forked from GMADLA/terraform-aws-ecs-web-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
402 lines (347 loc) · 17.7 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
module "default_label" {
source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${var.attributes}"
}
module "ecr" {
enabled = "${var.codepipeline_enabled}"
source = "git::https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.7.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${compact(concat(var.attributes, list("ecr")))}"
max_image_count = "10"
}
resource "aws_cloudwatch_log_group" "app" {
name = "${module.default_label.id}"
tags = "${module.default_label.tags}"
}
module "codedeploy_label" {
source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0"
attributes = "${compact(concat(var.attributes, list("codedeploy")))}"
delimiter = "${var.delimiter}"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
tags = "${var.tags}"
}
module "codedeploy_group_label" {
source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0"
attributes = "${compact(concat(var.attributes, list("codedeploy", "group")))}"
delimiter = "${var.delimiter}"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
tags = "${var.tags}"
}
module "alb_ingress_blue" {
source = "git::https://github.com/dlz21/terraform-aws-alb-ingress.git?ref=tags/0.9.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${concat(var.attributes, list("blue"))}"
vpc_id = "${var.vpc_id}"
port = "${var.container_port}"
health_check_path = "${var.alb_ingress_healthcheck_path}"
unauthenticated_paths = "${var.alb_ingress_unauthenticated_paths}"
unauthenticated_hosts = "${var.alb_ingress_unauthenticated_hosts}"
unauthenticated_priority = "${var.alb_ingress_listener_unauthenticated_priority}"
unauthenticated_listener_arns = ["${var.alb_http_listener_arn}", "${var.alb_ssl_listener_arn}"]
unauthenticated_listener_arns_count = "${var.alb_ingress_prod_listener_arns_count}"
blue_green_deployment = "${var.blue_green_enabled}"
}
module "alb_ingress_green" {
source = "git::https://github.com/dlz21/terraform-aws-alb-ingress.git?ref=tags/0.9.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${concat(var.attributes, list("green"))}"
vpc_id = "${var.vpc_id}"
port = "${var.container_port}"
health_check_path = "${var.alb_ingress_healthcheck_path}"
unauthenticated_paths = "${var.alb_ingress_unauthenticated_paths}"
unauthenticated_hosts = "${var.alb_ingress_unauthenticated_hosts}"
unauthenticated_priority = "${var.alb_ingress_listener_unauthenticated_priority}"
unauthenticated_listener_arns = ["${var.alb_test_listener_arn}"]
unauthenticated_listener_arns_count = "1"
blue_green_deployment = "${var.blue_green_enabled}"
}
module "container_definition" {
source = "git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git?ref=tags/0.9.1"
container_name = "${module.default_label.id}"
container_image = "${var.container_image}"
container_memory = "${var.container_memory}"
container_memory_reservation = "${var.container_memory_reservation}"
container_cpu = "${var.container_cpu}"
healthcheck = "${var.healthcheck}"
environment = "${var.environment}"
port_mappings = "${var.port_mappings}"
log_options = {
"awslogs-region" = "${var.aws_logs_region}"
"awslogs-group" = "${aws_cloudwatch_log_group.app.name}"
"awslogs-stream-prefix" = "${var.name}"
}
}
module "ecs_alb_service_task" {
source = "git::https://github.com/dlz21/terraform-aws-ecs-alb-service-task.git?ref=tags/0.13.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${var.attributes}"
alb_target_group_arn = "${module.alb_ingress_blue.target_group_arn}"
