forked from cloudposse/terraform-aws-ecs-web-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
292 lines (250 loc) · 13.8 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
data "aws_region" "current" {}
module "ecr" {
source = "cloudposse/ecr/aws"
version = "0.34.0"
enabled = var.codepipeline_enabled
attributes = ["ecr"]
scan_images_on_push = var.ecr_scan_images_on_push
image_tag_mutability = var.ecr_image_tag_mutability
context = module.this.context
}
resource "aws_cloudwatch_log_group" "app" {
count = var.cloudwatch_log_group_enabled ? 1 : 0
name = module.this.id
tags = module.this.tags
retention_in_days = var.log_retention_in_days
}
module "alb_ingress" {
source = "cloudposse/alb-ingress/aws"
version = "0.24.2"
vpc_id = var.vpc_id
port = var.container_port
health_check_path = var.alb_ingress_healthcheck_path
health_check_protocol = var.alb_ingress_healthcheck_protocol
health_check_healthy_threshold = var.alb_ingress_health_check_healthy_threshold
health_check_interval = var.alb_ingress_health_check_interval
health_check_matcher = var.alb_ingress_health_check_matcher
health_check_timeout = var.alb_ingress_health_check_timeout
health_check_unhealthy_threshold = var.alb_ingress_health_check_unhealthy_threshold
default_target_group_enabled = var.alb_ingress_enable_default_target_group
target_group_arn = var.alb_ingress_target_group_arn
authenticated_paths = var.alb_ingress_authenticated_paths
unauthenticated_paths = var.alb_ingress_unauthenticated_paths
authenticated_hosts = var.alb_ingress_authenticated_hosts
unauthenticated_hosts = var.alb_ingress_unauthenticated_hosts
authenticated_priority = var.alb_ingress_listener_authenticated_priority
unauthenticated_priority = var.alb_ingress_listener_unauthenticated_priority
unauthenticated_listener_arns = var.alb_ingress_unauthenticated_listener_arns
authenticated_listener_arns = var.alb_ingress_authenticated_listener_arns
authentication_type = var.authentication_type
authentication_cognito_user_pool_arn = var.authentication_cognito_user_pool_arn
authentication_cognito_user_pool_client_id = var.authentication_cognito_user_pool_client_id
authentication_cognito_user_pool_domain = var.authentication_cognito_user_pool_domain
authentication_cognito_scope = var.authentication_cognito_scope
authentication_oidc_client_id = var.authentication_oidc_client_id
authentication_oidc_client_secret = var.authentication_oidc_client_secret
authentication_oidc_issuer = var.authentication_oidc_issuer
authentication_oidc_authorization_endpoint = var.authentication_oidc_authorization_endpoint
authentication_oidc_token_endpoint = var.authentication_oidc_token_endpoint
authentication_oidc_user_info_endpoint = var.authentication_oidc_user_info_endpoint
authentication_oidc_scope = var.authentication_oidc_scope
stickiness_cookie_duration = var.alb_stickiness_cookie_duration
stickiness_enabled = var.alb_stickiness_enabled
stickiness_type = var.alb_stickiness_type
context = module.this.context
}
module "container_definition" {
source = "cloudposse/ecs-container-definition/aws"
version = "0.58.1"
container_name = module.this.id
container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image
container_memory = var.container_memory
container_memory_reservation = var.container_memory_reservation
container_cpu = var.container_cpu
start_timeout = var.container_start_timeout
stop_timeout = var.container_stop_timeout
healthcheck = var.healthcheck
environment = var.container_environment
map_environment = var.map_container_environment
port_mappings = var.port_mappings
privileged = var.privileged
secrets = var.secrets
system_controls = var.system_controls
ulimits = var.ulimits
entrypoint = var.entrypoint
command = var.command
mount_points = var.mount_points
container_depends_on = local.container_depends_on
repository_credentials = var.container_repo_credentials
log_configuration = var.cloudwatch_log_group_enabled ? {
logDriver = var.log_driver
options = {
"awslogs-region" = coalesce(var.aws_logs_region, data.aws_region.current.name)
