From a501645ca807ffa82e6415619acb9bc610004b01 Mon Sep 17 00:00:00 2001 From: Nick V Date: Fri, 19 Feb 2021 05:17:13 +0300 Subject: [PATCH] init commit for v0.12 with containername support --- autoscaling.tf | 67 +++++++++++++++++++++++----------------------- define-policies.tf | 64 ++++++++++++++++++++++--------------------- ecs-cluster-ec2.tf | 33 ++++++++++++----------- ecs-cluster.tf | 62 ++++++++++++++++++++++++------------------ main.tf | 8 +++--- output.tf | 42 +++++++++++++++++++---------- security-group.tf | 23 +++++++++++----- variables.tf | 24 +++++++++-------- versions.tf | 4 +++ 9 files changed, 189 insertions(+), 138 deletions(-) create mode 100644 versions.tf diff --git a/autoscaling.tf b/autoscaling.tf index 6918fac..e5f297a 100644 --- a/autoscaling.tf +++ b/autoscaling.tf @@ -7,14 +7,14 @@ resource "aws_cloudwatch_metric_alarm" "cpu-high" { evaluation_periods = "1" namespace = "AWS/ECS" period = "60" - threshold = "${var.autoscaling_cpu_high_threshold}" + threshold = var.autoscaling_cpu_high_threshold - dimensions { - ClusterName = "${local.ecs_cluster_name}" + dimensions = { + ClusterName = local.ecs_cluster_name ServiceName = "${var.service}-${var.environment}" } - alarm_actions = ["${aws_appautoscaling_policy.scale_policy_high.arn}"] + alarm_actions = [aws_appautoscaling_policy.scale_policy_high.arn] } resource "aws_cloudwatch_metric_alarm" "cpu-low" { @@ -26,14 +26,14 @@ resource "aws_cloudwatch_metric_alarm" "cpu-low" { evaluation_periods = "2" namespace = "AWS/ECS" period = "60" - threshold = "${var.autoscaling_cpu_low_threshold}" + threshold = var.autoscaling_cpu_low_threshold - dimensions { - ClusterName = "${local.ecs_cluster_name}" + dimensions = { + ClusterName = local.ecs_cluster_name ServiceName = "${var.service}-${var.environment}" } - alarm_actions = ["${aws_appautoscaling_policy.scale_policy_low.arn}"] + alarm_actions = [aws_appautoscaling_policy.scale_policy_low.arn] } resource "aws_cloudwatch_metric_alarm" "cpu-high_ec2" { @@ -45,14 +45,14 @@ resource "aws_cloudwatch_metric_alarm" "cpu-high_ec2" { evaluation_periods = "1" namespace = "AWS/EC2" period = "60" - threshold = "${var.autoscaling_cpu_high_threshold}" + threshold = var.autoscaling_cpu_high_threshold - dimensions { - AutoScalingGroupName = "${aws_autoscaling_group.autoscaling-group.name}" + dimensions = { + AutoScalingGroupName = aws_autoscaling_group.autoscaling-group[0].name } - count = "${var.launch_type == "FARGATE" ? 0 : 1}" - alarm_actions = ["${aws_autoscaling_policy.scale_policy_high_ec2.arn}"] + count = var.launch_type == "FARGATE" ? 0 : 1 + alarm_actions = [aws_autoscaling_policy.scale_policy_high_ec2[0].arn] } resource "aws_cloudwatch_metric_alarm" "cpu-low_ec2" { @@ -64,14 +64,14 @@ resource "aws_cloudwatch_metric_alarm" "cpu-low_ec2" { evaluation_periods = "2" namespace = "AWS/EC2" period = "60" - threshold = "${var.autoscaling_cpu_low_threshold}" + threshold = var.autoscaling_cpu_low_threshold - dimensions { - AutoScalingGroupName = "${aws_autoscaling_group.autoscaling-group.name}" + dimensions = { + AutoScalingGroupName = aws_autoscaling_group.autoscaling-group[0].name } - count = "${var.launch_type == "FARGATE" ? 0 : 1}" - alarm_actions = ["${aws_autoscaling_policy.scale_policy_low_ec2.arn}"] + count = var.launch_type == "FARGATE" ? 0 : 1 + alarm_actions = [aws_autoscaling_policy.scale_policy_low_ec2[0].arn] } resource "aws_appautoscaling_policy" "scale_policy_high" { @@ -92,7 +92,7 @@ resource "aws_appautoscaling_policy" "scale_policy_high" { } } - depends_on = ["aws_appautoscaling_target.ecs_target"] + depends_on = [aws_appautoscaling_target.ecs_target] } resource "aws_appautoscaling_policy" "scale_policy_low" { @@ -113,12 +113,12 @@ resource "aws_appautoscaling_policy" "scale_policy_low" { } } - depends_on = ["aws_appautoscaling_target.ecs_target"] + depends_on = [aws_appautoscaling_target.ecs_target] } resource "aws_appautoscaling_target" "ecs_target" { - max_capacity = "${var.autoscaling_max_capacity}" - min_capacity = "${var.autoscaling_min_capacity}" + max_capacity = var.autoscaling_max_capacity + min_capacity = var.autoscaling_min_capacity resource_id = "service/${local.ecs_cluster_name}/${aws_ecs_service.this.name}" ### https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-service-linked-roles.html @@ -133,8 +133,8 @@ resource "aws_autoscaling_policy" "scale_policy_high_ec2" { scaling_adjustment = 1 adjustment_type = "ChangeInCapacity" cooldown = 300 - autoscaling_group_name = "${aws_autoscaling_group.autoscaling-group.name}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + autoscaling_group_name = aws_autoscaling_group.autoscaling-group[0].name + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_autoscaling_policy" "scale_policy_low_ec2" { @@ -142,19 +142,19 @@ resource "aws_autoscaling_policy" "scale_policy_low_ec2" { scaling_adjustment = -1 adjustment_type = "ChangeInCapacity" cooldown = 300 - autoscaling_group_name = "${aws_autoscaling_group.autoscaling-group.name}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + autoscaling_group_name = aws_autoscaling_group.autoscaling-group[0].name + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_autoscaling_group" "autoscaling-group" { name = "${var.environment}-${var.service}-autoscaling-group" - max_size = "${var.autoscaling_max_capacity}" - min_size = "${var.autoscaling_min_capacity}" - desired_capacity = "${var.autoscaling_min_capacity}" + max_size = var.autoscaling_max_capacity + min_size = var.autoscaling_min_capacity + desired_capacity = var.autoscaling_min_capacity - availability_zones = ["${var.availability_zones}"] - vpc_zone_identifier = ["${var.subnets}"] - launch_configuration = "${aws_launch_configuration.launch-configuration_ec2.name}" + availability_zones = var.availability_zones + vpc_zone_identifier = var.subnets + launch_configuration = aws_launch_configuration.launch-configuration_ec2[0].name health_check_type = "ELB" tag { @@ -163,5 +163,6 @@ resource "aws_autoscaling_group" "autoscaling-group" { propagate_at_launch = true } - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + count = var.launch_type == "FARGATE" ? 0 : 1 } + diff --git a/define-policies.tf b/define-policies.tf index e1b0a29..6a13b7f 100644 --- a/define-policies.tf +++ b/define-policies.tf @@ -39,13 +39,13 @@ data "aws_iam_policy_document" "ecs-service-allow-elb" { resource "aws_iam_policy" "ecs-service-allow-ec2" { name = "ecs-service-allow-ec2-${var.project}-${var.service}-${var.environment}" description = "ECS Service policy to access EC2" - policy = "${data.aws_iam_policy_document.ecs-service-allow-ec2.json}" + policy = data.aws_iam_policy_document.ecs-service-allow-ec2.json } resource "aws_iam_policy" "ecs-service-allow-elb" { name = "ecs-service-allow-elb-${var.project}-${var.service}-${var.environment}" description = "ECS Service policy to access ELB" - policy = "${data.aws_iam_policy_document.ecs-service-allow-elb.json}" + policy = data.aws_iam_policy_document.ecs-service-allow-elb.json } resource "aws_iam_role" "ecs-service" { @@ -67,8 +67,9 @@ resource "aws_iam_role" "ecs-service" { } EOF - count = "${var.launch_type == "FARGATE" ? 1 : 0}" - tags = "${merge(local.default_tags, var.tags)}" + + count = var.launch_type == "FARGATE" ? 1 : 0 + tags = merge(local.default_tags, var.tags) } resource "aws_iam_role" "ecs-service-ec2" { @@ -81,7 +82,7 @@ resource "aws_iam_role" "ecs-service-ec2" { { "Action": "sts:AssumeRole", "Principal": { - "Service": "ec2.amazonaws.com${data.aws_partition.current.partition == "aws-cn" ? ".cn" : "" }" + "Service": "ec2.amazonaws.com${data.aws_partition.current.partition == "aws-cn" ? ".cn" : ""}" }, "Effect": "Allow", "Sid": "" @@ -90,44 +91,45 @@ resource "aws_iam_role" "ecs-service-ec2" { } EOF - count = "${var.launch_type == "FARGATE" ? 0 : 1}" - tags = "${merge(local.default_tags, var.tags)}" + + count = var.launch_type == "FARGATE" ? 