container_definition_json = "${module.container_definition.json}"
container_name = "${module.default_label.id}"
desired_count = "${var.desired_count}"
health_check_grace_period_seconds = "${var.health_check_grace_period_seconds}"
task_cpu = "${var.container_cpu}"
task_memory = "${var.container_memory}"
ecs_cluster_arn = "${var.ecs_cluster_arn}"
launch_type = "${var.launch_type}"
vpc_id = "${var.vpc_id}"
security_group_ids = ["${var.ecs_security_group_ids}"]
subnet_ids = ["${var.ecs_private_subnet_ids}"]
container_port = "${var.container_port}"
deployment_type = "CODE_DEPLOY"
}
# BLUE/GREEN ✖‿✖
resource "aws_codedeploy_app" "default" {
compute_platform = "ECS"
name = "${module.codedeploy_label.id}"
}
resource "aws_codedeploy_deployment_group" "default" {
count = "${var.ssl_enabled == "false" ? 1 : 0}"
app_name = "${aws_codedeploy_app.default.name}"
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
deployment_group_name = "${module.codedeploy_group_label.id}"
service_role_arn = "${module.ecs_bg_codepipeline.default_role_arn}"
auto_rollback_configuration {
enabled = true
events = ["DEPLOYMENT_FAILURE"]
}
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = "${var.blue_termination_wait_time_in_minutes}"
}
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
ecs_service {
cluster_name = "${var.ecs_cluster_name}"
service_name = "${module.ecs_alb_service_task.service_name}"
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = ["${var.alb_http_listener_arn}"]
}
target_group {
name = "${module.alb_ingress_blue.target_group_name}"
}
target_group {
name = "${module.alb_ingress_green.target_group_name}"
}
test_traffic_route {
listener_arns = ["${var.alb_test_listener_arn}"]
}
}
}
}
resource "aws_codedeploy_deployment_group" "with_ssl" {
count = "${var.ssl_enabled == "false" ? 0 : 1}"
app_name = "${aws_codedeploy_app.default.name}"
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
deployment_group_name = "${module.codedeploy_group_label.id}"
service_role_arn = "${module.ecs_bg_codepipeline.default_role_arn}"
trigger_configuration {
trigger_events = ["DeploymentSuccess", "DeploymentFailure", "DeploymentReady", "DeploymentRollback"]
trigger_name = "Update SSL Rule"
trigger_target_arn = "${module.update_ssl_rule.this_sns_topic_arn}"
}
auto_rollback_configuration {
enabled = true
events = ["DEPLOYMENT_FAILURE"]
}
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = "${var.blue_termination_wait_time_in_minutes}"
}
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
ecs_service {
cluster_name = "${var.ecs_cluster_name}"
service_name = "${module.ecs_alb_service_task.service_name}"
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = ["${var.alb_http_listener_arn}"]
}
target_group {
name = "${module.alb_ingress_blue.target_group_name}"
}
target_group {
name = "${module.alb_ingress_green.target_group_name}"
}
test_traffic_route {
listener_arns = ["${var.alb_test_listener_arn}"]
}
}
}
}
module "ecs_bg_codepipeline" {
enabled = "${var.codepipeline_enabled}"
source = "git::https://github.com/dlz21/terraform-aws-ecs-codepipeline.git?ref=tags/0.11.1"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${var.attributes}"
github_oauth_token = "${var.github_oauth_token}"
github_webhooks_token = "${var.github_webhooks_token}"
github_webhook_events = "${var.github_webhook_events}"
repo_owner = "${var.repo_owner}"
repo_name = "${var.repo_name}"
branch = "${var.branch}"
badge_enabled = "${var.badge_enabled}"
build_image = "${var.build_image}"
build_timeout = "${var.build_timeout}"
buildspec = "${var.buildspec}"
image_repo_name = "${module.ecr.repository_name}"
