├── README.md ├── ecs-exist-vpc ├── README.md ├── dev-network │ ├── versions.tf │ ├── provider.tf │ ├── variables.tf │ ├── outputs.tf │ └── network.tf ├── dev-ops-reader │ ├── versions.tf │ ├── ecs.tf │ ├── outputs.tf │ ├── provider.tf │ ├── ops-reader-logs.tf │ ├── templates │ │ └── ops_reader_app.json.tpl │ ├── roles.tf │ ├── ops-reader-alb.tf │ ├── security.tf │ ├── network.tf │ ├── variables.tf │ ├── ops-reader-ecs-service.tf │ └── ops-reader-auto-scaling.tf └── dev-ops-stream │ ├── versions.tf │ ├── ecs.tf │ ├── outputs.tf │ ├── provider.tf │ ├── ops-stream-logs.tf │ ├── templates │ └── ops_stream_app.json.tpl │ ├── roles.tf │ ├── ops-stream-alb.tf │ ├── security.tf │ ├── network.tf │ ├── variables.tf │ ├── ops-stream-ecs-service.tf │ ├── ops_stream_auto_scaling.tf │ └── terraform.tfstate ├── ecs_app_new_vpc ├── versions.tf ├── ecs.tf ├── outputs.tf ├── provider.tf ├── ops-stream-logs.tf ├── templates │ ├── ops_reader_app.json.tpl │ └── ops_stream_app.json.tpl ├── roles.tf ├── logs.tf ├── ops-stream-alb.tf ├── security.tf ├── network.tf ├── ops-stream-ecs-service.tf ├── variables.tf └── ops_stream_auto_scaling.tf ├── network-testing ├── versions.tf ├── provider.tf ├── variables.tf ├── outputs.tf └── network.tf ├── ecs-1cluster-2service ├── versions.tf ├── outputs.tf ├── provider.tf ├── README.md ├── logs.tf ├── templates │ └── ecs │ │ └── cb_app.json.tpl ├── roles.tf ├── security.tf ├── network.tf ├── variables.tf ├── alb.tf ├── ecs.tf ├── auto_scaling.tf └── auto_scaling_2.tf └── ecs-app-existing-vpc-id ├── versions.tf ├── ecs.tf ├── outputs.tf ├── provider.tf ├── network.tf ├── ops-reader-logs.tf ├── templates └── ops_reader_app.json.tpl ├── roles.tf ├── logs.tf ├── ops-reader-alb.tf ├── security.tf ├── ops-reader-ecs-service.tf ├── variables.tf └── ops-reader-auto-scaling.tf /README.md: -------------------------------------------------------------------------------- 1 | # ecs-terraform 2 | -------------------------------------------------------------------------------- /ecs-exist-vpc/README.md: -------------------------------------------------------------------------------- 1 | # terraform-example 2 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /network-testing/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-network/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/ecs.tf: -------------------------------------------------------------------------------- 1 | # ecs.tf 2 | resource "aws_ecs_cluster" "main" { 3 | name = "${var.prefix}-api-cluster" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/ecs.tf: -------------------------------------------------------------------------------- 1 | # ecs.tf 2 | resource "aws_ecs_cluster" "main" { 3 | name = "${var.prefix}-api-cluster" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/ecs.tf: -------------------------------------------------------------------------------- 1 | # ecs.tf 2 | resource "aws_ecs_cluster" "main" { 3 | name = "${var.prefix}-api-cluster" 4 | } 5 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/ecs.tf: -------------------------------------------------------------------------------- 1 | # ecs.tf 2 | resource "aws_ecs_cluster" "main" { 3 | name = "${var.prefix}-api-cluster" 4 | } 5 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | output "ops_stream_alb_hostname" { 4 | value = aws_alb.ops_stream_lb.dns_name 5 | } 6 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | output "ops_reader_alb_hostname" { 4 | value = aws_alb.ops_reader_lb.dns_name 5 | } 6 | 7 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | output "ops_stream_alb_hostname" { 4 | value = aws_alb.ops_stream_lb.dns_name 5 | } 6 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | output "ops_reader_alb_hostname" { 4 | value = aws_alb.ops_reader_lb.dns_name 5 | } 6 | 7 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | output "alb_hostname_1" { 4 | value = aws_alb.main1.dns_name 5 | } 6 | output "alb_hostname_2" { 7 | value = aws_alb.main2.dns_name 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /network-testing/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default-dev3" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-network/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/provider.tf: -------------------------------------------------------------------------------- 1 | # provider.tf 2 | 3 | # Specify the provider and access details 4 | provider "aws" { 5 | shared_credentials_file = "$HOME/.aws/credentials" 6 | profile = "default" 7 | region = var.aws_region 8 | } 9 | 10 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | //data "aws_availability_zones" "available" { 5 | //} 6 | // 7 | //resource "aws_vpc" "main1" { 8 | // cidr_block = "172.17.0.0/16" 9 | // tags = { 10 | // Name = "${var.prefix}-vpc" 11 | // } 12 | //} 13 | // 14 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-network/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "dev-data-stream" 6 | } 7 | 8 | variable "aws_region" { 9 | description = "The AWS region things are created in" 10 | default = "ap-southeast-1" 11 | } 12 | 13 | variable "az_count" { 14 | description = "Number of AZs to cover in a given region" 15 | default = "3" 16 | } 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/README.md: -------------------------------------------------------------------------------- 1 | # Create One cluster with 2 Services in AWS ECS 2 | 3 | Here 2 services means, you can run 2 different application in 1 cluster. 4 | 5 | Deploy 2 different application in 1 ECS cluster. 6 | 7 | 1. It has 2 different auto scaling. 8 | 2. It has 2 application load balancer for 2 services. 9 | 3. Define application in ECR link in variables.app_image 10 | 11 | This document may not be perfect, but it tested well. Spend sometime to understand the code. -------------------------------------------------------------------------------- /ecs-1cluster-2service/logs.tf: -------------------------------------------------------------------------------- 1 | # logs.tf 2 | 3 | # Set up CloudWatch group and log stream and retain logs for 30 days 4 | resource "aws_cloudwatch_log_group" "cb_log_group" { 5 | name = "/ecs/cb-app" 6 | retention_in_days = 30 7 | 8 | tags = { 9 | Name = "cb-log-group" 10 | } 11 | } 12 | 13 | resource "aws_cloudwatch_log_stream" "cb_log_stream" { 14 | name = "cb-log-stream" 15 | log_group_name = aws_cloudwatch_log_group.cb_log_group.name 16 | } 17 | 18 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/ops-reader-logs.tf: -------------------------------------------------------------------------------- 1 | # logs.tf 2 | # Set up CloudWatch group and log stream and retain logs for 30 days 3 | resource "aws_cloudwatch_log_group" "ops_reader_log_group" { 4 | name = "/ecs/ops-reader-app" 5 | retention_in_days = 30 6 | 7 | tags = { 8 | Name = "ops-reader-log-group" 9 | } 10 | } 11 | 12 | resource "aws_cloudwatch_log_stream" "cb_log_stream" { 13 | name = "ops-reader-log-stream" 14 | log_group_name = aws_cloudwatch_log_group.ops_reader_log_group.name 15 | } 16 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/ops-reader-logs.tf: -------------------------------------------------------------------------------- 1 | # logs.tf 2 | # Set up CloudWatch group and log stream and retain logs for 30 days 3 | resource "aws_cloudwatch_log_group" "ops_reader_log_group" { 4 | name = "/ecs/ops-reader-app" 5 | retention_in_days = 30 6 | 7 | tags = { 8 | Name = "ops-reader-log-group" 9 | } 10 | } 11 | 12 | resource "aws_cloudwatch_log_stream" "cb_log_stream" { 13 | name = "ops-reader-log-stream" 14 | log_group_name = aws_cloudwatch_log_group.ops_reader_log_group.name 15 | } 16 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/ops-stream-logs.tf: -------------------------------------------------------------------------------- 1 | # logs.tf 2 | 3 | # Set up CloudWatch group and log stream and retain logs for 30 days 4 | resource "aws_cloudwatch_log_group" "ops_stream_log_group" { 5 | name = "/ecs/ops-stream-app" 6 | retention_in_days = 30 7 | 8 | tags = { 9 | Name = "ops-stream-log-group" 10 | } 11 | } 12 | 13 | resource "aws_cloudwatch_log_stream" "ops_stream_log_stream" { 14 | name = "ops-stream-log-stream" 15 | log_group_name = aws_cloudwatch_log_group.ops_stream_log_group.name 16 | } 17 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/ops-stream-logs.tf: -------------------------------------------------------------------------------- 1 | # logs.tf 2 | 3 | # Set up CloudWatch group and log stream and retain logs for 30 days 4 | resource "aws_cloudwatch_log_group" "ops_stream_log_group" { 5 | name = "/ecs/ops-stream-app" 6 | retention_in_days = 30 7 | 8 | tags = { 9 | Name = "ops-stream-log-group" 10 | } 11 | } 12 | 13 | resource "aws_cloudwatch_log_stream" "ops_stream_log_stream" { 14 | name = "ops-stream-log-stream" 15 | log_group_name = aws_cloudwatch_log_group.ops_stream_log_group.name 16 | } 17 | -------------------------------------------------------------------------------- /network-testing/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "data-test" 6 | } 7 | 8 | variable "short-prefix" { 9 | description = "Prefix for all envirnoments" 10 | default = "ds" 11 | } 12 | 13 | variable "aws_region" { 14 | description = "The AWS region things are created in" 15 | default = "ap-southeast-1" 16 | } 17 | 18 | variable "az_count" { 19 | description = "Number of AZs to cover in a given region" 20 | default = "2" 21 | } 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/templates/ecs/cb_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "cb-app", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "logConfiguration": { 9 | "logDriver": "awslogs", 10 | "options": { 11 | "awslogs-group": "/ecs/cb-app", 12 | "awslogs-region": "${aws_region}", 13 | "awslogs-stream-prefix": "ecs" 14 | } 15 | }, 16 | "portMappings": [ 17 | { 18 | "containerPort": ${app_port}, 19 | "hostPort": ${app_port} 20 | } 21 | ] 22 | } 23 | ] 24 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/templates/ops_reader_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "${container_name}", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "logConfiguration": { 9 | "logDriver": "awslogs", 10 | "options": { 11 | "awslogs-group": "/ecs/ops-reader-app", 12 | "awslogs-region": "${aws_region}", 13 | "awslogs-stream-prefix": "ecs" 14 | } 15 | }, 16 | "portMappings": [ 17 | { 18 | "containerPort": ${app_port}, 19 | "hostPort": ${app_port} 20 | } 21 | ] 22 | } 23 | ] 24 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/templates/ops_reader_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "${container_name}", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "logConfiguration": { 9 | "logDriver": "awslogs", 10 | "options": { 11 | "awslogs-group": "/ecs/ops-reader-app", 12 | "awslogs-region": "${aws_region}", 13 | "awslogs-stream-prefix": "ecs" 14 | } 15 | }, 16 | "portMappings": [ 17 | { 18 | "containerPort": ${app_port}, 19 | "hostPort": ${app_port} 20 | } 21 | ] 22 | } 23 | ] 24 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/templates/ops_reader_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "${container_name}", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "logConfiguration": { 9 | "logDriver": "awslogs", 10 | "options": { 11 | "awslogs-group": "/ecs/ops-reader-app", 12 | "awslogs-region": "${aws_region}", 13 | "awslogs-stream-prefix": "ecs" 14 | } 15 | }, 16 | "portMappings": [ 17 | { 18 | "containerPort": ${app_port}, 19 | "hostPort": ${app_port} 20 | } 21 | ] 22 | } 23 | ] 24 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/templates/ops_stream_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "${container_name}", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "environment": [ 9 | { 10 | "name": "DB_PASSWORD", 11 | "value": "TESTING_PASSWORD" 12 | } 13 | ], 14 | "logConfiguration": { 15 | "logDriver": "awslogs", 16 | "options": { 17 | "awslogs-group": "/ecs/ops-stream-app", 18 | "awslogs-region": "${aws_region}", 19 | "awslogs-stream-prefix": "ecs" 20 | } 21 | }, 22 | "portMappings": [ 23 | { 24 | "containerPort": ${app_port}, 25 | "hostPort": ${app_port} 26 | } 27 | ] 28 | } 29 | ] 30 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/templates/ops_stream_app.json.tpl: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "${container_name}", 4 | "image": "${app_image}", 5 | "cpu": ${fargate_cpu}, 