x86_64"] 72 } 73 filter { 74 name = "virtualization-type" 75 values = ["hvm"] 76 } 77 owners = ["595879546273"] # CoreOS 78 } 79 80 resource "aws_launch_configuration" "app" { 81 security_groups = [ 82 "${aws_security_group.instance_sg.id}" 83 ] 84 key_name = "${var.key_name}" 85 image_id = "${data.aws_ami.stable_coreos.id}" 86 instance_type = "${var.instance_type}" 87 iam_instance_profile = "${aws_iam_instance_profile.app.name}" 88 user_data = "${data.template_file.cloud_config.rendered}" 89 associate_public_ip_address = true 90 lifecycle { 91 create_before_destroy = true 92 } 93 } 94 95 ### Security 96 97 resource "aws_security_group" "lb_sg" { 98 description = "controls access to the application ELB" 99 100 vpc_id = "${aws_vpc.main.id}" 101 name = "tf-ecs-lbsg" 102 103 ingress { 104 protocol = "tcp" 105 from_port = 80 106 to_port = 80 107 cidr_blocks = ["0.0.0.0/0"] 108 } 109 110 egress { 111 from_port = 0 112 to_port = 0 113 protocol = "-1" 114 cidr_blocks = [ 115 "0.0.0.0/0" 116 ] 117 } 118 } 119 120 resource "aws_security_group" "instance_sg" { 121 description = "controls direct access to application instances" 122 vpc_id = "${aws_vpc.main.id}" 123 name = "tf-ecs-instsg" 124 125 ingress { 126 protocol = "tcp" 127 from_port = 22 128 to_port = 22 129 cidr_blocks = [ 130 "${var.admin_cidr_ingress}" 131 ] 132 } 133 ingress { 134 protocol = "tcp" 135 from_port = 8080 136 to_port = 8080 137 security_groups = [ 138 "${aws_security_group.lb_sg.id}" 139 ] 140 } 141 egress { 142 from_port = 0 143 to_port = 0 144 protocol = "-1" 145 cidr_blocks = ["0.0.0.0/0"] 146 } 147 } 148 149 150 ## ECS 151 152 resource "aws_ecs_cluster" "main" { 153 name = "terraform_example_ecs_cluster" 154 } 155 156 data "template_file" "task_definition" { 157 template = "${file("${path.module}/task-definition.json")}" 158 vars { 159 image_url = "ghost:latest" 160 container_name = "ghost" 161 log_group_region = "${var.aws_region}" 162 log_group_name = "${aws_cloudwatch_log_group.app.name}" 163 } 164 } 165 166 resource "aws_ecs_task_definition" "ghost" { 167 family = "tf_example_ghost_td" 168 container_definitions = "${data.template_file.task_definition.rendered}" 169 } 170 171 resource "aws_ecs_service" "test" { 172 name = "tf-example-ecs-ghost" 173 cluster = "${aws_ecs_cluster.main.id}" 174 task_definition = "${aws_ecs_task_definition.ghost.arn}" 175 desired_count = 1 176 iam_role = "${aws_iam_role.ecs_service.name}" 177 178 load_balancer { 179 target_group_arn = "${aws_alb_target_group.test.id}" 180 container_name = "ghost" 181 container_port = "2368" 182 } 183 184 depends_on = [ 185 "aws_iam_role_policy.ecs_service", 186 "aws_alb_listener.front_end" 187 ] 188 } 189 190 191 ## IAM 192 193 resource "aws_iam_role" "ecs_service" { 194 name = "tf_example_ecs_role" 195 assume_role_policy = <<EOF 196 { 197 "Version": "2008-10-17", 198 "Statement": [ 199 { 200 "Sid": "", 201 "Effect": "Allow", 202 "Principal": { 203 "Service": "ecs.amazonaws.com" 204 }, 205 "Action": "sts:AssumeRole" 206 } 207 ] 208 } 209 EOF 210 } 211 212 resource "aws_iam_role_policy" "ecs_service" { 213 name = "tf_example_ecs_policy" 214 role = "${aws_iam_role.ecs_service.name}" 215 policy = <<EOF 216 { 217 "Version": "2012-10-17", 218 "Statement": [ 219 { 220 "Effect": "Allow", 221 "Action": [ 222 "ec2:Describe*", 223 "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 224 "elasticloadbalancing:DeregisterTargets", 225 "elasticloadbalancing:Describe*", 226 "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 227 "elasticloadbalancing:RegisterTargets" 228 ], 229 "Resource": "*" 230 } 231 ] 232 } 233 EOF 234 } 235 236 resource "aws_iam_instance_profile" "app" { 237 name = "tf-ecs-instprofile" 238 roles = ["${aws_iam_role.app_instance.name}"] 239 } 240 241 resource "aws_iam_role" "app_instance" { 242 name = "tf-ecs-example-instance-role" 243 assume_role_policy = <<EOF 244 { 245 "Version": "2012-10-17", 246 "Statement": [ 247 { 248 "Sid": "", 249 "Effect": "Allow", 250 "Principal": { 251 "Service": "ec2.amazonaws.com" 252 }, 253 "Action": "sts:AssumeRole" 254 } 255 ] 256 } 257 EOF 258 } 259 260 data "template_file" "instance_profile" { 261 template = "${file("${path.module}/instance-profile-policy.json")}" 262 vars { 263 app_log_group_arn = "${aws_cloudwatch_log_group.app.arn}" 264 ecs_log_group_arn = "${aws_cloudwatch_log_group.ecs.arn}" 265 } 266 } 267 268 resource "aws_iam_role_policy" "instance" { 269 name = "TfEcsExampleInstanceRole" 270 role = "${aws_iam_role.app_instance.name}" 271 policy = "${data.template_file.instance_profile.rendered}" 272 } 273 274 ## ALB 275 276 resource "aws_alb_target_group" "test" { 277 name = "tf-example-ecs-ghost" 278 port = 80 279 protocol = "HTTP" 280 vpc_id = "${aws_vpc.main.id}" 281 } 282 283 resource "aws_alb" "main" { 284 name = "tf-example-alb-ecs" 285 subnets = ["${aws_subnet.main.*.id}"] 286 security_groups = ["${aws_security_group.lb_sg.id}"] 287 } 288 289 resource "aws_alb_listener" "front_end" { 290 load_balancer_arn = "${aws_alb.main.id}" 291 port = "80" 292 protocol = "HTTP" 293 294 default_action { 295 target_group_arn = "${aws_alb_target_group.test.id}" 296 type = "forward" 297 } 298 } 299 300 ## CloudWatch Logs 301 302 resource "aws_cloudwatch_log_group" "ecs" { 303 name = "tf-ecs-group/ecs-agent" 304 } 305 306 resource "aws_cloudwatch_log_group" "app" { 307 name = "tf-ecs-group/app-ghost" 308 }