"awslogs-group" = join("", aws_cloudwatch_log_group.app.*.name)
"awslogs-stream-prefix" = var.aws_logs_prefix == "" ? module.this.name : var.aws_logs_prefix
}
secretOptions = null
} : null
}
locals {
alb = {
container_name = coalesce(var.alb_container_name, module.this.id)
container_port = var.container_port
elb_name = null
target_group_arn = module.alb_ingress.target_group_arn
}
nlb = {
container_name = coalesce(var.nlb_container_name, module.this.id)
container_port = var.nlb_container_port
elb_name = null
target_group_arn = var.nlb_ingress_target_group_arn
}
# Note(austin) - the nlb port defaults to 80, so if we've changed that, add a second load_balancer block
# This removes a dependency on the arn being unknown during planning and blocking an upstream usage of count
# See comments in https://github.com/Unstructured-IO/devops/pull/147
#load_balancers = var.nlb_ingress_target_group_arn != "" ? [local.alb, local.nlb] : [local.alb]
load_balancers = var.nlb_container_port != 80 ? [local.alb, local.nlb] : [local.alb]
init_container_definitions = [
for init_container in var.init_containers : lookup(init_container, "container_definition")
]
container_depends_on = [
for init_container in var.init_containers :
{
containerName = lookup(jsondecode(init_container.container_definition), "name"),
condition = init_container.condition
}
]
# override container_definition if var.container_definition is supplied
main_container_definition = coalesce(var.container_definition, module.container_definition.json_map_encoded)
# combine all container definitions
all_container_definitions = "[${join(",", concat(local.init_container_definitions, [local.main_container_definition]))}]"
}
module "ecs_alb_service_task" {
source = "github.com/Unstructured-IO/terraform-aws-ecs-alb-service-task"
alb_security_group = var.alb_security_group
use_alb_security_group = var.use_alb_security_group
nlb_cidr_blocks = var.nlb_cidr_blocks
use_nlb_cidr_blocks = var.use_nlb_cidr_blocks
container_definition_json = local.all_container_definitions
desired_count = var.desired_count
ignore_changes_desired_count = var.ignore_changes_desired_count
health_check_grace_period_seconds = var.health_check_grace_period_seconds
network_mode = var.network_mode
task_cpu = coalesce(var.task_cpu, var.container_cpu)
task_memory = coalesce(var.task_memory, var.container_memory)
ignore_changes_task_definition = var.ignore_changes_task_definition
ecs_cluster_arn = var.ecs_cluster_arn
capacity_provider_strategies = var.capacity_provider_strategies
service_registries = var.service_registries
launch_type = var.launch_type
enable_all_egress_rule = var.enable_all_egress_rule
platform_version = var.platform_version
vpc_id = var.vpc_id
assign_public_ip = var.assign_public_ip
security_group_ids = var.ecs_security_group_ids
subnet_ids = var.ecs_private_subnet_ids
container_port = var.container_port
nlb_container_port = var.nlb_container_port
docker_volumes = var.volumes
ecs_load_balancers = local.load_balancers
deployment_controller_type = var.deployment_controller_type
force_new_deployment = var.force_new_deployment
exec_enabled = var.exec_enabled
task_policy_arns = var.task_policy_arns
task_role_arn = var.task_role_arn
propagate_tags = var.propagate_tags
enable_ecs_managed_tags = var.enable_ecs_managed_tags
circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled
circuit_breaker_rollback_enabled = var.circuit_breaker_rollback_enabled
permissions_boundary = var.permissions_boundary
runtime_platform = var.runtime_platform
context = module.this.context
}
module "ecs_cloudwatch_autoscaling" {
enabled = var.autoscaling_enabled
source = "cloudposse/ecs-cloudwatch-autoscaling/aws"
version = "0.7.3"
name = var.name
namespace = var.namespace
stage = var.stage
attributes = var.attributes
service_name = module.ecs_alb_service_task.service_name
cluster_name = var.ecs_cluster_name
min_capacity = var.autoscaling_min_capacity
max_capacity = var.autoscaling_max_capacity
scale_down_adjustment = var.autoscaling_scale_down_adjustment