6 | "memory": ${fargate_memory}, 7 | "networkMode": "awsvpc", 8 | "environment": [ 9 | { 10 | "name": "DB_PASSWORD", 11 | "value": "TESTING_PASSWORD" 12 | } 13 | ], 14 | "logConfiguration": { 15 | "logDriver": "awslogs", 16 | "options": { 17 | "awslogs-group": "/ecs/ops-stream-app", 18 | "awslogs-region": "${aws_region}", 19 | "awslogs-stream-prefix": "ecs" 20 | } 21 | }, 22 | "portMappings": [ 23 | { 24 | "containerPort": ${app_port}, 25 | "hostPort": ${app_port} 26 | } 27 | ] 28 | } 29 | ] 30 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/roles.tf: -------------------------------------------------------------------------------- 1 | # ECS task execution role data 2 | data "aws_iam_policy_document" "ecs_task_execution_role" { 3 | version = "2012-10-17" 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["ecs-tasks.amazonaws.com"] 12 | } 13 | } 14 | } 15 | 16 | # ECS task execution role 17 | resource "aws_iam_role" "ecs_task_execution_role" { 18 | name = var.ecs_task_execution_role_name 19 | assume_role_policy = data.aws_iam_policy_document.ecs_task_execution_role.json 20 | } 21 | 22 | # ECS task execution role policy attachment 23 | resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" { 24 | role = aws_iam_role.ecs_task_execution_role.name 25 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 26 | } -------------------------------------------------------------------------------- /ecs-1cluster-2service/roles.tf: -------------------------------------------------------------------------------- 1 | # ECS task execution role data 2 | data "aws_iam_policy_document" "ecs_task_execution_role" { 3 | version = "2012-10-17" 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["ecs-tasks.amazonaws.com"] 12 | } 13 | } 14 | } 15 | 16 | # ECS task execution role 17 | resource "aws_iam_role" "ecs_task_execution_role" { 18 | name = var.ecs_task_execution_role_name 19 | assume_role_policy = data.aws_iam_policy_document.ecs_task_execution_role.json 20 | } 21 | 22 | # ECS task execution role policy attachment 23 | resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" { 24 | role = aws_iam_role.ecs_task_execution_role.name 25 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 26 | } -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/roles.tf: -------------------------------------------------------------------------------- 1 | # ECS task execution role data 2 | data "aws_iam_policy_document" "ops_stream_ecs_role" { 3 | version = "2012-10-17" 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["ecs-tasks.amazonaws.com"] 12 | } 13 | } 14 | } 15 | 16 | # ECS task execution role 17 | resource "aws_iam_role" "ecs_task_execution_role" { 18 | name = var.ecs_task_execution_role_name 19 | assume_role_policy = data.aws_iam_policy_document.ops_stream_ecs_role.json 20 | } 21 | 22 | # ECS task execution role policy attachment 23 | resource "aws_iam_role_policy_attachment" "ops_stream_task_execution_role" { 24 | role = aws_iam_role.ecs_task_execution_role.name 25 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 26 | } 27 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/roles.tf: -------------------------------------------------------------------------------- 1 | # ECS task execution role data 2 | data "aws_iam_policy_document" "ops_reader_ecs_task_execution_role" { 3 | version = "2012-10-17" 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["ecs-tasks.amazonaws.com"] 12 | } 13 | } 14 | } 15 | 16 | # ECS task execution role 17 | resource "aws_iam_role" "ops_reader_ecs_task_execution_role" { 18 | name = var.ecs_task_execution_role_name 19 | assume_role_policy = data.aws_iam_policy_document.ops_reader_ecs_task_execution_role.json 20 | } 21 | 22 | # ECS task execution role policy attachment 23 | resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" { 24 | role = aws_iam_role.ops_reader_ecs_task_execution_role.name 25 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 26 | } 27 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/roles.tf: -------------------------------------------------------------------------------- 1 | # ECS task execution role data 2 | data "aws_iam_policy_document" "ops_reader_ecs_task_execution_role" { 3 | version = "2012-10-17" 4 | statement { 5 | sid = "" 6 | effect = "Allow" 7 | actions = ["sts:AssumeRole"] 8 | 9 | principals { 10 | type = "Service" 11 | identifiers = ["ecs-tasks.amazonaws.com"] 12 | } 13 | } 14 | } 15 | 16 | # ECS task execution role 17 | resource "aws_iam_role" "ops_reader_ecs_task_execution_role" { 18 | name = var.ecs_task_execution_role_name 19 | assume_role_policy = data.aws_iam_policy_document.ops_reader_ecs_task_execution_role.json 20 | } 21 | 22 | # ECS task execution role policy attachment 23 | resource "aws_iam_role_policy_attachment" "ops_reader_task_execution_role" { 24 | role = aws_iam_role.ops_reader_ecs_task_execution_role.name 25 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" 26 | } 27 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/logs.tf: -------------------------------------------------------------------------------- 1 | //# logs.tf 2 | // 3 | //# Set up CloudWatch group and log stream and retain logs for 30 days 4 | //resource "aws_cloudwatch_log_group" "ops_stream_log_group" { 5 | // name = "/ecs/ops-stream-app" 6 | // retention_in_days = 30 7 | // 8 | // tags = { 9 | // Name = "ops-stream-log-group" 10 | // } 11 | //} 12 | // 13 | //resource "aws_cloudwatch_log_stream" "ops_stream_log_stream" { 14 | // name = "ops-stream-log-stream" 15 | // log_group_name = aws_cloudwatch_log_group.ops_stream_log_group.name 16 | //} 17 | // 18 | // 19 | // 20 | //# Set up CloudWatch group and log stream and retain logs for 30 days 21 | //resource "aws_cloudwatch_log_group" "ops_reader_log_group" { 22 | // name = "/ecs/ops-reader-app" 23 | // retention_in_days = 30 24 | // 25 | // tags = { 26 | // Name = "ops-reader-log-group" 27 | // } 28 | //} 29 | // 30 | //resource "aws_cloudwatch_log_stream" "cb_log_stream" { 31 | // name = "ops-reader-log-stream" 32 | // log_group_name = aws_cloudwatch_log_group.ops_reader_log_group.name 33 | //} 34 | // 35 | -------------------------------------------------------------------------------- /network-testing/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | 3 | 4 | output "aws_vpc_id" { 5 | value = aws_vpc.main.id 6 | } 7 | 8 | 9 | output "aws_subnet_id" { 10 | value = aws_subnet.public.*.id 11 | } 12 | 13 | 14 | data "aws_vpc" "main" { 15 | filter { 16 | name = "tag:Name" 17 | values = ["data-stream-test-vpc"] 18 | } 19 | } 20 | 21 | data "aws_subnet" "public1" { 22 | filter { 23 | name = "tag:Name" 24 | values = ["data-stream-test-public-subnet"] 25 | } 26 | 27 | filter { 28 | name = "availability-zone" 29 | values = ["ap-southeast-1a"] 30 | } 31 | } 32 | 33 | data "aws_subnet" "public2" { 34 | filter { 35 | name = "tag:Name" 36 | values = ["data-stream-test-public-subnet"] 37 | } 38 | 39 | filter { 40 | name = "availability-zone" 41 | values = ["ap-southeast-1a"] 42 | } 43 | } 44 | 45 | 46 | output "aws_vpc_name" { 47 | value = data.aws_vpc.main.id 48 | } 49 | 50 | 51 | output "aws_vpc" { 52 | value = data.aws_vpc.main 53 | } 54 | 55 | 56 | 57 | output "aws_subnet________" { 58 | value = data.aws_subnet.public1.id 59 | } 60 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/logs.tf: -------------------------------------------------------------------------------- 1 | //# logs.tf 2 | // 3 | //# Set up CloudWatch group and log stream and retain logs for 30 days 4 | //resource "aws_cloudwatch_log_group" "ops_stream_log_group" { 5 | // name = "/ecs/ops-stream-app" 6 | // retention_in_days = 30 7 | // 8 | // tags = { 9 | // Name = "ops-stream-log-group" 10 | // } 11 | //} 12 | // 13 | //resource "aws_cloudwatch_log_stream" "ops_stream_log_stream" { 14 | // name = "ops-stream-log-stream" 15 | // log_group_name = aws_cloudwatch_log_group.ops_stream_log_group.name 16 | //} 17 | // 18 | // 19 | // 20 | //# Set up CloudWatch group and log stream and retain logs for 30 days 21 | //resource "aws_cloudwatch_log_group" "ops_reader_log_group" { 22 | // name = "/ecs/ops-reader-app" 23 | // retention_in_days = 30 24 | // 25 | // tags = { 26 | // Name = "ops-reader-log-group" 27 | // } 28 | //} 29 | // 30 | //resource "aws_cloudwatch_log_stream" "cb_log_stream" { 31 | // name = "ops-reader-log-stream" 32 | // log_group_name = aws_cloudwatch_log_group.ops_reader_log_group.name 33 | //} 34 | // 35 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-network/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf 2 | output "aws_vpc_id" { 3 | value = aws_vpc.main.id 4 | } 5 | 6 | 7 | output "aws_subnet_id" { 8 | value = aws_subnet.public.*.id 9 | } 10 | 11 | 12 | data "aws_subnet" "public_1a"{ 13 | filter { 14 | name = "tag:Name" 15 | values = ["dev-data-stream-public-subnet"] 16 | } 17 | filter { 18 | name = "availability-zone" 19 | values = ["ap-southeast-1a"] 20 | } 21 | } 22 | 23 | data "aws_subnet" "public_1b"{ 24 | filter { 25 | name = "tag:Name" 26 | values = ["dev-data-stream-public-subnet"] 27 | } 28 | filter { 29 | name = "availability-zone" 30 | values = ["ap-southeast-1b"] 31 | } 32 | } 33 | 34 | 35 | data "aws_subnet" "public_1c"{ 36 | filter { 37 | name = "tag:Name" 38 | values = ["dev-data-stream-public-subnet"] 39 | } 40 | filter { 41 | name = "availability-zone" 42 | values = ["ap-southeast-1c"] 43 | } 44 | } 45 | 46 | 47 | 48 | output "aws_vpc" { 49 | value = data.aws_subnet.public_1a.id 50 | } 51 | output "aws_vpc2" { 52 | value = data.aws_subnet.public_1b.id 53 | } 54 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/ops-stream-alb.tf: -------------------------------------------------------------------------------- 1 | # alb.tf 2 | resource "aws_alb" "ops_stream_lb" { 3 | name = "ops-stream" 4 | subnets = aws_subnet.public.*.id 5 | security_groups = [aws_security_group.lb.id] 6 | } 7 | 8 | resource "aws_alb_target_group" "ops_stream_target" { 9 | name = "ops-stream-target-group" 10 | port = 80 11 | protocol = "HTTP" 12 | vpc_id = aws_vpc.main.id 13 | target_type = "ip" 14 | 15 | health_check { 16 | healthy_threshold = "3" 17 | interval = "30" 18 | protocol = "HTTP" 19 | matcher = "200" 20 | timeout = "3" 21 | path = var.health_check_path 22 | unhealthy_threshold = "2" 23 | } 24 | } 25 | 26 | # Redirect all traffic from the ALB to the target group 27 | resource "aws_alb_listener" "front_end_ops_stream" { 28 | load_balancer_arn = aws_alb.ops_stream_lb.id 29 | port = var.app_port 30 | protocol = "HTTP" 31 | 32 | default_action { 33 | target_group_arn = aws_alb_target_group.ops_stream_target.id 34 | type = "forward" 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/ops-reader-alb.tf: -------------------------------------------------------------------------------- 1 | # alb.tf 2 | resource "aws_alb" "ops_reader_lb" { 3 | name = "ops-reader" 4 | subnets = ["subnet-04b8d6399d6d9112a","subnet-043b7e999d33eaf3f"] 5 | security_groups = [aws_security_group.lb.id] 6 | } 7 | 8 | resource "aws_alb_target_group" "ops_reader_target" { 9 | name = "ops-reader-target-group" 10 | port = 80 11 | protocol = "HTTP" 12 | vpc_id = "vpc-088b4045d9afc02bb" 13 | target_type = "ip" 14 | 15 | health_check { 16 | healthy_threshold = "3" 17 | interval = "30" 18 | protocol = "HTTP" 19 | matcher = "200" 20 | timeout = "3" 21 | path = var.ops_reader_health_check_path 22 | unhealthy_threshold = "2" 23 | } 24 | } 25 | 26 | # Redirect all traffic from the ALB to the target group 27 | resource "aws_alb_listener" "front_end_ops_reader" { 28 | load_balancer_arn = aws_alb.ops_reader_lb.id 29 | port = var.app_port 30 | protocol = "HTTP" 31 | 32 | default_action { 33 | target_group_arn = aws_alb_target_group.ops_reader_target.id 34 | type = "forward" 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/security.tf: -------------------------------------------------------------------------------- 1 | # security.tf 2 | 3 | # ALB Security Group: Edit to restrict access to the application 4 | resource "aws_security_group" "lb" { 5 | name = "cb-load-balancer-security-group" 6 | description = "controls access to the ALB" 7 | vpc_id = aws_vpc.main.id 8 | 9 | ingress { 10 | protocol = "tcp" 11 | from_port = var.app_port 12 | to_port = var.app_port 13 | cidr_blocks = ["0.0.0.0/0"] 14 | } 15 | 16 | egress { 17 | protocol = "-1" 18 | from_port = 0 19 | to_port = 0 