service_name = "${module.ecs_alb_service_task.service_name}"
ecs_cluster_name = "${var.ecs_cluster_name}"
privileged_mode = "true"
poll_source_changes = "${var.poll_source_changes}"
pipeline_bucket_lifecycle_enabled = "true"
webhook_enabled = "${var.webhook_enabled}"
webhook_target_action = "${var.webhook_target_action}"
webhook_authentication = "${var.webhook_authentication}"
webhook_filter_json_path = "${var.webhook_filter_json_path}"
webhook_filter_match_equals = "${var.webhook_filter_match_equals}"
code_deploy_sns_topic_arn = "${module.update_ssl_rule.this_sns_topic_arn}"
code_deploy_lambda_hook_arns = "${module.update_ssl_rule.update_ssl_lambda_function_arn}"
code_deploy_application_name = "${aws_codedeploy_app.default.name}"
code_deploy_deployment_group_name = "${module.codedeploy_group_label.id}"
environment_variables = [
{
"name" = "CONTAINER_NAME"
"value" = "${module.default_label.id}"
},
{
"name" = "CONTAINER_CPU"
"value" = "${var.container_cpu}"
},
{
"name" = "CONTAINER_MEMORY"
"value" = "${var.container_memory}"
}
]
}
module "autoscaling" {
enabled = "${var.autoscaling_enabled}"
source = "git::https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-autoscaling.git?ref=tags/0.1.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${var.attributes}"
service_name = "${module.ecs_alb_service_task.service_name}"
cluster_name = "${var.ecs_cluster_name}"
min_capacity = "${var.autoscaling_min_capacity}"
max_capacity = "${var.autoscaling_max_capacity}"
scale_down_adjustment = "${var.autoscaling_scale_down_adjustment}"
scale_down_cooldown = "${var.autoscaling_scale_down_cooldown}"
scale_up_adjustment = "${var.autoscaling_scale_up_adjustment}"
scale_up_cooldown = "${var.autoscaling_scale_up_cooldown}"
}
locals {
cpu_utilization_high_alarm_actions = "${var.autoscaling_enabled == "true" && var.autoscaling_dimension == "cpu" ? module.autoscaling.scale_up_policy_arn : ""}"
cpu_utilization_low_alarm_actions = "${var.autoscaling_enabled == "true" && var.autoscaling_dimension == "cpu" ? module.autoscaling.scale_down_policy_arn : ""}"
memory_utilization_high_alarm_actions = "${var.autoscaling_enabled == "true" && var.autoscaling_dimension == "memory" ? module.autoscaling.scale_up_policy_arn : ""}"
memory_utilization_low_alarm_actions = "${var.autoscaling_enabled == "true" && var.autoscaling_dimension == "memory" ? module.autoscaling.scale_down_policy_arn : ""}"
}
module "ecs_alarms" {
source = "git::https://github.com/dlz21/terraform-aws-ecs-cloudwatch-sns-alarms.git?ref=tags/0.5.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${var.attributes}"
tags = "${var.tags}"
enabled = "${var.ecs_alarms_enabled}"
cluster_name = "${var.ecs_cluster_name}"
service_name = "${module.ecs_alb_service_task.service_name}"
cpu_utilization_high_threshold = "${var.ecs_alarms_cpu_utilization_high_threshold}"
cpu_utilization_high_evaluation_periods = "${var.ecs_alarms_cpu_utilization_high_evaluation_periods}"
cpu_utilization_high_period = "${var.ecs_alarms_cpu_utilization_high_period}"
cpu_utilization_high_alarm_actions = "${compact(concat(var.ecs_alarms_cpu_utilization_high_alarm_actions, list(local.cpu_utilization_high_alarm_actions)))}"
cpu_utilization_high_ok_actions = "${var.ecs_alarms_cpu_utilization_high_ok_actions}"
cpu_utilization_low_threshold = "${var.ecs_alarms_cpu_utilization_low_threshold}"
cpu_utilization_low_evaluation_periods = "${var.ecs_alarms_cpu_utilization_low_evaluation_periods}"
cpu_utilization_low_period = "${var.ecs_alarms_cpu_utilization_low_period}"
cpu_utilization_low_alarm_actions = "${compact(concat(var.ecs_alarms_cpu_utilization_low_alarm_actions, list(local.cpu_utilization_low_alarm_actions)))}"
