ARC Mono Repo Test - ECS

skeleton/terraform/ecs/README.md

@@ -5,44 +5,48 @@
 AWS ECS for the SourceFuse DevOps Reference Architecture Infrastructure.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.87.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_ecs"></a> [ecs](#module\_ecs) | sourcefuse/arc-ecs/aws | 1.6.0 |
-| <a name="module_terraform-aws-arc-tags"></a> [terraform-aws-arc-tags](#module\_terraform-aws-arc-tags) | sourcefuse/arc-tags/aws | 1.2.7 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `"poc"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace for the resources. | `string` | n/a | yes |
-| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | Name of the project. | `string` | n/a | yes |
-| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | `"us-east-1"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | Name of the ECS Cluster |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.87.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_alb"></a> [alb](#module\_alb) | sourcefuse/arc-load-balancer/aws | 0.0.1 |
+| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | sourcefuse/arc-ecs/aws | 2.0.0 |
+| <a name="module_ecs_services"></a> [ecs\_services](#module\_ecs\_services) | sourcefuse/arc-ecs/aws | 2.0.0 |
+| <a name="module_tags"></a> [tags](#module\_tags) | sourcefuse/arc-tags/aws | 1.2.6 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment associated with the ECS service | `string` | n/a | yes |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace of the project, i.e. arc | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
+| <a name="input_subnet_names"></a> [subnet\_names](#input\_subnet\_names) | List of subnet names to lookup | `list(string)` | <pre>[<br>  "arc-poc-private-subnet-private-us-east-1a",<br>  "arc-poc-private-subnet-private-us-east-1b"<br>]</pre> | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Name of the VPC to add the resources | `string` | `"arc-poc-vpc"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_ecs_cluster_name"></a> [ecs\_cluster\_name](#output\_ecs\_cluster\_name) | The name of the ECS cluster |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

skeleton/terraform/ecs/container_definition.json.tftpl → skeleton/terraform/ecs/container/container_definition.json.tftpl

@@ -34,4 +34,4 @@
       }
     }
   }
-]
+]

skeleton/terraform/ecs/data.tf

@@ -1,10 +1,23 @@
-###############################################
-## imports
-################################################
-## network
-data "aws_vpc" "vpc" {
+# network
+data "aws_vpc" "default" {
   filter {
     name   = "tag:Name"
-    values = ["${var.namespace}-${var.environment}-vpc"]
+    values = var.vpc_name != null ? [var.vpc_name] : ["${var.namespace}-${var.environment}-vpc"]
+  }
+}
+
+data "aws_subnets" "private" {
+  filter {
+    name = "tag:Name"
+
+    ## try the created subnets from the upstream network module, or override with custom names
+    values = length(var.subnet_names) > 0 ? var.subnet_names : [
+      "${var.namespace}-${var.environment}-private-subnet-private-${var.region}a",
+      "${var.namespace}-${var.environment}-private-subnet-private-${var.region}b"
+    ]
+  }
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
   }
 }