scale_down_cooldown = var.autoscaling_scale_down_cooldown
scale_up_adjustment = var.autoscaling_scale_up_adjustment
scale_up_cooldown = var.autoscaling_scale_up_cooldown
}
locals {
cpu_utilization_high_alarm_actions = var.autoscaling_enabled && var.autoscaling_dimension == "cpu" ? module.ecs_cloudwatch_autoscaling.scale_up_policy_arn : ""
cpu_utilization_low_alarm_actions = var.autoscaling_enabled && var.autoscaling_dimension == "cpu" ? module.ecs_cloudwatch_autoscaling.scale_down_policy_arn : ""
memory_utilization_high_alarm_actions = var.autoscaling_enabled && var.autoscaling_dimension == "memory" ? module.ecs_cloudwatch_autoscaling.scale_up_policy_arn : ""
memory_utilization_low_alarm_actions = var.autoscaling_enabled && var.autoscaling_dimension == "memory" ? module.ecs_cloudwatch_autoscaling.scale_down_policy_arn : ""
}
module "ecs_cloudwatch_sns_alarms" {
source = "cloudposse/ecs-cloudwatch-sns-alarms/aws"
version = "0.12.2"
enabled = var.ecs_alarms_enabled
cluster_name = var.ecs_cluster_name
service_name = module.ecs_alb_service_task.service_name
cpu_utilization_high_threshold = var.ecs_alarms_cpu_utilization_high_threshold
cpu_utilization_high_evaluation_periods = var.ecs_alarms_cpu_utilization_high_evaluation_periods
cpu_utilization_high_period = var.ecs_alarms_cpu_utilization_high_period
cpu_utilization_high_alarm_actions = compact(
concat(
var.ecs_alarms_cpu_utilization_high_alarm_actions,
[local.cpu_utilization_high_alarm_actions],
)
)
cpu_utilization_high_ok_actions = var.ecs_alarms_cpu_utilization_high_ok_actions
cpu_utilization_low_threshold = var.ecs_alarms_cpu_utilization_low_threshold
cpu_utilization_low_evaluation_periods = var.ecs_alarms_cpu_utilization_low_evaluation_periods
cpu_utilization_low_period = var.ecs_alarms_cpu_utilization_low_period
cpu_utilization_low_alarm_actions = compact(
concat(
var.ecs_alarms_cpu_utilization_low_alarm_actions,
[local.cpu_utilization_low_alarm_actions],
)
)
cpu_utilization_low_ok_actions = var.ecs_alarms_cpu_utilization_low_ok_actions
memory_utilization_high_threshold = var.ecs_alarms_memory_utilization_high_threshold
memory_utilization_high_evaluation_periods = var.ecs_alarms_memory_utilization_high_evaluation_periods
memory_utilization_high_period = var.ecs_alarms_memory_utilization_high_period
memory_utilization_high_alarm_actions = compact(
concat(
var.ecs_alarms_memory_utilization_high_alarm_actions,
[local.memory_utilization_high_alarm_actions],
)
)
memory_utilization_high_ok_actions = var.ecs_alarms_memory_utilization_high_ok_actions
memory_utilization_low_threshold = var.ecs_alarms_memory_utilization_low_threshold
memory_utilization_low_evaluation_periods = var.ecs_alarms_memory_utilization_low_evaluation_periods
memory_utilization_low_period = var.ecs_alarms_memory_utilization_low_period
memory_utilization_low_alarm_actions = compact(
concat(
var.ecs_alarms_memory_utilization_low_alarm_actions,
[local.memory_utilization_low_alarm_actions],
)
)
memory_utilization_low_ok_actions = var.ecs_alarms_memory_utilization_low_ok_actions
context = module.this.context
}
module "alb_target_group_cloudwatch_sns_alarms" {
source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws"
version = "0.17.0"
enabled = var.alb_target_group_alarms_enabled
alarm_actions = var.alb_target_group_alarms_alarm_actions
ok_actions = var.alb_target_group_alarms_ok_actions
insufficient_data_actions = var.alb_target_group_alarms_insufficient_data_actions
alb_arn_suffix = var.alb_arn_suffix
target_group_arn_suffix = module.alb_ingress.target_group_arn_suffix
target_3xx_count_threshold = var.alb_target_group_alarms_3xx_threshold
target_4xx_count_threshold = var.alb_target_group_alarms_4xx_threshold
target_5xx_count_threshold = var.alb_target_group_alarms_5xx_threshold
target_response_time_threshold = var.alb_target_group_alarms_response_time_threshold
period = var.alb_target_group_alarms_period
evaluation_periods = var.alb_target_group_alarms_evaluation_periods
context = module.this.context
}