-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.tf
136 lines (113 loc) · 2.66 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Data
data "aws_route53_zone" "root" {
name = "${var.root_domain_name}."
private_zone = false
}
# Main
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "${var.env}-vpc"
cidr = "10.0.0.0/16"
azs = [
"${var.aws_region}a",
"${var.aws_region}b"
]
public_subnets = [
"10.0.10.0/23",
"10.0.12.0/23"
]
private_subnets = [
"10.0.20.0/23"
]
manage_default_network_acl = true
default_network_acl_name = "${var.env}-${var.namespace}"
}
resource "aws_security_group" "default_permissive" {
name = "${var.env}-default-permissive"
vpc_id = module.vpc.vpc_id
ingress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = [
"0.0.0.0/0"
]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = [
"0.0.0.0/0"
]
}
}
resource "aws_route53_record" "env_ns_record" {
zone_id = data.aws_route53_zone.root.id
name = "${var.env}.${var.root_domain_name}"
type = "NS"
ttl = "60"
records = aws_route53_zone.env_domain.name_servers
}
resource "aws_route53_zone" "env_domain" {
name = "${var.env}.${var.root_domain_name}"
}
module "env_acm" {
source = "registry.terraform.io/terraform-aws-modules/acm/aws"
version = "~> 4.0"
domain_name = "${var.env}.${var.root_domain_name}"
subject_alternative_names = [
"*.${var.env}.${var.root_domain_name}"
]
zone_id = aws_route53_zone.env_domain.id
tags = {
Name = "${var.env}.${var.root_domain_name}"
}
}
module "ecs" {
source = "registry.terraform.io/terraform-aws-modules/ecs/aws"
version = "~> 4.0"
cluster_name = "${var.env}-${var.namespace}"
}
module "tcp_app" {
source = "../.."
name = "tcpapp"
app_type = "tcp-app"
env = var.env
# Containers
ecs_cluster_name = module.ecs.cluster_name
docker_registry = var.docker_registry
docker_image_tag = var.docker_image_tag
# Load Balancer
public = true
https_enabled = true
tls_cert_arn = local.tls_cert_arn
port_mappings = [
{
container_port = 4442
host_port = 4442
},
{
container_port = 4443
host_port = 4443
},
{
container_port = 4444
host_port = 4444
tls = true
}
]
# Network
vpc_id = module.vpc.vpc_id
public_subnets = module.vpc.public_subnets
private_subnets = module.vpc.private_subnets
security_groups = [aws_security_group.default_permissive.id]
root_domain_name = var.root_domain_name
zone_id = aws_route53_zone.env_domain.id
# Environment variables
app_secrets = [
]
environment = {
}
}