Added ecs, s3, autoscaling to contOrc root

purpleteam-labs · Aug 13, 2020 · 507e649 · 507e649
1 parent ae14328
commit 507e649
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 15 deletions.
diff --git a/tf/roots/3_contOrc/contOrc.tf b/tf/roots/3_contOrc/contOrc.tf
@@ -6,15 +6,37 @@ locals {
   }}
 }
 
-// Doc: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-parameters.html
-module "ssm" {
-  source = "../../modules/common/aws/managementGovernance/systemsManager"
-  ssm_parameters = var.ssm_parameters
-}
-
 // Doc: https://medium.com/@bradford_hamilton/deploying-containers-on-amazons-ecs-using-fargate-and-terraform-part-2-2e6f6a3a957f#1e4a
 module "cloudWatch" {
   source = "./cloudWatch"
   retention_in_days = var.log_group_retention_in_days
   sut_log_group_values = local.sut_log_group_values
 }
+
+module "ecs" {
+  source = "../../modules/common/aws/containers/ecs"
+  aws_account_id = var.AWS_ACCOUNT_ID
+  vpc_id = var.vpc_id
+  ecs_task_execution_role = var.ecs_task_execution_role
+  aws_region = var.AWS_REGION
+  suts_attributes = var.suts_attributes
+  ecs_service_role = var.ecs_service_role
+  aws_lb_target_groups = local.aws_lb_target_groups
+}
+
+module "s3" {
+  source = "../../modules/common/aws/storage/s3"
+  ec2_instance_public_keys = var.ec2_instance_public_keys
+}
+
+// Autoscaling resource: https://medium.com/@bradford_hamilton/deploying-containers-on-amazons-ecs-using-fargate-and-terraform-part-2-2e6f6a3a957f#78b5
+module "autoscaling" {
+  source = "../../modules/common/aws/compute/ec2/autoscaling"
+  aws_region = var.AWS_REGION
+  ecs_image_id = var.ecs_image_id
+  ecs_instance_profile = var.ecs_instance_profile
+  vpc_ec2_instance_security_groups_ids = [var.sg_ssh_id, var.sg_sut_id]
+  aws_lb_target_groups = local.aws_lb_target_groups
+  suts_attributes = var.suts_attributes
+  aws_s3_bucket_object_sut_public_keys = module.s3.aws_s3_bucket_object_sut_public_keys
+}
diff --git a/tf/roots/3_contOrc/variables.tf b/tf/roots/3_contOrc/variables.tf
@@ -19,31 +19,70 @@ variable "cloudflare_account_id" { description = "Not used. Is here to stop Terr
 variable "cloudflare_api_token" { description = "Not used. Is here to stop Terraform warnings." }
 
 // Consume nw outputs.
+variable "sg_ssh_id" { type = string }
+variable "sg_sut_id" { type = string }
+variable "vpc_id" { type = string }
 variable "aws_lb_target_groups" {
   description = "Used in creation of ECS Service, and Autoscaling Group."
   type = string
 }
 
+// ECS optimized AMIs change by region. You can lookup the AMI here:
+// https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
+//
+// Can get ami metadata: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/retrieve-ecs-optimized_AMI.html
+// aws ssm get-parameters --names /aws/service/ecs/optimized-ami/amazon-linux-2/recommended --region ap-southeast-2 --profile purpleteaming-cli
+//
+// ECS optimized AMIs per region
+// Updated July 2020
 
-variable "ssm_parameters" {
-  description = "Systems Manager Parameters."
-  type = map(object({
-    type = string
-    value = string
-    description = string
-    tags = map(string)
-  }))
+
+
+// Test if we can SSH if we use older AMI as per purpleteam-iac above?
+
+/*
+variable "ecs_image_id" {
+  default = {
+    ap-southeast-1 = "ami-0bd1daf5da8a9a903" // Singapore
+    ap-southeast-2 = "ami-0a7c4f7f17d3eecbc" // Sydney
+  }
+}*/
+
+variable "ecs_image_id" {
+  default = {
+    ap-southeast-1 = "ami-01f07b3fa86406c96" // Singapore
+    ap-southeast-2 = "ami-07610e278b1ddf331" // Sydney
+  }
 }
 
+// Consume additional static outputs
+variable "ecs_instance_profile" { type = string }
+variable "ecs_service_role" { type = string }
+variable "ecs_task_execution_role" { type = string }
+
 variable "suts_attributes" {
   description = "The attributes that apply to each specific SUT."  
   type = map(object({
     // Populate with properties as required
-    pt_lb_listener_port = number
+    instance_type = string
+    public_subnet_ids = list(string)
+    primary_az_suffix = string
+    ec2_instance_autoscaling_desired_capacity = number
+    container_port = number
+    host_port = number
     purpleteamlabs_sut_cname = string
+    env = list(object({
+      name = string
+      value = string
+    }))
   }))
 }
 
+variable "ec2_instance_public_keys" {
+  description = "SSH public keys for ec2 instances."
+  type = map(string)
+}
+
 variable "log_group_retention_in_days" {
   description = "The retention in days for all CloudWatch log groups in this root."
   default = 30