skeleton/terraform/ecs/locals.tf

@@ -0,0 +1,202 @@
+locals {
+  security_group_name = "arc-alb-sg"
+
+  ecs_cluster = {
+    name                        = "arc-ecs-fargate-poc"
+    create                      = true
+    create_cloudwatch_log_group = true
+    service_connect_defaults    = {}
+    settings                    = []
+
+    configuration = {
+      execute_command_configuration = {
+        logging = "OVERRIDE"
+        log_configuration = {
+          log_group_name = "arc-poc-cluster-log-group-fargate"
+        }
+      }
+    }
+  }
+
+  capacity_provider = {
+    autoscaling_capacity_providers = {}
+    use_fargate                    = true
+    fargate_capacity_providers = {
+      fargate_cp = {
+        name = "FARGATE"
+      }
+    }
+  }
+  ecs_service = {
+    create = false
+  }
+
+  ############################### ECS Services ################################
+
+  ecs_services = {
+    service1 = {
+      ecs_cluster = {
+        create = false
+      }
+      ecs_service = {
+        cluster_name             = "arc-ecs-module-poc-1"
+        service_name             = "arc-ecs-module-service-poc-1"
+        repository_name          = "12345.dkr.ecr.us-east-1.amazonaws.com/arc/arc-poc-ecs"
+        ecs_subnets              = data.aws_subnets.private.ids
+        enable_load_balancer     = true
+        aws_lb_target_group_name = "arc-poc-alb-tg"
+        create                   = true
+      }
+
+      task = {
+        tasks_desired        = 1
+        launch_type          = "FARGATE"
+        network_mode         = "awsvpc"
+        compatibilities      = ["FARGATE"]
+        container_port       = 80
+        container_memory     = 1024
+        container_vcpu       = 256
+        container_definition = "container/container_definition.json.tftpl"
+      }
+
+      lb_data = {
+        listener_port     = 80
+        security_group_id = "sg-0eea352ca0628a2d1"
+      }
+    }
+  }
+
+  ############################### Load Balancer Config ################################
+
+  load_balancer_config = {
+    name                                        = "arc-load-balancer"
+    type                                        = "application"
+    enable_deletion_protection                  = false
+    enable_cross_zone_load_balancing            = true
+    enable_http2                                = false
+    enable_xff_client_port                      = false
+    enable_zonal_shift                          = false
+    preserve_host_header                        = false
+    enable_tls_version_and_cipher_suite_headers = false
+
+    subnet_mapping = [
+      { subnet_id = data.aws_subnets.private.ids[0] },
+      { subnet_id = data.aws_subnets.private.ids[1] }
+    ]
+
+    access_logs = {
+      enabled = false
+      bucket  = "alb-logs"
+      prefix  = "alb-logs"
+    }
+
+    connection_logs = {
+      enabled = false
+      bucket  = "connection-logs"
+      prefix  = "connection-logs"
+    }
+  }
+
+  ############################### Security Group Config ################################
+
+  security_group_data = {
+    create      = true
+    description = "Security Group for alb"
+
+    ingress_rules = [
+      {
+        description = "Allow VPC traffic"
+        cidr_block  = "0.0.0.0/0" # Ensure it's a string
+        from_port   = 443
+        ip_protocol = "tcp"
+        to_port     = 443
+      },
+      {
+        description = "Allow traffic from self"
+        self        = true
+        from_port   = 80
+        ip_protocol = "tcp"
+        to_port     = 80
+      }
+    ]
+
+    egress_rules = [
+      {
+        description = "Allow all outbound traffic"
+        cidr_block  = "0.0.0.0/0" # Ensure it's a string
+        from_port   = 0
+        ip_protocol = "-1"
+        to_port     = 0
+      }
+    ]
+  }
+
+  ############################### Target Group Config ################################
+
+  target_group_config = {
+    name        = "arc-poc-alb"
+    port        = 80
+    protocol    = "HTTP"
+    target_type = "ip"
+
+    health_check = {
+      enabled             = true
+      interval            = 30
+      path                = "/"
+      port                = 80
+      protocol            = "HTTP"
+      timeout             = 5
+      unhealthy_threshold = 3
+      healthy_threshold   = 2
+      matcher             = "200"
+    }
+  }
+
+  ############################### Default ALB Action ################################
+
+  default_action = [
+    {
+      type = "forward"
+      forward = {
+        target_groups = [{ weight = 20 }]
+        stickiness = {
+          duration = 300
+          enabled  = true
+        }
+      }
+    }
+  ]
+
+  ############################### ALB Listener ################################
+
+  alb_listener = {
+    port     = 88
+    protocol = "HTTP"
+  }
+
+  ############################### Listener Rules ################################
+
+  listener_rules = {
+    rule2 = {
+      priority = 999
+      actions = [
+        {
+          type  = "fixed-response"
+          order = 1
+          fixed_response = {
+            status_code  = "200"
+            content_type = "text/plain"
+            message_body = "OK"
+          }
+        }
+      ]
+      conditions = [
+        {
+          path_pattern = {
+            values = ["/status"]
+          }
+        }
+      ]
+    }
+  }
+}