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | } 23 | 24 | # Traffic to the ECS cluster should only come from the ALB 25 | resource "aws_security_group" "ecs_tasks" { 26 | name = "cb-ecs-tasks-security-group" 27 | description = "allow inbound access from the ALB only" 28 | vpc_id = aws_vpc.main.id 29 | 30 | ingress { 31 | protocol = "tcp" 32 | from_port = var.app_port 33 | to_port = var.app_port 34 | security_groups = [aws_security_group.lb.id] 35 | } 36 | 37 | egress { 38 | protocol = "-1" 39 | from_port = 0 40 | to_port = 0 41 | cidr_blocks = ["0.0.0.0/0"] 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | data "aws_availability_zones" "available" { 5 | } 6 | 7 | resource "aws_vpc" "main" { 8 | cidr_block = "172.17.0.0/16" 9 | tags = { 10 | Name = "RKB-VPC" 11 | } 12 | } 13 | 14 | 15 | # Create var.az_count public subnets, each in a different AZ 16 | resource "aws_subnet" "public" { 17 | count = var.az_count 18 | cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, var.az_count + count.index) 19 | availability_zone = data.aws_availability_zones.available.names[count.index] 20 | vpc_id = aws_vpc.main.id 21 | map_public_ip_on_launch = true 22 | tags = { 23 | Name = "rkb-public-subnet" 24 | } 25 | } 26 | 27 | # Internet Gateway for the public subnet 28 | resource "aws_internet_gateway" "gw" { 29 | vpc_id = aws_vpc.main.id 30 | tags = { 31 | Name = "rkb-ig" 32 | } 33 | } 34 | 35 | # Route the public subnet traffic through the IGW 36 | resource "aws_route" "internet_access" { 37 | route_table_id = aws_vpc.main.main_route_table_id 38 | destination_cidr_block = "0.0.0.0/0" 39 | gateway_id = aws_internet_gateway.gw.id 40 | } 41 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/ops-stream-alb.tf: -------------------------------------------------------------------------------- 1 | # alb.tf 2 | resource "aws_alb" "ops_stream_lb" { 3 | name = "ops-stream" 4 | subnets = [data.aws_subnet.public_1a.id,data.aws_subnet.public_1b.id,data.aws_subnet.public_1c.id] 5 | security_groups = [aws_security_group.lb.id] 6 | } 7 | 8 | resource "aws_alb_target_group" "ops_stream_target" { 9 | name = "ops-stream-target-group" 10 | port = 80 11 | protocol = "HTTP" 12 | vpc_id = data.aws_vpc.main.id 13 | target_type = "ip" 14 | 15 | health_check { 16 | healthy_threshold = "3" 17 | interval = "30" 18 | protocol = "HTTP" 19 | matcher = "200" 20 | timeout = "3" 21 | path = var.health_check_path 22 | unhealthy_threshold = "2" 23 | } 24 | } 25 | 26 | # Redirect all traffic from the ALB to the target group 27 | resource "aws_alb_listener" "front_end_ops_stream" { 28 | load_balancer_arn = aws_alb.ops_stream_lb.id 29 | port = var.app_port 30 | protocol = "HTTP" 31 | 32 | default_action { 33 | target_group_arn = aws_alb_target_group.ops_stream_target.id 34 | type = "forward" 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/ops-reader-alb.tf: -------------------------------------------------------------------------------- 1 | # alb.tf 2 | resource "aws_alb" "ops_reader_lb" { 3 | name = "ops-reader" 4 | subnets = [data.aws_subnet.public_1a.id,data.aws_subnet.public_1b.id,data.aws_subnet.public_1c.id] 5 | security_groups = [aws_security_group.lb.id] 6 | } 7 | 8 | resource "aws_alb_target_group" "ops_reader_target" { 9 | name = "ops-reader-target-group" 10 | port = 80 11 | protocol = "HTTP" 12 | vpc_id = data.aws_vpc.main.id 13 | target_type = "ip" 14 | 15 | health_check { 16 | healthy_threshold = "3" 17 | interval = "30" 18 | protocol = "HTTP" 19 | matcher = "200" 20 | timeout = "3" 21 | path = var.ops_reader_health_check_path 22 | unhealthy_threshold = "2" 23 | } 24 | } 25 | 26 | # Redirect all traffic from the ALB to the target group 27 | resource "aws_alb_listener" "front_end_ops_reader" { 28 | load_balancer_arn = aws_alb.ops_reader_lb.id 29 | port = var.app_port 30 | protocol = "HTTP" 31 | 32 | default_action { 33 | target_group_arn = aws_alb_target_group.ops_reader_target.id 34 | type = "forward" 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/security.tf: -------------------------------------------------------------------------------- 1 | # security.tf 2 | 3 | # ALB Security Group: Edit to restrict access to the application 4 | resource "aws_security_group" "lb" { 5 | name = "${var.prefix}-load-balancer-security-group" 6 | description = "controls access to the ALB" 7 | vpc_id = aws_vpc.main.id 8 | 9 | ingress { 10 | protocol = "tcp" 11 | from_port = var.app_port 12 | to_port = var.app_port 13 | cidr_blocks = ["0.0.0.0/0"] 14 | } 15 | 16 | egress { 17 | protocol = "-1" 18 | from_port = 0 19 | to_port = 0 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | } 23 | 24 | # Traffic to the ECS cluster should only come from the ALB 25 | resource "aws_security_group" "ecs_tasks" { 26 | name = "${var.prefix}-ecs-tasks-security-group" 27 | description = "allow inbound access from the ALB only" 28 | vpc_id = aws_vpc.main.id 29 | 30 | ingress { 31 | protocol = "tcp" 32 | from_port = var.app_port 33 | to_port = var.app_port 34 | security_groups = [aws_security_group.lb.id] 35 | } 36 | 37 | egress { 38 | protocol = "-1" 39 | from_port = 0 40 | to_port = 0 41 | cidr_blocks = ["0.0.0.0/0"] 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | data "aws_availability_zones" "available" { 5 | } 6 | 7 | resource "aws_vpc" "main" { 8 | cidr_block = "172.17.0.0/16" 9 | tags = { 10 | Name = "${var.prefix}-vpc" 11 | } 12 | } 13 | 14 | 15 | # Create var.az_count public subnets, each in a different AZ 16 | resource "aws_subnet" "public" { 17 | count = var.az_count 18 | cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, var.az_count + count.index) 19 | availability_zone = data.aws_availability_zones.available.names[count.index] 20 | vpc_id = aws_vpc.main.id 21 | map_public_ip_on_launch = true 22 | tags = { 23 | Name = "${var.prefix}-public-subnet" 24 | } 25 | } 26 | 27 | # Internet Gateway for the public subnet 28 | resource "aws_internet_gateway" "gw" { 29 | vpc_id = aws_vpc.main.id 30 | tags = { 31 | Name = "${var.prefix}-ig" 32 | } 33 | } 34 | 35 | # Route the public subnet traffic through the IGW 36 | resource "aws_route" "internet_access" { 37 | route_table_id = aws_vpc.main.main_route_table_id 38 | destination_cidr_block = "0.0.0.0/0" 39 | gateway_id = aws_internet_gateway.gw.id 40 | } 41 | -------------------------------------------------------------------------------- /network-testing/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | data "aws_availability_zones" "available" { 5 | } 6 | 7 | resource "aws_vpc" "main" { 8 | cidr_block = "172.17.0.0/16" 9 | tags = { 10 | Name = "${var.prefix}-vpc" 11 | } 12 | } 13 | 14 | 15 | # Create var.az_count public subnets, each in a different AZ 16 | resource "aws_subnet" "public" { 17 | count = var.az_count 18 | cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, var.az_count + count.index) 19 | availability_zone = data.aws_availability_zones.available.names[count.index] 20 | vpc_id = aws_vpc.main.id 21 | map_public_ip_on_launch = true 22 | tags = { 23 | Name = "${var.prefix}-public-subnet" 24 | } 25 | } 26 | 27 | # Internet Gateway for the public subnet 28 | resource "aws_internet_gateway" "gw" { 29 | vpc_id = aws_vpc.main.id 30 | tags = { 31 | Name = "${var.prefix}-ig" 32 | } 33 | } 34 | 35 | # Route the public subnet traffic through the IGW 36 | resource "aws_route" "internet_access" { 37 | route_table_id = aws_vpc.main.main_route_table_id 38 | destination_cidr_block = "0.0.0.0/0" 39 | gateway_id = aws_internet_gateway.gw.id 40 | } 41 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/security.tf: -------------------------------------------------------------------------------- 1 | # security.tf 2 | 3 | # ALB Security Group: Edit to restrict access to the application 4 | resource "aws_security_group" "lb" { 5 | name = "${var.prefix}-load-balancer-security-group" 6 | description = "controls access to the ALB" 7 | vpc_id = "vpc-088b4045d9afc02bb" 8 | 9 | ingress { 10 | protocol = "tcp" 11 | from_port = var.app_port 12 | to_port = var.app_port 13 | cidr_blocks = ["0.0.0.0/0"] 14 | } 15 | 16 | egress { 17 | protocol = "-1" 18 | from_port = 0 19 | to_port = 0 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | } 23 | 24 | # Traffic to the ECS cluster should only come from the ALB 25 | resource "aws_security_group" "ecs_tasks" { 26 | name = "${var.prefix}-ecs-tasks-security-group" 27 | description = "allow inbound access from the ALB only" 28 | vpc_id = "vpc-088b4045d9afc02bb" 29 | 30 | ingress { 31 | protocol = "tcp" 32 | from_port = var.app_port 33 | to_port = var.app_port 34 | security_groups = [aws_security_group.lb.id] 35 | } 36 | 37 | egress { 38 | protocol = "-1" 39 | from_port = 0 40 | to_port = 0 41 | cidr_blocks = ["0.0.0.0/0"] 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-network/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | data "aws_availability_zones" "available" { 5 | } 6 | 7 | resource "aws_vpc" "main" { 8 | cidr_block = "172.10.0.0/16" 9 | tags = { 10 | Name = "${var.prefix}-vpc" 11 | } 12 | } 13 | 14 | # Create var.az_count public subnets, each in a different AZ 15 | resource "aws_subnet" "public" { 16 | count = var.az_count 17 | cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, var.az_count + count.index) 18 | availability_zone = data.aws_availability_zones.available.names[count.index] 19 | vpc_id = aws_vpc.main.id 20 | map_public_ip_on_launch = true 21 | tags = { 22 | Name = "${var.prefix}-public-subnet" 23 | } 24 | } 25 | 26 | # Internet Gateway for the public subnet 27 | resource "aws_internet_gateway" "gw" { 28 | vpc_id = aws_vpc.main.id 29 | tags = { 30 | Name = "${var.prefix}-ig" 31 | } 32 | } 33 | 34 | # Route the public subnet traffic through the IGW 35 | resource "aws_route" "internet_access" { 36 | route_table_id = aws_vpc.main.main_route_table_id 37 | destination_cidr_block = "0.0.0.0/0" 38 | gateway_id = aws_internet_gateway.gw.id 39 | } 40 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/security.tf: -------------------------------------------------------------------------------- 1 | # security.tf 2 | 3 | # ALB Security Group: Edit to restrict access to the application 4 | resource "aws_security_group" "lb" { 5 | name = "${var.prefix}-load-balancer-security-group" 6 | description = "controls access to the ALB" 7 | vpc_id = data.aws_vpc.main.id 8 | 9 | ingress { 10 | protocol = "tcp" 11 | from_port = var.app_port 12 | to_port = var.app_port 13 | cidr_blocks = ["0.0.0.0/0"] 14 | } 15 | 16 | egress { 17 | protocol = "-1" 18 | from_port = 0 19 | to_port = 0 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | } 23 | 24 | # Traffic to the ECS cluster should only come from the ALB 25 | resource "aws_security_group" "ecs_tasks" { 26 | name = "${var.prefix}-ecs-tasks-security-group" 27 | description = "allow inbound access from the ALB only" 28 | vpc_id = data.aws_vpc.main.id 29 | 30 | ingress { 31 | protocol = "tcp" 32 | from_port = var.app_port 33 | to_port = var.app_port 34 | security_groups = [aws_security_group.lb.id] 35 | } 36 | 37 | egress { 38 | protocol = "-1" 39 | from_port = 0 40 | to_port = 0 41 | cidr_blocks = ["0.0.0.0/0"] 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/security.tf: -------------------------------------------------------------------------------- 1 | # security.tf 2 | 3 | # ALB Security Group: Edit to restrict access to the application 4 | resource "aws_security_group" "lb" { 5 | name = "${var.prefix}-load-balancer-security-group" 6 | description = "controls access to the ALB" 7 | vpc_id = data.aws_vpc.main.id 8 | 9 | ingress { 10 | protocol = "tcp" 11 | from_port = var.app_port 12 | to_port = var.app_port 13 | cidr_blocks = ["0.0.0.0/0"] 14 | } 15 | 16 | egress { 17 | protocol = "-1" 18 | from_port = 0 19 | to_port = 0 20 | cidr_blocks = ["0.0.0.0/0"] 21 | } 22 | } 23 | 24 | # Traffic to the ECS cluster should only come from the ALB 25 | resource "aws_security_group" "ecs_tasks" { 26 | name = "${var.prefix}-ecs-tasks-security-group" 27 | description = "allow inbound access from the ALB only" 28 | vpc_id = data.aws_vpc.main.id 29 | 30 | ingress { 31 | protocol = "tcp" 32 | from_port = var.app_port 33 | to_port = var.app_port 34 | security_groups = [aws_security_group.lb.id] 35 | } 36 | 37 | egress { 38 | protocol = "-1" 39 | from_port = 0 40 | to_port = 0 41 | cidr_blocks = ["0.0.0.0/0"] 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "aws_region" { 