0 : 1 + tags = merge(local.default_tags, var.tags) } resource "aws_iam_role_policy_attachment" "this_ec2" { policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" - role = "${aws_iam_role.ecs-service-ec2.name}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + role = aws_iam_role.ecs-service-ec2[0].name + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_iam_role_policy_attachment" "this_default_ecs_ec2" { policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" - role = "${aws_iam_role.ecs-service-ec2.name}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + role = aws_iam_role.ecs-service-ec2[0].name + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_iam_role_policy_attachment" "attach-allow-ec2_ec2" { - role = "${aws_iam_role.ecs-service-ec2.name}" - policy_arn = "${aws_iam_policy.ecs-service-allow-ec2.arn}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + role = aws_iam_role.ecs-service-ec2[0].name + policy_arn = aws_iam_policy.ecs-service-allow-ec2.arn + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_iam_role_policy_attachment" "attach-allow-elb_ec2" { - role = "${aws_iam_role.ecs-service-ec2.name}" - policy_arn = "${aws_iam_policy.ecs-service-allow-elb.arn}" - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + role = aws_iam_role.ecs-service-ec2[0].name + policy_arn = aws_iam_policy.ecs-service-allow-elb.arn + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_iam_role_policy_attachment" "attach-allow-ec2" { - role = "${aws_iam_role.ecs-service.name}" - policy_arn = "${aws_iam_policy.ecs-service-allow-ec2.arn}" - count = "${var.launch_type == "FARGATE" ? 1 : 0}" + role = aws_iam_role.ecs-service[0].name + policy_arn = aws_iam_policy.ecs-service-allow-ec2.arn + count = var.launch_type == "FARGATE" ? 1 : 0 } resource "aws_iam_role_policy_attachment" "attach-allow-elb" { - role = "${aws_iam_role.ecs-service.name}" - policy_arn = "${aws_iam_policy.ecs-service-allow-elb.arn}" - count = "${var.launch_type == "FARGATE" ? 1 : 0}" + role = aws_iam_role.ecs-service[0].name + policy_arn = aws_iam_policy.ecs-service-allow-elb.arn + count = var.launch_type == "FARGATE" ? 1 : 0 } # data "aws_iam_role" "ecs-task-execution" { @@ -169,13 +171,13 @@ data "aws_iam_policy_document" "ecs-task-access-cloudwatch" { resource "aws_iam_policy" "ecs-task-access-ecr" { name = "ecs-task-allow-ec2-${var.project}-${var.service}-${var.environment}" description = "ECS task policy to access ECR" - policy = "${data.aws_iam_policy_document.ecs-task-access-ecr.json}" + policy = data.aws_iam_policy_document.ecs-task-access-ecr.json } resource "aws_iam_policy" "ecs-task-access-cloudwatch" { name = "ecs-task-allow-elb-${var.project}-${var.service}-${var.environment}" description = "ECS task policy to access CloudWatch" - policy = "${data.aws_iam_policy_document.ecs-task-access-cloudwatch.json}" + policy = data.aws_iam_policy_document.ecs-task-access-cloudwatch.json } resource "aws_iam_role" "ecs-task-execution" { @@ -197,15 +199,17 @@ resource "aws_iam_role" "ecs-task-execution" { } EOF - tags = "${merge(local.default_tags, var.tags)}" + + tags = merge(local.default_tags, var.tags) } resource "aws_iam_role_policy_attachment" "attach-allow-ecr" { - role = "${aws_iam_role.ecs-task-execution.name}" - policy_arn = "${aws_iam_policy.ecs-task-access-ecr.arn}" + role = aws_iam_role.ecs-task-execution.name + policy_arn = aws_iam_policy.ecs-task-access-ecr.arn } resource "aws_iam_role_policy_attachment" "attach-allow-cw" { - role = "${aws_iam_role.ecs-task-execution.name}" - policy_arn = "${aws_iam_policy.ecs-task-access-cloudwatch.arn}" + role = aws_iam_role.ecs-task-execution.name + policy_arn = aws_iam_policy.ecs-task-access-cloudwatch.arn } + diff --git a/ecs-cluster-ec2.tf b/ecs-cluster-ec2.tf index 4b0b047..7053ee5 100644 --- a/ecs-cluster-ec2.tf +++ b/ecs-cluster-ec2.tf @@ -1,19 +1,19 @@ data "aws_ami" "ecs_optimized_ami" { - most_recent = true - owners = ["amazon"] + most_recent = true + owners = ["amazon"] filter { - name = "name" + name = "name" values = ["amzn2-ami-ecs-*"] } filter { - name = "root-device-type" + name = "root-device-type" values = ["ebs"] } filter { - name = "virtualization-type" + name = "virtualization-type" values = ["hvm"] } } @@ -21,25 +21,25 @@ data "aws_ami" "ecs_optimized_ami" { resource "aws_iam_instance_profile" "ecs-instance-profile_ec2" { name = "${var.environment}-${var.service}-instance-profile" path = "/" - role = "${aws_iam_role.ecs-service-ec2.id}" + role = aws_iam_role.ecs-service-ec2[0].id provisioner "local-exec" { command = "sleep 60" } - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + count = var.launch_type == "FARGATE" ? 0 : 1 } resource "aws_launch_configuration" "launch-configuration_ec2" { name_prefix = "${var.environment}-${var.service}-launch-configuration-" - image_id = "${data.aws_ami.ecs_optimized_ami.id}" - instance_type = "${var.instance_type}" - iam_instance_profile = "${aws_iam_instance_profile.ecs-instance-profile_ec2.id}" - key_name = "${var.key-pair-name}" + image_id = data.aws_ami.ecs_optimized_ami.id + instance_type = var.instance_type + iam_instance_profile = aws_iam_instance_profile.ecs-instance-profile_ec2[0].id + key_name = var.key-pair-name root_block_device { - volume_type = "${var.volume_type}" - volume_size = "${var.volume_size}" + volume_type = var.volume_type + volume_size = var.volume_size delete_on_termination = true } @@ -53,7 +53,10 @@ resource "aws_launch_configuration" "launch-configuration_ec2" { #!/bin/bash -xe echo "ECS_CLUSTER=${local.ecs_cluster_name}" >> /etc/ecs/ecs.config start ecs - EOF + +EOF - count = "${var.launch_type == "FARGATE" ? 0 : 1}" + + count = var.launch_type == "FARGATE" ? 0 : 1 } + diff --git a/ecs-cluster.tf b/ecs-cluster.tf index cb5b643..b07364e 100644 --- a/ecs-cluster.tf +++ b/ecs-cluster.tf @@ -1,61 +1,71 @@ resource "aws_ecs_cluster" "this" { - count = "${var.use_existant_cluster ? 0 : 1 }" + count = var.use_existant_cluster ? 0 : 1 name = "${var.project}-${var.environment}" - tags = "${merge(local.default_tags, var.tags)}" + tags = merge(local.default_tags, var.tags) } data "aws_ecs_cluster" "this" { - count = "${var.use_existant_cluster ? 1 : 0 }" - cluster_name = "${var.ecs_cluster_name == "none" ? "${var.project}-${var.environment}" : var.ecs_cluster_name}" + count = var.use_existant_cluster ? 1 : 0 + cluster_name = var.ecs_cluster_name == "none" ? "${var.project}-${var.environment}" : var.ecs_cluster_name } locals { - ecs_cluster_id = "${element(concat(aws_ecs_cluster.this.*.id, list(var.ecs_cluster_id)), 0)}" - ecs_cluster_arn = "${element(concat(aws_ecs_cluster.this.*.arn, data.aws_ecs_cluster.this.*.arn), 0)}" - ecs_cluster_name = "${element(concat(aws_ecs_cluster.this.*.name, data.aws_ecs_cluster.this.*.cluster_name), 0)}" + ecs_cluster_id = element(concat(aws_ecs_cluster.this.*.id, [var.ecs_cluster_id]), 0) + ecs_cluster_arn = element( + concat(aws_ecs_cluster.this.*.arn, data.aws_ecs_cluster.this.*.arn), + 0, + ) + ecs_cluster_name = element( + concat( + aws_ecs_cluster.this.*.name, + data.aws_ecs_cluster.this.*.cluster_name, + ), + 0, + ) } resource "aws_ecs_task_definition" "this" { family = "${var.service}-${var.environment}" - requires_compatibilities = ["${var.launch_type == "FARGATE" ? "FARGATE" : "EC2"}"] - cpu = "${var.container_cpu}" - memory = "${var.container_memory}" + requires_compatibilities = [var.launch_type == "FARGATE" ? "FARGATE" : "EC2"] + cpu = var.container_cpu + memory = var.container_memory network_mode = "awsvpc" - execution_role_arn = "${aws_iam_role.ecs-task-execution.arn}" - task_role_arn = "${var.task_role_arn}" - container_definitions = "${var.container_definitions}" - tags = "${merge(local.default_tags, var.tags)}" + execution_role_arn = aws_iam_role.ecs-task-execution.arn + task_role_arn = var.task_role_arn + container_definitions = var.container_definitions + tags = merge(local.default_tags, var.tags) } data "aws_security_group" "this" { - id = "${module.security-group.this_security_group_id}" + id = module.security-group.this_security_group_id } resource "aws_ecs_service" "this" { name = "${var.service}-${var.environment}" - cluster = "${local.ecs_cluster_id}" - task_definition = "${aws_ecs_task_definition.this.arn}" - launch_type = "${var.launch_type}" + cluster = local.ecs_cluster_id + task_definition = aws_ecs_task_definition.this.arn + launch_type = var.launch_type deployment_maximum_percent = "200" deployment_minimum_healthy_percent = "100" - desired_count = "${var.autoscaling_min_capacity}" - health_check_grace_period_seconds = "${var.health_check_grace_period_seconds}" + desired_count = var.autoscaling_min_capacity + health_check_grace_period_seconds = var.health_check_grace_period_seconds network_configuration { - subnets = ["${var.subnets}"] - security_groups = ["${data.aws_security_group.this.id}"] + subnets = var.subnets + security_groups = [data.aws_security_group.this.id] } load_balancer { - target_group_arn = "${var.alb_target_group_arn}" - container_name = "${var.container_name == "" ? "${var.service}-${var.environment}" : var.container_name}" - container_port = "${var.container_port}" + target_group_arn = var.alb_target_group_arn + container_name = var.container_name == "" ? "${var.service}-${var.environment}" : var.container_name + container_port = var.container_port } lifecycle { - ignore_changes = ["desired_count"] + ignore_changes = [desired_count] } } + diff --git a/main.tf b/main.tf index 2783ac8..d1edd97 100644 --- a/main.tf +++ b/main.tf @@ -1,9 +1,11 @@ -data "aws_partition" "current" {} +data "aws_partition" "current" { +} locals { default_tags = { Name = "${var.project}-${var.environment}" - Project = "${var.project}" - Environment = "${var.environment}" + Project = var.project + Environment = var.environment } } + diff --git a/output.tf b/output.tf index f0f16f0..44db464 100644 --- a/output.tf +++ b/output.tf @@ -1,70 +1,84 @@ output "ecs_service_iam_role_arn" { - value = "${element(concat(aws_iam_role.ecs-service.*.arn, aws_iam_role.ecs-service-ec2.*.arn, list("")), 0)}" + value = element( + concat( + aws_iam_role.ecs-service.*.arn, + aws_iam_role.ecs-service-ec2.*.arn, + [""], + ), + 0, + ) description = "ARN fo created ECS service" } output "ecs_service_iam_role_name" { - value = "${element(concat(aws_iam_role.ecs-service.*.name, aws_iam_role.ecs-service-ec2.*.name, list("")), 0)}" + value = element( + concat( + aws_iam_role.ecs-service.*.name, + aws_iam_role.ecs-service-ec2.*.name, + [""], + ), + 0, + ) description = "Name of IAM role that attached to ECS service" } output "ecs_task_execution_iam_role_arn" { - value = "${aws_iam_role.ecs-task-execution.arn}" + value = aws_iam_role.ecs-task-execution.arn description = "Arn of IAM role that attached to ECS task execution" } output "ecs_task_execution_iam_role_name" { - value = "${aws_iam_role.ecs-task-execution.name}" + value = aws_iam_role.ecs-task-execution.name description = "Name of IAM role that attached to ECS task execution" } output "ecs_task_execution_container_cpu" { - value = "${var.container_cpu}" + value = var.container_cpu description = "Amount of cpu used by the task" } output "ecs_task_execution_container_memory" { - value = "${var.container_memory}" + value = var.container_memory description = "Amount of memory used by the task" } output "ecs_cluster_arn" { - value = "${local.ecs_cluster_arn}" + value = local.ecs_cluster_arn description = "ECS cluster ARN" } output "ecs_cluster_id" { - value = "${local.ecs_cluster_id}" + value = local.ecs_cluster_id description = "ECS cluster ID" } output "ecs_cluster_name" { - value = "${local.ecs_cluster_name}" + value = local.ecs_cluster_name description = "ECS cluster name" } output "security_group_description" { description = "The description of the security group." - value = "${module.security-group.this_security_group_description}" + value = module.security-group.this_security_group_description } output "security_group_id" { description = "The ID of the security group." - value = "${module.security-group.this_security_group_id}" + value = module.security-group.this_security_group_id } output "security_group_name" { description = "The name of the security group." - value = "${module.security-group.this_security_group_name}" + value = module.security-group.this_security_group_name } output "security_group_owner_id" { description = "The owner ID." - value = "${module.security-group.this_security_group_owner_id}" + value = module.security-group.this_security_group_owner_id } output "security_group_vpc_id" { description = "The VPC ID." - value = "${module.security-group.this_security_group_vpc_id}" + value = module.security-group.this_security_group_vpc_id } diff --git a/security-group.tf b/security-group.tf index 07ee617..24bacd5 100644 --- a/security-group.tf +++ b/security-group.tf @@ -1,16 +1,27 @@ module "security-group" { source = "terraform-aws-modules/security-group/aws" - version = "2.9.0" + version = "3.17.0" # insert the 2 required variables here name = "${var.project}-${var.environment}-ecs-fargate-${var.service}" description = "${upper(var.project)} ${title(var.environment)} Fargate Container Security Group" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id - ingress_with_self = ["${map("from_port",0 , "to_port",0 , "protocol",-1 , "description","Allow Self")}"] + ingress_with_self = [{ + "from_port" = 0 + "to_port" = 0 + "protocol" = -1 + "description" = "Allow Self" + }] - egress_with_cidr_blocks = ["${map("from_port",0 , "to_port",0 , "protocol",-1 , "description","Allow all outbound")}"] - egress_cidr_blocks = ["0.0.0.0/0"] + egress_with_cidr_blocks = [{ + "from_port" = 0 + "to_port" = 0 + "protocol" = -1 + "description" = "Allow all outbound" + }] + egress_cidr_blocks = ["0.0.0.0/0"] - tags = "${merge(local.default_tags, var.tags)}" + tags = merge(local.default_tags, var.tags) } + diff --git a/variables.tf b/variables.tf index 4168ddb..e8c9b67 100644 --- a/variables.tf +++ b/variables.tf @@ -1,11 +1,11 @@ variable "project" { - type = "string" + type = string default = "test" description = "Project name is used to identify resources" } variable "environment" { - type = "string" + type = string default = "env" description = "Environment name is used to identify resources" } @@ -75,6 +75,7 @@ variable "container_definitions" { } ] DEFINITION + } variable "task_role_arn" { @@ -83,48 +84,48 @@ variable "task_role_arn" { } variable "tags" { - type = "map" + type = map(string) description = "Additional tags for all resources" default = {} } variable "vpc_id" { description = "The ID of VPC" - type = "string" + type = string } variable "subnets" { description = "List of subnets where to run ECS Service" - type = "list" + type = list(string) } variable "alb_target_group_arn" { description = "ARN of target group" - type = "string" + type = string default = "none" } variable "key-pair-name" { description = "key-pair name for ec2" - type = "string" + type = string default = "ecs-nodes" } variable "instance_type" { description = "EC2 instance type" - type = "string" + type = string default = "t2.small" } variable "launch_type" { description = "Launch type for ECS [ FARGATE | EC2 ]" - type = "string" + type = string default = "FARGATE" } variable "volume_type" { description = "Volume type for EC2" - type = "string" + type = string default = "standard" } @@ -135,7 +136,7 @@ variable "volume_size" { variable "availability_zones" { description = "List of availability zones which will be provisined by autoscailing group" - type = "list" + type = list(string) } variable "autoscaling_min_capacity" { @@ -157,3 +158,4 @@ variable "autoscaling_cpu_low_threshold" { description = "Autoscaling CPU threshold for scale-down" default = "40" } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}