-
-
Notifications
You must be signed in to change notification settings - Fork 41
/
nginx_config.tf
68 lines (62 loc) · 2.82 KB
/
nginx_config.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
////////////////////////////////////////////////////////[ NGINX CONFIGURATION ]///////////////////////////////////////////
# # ---------------------------------------------------------------------------------------------------------------------#
# Create SSM Document runShellScript to pull nginx configuration from CodeCommit
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_ssm_document" "codecommit_nginx" {
for_each = var.ec2
name = "${local.project}-codecommit-pull-nginx-${each.key}-config-changes"
document_type = "Command"
document_format = "YAML"
target_type = "/AWS::EC2::Instance"
content = <<EOT
---
schemaVersion: "2.2"
description: "Pull nginx ${each.key} configuration changes from CodeCommit"
parameters:
mainSteps:
- action: "aws:runShellScript"
name: "${var.app["brand"]}CodeCommitPullNginx${title(each.key)}ConfigChanges"
inputs:
runCommand:
- |-
#!/bin/bash
cd /etc/nginx
git fetch origin nginx_${each.key}
git reset --hard origin/nginx_${each.key}
git checkout -t origin/nginx_${each.key}
if nginx -t 2>/dev/null; then systemctl restart nginx; else exit 1; fi
EOT
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create EventBridge rule to monitor CodeCommit nginx branch state
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudwatch_event_rule" "codecommit_nginx" {
for_each = var.ec2
name = "${local.project}-Nginx-${title(each.key)}-Repo-State-Change"
description = "CloudWatch monitor nginx ${each.key} repository state change"
event_pattern = <<EOF
{
"source": ["aws.codecommit"],
"detail-type": ["CodeCommit Repository State Change"],
"resources": ["${aws_codecommit_repository.services.arn}"],
"detail": {
"referenceType": ["branch"],
"referenceName": ["nginx_${each.key}"]
}
}
EOF
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create EventBridge target to execute SSM Document
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudwatch_event_target" "codecommit_nginx" {
for_each = var.ec2
rule = aws_cloudwatch_event_rule.codecommit_nginx[each.key].name
target_id = "${local.project}-Nginx-${title(each.key)}-Config-Deployment-Script"
arn = aws_ssm_document.codecommit_nginx[each.key].arn
role_arn = aws_iam_role.eventbridge_service_role.arn
run_command_targets {
key = "tag:Name"
values = [aws_launch_template.this[each.key].tag_specifications[0].tags.Name]
}
}