4 | description = "The AWS region things are created in" 5 | default = "ap-southeast-1" 6 | } 7 | 8 | variable "ecs_task_execution_role_name" { 9 | description = "ECS task execution role name" 10 | default = "myEcsTaskExecutionRole" 11 | } 12 | 13 | variable "az_count" { 14 | description = "Number of AZs to cover in a given region" 15 | default = "2" 16 | } 17 | 18 | variable "app_image" { 19 | description = "Docker image to run in the ECS cluster" 20 | # default = "bradfordhamilton/crystal_blockchain:latest" 21 | default = "XXXXXXX.dkr.ecr.ap-southeast-1.amazonaws.com/dev-app:2.0.0" 22 | } 23 | 24 | variable "app_port" { 25 | description = "Port exposed by the docker image to redirect traffic to" 26 | default = 80 27 | } 28 | 29 | variable "app_count" { 30 | description = "Number of docker containers to run" 31 | default = 3 32 | } 33 | 34 | variable "health_check_path" { 35 | default = "/" 36 | } 37 | 38 | variable "fargate_cpu" { 39 | description = "Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)" 40 | default = "1024" 41 | } 42 | 43 | variable "fargate_memory" { 44 | description = "Fargate instance memory to provision (in MiB)" 45 | default = "2048" 46 | } 47 | 48 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | data "aws_vpc" "main" { 4 | filter { 5 | name = "tag:Name" 6 | values = ["dev-data-stream-vpc"] 7 | } 8 | } 9 | 10 | 11 | data "aws_subnet" "public_1a" { 12 | filter { 13 | name = "tag:Name" 14 | values = ["dev-data-stream-public-subnet"] 15 | } 16 | 17 | filter { 18 | name = "availability-zone" 19 | values = ["ap-southeast-1a"] # check zone 20 | } 21 | } 22 | 23 | data "aws_subnet" "public_1b" { 24 | filter { 25 | name = "tag:Name" 26 | values = ["dev-data-stream-public-subnet"] 27 | } 28 | 29 | filter { 30 | name = "availability-zone" 31 | values = ["ap-southeast-1b"] # check zone 32 | } 33 | } 34 | 35 | 36 | data "aws_subnet" "public_1c" { 37 | filter { 38 | name = "tag:Name" 39 | values = ["dev-data-stream-public-subnet"] 40 | } 41 | 42 | filter { 43 | name = "availability-zone" 44 | values = ["ap-southeast-1c"] # check zone 45 | } 46 | } 47 | 48 | # print vpc and subnet ids 49 | output "aws_vpc_name" { 50 | value = data.aws_vpc.main.id 51 | } 52 | 53 | output "aws_subnet_1a" { 54 | value = data.aws_subnet.public_1a.id 55 | } 56 | 57 | output "aws_subnet_1b" { 58 | value = data.aws_subnet.public_1b.id 59 | } 60 | 61 | output "aws_subnet_1c" { 62 | value = data.aws_subnet.public_1c.id 63 | } 64 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/network.tf: -------------------------------------------------------------------------------- 1 | # network.tf without elp 2 | 3 | # Fetch AZs in the current region 4 | 5 | data "aws_vpc" "main" { 6 | filter { 7 | name = "tag:Name" 8 | values = ["dev-data-stream-vpc"] 9 | } 10 | } 11 | 12 | 13 | data "aws_subnet" "public_1a" { 14 | filter { 15 | name = "tag:Name" 16 | values = ["dev-data-stream-public-subnet"] 17 | } 18 | 19 | filter { 20 | name = "availability-zone" 21 | values = ["ap-southeast-1a"] # check zone 22 | } 23 | } 24 | 25 | data "aws_subnet" "public_1b" { 26 | filter { 27 | name = "tag:Name" 28 | values = ["dev-data-stream-public-subnet"] 29 | } 30 | 31 | filter { 32 | name = "availability-zone" 33 | values = ["ap-southeast-1b"] # check zone 34 | } 35 | } 36 | 37 | 38 | data "aws_subnet" "public_1c" { 39 | filter { 40 | name = "tag:Name" 41 | values = ["dev-data-stream-public-subnet"] 42 | } 43 | 44 | filter { 45 | name = "availability-zone" 46 | values = ["ap-southeast-1c"] # check zone 47 | } 48 | } 49 | 50 | # print vpc and subnet ids 51 | output "aws_vpc_name" { 52 | value = data.aws_vpc.main.id 53 | } 54 | 55 | output "aws_subnet_1a" { 56 | value = data.aws_subnet.public_1a.id 57 | } 58 | 59 | output "aws_subnet_1b" { 60 | value = data.aws_subnet.public_1b.id 61 | } 62 | 63 | output "aws_subnet_1c" { 64 | value = data.aws_subnet.public_1c.id 65 | } 66 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "ops-stream" 6 | } 7 | 8 | variable "aws_region" { 9 | description = "The AWS region things are created in" 10 | default = "ap-southeast-1" 11 | } 12 | 13 | variable "ecs_task_execution_role_name" { 14 | description = "ECS task execution role name" 15 | default = "OpsStreamEcsTaskExecutionRole" 16 | } 17 | 18 | variable "app_port" { 19 | description = "Port exposed by the docker image to redirect traffic to" 20 | default = 80 21 | } 22 | 23 | variable "app_count" { 24 | description = "Number of docker containers to run" 25 | default = 2 26 | } 27 | 28 | variable "health_check_path" { 29 | default = "/api/v2/index" 30 | } 31 | 32 | variable "ops_stream_image" { 33 | description = "Docker image to run in the ECS cluster" 34 | default = "XXXXXXXXXXX.dkr.ecr.ap-southeast-1.amazonaws.com/dev-application:2.0.0" 35 | } 36 | 37 | variable "fargate_cpu" { 38 | description = "Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)" 39 | default = "1024" 40 | } 41 | 42 | variable "fargate_memory" { 43 | description = "Fargate instance memory to provision (in MiB)" 44 | default = "2048" 45 | } 46 | 47 | variable "ops_stream_container_name" { 48 | description = "Ops Stream container name" 49 | default = "ops-stream-app" 50 | } 51 | 52 | # make sure about vpc name, check network terraform folder to find out 53 | variable "vpc_name" { 54 | description = "Prefix for all envirnoments" 55 | default = "dev-data-stream-vpc" 56 | } 57 | 58 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/ops-stream-ecs-service.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "ops_stream_app" { 2 | template = file("./templates/ops_stream_app.json.tpl") 3 | 4 | vars = { 5 | app_image = var.ops_stream_image 6 | app_port = var.app_port 7 | fargate_cpu = var.fargate_cpu 8 | fargate_memory = var.fargate_memory 9 | aws_region = var.aws_region 10 | prefix = var.prefix 11 | container_name = var.ops_stream_container_name 12 | } 13 | } 14 | 15 | 16 | resource "aws_ecs_task_definition" "ops_stream_task_def" { 17 | family = "ops-stream-app-task" 18 | execution_role_arn = aws_iam_role.ecs_task_execution_role.arn 19 | network_mode = "awsvpc" 20 | requires_compatibilities = [ 21 | "FARGATE"] 22 | cpu = var.fargate_cpu 23 | memory = var.fargate_memory 24 | container_definitions = data.template_file.ops_stream_app.rendered 25 | } 26 | 27 | 28 | resource "aws_ecs_service" "ops_stream_main" { 29 | name = "ops-stream-service" 30 | cluster = aws_ecs_cluster.main.id 31 | task_definition = aws_ecs_task_definition.ops_stream_task_def.arn 32 | desired_count = var.app_count 33 | launch_type = "FARGATE" 34 | 35 | network_configuration { 36 | security_groups = [ 37 | aws_security_group.ecs_tasks.id] 38 | subnets = aws_subnet.public.*.id 39 | assign_public_ip = true 40 | } 41 | 42 | load_balancer { 43 | target_group_arn = aws_alb_target_group.ops_stream_target.id 44 | container_name = var.ops_stream_container_name 45 | container_port = var.app_port 46 | } 47 | 48 | depends_on = [ 49 | aws_alb_listener.front_end_ops_stream, 50 | aws_iam_role_policy_attachment.ecs_task_execution_role] 51 | } 52 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/ops-reader-ecs-service.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "ops_reader_app" { 2 | template = file("./templates/ops_reader_app.json.tpl") 3 | 4 | vars = { 5 | app_image = var.ops_reader_image 6 | app_port = var.app_port 7 | fargate_cpu = var.fargate_cpu 8 | fargate_memory = var.fargate_memory 9 | aws_region = var.aws_region 10 | prefix = var.prefix 11 | container_name = var.ops_reader_container_name 12 | } 13 | } 14 | 15 | 16 | resource "aws_ecs_task_definition" "ops_reader_task_def" { 17 | family = "ops-reader-app-task" 18 | execution_role_arn = aws_iam_role.ops_reader_ecs_task_execution_role.arn 19 | network_mode = "awsvpc" 20 | requires_compatibilities = [ 21 | "FARGATE"] 22 | cpu = var.fargate_cpu 23 | memory = var.fargate_memory 24 | container_definitions = data.template_file.ops_reader_app.rendered 25 | } 26 | 27 | 28 | resource "aws_ecs_service" "ops_reader_main" { 29 | name = "ops-reader-service" 30 | cluster = aws_ecs_cluster.main.id 31 | task_definition = aws_ecs_task_definition.ops_reader_task_def.arn 32 | desired_count = var.app_count 33 | launch_type = "FARGATE" 34 | 35 | network_configuration { 36 | security_groups = [ 37 | aws_security_group.ecs_tasks.id] 38 | subnets = ["subnet-04b8d6399d6d9112a","subnet-043b7e999d33eaf3f"] 39 | assign_public_ip = true 40 | } 41 | 42 | load_balancer { 43 | target_group_arn = aws_alb_target_group.ops_reader_target.id 44 | container_name = var.ops_reader_container_name 45 | container_port = var.app_port 46 | } 47 | 48 | depends_on = [ 49 | aws_alb_listener.front_end_ops_reader, 50 | aws_iam_role_policy_attachment.ecs_task_execution_role] 51 | } 52 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "ops-reader" 6 | } 7 | 8 | variable "aws_region" { 9 | description = "The AWS region things are created in" 10 | default = "ap-southeast-1" 11 | } 12 | 13 | variable "ecs_task_execution_role_name" { 14 | description = "ECS task execution role name" 15 | default = "OpsReaderEcsTaskExecutionRole" 16 | } 17 | 18 | variable "az_count" { 19 | description = "Number of AZs to cover in a given region" 20 | default = "3" 21 | } 22 | 23 | variable "app_port" { 24 | description = "Port exposed by the docker image to redirect traffic to" 25 | default = 80 26 | } 27 | 28 | variable "app_count" { 29 | description = "Number of docker containers to run" 30 | default = 1 31 | } 32 | 33 | 34 | #### Ops Reader Variables 35 | variable "ops_reader_image" { 36 | description = "Docker image to run in the ECS cluster" 37 | default = "XXXXXXXXXX.dkr.ecr.ap-southeast-1.amazonaws.com/dev-application:1.0.0" 38 | } 39 | 40 | variable "ops_reader_health_check_path" { 41 | default = "/api/v2/index" 42 | } 43 | 44 | variable "fargate_cpu" { 45 | description = "Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)" 46 | default = "1024" 47 | } 48 | 49 | variable "fargate_memory" { 50 | description = "Fargate instance memory to provision (in MiB)" 51 | default = "2048" 52 | } 53 | 54 | variable "ops_stream_container_name" { 55 | description = "Ops Stream container name" 56 | default = "ops-stream-app" 57 | } 58 | 59 | variable "ops_reader_container_name" { 60 | description = "Ops Reader container name" 61 | default = "ops-reader-app" 62 | } 63 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/ops-stream-ecs-service.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "ops_stream_app" { 2 | template = file("./templates/ops_stream_app.json.tpl") 3 | 4 | vars = { 5 | app_image = var.ops_stream_image 6 | app_port = var.app_port 7 | fargate_cpu = var.fargate_cpu 8 | fargate_memory = var.fargate_memory 9 | aws_region = var.aws_region 10 | prefix = var.prefix 11 | container_name = var.ops_stream_container_name 12 | } 13 | } 14 | 15 | 16 | resource "aws_ecs_task_definition" "ops_stream_task_def" { 17 | family = "ops-stream-app-task" 18 | execution_role_arn = aws_iam_role.ecs_task_execution_role.arn 19 | network_mode = "awsvpc" 20 | requires_compatibilities = [ 21 | "FARGATE"] 22 | cpu = var.fargate_cpu 23 | memory = var.fargate_memory 24 | container_definitions = data.template_file.ops_stream_app.rendered 25 | } 26 | 27 | 28 | resource "aws_ecs_service" "ops_stream_main" { 29 | name = "ops-stream-service" 30 | cluster = aws_ecs_cluster.main.id 31 | task_definition = aws_ecs_task_definition.ops_stream_task_def.arn 32 | desired_count = var.app_count 33 | launch_type = "FARGATE" 34 | 35 | network_configuration { 36 | security_groups = [ 37 | aws_security_group.ecs_tasks.id] 38 | subnets = [ 39 | data.aws_subnet.public_1a.id, 40 | data.aws_subnet.public_1b.id, 41 | data.aws_subnet.public_1c.id 42 | ] 43 | assign_public_ip = true 44 | } 45 | 46 | load_balancer { 47 | target_group_arn = aws_alb_target_group.ops_stream_target.id 48 | container_name = var.ops_stream_container_name 49 | container_port = var.app_port 50 | } 51 | 52 | depends_on = [ 53 | aws_alb_listener.front_end_ops_stream, 54 | aws_iam_role_policy_attachment.ops_stream_task_execution_role] 55 | } 56 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/ops-reader-ecs-service.