cpu_utilization_low_ok_actions = "${var.ecs_alarms_cpu_utilization_low_ok_actions}"
memory_utilization_high_threshold = "${var.ecs_alarms_memory_utilization_high_threshold}"
memory_utilization_high_evaluation_periods = "${var.ecs_alarms_memory_utilization_high_evaluation_periods}"
memory_utilization_high_period = "${var.ecs_alarms_memory_utilization_high_period}"
memory_utilization_high_alarm_actions = "${compact(concat(var.ecs_alarms_memory_utilization_high_alarm_actions, list(local.memory_utilization_high_alarm_actions)))}"
memory_utilization_high_ok_actions = "${var.ecs_alarms_memory_utilization_high_ok_actions}"
memory_utilization_low_threshold = "${var.ecs_alarms_memory_utilization_low_threshold}"
memory_utilization_low_evaluation_periods = "${var.ecs_alarms_memory_utilization_low_evaluation_periods}"
memory_utilization_low_period = "${var.ecs_alarms_memory_utilization_low_period}"
memory_utilization_low_alarm_actions = "${compact(concat(var.ecs_alarms_memory_utilization_low_alarm_actions, list(local.memory_utilization_low_alarm_actions)))}"
memory_utilization_low_ok_actions = "${var.ecs_alarms_memory_utilization_low_ok_actions}"
}
module "alb_blue_target_group_alarms" {
enabled = "${var.alb_target_group_alarms_enabled}"
source = "git::https://github.com/dlz21/terraform-aws-alb-target-group-cloudwatch-sns-alarms.git?ref=tags/0.7.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${concat(var.attributes, list("blue"))}"
alarm_actions = "${var.alb_target_group_alarms_alarm_actions}"
ok_actions = "${var.alb_target_group_alarms_ok_actions}"
insufficient_data_actions = "${var.alb_target_group_alarms_insufficient_data_actions}"
alb_name = "${var.alb_name}"
alb_arn_suffix = "${var.alb_arn_suffix}"
target_group_name = "${module.alb_ingress_blue.target_group_name}"
target_group_arn_suffix = "${module.alb_ingress_blue.target_group_arn_suffix}"
target_3xx_count_threshold = "${var.alb_target_group_alarms_3xx_threshold}"
target_4xx_count_threshold = "${var.alb_target_group_alarms_4xx_threshold}"
target_5xx_count_threshold = "${var.alb_target_group_alarms_5xx_threshold}"
target_response_time_threshold = "${var.alb_target_group_alarms_response_time_threshold}"
period = "${var.alb_target_group_alarms_period}"
evaluation_periods = "${var.alb_target_group_alarms_evaluation_periods}"
}
module "alb_green_target_group_alarms" {
enabled = "${var.alb_target_group_alarms_enabled}"
source = "git::https://github.com/dlz21/terraform-aws-alb-target-group-cloudwatch-sns-alarms.git?ref=tags/0.7.0"
name = "${var.name}"
namespace = "${var.namespace}"
stage = "${var.stage}"
attributes = "${concat(var.attributes, list("green"))}"
alarm_actions = "${var.alb_target_group_alarms_alarm_actions}"
ok_actions = "${var.alb_target_group_alarms_ok_actions}"
insufficient_data_actions = "${var.alb_target_group_alarms_insufficient_data_actions}"
alb_name = "${var.alb_name}"
alb_arn_suffix = "${var.alb_arn_suffix}"
target_group_name = "${module.alb_ingress_green.target_group_name}"
target_group_arn_suffix = "${module.alb_ingress_green.target_group_arn_suffix}"
target_3xx_count_threshold = "${var.alb_target_group_alarms_3xx_threshold}"
target_4xx_count_threshold = "${var.alb_target_group_alarms_4xx_threshold}"
target_5xx_count_threshold = "${var.alb_target_group_alarms_5xx_threshold}"
target_response_time_threshold = "${var.alb_target_group_alarms_response_time_threshold}"
period = "${var.alb_target_group_alarms_period}"
evaluation_periods = "${var.alb_target_group_alarms_evaluation_periods}"
}