Merge pull request #165 from infrablocks/support_fargat

Add fargate support

Author: tomduckering

config/roles/fargate.yaml

@@ -0,0 +1,24 @@
+---
+configuration_directory: "%{cwd}/examples/fargate"
+state_file: "%{cwd}/state/fargate.tfstate"
+vars:
+  region: "%{hiera('region')}"
+
+  vpc_cidr: "%{hiera('vpc_cidr')}"
+  availability_zones: "%{hiera('availability_zones')}"
+  private_network_cidr: "%{hiera('private_network_cidr')}"
+
+  component: "%{hiera('component')}"
+  deployment_identifier: "%{hiera('deployment_identifier')}"
+
+  domain_name: "%{hiera('domain_name')}"
+  public_zone_id: "%{hiera('public_zone_id')}"
+  private_zone_id: "%{hiera('private_zone_id')}"
+
+  cluster_name: "%{hiera('cluster_name')}"
+  cluster_instance_ssh_public_key_path: "%{hiera('cluster_instance_ssh_public_key_path')}"
+  cluster_instance_type: "%{hiera('cluster_instance_type')}"
+
+  cluster_minimum_size: "%{hiera('cluster_minimum_size')}"
+  cluster_maximum_size: "%{hiera('cluster_maximum_size')}"
+  cluster_desired_capacity: "%{hiera('cluster_desired_capacity')}"

examples/fargate/.terraform.lock.hcl

@@ -0,0 +1,23 @@
+[
+  {
+    "name": "${name}",
+    "image": "${image}",
+    "memory": 200,
+    "essential": true,
+    "command": ${command},
+    "portMappings": [
+      {
+        "containerPort": ${port},
+        "hostPort": ${port}
+      }
+    ],
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "${log_group}",
+        "awslogs-region": "${region}",
+        "awslogs-stream-prefix": "prefix"
+      }
+    }
+  }
+]

examples/fargate/container-definitions/service.json.tpl

@@ -0,0 +1,28 @@
+module "ecs_service" {
+  source = "./../../"
+
+  component = var.component
+  deployment_identifier = var.deployment_identifier
+
+  service_task_container_definitions = file("${path.module}/container-definitions/service.json.tpl")
+
+  region = var.region
+
+  subnet_ids = module.base_network.private_subnet_ids
+
+  service_name = "web-proxy"
+  service_image = "nginx"
+  service_command = ["nginx", "-g", "daemon off;"]
+  service_port = 80
+
+  use_fargate = true
+  service_task_cpu = "256"
+  service_task_memory = "512"
+  service_task_operating_system_family = "LINUX"
+
+  attach_to_load_balancer = false
+  # service_elb_name = module.ecs_load_balancer.name
+
+  ecs_cluster_id = module.ecs_cluster.cluster_id
+  ecs_cluster_service_role_arn = module.ecs_cluster.service_role_arn
+}

examples/fargate/ecs-service.tf

@@ -0,0 +1,59 @@
+output "vpc_id" {
+  value = module.base_network.vpc_id
+}
+
+output "vpc_cidr" {
+  value = module.base_network.vpc_cidr
+}
+
+output "public_subnet_ids" {
+  value = module.base_network.public_subnet_ids
+}
+
+output "private_subnet_ids" {
+  value = module.base_network.private_subnet_ids
+}
+
+output "load_balancer_name" {
+  value = module.ecs_load_balancer.name
+}
+
+output "cluster_id" {
+  value = module.ecs_cluster.cluster_id
+}
+
+output "cluster_name" {
+  value = module.ecs_cluster.cluster_name
+}
+
+output "autoscaling_group_name" {
+  value = module.ecs_cluster.autoscaling_group_name
+}
+
+output "instance_role_arn" {
+  value = module.ecs_cluster.instance_role_arn
+}
+
+output "instance_role_id" {
+  value = module.ecs_cluster.instance_role_id
+}
+
+output "service_role_arn" {
+  value = module.ecs_cluster.service_role_arn
+}
+
+output "service_role_id" {
+  value = module.ecs_cluster.service_role_id
+}
+
+output "task_definition_arn" {
+  value = module.ecs_service.task_definition_arn
+}
+
+output "log_group" {
+  value = module.ecs_service.log_group
+}
+
+output "security_group_id" {
+  value = module.ecs_service.security_group_id
+}