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "ops_reader_app" { 2 | template = file("./templates/ops_reader_app.json.tpl") 3 | 4 | vars = { 5 | app_image = var.ops_reader_image 6 | app_port = var.app_port 7 | fargate_cpu = var.fargate_cpu 8 | fargate_memory = var.fargate_memory 9 | aws_region = var.aws_region 10 | prefix = var.prefix 11 | container_name = var.ops_reader_container_name 12 | } 13 | } 14 | 15 | 16 | resource "aws_ecs_task_definition" "ops_reader_task_def" { 17 | family = "ops-reader-app-task" 18 | execution_role_arn = aws_iam_role.ops_reader_ecs_task_execution_role.arn 19 | network_mode = "awsvpc" 20 | requires_compatibilities = [ 21 | "FARGATE"] 22 | cpu = var.fargate_cpu 23 | memory = var.fargate_memory 24 | container_definitions = data.template_file.ops_reader_app.rendered 25 | } 26 | 27 | 28 | resource "aws_ecs_service" "ops_reader_main" { 29 | name = "ops-reader-service" 30 | cluster = aws_ecs_cluster.main.id 31 | task_definition = aws_ecs_task_definition.ops_reader_task_def.arn 32 | desired_count = var.app_count 33 | launch_type = "FARGATE" 34 | 35 | network_configuration { 36 | security_groups = [ 37 | aws_security_group.ecs_tasks.id] 38 | subnets = [ 39 | data.aws_subnet.public_1a.id, 40 | data.aws_subnet.public_1b.id, 41 | data.aws_subnet.public_1c.id 42 | ] 43 | assign_public_ip = true 44 | } 45 | 46 | load_balancer { 47 | target_group_arn = aws_alb_target_group.ops_reader_target.id 48 | container_name = var.ops_reader_container_name 49 | container_port = var.app_port 50 | } 51 | 52 | depends_on = [ 53 | aws_alb_listener.front_end_ops_reader, 54 | aws_iam_role_policy_attachment.ops_reader_task_execution_role] 55 | } 56 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "data-app" 6 | } 7 | 8 | variable "short-prefix" { 9 | description = "Prefix for all envirnoments" 10 | default = "ds" 11 | } 12 | 13 | variable "aws_region" { 14 | description = "The AWS region things are created in" 15 | default = "ap-southeast-1" 16 | } 17 | 18 | variable "ecs_task_execution_role_name" { 19 | description = "ECS task execution role name" 20 | default = "DataStreamEcsTaskExecutionRole" 21 | } 22 | 23 | variable "az_count" { 24 | description = "Number of AZs to cover in a given region" 25 | default = "2" 26 | } 27 | 28 | 29 | variable "app_port" { 30 | description = "Port exposed by the docker image to redirect traffic to" 31 | default = 80 32 | } 33 | 34 | variable "app_count" { 35 | description = "Number of docker containers to run" 36 | default = 1 37 | } 38 | 39 | variable "health_check_path" { 40 | default = "/api/v2/index" 41 | } 42 | 43 | variable "ops_stream_image" { 44 | description = "Docker image to run in the ECS cluster" 45 | default = "XXXXXXXX.dkr.ecr.ap-southeast-1.amazonaws.com/dev-app1:2.0.0" 46 | } 47 | 48 | 49 | #### Ops Reader Variables 50 | variable "ops_reader_image" { 51 | description = "Docker image to run in the ECS cluster" 52 | default = "XXXXXXXX.dkr.ecr.ap-southeast-1.amazonaws.com/dev-app2:2.0.0" 53 | } 54 | 55 | variable "ops_reader_health_check_path" { 56 | default = "/api/v2/index" 57 | } 58 | 59 | variable "fargate_cpu" { 60 | description = "Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)" 61 | default = "1024" 62 | } 63 | 64 | variable "fargate_memory" { 65 | description = "Fargate instance memory to provision (in MiB)" 66 | default = "2048" 67 | } 68 | 69 | variable "ops_stream_container_name" { 70 | description = "Ops Stream container name" 71 | default = "ops-stream-app" 72 | } 73 | 74 | variable "ops_reader_container_name" { 75 | description = "Ops Reader container name" 76 | default = "ops-reader-app" 77 | } 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/alb.tf: -------------------------------------------------------------------------------- 1 | # alb.tf 2 | 3 | resource "aws_alb" "main1" { 4 | name = "cb-load-balancer-1" 5 | subnets = aws_subnet.public.*.id 6 | security_groups = [aws_security_group.lb.id] 7 | } 8 | 9 | resource "aws_alb" "main2" { 10 | name = "cb-load-balancer-2" 11 | subnets = aws_subnet.public.*.id 12 | security_groups = [aws_security_group.lb.id] 13 | } 14 | 15 | resource "aws_alb_target_group" "app_1" { 16 | name = "cb-target-group-1" 17 | port = 80 18 | protocol = "HTTP" 19 | vpc_id = aws_vpc.main.id 20 | target_type = "ip" 21 | 22 | health_check { 23 | healthy_threshold = "3" 24 | interval = "30" 25 | protocol = "HTTP" 26 | matcher = "200" 27 | timeout = "3" 28 | path = var.health_check_path 29 | unhealthy_threshold = "2" 30 | } 31 | } 32 | resource "aws_alb_target_group" "app_2" { 33 | name = "cb-target-group-2" 34 | port = 80 35 | protocol = "HTTP" 36 | vpc_id = aws_vpc.main.id 37 | target_type = "ip" 38 | 39 | health_check { 40 | healthy_threshold = "3" 41 | interval = "30" 42 | protocol = "HTTP" 43 | matcher = "200" 44 | timeout = "3" 45 | path = var.health_check_path 46 | unhealthy_threshold = "2" 47 | } 48 | } 49 | 50 | # Redirect all traffic from the ALB to the target group 51 | resource "aws_alb_listener" "front_end_1" { 52 | load_balancer_arn = aws_alb.main1.id 53 | port = var.app_port 54 | protocol = "HTTP" 55 | 56 | default_action { 57 | target_group_arn = aws_alb_target_group.app_1.id 58 | type = "forward" 59 | } 60 | } 61 | 62 | 63 | # Redirect all traffic from the ALB to the target group 64 | resource "aws_alb_listener" "front_end_2" { 65 | load_balancer_arn = aws_alb.main2.id 66 | port = var.app_port 67 | protocol = "HTTP" 68 | 69 | default_action { 70 | target_group_arn = aws_alb_target_group.app_2.id 71 | type = "forward" 72 | } 73 | } 74 | 75 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/variables.tf: -------------------------------------------------------------------------------- 1 | # variables.tf 2 | 3 | variable "prefix" { 4 | description = "Prefix for all envirnoments" 5 | default = "ops-reader" 6 | } 7 | 8 | variable "short-prefix" { 9 | description = "Prefix for all envirnoments" 10 | default = "ds" 11 | } 12 | 13 | variable "aws_region" { 14 | description = "The AWS region things are created in" 15 | default = "ap-southeast-1" 16 | } 17 | 18 | variable "ecs_task_execution_role_name" { 19 | description = "ECS task execution role name" 20 | default = "OpsReaderEcsTaskExecutionRole" 21 | } 22 | 23 | variable "az_count" { 24 | description = "Number of AZs to cover in a given region" 25 | default = "2" 26 | } 27 | 28 | 29 | 30 | variable "app_port" { 31 | description = "Port exposed by the docker image to redirect traffic to" 32 | default = 80 33 | } 34 | 35 | variable "app_count" { 36 | description = "Number of docker containers to run" 37 | default = 1 38 | } 39 | 40 | variable "health_check_path" { 41 | default = "/api/v2/index" 42 | } 43 | 44 | variable "ops_stream_image" { 45 | description = "Docker image to run in the ECS cluster" 46 | default = "466551463358.dkr.ecr.ap-southeast-1.amazonaws.com/dev-ops-stream:2.0.0" 47 | } 48 | 49 | 50 | #### Ops Reader Variables 51 | variable "ops_reader_image" { 52 | description = "Docker image to run in the ECS cluster" 53 | default = "466551463358.dkr.ecr.ap-southeast-1.amazonaws.com/dev-ops-stream:2.0.0" 54 | } 55 | 56 | variable "ops_reader_health_check_path" { 57 | default = "/api/v2/index" 58 | } 59 | 60 | variable "fargate_cpu" { 61 | description = "Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)" 62 | default = "1024" 63 | } 64 | 65 | variable "fargate_memory" { 66 | description = "Fargate instance memory to provision (in MiB)" 67 | default = "2048" 68 | } 69 | 70 | variable "ops_stream_container_name" { 71 | description = "Ops Stream container name" 72 | default = "ops-stream-app" 73 | } 74 | 75 | variable "ops_reader_container_name" { 76 | description = "Ops Reader container name" 77 | default = "ops-reader-app" 78 | } 79 | 80 | 81 | 82 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/ecs.tf: -------------------------------------------------------------------------------- 1 | # ecs.tf 2 | 3 | resource "aws_ecs_cluster" "main" { 4 | name = "cb-cluster" 5 | } 6 | 7 | data "template_file" "cb_app" { 8 | template = file("./templates/ecs/cb_app.json.tpl") 9 | 10 | vars = { 11 | app_image = var.app_image 12 | app_port = var.app_port 13 | fargate_cpu = var.fargate_cpu 14 | fargate_memory = var.fargate_memory 15 | aws_region = var.aws_region 16 | } 17 | } 18 | 19 | resource "aws_ecs_task_definition" "app" { 20 | family = "cb-app-task" 21 | execution_role_arn = aws_iam_role.ecs_task_execution_role.arn 22 | network_mode = "awsvpc" 23 | requires_compatibilities = ["FARGATE"] 24 | cpu = var.fargate_cpu 25 | memory = var.fargate_memory 26 | container_definitions = data.template_file.cb_app.rendered 27 | } 28 | 29 | resource "aws_ecs_service" "main1" { 30 | name = "cb-service" 31 | cluster = aws_ecs_cluster.main.id 32 | task_definition = aws_ecs_task_definition.app.arn 33 | desired_count = var.app_count 34 | launch_type = "FARGATE" 35 | 36 | network_configuration { 37 | security_groups = [aws_security_group.ecs_tasks.id] 38 | subnets = aws_subnet.public.*.id 39 | assign_public_ip = true 40 | } 41 | 42 | load_balancer { 43 | target_group_arn = aws_alb_target_group.app_1.id 44 | container_name = "cb-app" 45 | container_port = var.app_port 46 | } 47 | 48 | depends_on = [aws_alb_listener.front_end_1, aws_iam_role_policy_attachment.ecs_task_execution_role] 49 | } 50 | 51 | resource "aws_ecs_service" "main2" { 52 | name = "cb-service-2" 53 | cluster = aws_ecs_cluster.main.id 54 | task_definition = aws_ecs_task_definition.app.arn 55 | desired_count = var.app_count 56 | launch_type = "FARGATE" 57 | 58 | network_configuration { 59 | security_groups = [aws_security_group.ecs_tasks.id] 60 | subnets = aws_subnet.public.*.id 61 | assign_public_ip = true 62 | } 63 | 64 | load_balancer { 65 | target_group_arn = aws_alb_target_group.app_2.id 66 | container_name = "cb-app" 67 | container_port = var.app_port 68 | } 69 | 70 | depends_on = [aws_alb_listener.front_end_2, aws_iam_role_policy_attachment.ecs_task_execution_role] 71 | } 72 | 73 | 74 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/auto_scaling.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "target_1" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main1.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 3 8 | max_capacity = 6 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "up_1" { 13 | name = "cb_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main1.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.target_1] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "down_1" { 34 | name = "cb_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main1.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.target_1] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "service_cpu_high_1" { 55 | alarm_name = "cb_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.main1.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.up_1.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "service_cpu_low_1" { 74 | alarm_name = "cb_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.main1.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.down_1.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs-1cluster-2service/auto_scaling_2.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "target_2" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main2.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 3 8 | max_capacity = 6 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "up_2" { 13 | name = "cb_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main2.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.target_2] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "down_2" { 34 | name = "cb_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main2.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.target_1] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "service_cpu_high_2" { 55 | alarm_name = "cb_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.main2.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.up_1.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "service_cpu_low_2" { 74 | alarm_name = "cb_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.main2.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.down_2.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs_app_new_vpc/ops_stream_auto_scaling.