Add ECS and SNS modules (#56)

* feat(ecs): add ecs module along with sns module * feat(ecs): remove s3 policy which is empty * feat(ecs): comment policy document * feat(ecs): allow force destroy and remove attach policy s3 * feat(ecs): comment s3 lambda on file upload * feat(ecs): add variables * feat(ecs): add count on cloudwatch event trigger to enable or not the ECS run schedule * fix(ecs): fix issue with count * fix(ecs): fix issue with count * feat(ecs): add policies scalable attachment * feat(ecs): rename policy * feat(ecs): add ecs task role and ecs execution role outputs * fix(ecs): fix ecs execution role and task role policies arn count * fix(ecs): new line * fix(ecs): new line * fix(ecs): comments doc with ## + link to the good release * fix(ecs): use aws_caller_identity * fix(ecs): use aws_caller_identity * fix(ecs): add tags * fix(ecs): use jsonencode instead of EOF * feat(ecs): terraform fmt * fix(ecs): remove useless var * feat(ecs): add tags and new lines * fix(ecs): fmt + change variable name
trackit · Jan 14, 2021 · bdacba2 · bdacba2
1 parent b94339e
commit bdacba2
Show file tree

Hide file tree

Showing 7 changed files with 485 additions and 15 deletions.
diff --git a/envs/qa.tfvars b/envs/qa.tfvars
@@ -18,6 +18,16 @@ cognito_client_name = "terraform-boilerplate"
 ec2_name = "boilerplate"
 // -- ECR
 ecr_name = "boilerplate"
+// -- ECS
+ecs_role_name = "ecs-access-boilerplate"
+ecs_container_memory = 2048
+ecs_task_family = "ecs-task-boilerplate"
+ecs_container_name = "app"
+ecs_execution_role_name = "BoilerplateECSExecutionRole"
+ecs_cluster_name = "ecs-cluster-boilerplate"
+ecs_service_name = "ecs-service-boilerplate"
+ecs_schedule_expression = "rate(7 days)"
+ecs_enable_scheduling = true
 // -- EKS
 eks_cluster_name = "boilerplate"
 // -- ElastiCache

diff --git a/tf/1-providers.tf b/tf/1-providers.tf
@@ -18,3 +18,5 @@ provider "kubernetes" {
   load_config_file       = false
   version                = "~> 1.9"
 }
+
+data "aws_caller_identity" "current" {}
diff --git a/tf/2-variables.tf b/tf/2-variables.tf
@@ -248,6 +248,82 @@ variable "ecr_scan_images_on_push" {
   default     = false
 }
 
+/*
+// ECS variables
+*/
+
+variable "ecs_role_name" {
+  type        = string
+  description = "The name of the task assume role"
+  default     = "ecs-task-role-boilerplate"
+}
+
+variable "ecs_container_memory" {
+  type        = number
+  description = "The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value"
+  default     = null
+}
+
+variable "ecs_task_cpu" {
+  type        = number
+  description = "The CPU of the task definition"
+  default     = 512
+}
+
+variable "ecs_task_family" {
+  type        = string
+  description = "Name of the family"
+  default     = "ecs-task-boilerplate"
+}
+
+variable "ecs_container_name" {
+  type        = string
+  description = "Name of the ECS container"
+  default     = "app"
+}
+
+variable "ecs_execution_role_name" {
+  type        = string
+  description = "Name of the execution role"
+  default     = "EcsExecutionRole"
+}
+
+variable "ecs_cluster_name" {
+  type        = string
+  description = "Name of the ECS Cluster"
+  default     = "ecs-cluster-boilerplate"
+}
+
+variable "ecs_service_name" {
+  type        = string
+  description = "Name of the ECS Service"
+  default     = "ecs-service-boilerplate"
+}
+
+variable "ecs_schedule_expression" {
+  type        = string
+  description = "The schedule expression for automatic triggered. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html#CronExpressions"
+  default     = "rate(7 days)"
+}
+
+variable "ecs_enable_scheduling" {
+  type        = bool
+  description = "Enable ECS scheduling with cloudwatch"
+  default     = true
+}
+
+variable "ecs_task_role_policies" {
+  type        = list(string)
+  description = "List of policy ARNs to attached to the task role"
+  default     = []
+}
+
+variable "ecs_execution_role_policies" {
+  type        = list(string)
+  description = "List of policy ARNs to attached to the execution role"
+  default     = []
+}
+
 /*
 // EKS variables
 */
@@ -719,7 +795,15 @@ variable "final_snapshot_identifier" {
 // Route53 variables
 */
 
+/*
+// SNS variables
+*/
 
+variable "sns_name" {
+  type        = string
+  description = "Name of the SNS Topic"
+  default     = "sns-boilerplate"
+}
 
 /*
 // S3 variables

diff --git a/tf/4-outputs.tf b/tf/4-outputs.tf
@@ -108,6 +108,46 @@ output "ecr" {
   }
 }
 
+/*
+// ECS outputs
+*/
+
+output "ecs_task_definition" {
+  value = {
+    id  = aws_ecs_task_definition.task.id
+    arn = aws_ecs_task_definition.task.arn
+  }
+}
+
+output "ecs_service" {
+  value = {
+    id              = aws_ecs_service.service.id
+    name            = aws_ecs_service.service.name
+    security_groups = aws_ecs_service.service.network_configuration[0].security_groups
+    subnets         = aws_ecs_service.service.network_configuration[0].subnets
+  }
+}
+
+output "ecs_cluster" {
+  value = {
+    id   = aws_ecs_cluster.cluster.id
+    arn  = aws_ecs_cluster.cluster.arn
+    name = aws_ecs_cluster.cluster.name
+  }
+}
+
+output "ecs_execution_role" {
+  value = {
+    arn = aws_iam_role.ecs_execution_role.arn
+  }
+}
+
+output "ecs_task_role" {
+  value = {
+    arn = aws_iam_role.task_role.arn
+  }
+}
+
 /*
 // EKS outputs
 */
@@ -183,6 +223,17 @@ output "route53" {
 }
 */
 
+/*
+// SNS outputs
+*/
+
+output "sns" {
+  value = {
+    id  = aws_sns_topic.sns_topic.id
+    arn = aws_sns_topic.sns_topic.arn
+  }
+}
+
 /*
 // S3 outputs
 */