examples/fargate/outputs.tf

@@ -0,0 +1,79 @@
+module "base_network" {
+  source  = "infrablocks/base-networking/aws"
+  version = "4.1.0-rc.5"
+
+  region = var.region
+  vpc_cidr = var.vpc_cidr
+  availability_zones = var.availability_zones
+
+  component = var.component
+  deployment_identifier = var.deployment_identifier
+
+  private_zone_id = var.private_zone_id
+
+  include_nat_gateways = "no"
+}
+
+module "acm_certificate" {
+  source = "infrablocks/acm-certificate/aws"
+  version = "1.2.0-rc.1"
+
+  domain_name = "*.${var.domain_name}"
+  domain_zone_id = var.public_zone_id
+  subject_alternative_name_zone_id = var.public_zone_id
+
+  providers = {
+    aws.certificate = aws
+    aws.domain_validation = aws
+    aws.san_validation = aws
+  }
+}
+
+module "ecs_cluster" {
+  source  = "infrablocks/ecs-cluster/aws"
+  version = "6.1.0-rc.11"
+
+  region = var.region
+  vpc_id = module.base_network.vpc_id
+  subnet_ids = module.base_network.private_subnet_ids
+  default_ingress_cidrs = [var.private_network_cidr]
+
+  component = var.component
+  deployment_identifier = var.deployment_identifier
+
+  cluster_name = var.cluster_name
+  cluster_instance_ssh_public_key_path = var.cluster_instance_ssh_public_key_path
+  cluster_instance_type = var.cluster_instance_type
+
+  cluster_minimum_size = var.cluster_minimum_size
+  cluster_maximum_size = var.cluster_maximum_size
+  cluster_desired_capacity = var.cluster_desired_capacity
+
+  additional_capacity_providers = ["FARGATE"]
+}
+
+module "ecs_load_balancer" {
+  source  = "infrablocks/ecs-load-balancer/aws"
+  version = "3.1.0-rc.7"
+
+  component = var.component
+  deployment_identifier = var.deployment_identifier
+
+  region = var.region
+  vpc_id = module.base_network.vpc_id
+  subnet_ids = module.base_network.public_subnet_ids
+
+  service_name = "web-proxy"
+  service_port = 80
+
+  service_certificate_arn = module.acm_certificate.certificate_arn
+
+  domain_name = var.domain_name
+  public_zone_id = var.public_zone_id
+  private_zone_id = var.private_zone_id
+
+  allow_cidrs = ["0.0.0.0/0"]
+
+  expose_to_public_internet = "yes"
+  include_public_dns_record = "yes"
+}

examples/fargate/prerequisites.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.region
+}

examples/fargate/provider.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.1"
+
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "4.59"
+    }
+  }
+}

examples/fargate/terraform.tf

@@ -0,0 +1,21 @@
+variable "region" {}
+variable "vpc_cidr" {}
+variable "availability_zones" {
+  type = list(string)
+}
+variable "private_network_cidr" {}
+
+variable "component" {}
+variable "deployment_identifier" {}
+
+variable "domain_name" {}
+variable "public_zone_id" {}
+variable "private_zone_id" {}
+
+variable "cluster_name" {}
+variable "cluster_instance_ssh_public_key_path" {}
+variable "cluster_instance_type" {}
+
+variable "cluster_minimum_size" {}
+variable "cluster_maximum_size" {}
+variable "cluster_desired_capacity" {}

examples/fargate/variables.tf

@@ -3,7 +3,7 @@ resource "aws_ecs_service" "service" {
   cluster         = var.ecs_cluster_id
   task_definition = var.always_use_latest_task_definition ? aws_ecs_task_definition.service.arn_without_revision : aws_ecs_task_definition.service.arn
   desired_count   = var.service_desired_count
-  iam_role        = (var.attach_to_load_balancer && var.service_task_network_mode != "awsvpc") ? var.ecs_cluster_service_role_arn : null
+  iam_role        = (!var.use_fargate && var.attach_to_load_balancer && var.service_task_network_mode != "awsvpc") ? var.ecs_cluster_service_role_arn : null
 
   deployment_maximum_percent         = var.service_deployment_maximum_percent
   deployment_minimum_healthy_percent = var.service_deployment_minimum_healthy_percent
@@ -17,7 +17,7 @@ resource "aws_ecs_service" "service" {
   wait_for_steady_state = var.wait_for_steady_state
 
   dynamic "network_configuration" {
-    for_each = var.service_task_network_mode == "awsvpc" ? [var.subnet_ids] : []
+    for_each = var.use_fargate || var.service_task_network_mode == "awsvpc" ? [var.subnet_ids] : []
 
     content {
       subnets         = network_configuration.value

service.tf

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe 'full' do
+describe 'basic' do
   let(:component) do
     var(role: :basic, name: 'component')
   end