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "ops_stream_target" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 1 8 | max_capacity = 2 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "ops_stream_up" { 13 | name = "ops_stream_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.ops_stream_target] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "ops_stream_down" { 34 | name = "ops_stream_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.ops_stream_target] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "ops_stream_service_cpu_high" { 55 | alarm_name = "ops_stream_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.ops_stream_main.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.ops_stream_up.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "ops_stream_service_cpu_low" { 74 | alarm_name = "ops_stream_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.ops_stream_main.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.ops_stream_down.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs-app-existing-vpc-id/ops-reader-auto-scaling.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "ops_reader_target" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 1 8 | max_capacity = 6 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "ops_reader_up" { 13 | name = "ops_reader_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.ops_reader_target] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "ops_reader_down" { 34 | name = "ops_reader_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.ops_reader_target] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "ops_reader_service_cpu_high" { 55 | alarm_name = "ops_reader_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.ops_reader_main.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.ops_reader_up.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "ops_reader_service_cpu_low" { 74 | alarm_name = "ops_reader_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.ops_reader_main.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.ops_reader_down.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-reader/ops-reader-auto-scaling.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "ops_reader_target" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 1 8 | max_capacity = 6 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "ops_reader_up" { 13 | name = "ops_reader_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.ops_reader_target] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "ops_reader_down" { 34 | name = "ops_reader_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_reader_main.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.ops_reader_target] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "ops_reader_service_cpu_high" { 55 | alarm_name = "ops_reader_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.ops_reader_main.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.ops_reader_up.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "ops_reader_service_cpu_low" { 74 | alarm_name = "ops_reader_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.ops_reader_main.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.ops_reader_down.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/ops_stream_auto_scaling.tf: -------------------------------------------------------------------------------- 1 | # auto_scaling.tf 2 | 3 | resource "aws_appautoscaling_target" "ops_stream_target" { 4 | service_namespace = "ecs" 5 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 6 | scalable_dimension = "ecs:service:DesiredCount" 7 | min_capacity = 1 8 | max_capacity = 6 9 | } 10 | 11 | # Automatically scale capacity up by one 12 | resource "aws_appautoscaling_policy" "ops_stream_up" { 13 | name = "ops_stream_scale_up" 14 | service_namespace = "ecs" 15 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 16 | scalable_dimension = "ecs:service:DesiredCount" 17 | 18 | step_scaling_policy_configuration { 19 | adjustment_type = "ChangeInCapacity" 20 | cooldown = 60 21 | metric_aggregation_type = "Maximum" 22 | 23 | step_adjustment { 24 | metric_interval_lower_bound = 0 25 | scaling_adjustment = 1 26 | } 27 | } 28 | 29 | depends_on = [aws_appautoscaling_target.ops_stream_target] 30 | } 31 | 32 | # Automatically scale capacity down by one 33 | resource "aws_appautoscaling_policy" "ops_stream_down" { 34 | name = "ops_stream_scale_down" 35 | service_namespace = "ecs" 36 | resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.ops_stream_main.name}" 37 | scalable_dimension = "ecs:service:DesiredCount" 38 | 39 | step_scaling_policy_configuration { 40 | adjustment_type = "ChangeInCapacity" 41 | cooldown = 60 42 | metric_aggregation_type = "Maximum" 43 | 44 | step_adjustment { 45 | metric_interval_upper_bound = 0 46 | scaling_adjustment = -1 47 | } 48 | } 49 | 50 | depends_on = [aws_appautoscaling_target.ops_stream_target] 51 | } 52 | 53 | # CloudWatch alarm that triggers the autoscaling up policy 54 | resource "aws_cloudwatch_metric_alarm" "ops_stream_service_cpu_high" { 55 | alarm_name = "ops_stream_cpu_utilization_high" 56 | comparison_operator = "GreaterThanOrEqualToThreshold" 57 | evaluation_periods = "2" 58 | metric_name = "CPUUtilization" 59 | namespace = "AWS/ECS" 60 | period = "60" 61 | statistic = "Average" 62 | threshold = "85" 63 | 64 | dimensions = { 65 | ClusterName = aws_ecs_cluster.main.name 66 | ServiceName = aws_ecs_service.ops_stream_main.name 67 | } 68 | 69 | alarm_actions = [aws_appautoscaling_policy.ops_stream_up.arn] 70 | } 71 | 72 | # CloudWatch alarm that triggers the autoscaling down policy 73 | resource "aws_cloudwatch_metric_alarm" "ops_stream_service_cpu_low" { 74 | alarm_name = "ops_stream_cpu_utilization_low" 75 | comparison_operator = "LessThanOrEqualToThreshold" 76 | evaluation_periods = "2" 77 | metric_name = "CPUUtilization" 78 | namespace = "AWS/ECS" 79 | period = "60" 80 | statistic = "Average" 81 | threshold = "10" 82 | 83 | dimensions = { 84 | ClusterName = aws_ecs_cluster.main.name 85 | ServiceName = aws_ecs_service.ops_stream_main.name 86 | } 87 | 88 | alarm_actions = [aws_appautoscaling_policy.ops_stream_down.arn] 89 | } 90 | 91 | -------------------------------------------------------------------------------- /ecs-exist-vpc/dev-ops-stream/terraform.tfstate: -------------------------------------------------------------------------------- 1 | { 2 | "version": 4, 3 | "terraform_version": "0.12.21", 4 | "serial": 18, 5 | "lineage": "58f85178-6e8d-b0e7-e897-c5055f0ec181", 6 | "outputs": { 7 | "aws_subnet_1a": { 8 | "value": "subnet-0ac749aa53aa8dab9", 9 | "type": "string" 10 | }, 11 | "aws_subnet_1b": { 12 | "value": "subnet-04872f88b4d25314a", 13 | "type": "string" 14 | }, 15 | "aws_subnet_1c": { 16 | "value": "subnet-0e607f14ce3ca93d3", 17 | "type": "string" 18 | }, 19 | "aws_vpc_name": { 20 | "value": "vpc-0a52713ccd32ed5f3", 21 | "type": "string" 22 | }, 23 | "ops_stream_alb_hostname": { 24 | "value": "ops-stream-1605619007.ap-southeast-1.elb.amazonaws.com", 25 | "type": "string" 26 | } 27 | }, 28 | "resources": [ 29 | { 30 | "mode": "data", 31 | "type": "aws_iam_policy_document", 32 | "name": "ops_stream_ecs_role", 33 | "provider": "provider.aws", 34 | "instances": [ 35 | { 36 | "schema_version": 0, 37 | "attributes": { 38 | "id": "320642683", 39 | "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ecs-tasks.amazonaws.com\"\n }\n }\n ]\n}", 40 | "override_json": null, 41 | "policy_id": null, 42 | "source_json": null, 43 | "statement": [ 44 | { 45 | "actions": [ 46 | "sts:AssumeRole" 47 | ], 48 | "condition": [], 49 | "effect": "Allow", 50 | "not_actions": [], 51 | "not_principals": [], 52 | "not_resources": [], 53 | "principals": [ 54 | { 55 | "identifiers": [ 56 | "ecs-tasks.amazonaws.com" 57 | ], 58 | "type": "Service" 59 | } 60 | ], 61 | "resources": [], 62 | "sid": "" 63 | } 64 | ], 65 | "version": "2012-10-17" 66 | } 67 | } 68 | ] 69 | }, 70 | { 71 | "mode": "data", 72 | "type": "aws_subnet", 73 | "name": "public_1a", 74 | "provider": "provider.aws", 75 | "instances": [ 76 | { 77 | "schema_version": 0, 78 | "attributes": { 79 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:subnet/subnet-0ac749aa53aa8dab9", 80 | "assign_ipv6_address_on_creation": false, 81 | "availability_zone": "ap-southeast-1a", 82 | "availability_zone_id": "apse1-az1", 83 | "cidr_block": "172.10.3.0/24", 84 | "default_for_az": false, 85 | "filter": [ 86 | { 87 | "name": "availability-zone", 88 | "values": [ 89 | "ap-southeast-1a" 90 | ] 91 | }, 92 | { 93 | "name": "tag:Name", 94 | "values": [ 95 | "dev-data-stream-public-subnet" 96 | ] 97 | } 98 | ], 99 | "id": "subnet-0ac749aa53aa8dab9", 100 | "ipv6_cidr_block": null, 101 | "ipv6_cidr_block_association_id": null, 102 | "map_public_ip_on_launch": true, 103 | "owner_id": "466551463358", 104 | "state": "available", 105 | "tags": { 106 | "Name": "dev-data-stream-public-subnet" 107 | }, 108 | "vpc_id": "vpc-0a52713ccd32ed5f3" 109 | } 110 | } 111 | ] 112 | }, 113 | { 114 | "mode": "data", 115 | "type": "aws_subnet", 116 | "name": "public_1b", 117 | "provider": "provider.aws", 118 | "instances": [ 119 | { 120 | "schema_version": 0, 121 | "attributes": { 122 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:subnet/subnet-04872f88b4d25314a", 123 | "assign_ipv6_address_on_creation": false, 124 | "availability_zone": "ap-southeast-1b", 125 | "availability_zone_id": "apse1-az2", 126 | "cidr_block": "172.10.4.0/24", 127 | "default_for_az": false, 128 | "filter": [ 129 | { 130 | "name": "availability-zone", 131 | "values": [ 132 | "ap-southeast-1b" 133 | ] 134 | }, 135 | { 136 | "name": "tag:Name", 137 | "values": [ 138 | "dev-data-stream-public-subnet" 139 | ] 140 | } 141 | ], 142 | "id": "subnet-04872f88b4d25314a", 143 | "ipv6_cidr_block": null, 144 | "ipv6_cidr_block_association_id": null, 145 | "map_public_ip_on_launch": true, 146 | "owner_id": "466551463358", 147 | "state": "available", 148 | "tags": { 149 | "Name": "dev-data-stream-public-subnet" 150 | }, 151 | "vpc_id": "vpc-0a52713ccd32ed5f3" 152 | } 153 | } 154 | ] 155 | }, 156 | { 157 | "mode": "data", 158 | "type": "aws_subnet", 159 | "name": "public_1c", 160 | "provider": "provider.aws", 161 | "instances": [ 162 | { 163 | "schema_version": 0, 164 | "attributes": { 165 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:subnet/subnet-0e607f14ce3ca93d3", 166 | "assign_ipv6_address_on_creation": false, 167 | "availability_zone": "ap-southeast-1c", 168 | "availability_zone_id": "apse1-az3", 169 | "cidr_block": "172.10.5.0/24", 170 | "default_for_az": false, 171 | "filter": [ 172 | { 173 | "name": "availability-zone", 174 | "values": [ 175 | "ap-southeast-1c" 176 | ] 177 | }, 178 | { 179 | "name": "tag:Name", 180 | "values": [ 181 | "dev-data-stream-public-subnet" 182 | ] 183 | } 184 | ], 185 | "id": "subnet-0e607f14ce3ca93d3", 186 | "ipv6_cidr_block": null, 187 | "ipv6_cidr_block_association_id": null, 188 | "map_public_ip_on_launch": true, 189 | "owner_id": "466551463358", 190 | "state": "available", 191 | "tags": { 192 | "Name": "dev-data-stream-public-subnet" 193 | }, 194 | "vpc_id": "vpc-0a52713ccd32ed5f3" 195 | } 196 | } 197 | ] 198 | }, 199 | { 200 | "mode": "data", 201 | "type": "aws_vpc", 202 | "name": "main", 203 | "provider": "provider.aws", 204 | "instances": [ 205 | { 206 | "schema_version": 0, 207 | "attributes": { 208 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:vpc/vpc-0a52713ccd32ed5f3", 209 | "cidr_block": "172.10.0.0/16", 210 | "cidr_block_associations": [ 211 | { 212 | "association_id": "vpc-cidr-assoc-0124e5082cbfa95c1", 213 | "cidr_block": "172.10.0.0/16", 214 | "state": "associated" 215 | } 216 | ], 217 | "default": false, 218 | "dhcp_options_id": "dopt-e7ca3c80", 219 | "enable_dns_hostnames": false, 220 | "enable_dns_support": true, 221 | "filter": [ 222 | { 223 | "name": "tag:Name", 224 | "values": [ 225 | "dev-data-stream-vpc" 226 | ] 227 | } 228 | ], 229 | "id": "vpc-0a52713ccd32ed5f3", 230 | "instance_tenancy": "default", 231 | "ipv6_association_id": null, 232 | "ipv6_cidr_block": null, 233 | "main_route_table_id": "rtb-03da5a17ac036e683", 234 | "owner_id": "466551463358", 235 | "state": "available", 236 | "tags": { 237 | "Name": "dev-data-stream-vpc" 238 | } 239 | } 240 | } 241 | ] 242 | }, 243 | { 244 | "mode": "data", 245 | "type": "template_file", 246 | "name": "ops_stream_app", 247 | "provider": "provider.template", 248 | "instances": [ 249 | { 250 | "schema_version": 0, 251 | "attributes": { 252 | "filename": null, 253 | "id": "9cf68fc2f377eae8f48fefec917d3dfd88672d19d0a65ab37b6d5d2ae80e6420", 254 | "rendered": "[\n {\n \"name\": \"ops-stream-app\",\n \"image\": \"466551463358.dkr.ecr.ap-southeast-1.amazonaws.com/dev-ops-stream:2.0.0\",\n \"cpu\": 1024,\n \"memory\": 2048,\n \"networkMode\": \"awsvpc\",\n \"environment\": [\n {\n \"name\": \"DB_PASSWORD\",\n \"value\": \"TESTING_PASSWORD\"\n }\n ],\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"/ecs/ops-stream-app\",\n \"awslogs-region\": \"ap-southeast-1\",\n \"awslogs-stream-prefix\": \"ecs\"\n }\n },\n \"portMappings\": [\n {\n \"containerPort\": 80,\n \"hostPort\": 80\n }\n ]\n }\n]\n", 255 | "template": "[\n {\n \"name\": \"${container_name}\",\n \"image\": \"${app_image}\",\n \"cpu\": ${fargate_cpu},\n \"memory\": ${fargate_memory},\n \"networkMode\": \"awsvpc\",\n \"environment\": [\n {\n \"name\": \"DB_PASSWORD\",\n \"value\": \"TESTING_PASSWORD\"\n }\n ],\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"/ecs/ops-stream-app\",\n \"awslogs-region\": \"${aws_region}\",\n \"awslogs-stream-prefix\": \"ecs\"\n }\n },\n \"portMappings\": [\n {\n \"containerPort\": ${app_port},\n \"hostPort\": ${app_port}\n }\n ]\n }\n]\n", 256 | "vars": { 257 | "app_image": "466551463358.dkr.ecr.ap-southeast-1.amazonaws.com/dev-ops-stream:2.0.0", 258 | "app_port": "80", 259 | "aws_region": "ap-southeast-1", 260 | "container_name": "ops-stream-app", 261 | "fargate_cpu": "1024", 262 | "fargate_memory": "2048", 263 | "prefix": "ops-stream" 264 | } 265 | } 266 | } 267 | ] 268 | }, 269 | { 270 | "mode": "managed", 271 | "type": "aws_alb", 272 | "name": "ops_stream_lb", 273 | "provider": "provider.aws", 274 | "instances": [ 275 | { 276 | "schema_version": 0, 277 | "attributes": { 278 | "access_logs": [ 279 | { 280 | "bucket": "", 281 | "enabled": false, 282 | "prefix": "" 283 | } 284 | ], 285 | "arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:loadbalancer/app/ops-stream/4aba82b1ee737b9f", 286 | "arn_suffix": "app/ops-stream/4aba82b1ee737b9f", 287 | "dns_name": "ops-stream-1605619007.ap-southeast-1.elb.amazonaws.com", 288 | "drop_invalid_header_fields": false, 289 | "enable_cross_zone_load_balancing": null, 290 | "enable_deletion_protection": false, 291 | "enable_http2": true, 292 | "id": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:loadbalancer/app/ops-stream/4aba82b1ee737b9f", 293 | "idle_timeout": 60, 294 | "internal": false, 295 | "ip_address_type": "ipv4", 296 | "load_balancer_type": "application", 297 | "name": "ops-stream", 298 | "name_prefix": null, 299 | "security_groups": [ 300 | "sg-03e6aa6fc9fdf8189" 301 | ], 302 | "subnet_mapping": [ 303 | { 304 | "allocation_id": "", 305 | "subnet_id": "subnet-04872f88b4d25314a" 306 | }, 307 | { 308 | "allocation_id": "", 309 | "subnet_id": "subnet-0ac749aa53aa8dab9" 310 | }, 311 | { 312 | "allocation_id": "", 313 | "subnet_id": "subnet-0e607f14ce3ca93d3" 314 | } 315 | ], 316 | "subnets": [ 317 | "subnet-04872f88b4d25314a", 318 | "subnet-0ac749aa53aa8dab9", 319 | "subnet-0e607f14ce3ca93d3" 320 | ], 321 | "tags": null, 322 | "timeouts": null, 323 | "vpc_id": "vpc-0a52713ccd32ed5f3", 324 | "zone_id": "Z1LMS91P8CMLE5" 325 | }, 326 | "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", 327 | "dependencies": [ 328 | "aws_security_group.lb" 329 | ] 330 | } 331 | ] 332 | }, 333 | { 334 | "mode": "managed", 335 | "type": "aws_alb_listener", 336 | "name": "front_end_ops_stream", 337 | "provider": "provider.aws", 338 | "instances": [ 339 | { 340 | "schema_version": 0, 341 | "attributes": { 342 | "arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:listener/app/ops-stream/4aba82b1ee737b9f/e869e84804a9326a", 343 | "certificate_arn": null, 344 | "default_action": [ 345 | { 346 | "authenticate_cognito": [], 347 | "authenticate_oidc": [], 348 | "fixed_response": [], 349 | "order": 1, 350 | "redirect": [], 351 | "target_group_arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:targetgroup/ops-stream-target-group/ad7382b3ee34de15", 352 | "type": "forward" 353 | } 354 | ], 355 | "id": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:listener/app/ops-stream/4aba82b1ee737b9f/e869e84804a9326a", 356 | "load_balancer_arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:loadbalancer/app/ops-stream/4aba82b1ee737b9f", 357 | "port": 80, 358 | "protocol": "HTTP", 359 | "ssl_policy": "", 360 | "timeouts": null 361 | }, 362 | "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsicmVhZCI6NjAwMDAwMDAwMDAwfX0=", 363 | "dependencies": [ 364 | "aws_alb.ops_stream_lb", 365 | "aws_alb_target_group.ops_stream_target", 366 | "aws_security_group.lb" 367 | ] 368 | } 369 | ] 370 | }, 371 | { 372 | "mode": "managed", 373 | "type": "aws_alb_target_group", 374 | "name": "ops_stream_target", 375 | "provider": "provider.aws", 376 | "instances": [ 377 | { 378 | "schema_version": 0, 379 | "attributes": { 380 | "arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:targetgroup/ops-stream-target-group/ad7382b3ee34de15", 381 | "arn_suffix": "targetgroup/ops-stream-target-group/ad7382b3ee34de15", 382 | "deregistration_delay": 300, 383 | "health_check": [ 384 | { 385 | "enabled": true, 386 | "healthy_threshold": 3, 387 | "interval": 30, 388 | "matcher": "200", 389 | "path": "/api/v2/index", 390 | "port": "traffic-port", 391 | "protocol": "HTTP", 392 | "timeout": 3, 393 | "unhealthy_threshold": 2 394 | } 395 | ], 396 | "id": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:targetgroup/ops-stream-target-group/ad7382b3ee34de15", 397 | "lambda_multi_value_headers_enabled": false, 398 | "load_balancing_algorithm_type": "round_robin", 399 | "name": "ops-stream-target-group", 400 | "name_prefix": null, 401 | "port": 80, 402 | "protocol": "HTTP", 403 | "proxy_protocol_v2": false, 404 | "slow_start": 0, 405 | "stickiness": [ 406 | { 407 | "cookie_duration": 86400, 408 | "enabled": false, 409 | "type": "lb_cookie" 410 | } 411 | ], 412 | "tags": null, 413 | "target_type": "ip", 414 | "vpc_id": "vpc-0a52713ccd32ed5f3" 415 | }, 416 | "private": "bnVsbA==" 417 | } 418 | ] 419 | }, 420 | { 421 | "mode": "managed", 422 | "type": "aws_appautoscaling_policy", 423 | "name": "ops_stream_down", 424 | "provider": "provider.aws", 425 | "instances": [ 426 | { 427 | "schema_version": 0, 428 | "attributes": { 429 | "adjustment_type": null, 430 | "arn": "arn:aws:autoscaling:ap-southeast-1:466551463358:scalingPolicy:d0bda0cd-3b97-4771-9a59-fdeac5c2a88d:resource/ecs/service/ops-stream-api-cluster/ops-stream-service:policyName/ops_stream_scale_down", 431 | "cooldown": null, 432 | "id": "ops_stream_scale_down", 433 | "metric_aggregation_type": null, 434 | "min_adjustment_magnitude": null, 435 | "name": "ops_stream_scale_down", 436 | "policy_type": "StepScaling", 437 | "resource_id": "service/ops-stream-api-cluster/ops-stream-service", 438 | "scalable_dimension": "ecs:service:DesiredCount", 439 | "service_namespace": "ecs", 440 | "step_adjustment": [], 441 | "step_scaling_policy_configuration": [ 442 | { 443 | "adjustment_type": "ChangeInCapacity", 444 | "cooldown": 60, 445 | "metric_aggregation_type": "Maximum", 446 | "min_adjustment_magnitude": 0, 447 | "step_adjustment": [ 448 | { 449 | "metric_interval_lower_bound": "", 450 | "metric_interval_upper_bound": "0", 451 | "scaling_adjustment": -1 452 | } 453 | ] 454 | } 455 | ], 456 | "target_tracking_scaling_policy_configuration": [] 457 | }, 458 | "private": "bnVsbA==", 459 | "dependencies": [ 460 | "aws_alb.ops_stream_lb", 461 | "aws_alb_listener.front_end_ops_stream", 462 | "aws_alb_target_group.ops_stream_target", 463 | "aws_appautoscaling_target.ops_stream_target", 464 | "aws_ecs_cluster.main", 465 | "aws_ecs_service.ops_stream_main", 466 | "aws_ecs_task_definition.ops_stream_task_def", 467 | "aws_iam_role.ecs_task_execution_role", 468 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 469 | "aws_security_group.ecs_tasks", 470 | "aws_security_group.lb" 471 | ] 472 | } 473 | ] 474 | }, 475 | { 476 | "mode": "managed", 477 | "type": "aws_appautoscaling_policy", 478 | "name": "ops_stream_up", 479 | "provider": "provider.aws", 480 | "instances": [ 481 | { 482 | "schema_version": 0, 483 | "attributes": { 484 | "adjustment_type": null, 485 | "arn": "arn:aws:autoscaling:ap-southeast-1:466551463358:scalingPolicy:d0bda0cd-3b97-4771-9a59-fdeac5c2a88d:resource/ecs/service/ops-stream-api-cluster/ops-stream-service:policyName/ops_stream_scale_up", 486 | "cooldown": null, 487 | "id": "ops_stream_scale_up", 488 | "metric_aggregation_type": null, 489 | "min_adjustment_magnitude": null, 490 | "name": "ops_stream_scale_up", 491 | "policy_type": "StepScaling", 492 | "resource_id": "service/ops-stream-api-cluster/ops-stream-service", 493 | "scalable_dimension": "ecs:service:DesiredCount", 494 | "service_namespace": "ecs", 495 | "step_adjustment": [], 496 | "step_scaling_policy_configuration": [ 497 | { 498 | "adjustment_type": "ChangeInCapacity", 499 | "cooldown": 60, 500 | "metric_aggregation_type": "Maximum", 501 | "min_adjustment_magnitude": 0, 502 | "step_adjustment": [ 503 | { 504 | "metric_interval_lower_bound": "0", 505 | "metric_interval_upper_bound": "", 506 | "scaling_adjustment": 1 507 | } 508 | ] 509 | } 510 | ], 511 | "target_tracking_scaling_policy_configuration": [] 512 | }, 513 | "private": "bnVsbA==", 514 | "dependencies": [ 515 | "aws_alb.ops_stream_lb", 516 | "aws_alb_listener.front_end_ops_stream", 517 | "aws_alb_target_group.ops_stream_target", 518 | "aws_appautoscaling_target.ops_stream_target", 519 | "aws_ecs_cluster.main", 520 | "aws_ecs_service.ops_stream_main", 521 | "aws_ecs_task_definition.ops_stream_task_def", 522 | "aws_iam_role.ecs_task_execution_role", 523 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 524 | "aws_security_group.ecs_tasks", 525 | "aws_security_group.lb" 526 | ] 527 | } 528 | ] 529 | }, 530 | { 531 | "mode": "managed", 532 | "type": "aws_appautoscaling_target", 533 | "name": "ops_stream_target", 534 | "provider": "provider.aws", 535 | "instances": [ 536 | { 537 | "schema_version": 0, 538 | "attributes": { 539 | "id": "service/ops-stream-api-cluster/ops-stream-service", 540 | "max_capacity": 6, 541 | "min_capacity": 1, 542 | "resource_id": "service/ops-stream-api-cluster/ops-stream-service", 543 | "role_arn": "arn:aws:iam::466551463358:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService", 544 | "scalable_dimension": "ecs:service:DesiredCount", 545 | "service_namespace": "ecs" 546 | }, 547 | "private": "bnVsbA==", 548 | "dependencies": [ 549 | "aws_alb.ops_stream_lb", 550 | "aws_alb_listener.front_end_ops_stream", 551 | "aws_alb_target_group.ops_stream_target", 552 | "aws_ecs_cluster.main", 553 | "aws_ecs_service.ops_stream_main", 554 | "aws_ecs_task_definition.ops_stream_task_def", 555 | "aws_iam_role.ecs_task_execution_role", 556 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 557 | "aws_security_group.ecs_tasks", 558 | "aws_security_group.lb" 559 | ] 560 | } 561 | ] 562 | }, 563 | { 564 | "mode": "managed", 565 | "type": "aws_cloudwatch_log_group", 566 | "name": "ops_stream_log_group", 567 | "provider": "provider.aws", 568 | "instances": [ 569 | { 570 | "schema_version": 0, 571 | "attributes": { 572 | "arn": "arn:aws:logs:ap-southeast-1:466551463358:log-group:/ecs/ops-stream-app:*", 573 | "id": "/ecs/ops-stream-app", 574 | "kms_key_id": "", 575 | "name": "/ecs/ops-stream-app", 576 | "name_prefix": null, 577 | "retention_in_days": 30, 578 | "tags": { 579 | "Name": "ops-stream-log-group" 580 | } 581 | }, 582 | "private": "bnVsbA==" 583 | } 584 | ] 585 | }, 586 | { 587 | "mode": "managed", 588 | "type": "aws_cloudwatch_log_stream", 589 | "name": "ops_stream_log_stream", 590 | "provider": "provider.aws", 591 | "instances": [ 592 | { 593 | "schema_version": 0, 594 | "attributes": { 595 | "arn": "arn:aws:logs:ap-southeast-1:466551463358:log-group:/ecs/ops-stream-app:log-stream:ops-stream-log-stream", 596 | "id": "ops-stream-log-stream", 597 | "log_group_name": "/ecs/ops-stream-app", 598 | "name": "ops-stream-log-stream" 599 | }, 600 | "private": "bnVsbA==", 601 | "dependencies": [ 602 | "aws_cloudwatch_log_group.ops_stream_log_group" 603 | ] 604 | } 605 | ] 606 | }, 607 | { 608 | "mode": "managed", 609 | "type": "aws_cloudwatch_metric_alarm", 610 | "name": "ops_stream_service_cpu_high", 611 | "provider": "provider.aws", 612 | "instances": [ 613 | { 614 | "schema_version": 1, 615 | "attributes": { 616 | "actions_enabled": true, 617 | "alarm_actions": [ 618 | "arn:aws:autoscaling:ap-southeast-1:466551463358:scalingPolicy:d0bda0cd-3b97-4771-9a59-fdeac5c2a88d:resource/ecs/service/ops-stream-api-cluster/ops-stream-service:policyName/ops_stream_scale_up" 619 | ], 620 | "alarm_description": "", 621 | "alarm_name": "ops_stream_cpu_utilization_high", 622 | "arn": "arn:aws:cloudwatch:ap-southeast-1:466551463358:alarm:ops_stream_cpu_utilization_high", 623 | "comparison_operator": "GreaterThanOrEqualToThreshold", 624 | "datapoints_to_alarm": 0, 625 | "dimensions": { 626 | "ClusterName": "ops-stream-api-cluster", 627 | "ServiceName": "ops-stream-service" 628 | }, 629 | "evaluate_low_sample_count_percentiles": "", 630 | "evaluation_periods": 2, 631 | "extended_statistic": "", 632 | "id": "ops_stream_cpu_utilization_high", 633 | "insufficient_data_actions": null, 634 | "metric_name": "CPUUtilization", 635 | "metric_query": [], 636 | "namespace": "AWS/ECS", 637 | "ok_actions": null, 638 | "period": 60, 639 | "statistic": "Average", 640 | "tags": null, 641 | "threshold": 85, 642 | "threshold_metric_id": "", 643 | "treat_missing_data": "missing", 644 | "unit": "" 645 | }, 646 | "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", 647 | "dependencies": [ 648 | "aws_alb.ops_stream_lb", 649 | "aws_alb_listener.front_end_ops_stream", 650 | "aws_alb_target_group.ops_stream_target", 651 | "aws_appautoscaling_policy.ops_stream_up", 652 | "aws_appautoscaling_target.ops_stream_target", 653 | "aws_ecs_cluster.main", 654 | "aws_ecs_service.ops_stream_main", 655 | "aws_ecs_task_definition.ops_stream_task_def", 656 | "aws_iam_role.ecs_task_execution_role", 657 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 658 | "aws_security_group.ecs_tasks", 659 | "aws_security_group.lb" 660 | ] 661 | } 662 | ] 663 | }, 664 | { 665 | "mode": "managed", 666 | "type": "aws_cloudwatch_metric_alarm", 667 | "name": "ops_stream_service_cpu_low", 668 | "provider": "provider.aws", 669 | "instances": [ 670 | { 671 | "schema_version": 1, 672 | "attributes": { 673 | "actions_enabled": true, 674 | "alarm_actions": [ 675 | "arn:aws:autoscaling:ap-southeast-1:466551463358:scalingPolicy:d0bda0cd-3b97-4771-9a59-fdeac5c2a88d:resource/ecs/service/ops-stream-api-cluster/ops-stream-service:policyName/ops_stream_scale_down" 676 | ], 677 | "alarm_description": "", 678 | "alarm_name": "ops_stream_cpu_utilization_low", 679 | "arn": "arn:aws:cloudwatch:ap-southeast-1:466551463358:alarm:ops_stream_cpu_utilization_low", 680 | "comparison_operator": "LessThanOrEqualToThreshold", 681 | "datapoints_to_alarm": 0, 682 | "dimensions": { 683 | "ClusterName": "ops-stream-api-cluster", 684 | "ServiceName": "ops-stream-service" 685 | }, 686 | "evaluate_low_sample_count_percentiles": "", 687 | "evaluation_periods": 2, 688 | "extended_statistic": "", 689 | "id": "ops_stream_cpu_utilization_low", 690 | "insufficient_data_actions": null, 691 | "metric_name": "CPUUtilization", 692 | "metric_query": [], 693 | "namespace": "AWS/ECS", 694 | "ok_actions": null, 695 | "period": 60, 696 | "statistic": "Average", 697 | "tags": null, 698 | "threshold": 10, 699 | "threshold_metric_id": "", 700 | "treat_missing_data": "missing", 701 | "unit": "" 702 | }, 703 | "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", 704 | "dependencies": [ 705 | "aws_alb.ops_stream_lb", 706 | "aws_alb_listener.front_end_ops_stream", 707 | "aws_alb_target_group.ops_stream_target", 708 | "aws_appautoscaling_policy.ops_stream_down", 709 | "aws_appautoscaling_target.ops_stream_target", 710 | "aws_ecs_cluster.main", 711 | "aws_ecs_service.ops_stream_main", 712 | "aws_ecs_task_definition.ops_stream_task_def", 713 | "aws_iam_role.ecs_task_execution_role", 714 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 715 | "aws_security_group.ecs_tasks", 716 | "aws_security_group.lb" 717 | ] 718 | } 719 | ] 720 | }, 721 | { 722 | "mode": "managed", 723 | "type": "aws_ecs_cluster", 724 | "name": "main", 725 | "provider": "provider.aws", 726 | "instances": [ 727 | { 728 | "schema_version": 0, 729 | "attributes": { 730 | "arn": "arn:aws:ecs:ap-southeast-1:466551463358:cluster/ops-stream-api-cluster", 731 | "capacity_providers": null, 732 | "default_capacity_provider_strategy": [], 733 | "id": "arn:aws:ecs:ap-southeast-1:466551463358:cluster/ops-stream-api-cluster", 734 | "name": "ops-stream-api-cluster", 735 | "setting": [ 736 | { 737 | "name": "containerInsights", 738 | "value": "disabled" 739 | } 740 | ], 741 | "tags": null 742 | }, 743 | "private": "bnVsbA==" 744 | } 745 | ] 746 | }, 747 | { 748 | "mode": "managed", 749 | "type": "aws_ecs_service", 750 | "name": "ops_stream_main", 751 | "provider": "provider.aws", 752 | "instances": [ 753 | { 754 | "schema_version": 0, 755 | "attributes": { 756 | "capacity_provider_strategy": [], 757 | "cluster": "arn:aws:ecs:ap-southeast-1:466551463358:cluster/ops-stream-api-cluster", 758 | "deployment_controller": [ 759 | { 760 | "type": "ECS" 761 | } 762 | ], 763 | "deployment_maximum_percent": 200, 764 | "deployment_minimum_healthy_percent": 100, 765 | "desired_count": 2, 766 | "enable_ecs_managed_tags": false, 767 | "health_check_grace_period_seconds": 0, 768 | "iam_role": "aws-service-role", 769 | "id": "arn:aws:ecs:ap-southeast-1:466551463358:service/ops-stream-service", 770 | "launch_type": "FARGATE", 771 | "load_balancer": [ 772 | { 773 | "container_name": "ops-stream-app", 774 | "container_port": 80, 775 | "elb_name": "", 776 | "target_group_arn": "arn:aws:elasticloadbalancing:ap-southeast-1:466551463358:targetgroup/ops-stream-target-group/ad7382b3ee34de15" 777 | } 778 | ], 779 | "name": "ops-stream-service", 780 | "network_configuration": [ 781 | { 782 | "assign_public_ip": true, 783 | "security_groups": [ 784 | "sg-00d5cdaf913e83292" 785 | ], 786 | "subnets": [ 787 | "subnet-04872f88b4d25314a", 788 | "subnet-0ac749aa53aa8dab9", 789 | "subnet-0e607f14ce3ca93d3" 790 | ] 791 | } 792 | ], 793 | "ordered_placement_strategy": [], 794 | "placement_constraints": [], 795 | "placement_strategy": [], 796 | "platform_version": "LATEST", 797 | "propagate_tags": "NONE", 798 | "scheduling_strategy": "REPLICA", 799 | "service_registries": [], 800 | "tags": null, 801 | "task_definition": "arn:aws:ecs:ap-southeast-1:466551463358:task-definition/ops-stream-app-task:8" 802 | }, 803 | "private": "bnVsbA==", 804 | "dependencies": [ 805 | "aws_alb.ops_stream_lb", 806 | "aws_alb_listener.front_end_ops_stream", 807 | "aws_alb_target_group.ops_stream_target", 808 | "aws_ecs_cluster.main", 809 | "aws_ecs_task_definition.ops_stream_task_def", 810 | "aws_iam_role.ecs_task_execution_role", 811 | "aws_iam_role_policy_attachment.ops_stream_task_execution_role", 812 | "aws_security_group.ecs_tasks", 813 | "aws_security_group.lb" 814 | ] 815 | } 816 | ] 817 | }, 818 | { 819 | "mode": "managed", 820 | "type": "aws_ecs_task_definition", 821 | "name": "ops_stream_task_def", 822 | "provider": "provider.aws", 823 | "instances": [ 824 | { 825 | "schema_version": 1, 826 | "attributes": { 827 | "arn": "arn:aws:ecs:ap-southeast-1:466551463358:task-definition/ops-stream-app-task:8", 828 | "container_definitions": "[{\"cpu\":1024,\"environment\":[{\"name\":\"DB_PASSWORD\",\"value\":\"TESTING_PASSWORD\"}],\"essential\":true,\"image\":\"466551463358.dkr.ecr.ap-southeast-1.amazonaws.com/dev-ops-stream:2.0.0\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/ops-stream-app\",\"awslogs-region\":\"ap-southeast-1\",\"awslogs-stream-prefix\":\"ecs\"}},\"memory\":2048,\"mountPoints\":[],\"name\":\"ops-stream-app\",\"portMappings\":[{\"containerPort\":80,\"hostPort\":80,\"protocol\":\"tcp\"}],\"volumesFrom\":[]}]", 829 | "cpu": "1024", 830 | "execution_role_arn": "arn:aws:iam::466551463358:role/OpsStreamEcsTaskExecutionRole", 831 | "family": "ops-stream-app-task", 832 | "id": "ops-stream-app-task", 833 | "inference_accelerator": [], 834 | "ipc_mode": "", 835 | "memory": "2048", 836 | "network_mode": "awsvpc", 837 | "pid_mode": "", 838 | "placement_constraints": [], 839 | "proxy_configuration": [], 840 | "requires_compatibilities": [ 841 | "FARGATE" 842 | ], 843 | "revision": 8, 844 | "tags": null, 845 | "task_role_arn": "", 846 | "volume": [] 847 | }, 848 | "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", 849 | "dependencies": [ 850 | "aws_iam_role.ecs_task_execution_role" 851 | ] 852 | } 853 | ] 854 | }, 855 | { 856 | "mode": "managed", 857 | "type": "aws_iam_role", 858 | "name": "ecs_task_execution_role", 859 | "provider": "provider.aws", 860 | "instances": [ 861 | { 862 | "schema_version": 0, 863 | "attributes": { 864 | "arn": "arn:aws:iam::466551463358:role/OpsStreamEcsTaskExecutionRole", 865 | "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", 866 | "create_date": "2020-04-17T02:44:47Z", 867 | "description": "", 868 | "force_detach_policies": false, 869 | "id": "OpsStreamEcsTaskExecutionRole", 870 | "max_session_duration": 3600, 871 | "name": "OpsStreamEcsTaskExecutionRole", 872 | "name_prefix": null, 873 | "path": "/", 874 | "permissions_boundary": null, 875 | "tags": null, 876 | "unique_id": "AROAWZIFCLW7MNGAFZUFN" 877 | }, 878 | "private": "bnVsbA==" 879 | } 880 | ] 881 | }, 882 | { 883 | "mode": "managed", 884 | "type": "aws_iam_role_policy_attachment", 885 | "name": "ops_stream_task_execution_role", 886 | "provider": "provider.aws", 887 | "instances": [ 888 | { 889 | "schema_version": 0, 890 | "attributes": { 891 | "id": "OpsStreamEcsTaskExecutionRole-20200417024450140800000001", 892 | "policy_arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", 893 | "role": "OpsStreamEcsTaskExecutionRole" 894 | }, 895 | "private": "bnVsbA==", 896 | "dependencies": [ 897 | "aws_iam_role.ecs_task_execution_role" 898 | ] 899 | } 900 | ] 901 | }, 902 | { 903 | "mode": "managed", 904 | "type": "aws_security_group", 905 | "name": "ecs_tasks", 906 | "provider": "provider.aws", 907 | "instances": [ 908 | { 909 | "schema_version": 1, 910 | "attributes": { 911 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:security-group/sg-00d5cdaf913e83292", 912 | "description": "allow inbound access from the ALB only", 913 | "egress": [ 914 | { 915 | "cidr_blocks": [ 916 | "0.0.0.0/0" 917 | ], 918 | "description": "", 919 | "from_port": 0, 920 | "ipv6_cidr_blocks": [], 921 | "prefix_list_ids": [], 922 | "protocol": "-1", 923 | "security_groups": [], 924 | "self": false, 925 | "to_port": 0 926 | } 927 | ], 928 | "id": "sg-00d5cdaf913e83292", 929 | "ingress": [ 930 | { 931 | "cidr_blocks": [], 932 | "description": "", 933 | "from_port": 80, 934 | "ipv6_cidr_blocks": [], 935 | "prefix_list_ids": [], 936 | "protocol": "tcp", 937 | "security_groups": [ 938 | "sg-03e6aa6fc9fdf8189" 939 | ], 940 | "self": false, 941 | "to_port": 80 942 | } 943 | ], 944 | "name": "ops-stream-ecs-tasks-security-group", 945 | "name_prefix": null, 946 | "owner_id": "466551463358", 947 | "revoke_rules_on_delete": false, 948 | "tags": null, 949 | "timeouts": null, 950 | "vpc_id": "vpc-0a52713ccd32ed5f3" 951 | }, 952 | "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", 953 | "dependencies": [ 954 | "aws_security_group.lb" 955 | ] 956 | } 957 | ] 958 | }, 959 | { 960 | "mode": "managed", 961 | "type": "aws_security_group", 962 | "name": "lb", 963 | "provider": "provider.aws", 964 | "instances": [ 965 | { 966 | "schema_version": 1, 967 | "attributes": { 968 | "arn": "arn:aws:ec2:ap-southeast-1:466551463358:security-group/sg-03e6aa6fc9fdf8189", 969 | "description": "controls access to the ALB", 970 | "egress": [ 971 | { 972 | "cidr_blocks": [ 973 | "0.0.0.0/0" 974 | ], 975 | "description": "", 976 | "from_port": 0, 977 | "ipv6_cidr_blocks": [], 978 | "prefix_list_ids": [], 979 | "protocol": "-1", 980 | "security_groups": [], 981 | "self": false, 982 | "to_port": 0 983 | } 984 | ], 985 | "id": "sg-03e6aa6fc9fdf8189", 986 | "ingress": [ 987 | { 988 | "cidr_blocks": [ 989 | "0.0.0.0/0" 990 | ], 991 | "description": "", 992 | "from_port": 80, 993 | "ipv6_cidr_blocks": [], 994 | "prefix_list_ids": [], 995 | "protocol": "tcp", 996 | "security_groups": [], 997 | "self": false, 998 | "to_port": 80 999 | } 1000 | ], 1001 | "name": "ops-stream-load-balancer-security-group", 1002 | "name_prefix": null, 1003 | "owner_id": "466551463358", 1004 | "revoke_rules_on_delete": false, 1005 | "tags": null, 1006 | "timeouts": null, 1007 | "vpc_id": "vpc-0a52713ccd32ed5f3" 1008 | }, 1009 | "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=" 1010 | } 1011 | ] 1012 | } 1013 | ] 1014 | } 1015 | --------------------------------------------------------------------------------