From 5db53f6da3214fccfb7b013dc292919ea89af7a2 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:20:56 +0000 Subject: [PATCH 01/19] v2 Refactor (BREAKING CHANGES): - Namespace is not required anymore - ALB moved to it's own file - EFS moved into it's own file - ECR moved into it's own file - IAM instance profile name doesn't include namespace (only if it's part of `var.name`) - Cloudwatch ECS events name renamed (use `-` instead of `_`0 - Cluster name can't be inferred anymore (must be passed via parameter). Also is mandatory now. - ECR Repo name doesn't use namespace (only if it's included by the `var.name` - Docker image can be inferred from the ECR repo name (if managed) - EFS share creation separated from EFS share mount - Added ability to provide efs file system id explicitly (if it's not managed) - Bridgecrew tests removed (product discontinued) - Minor directory restructure - Variables ordering and updates - Minor reformatting & language updates - Precommit workflow added - Simple example added to README - Submodules README files added - Complete Examples updated - Added .editorconfig --- .editorconfig | 30 ++++ .github/workflows/pre-commit.yml | 98 ++++++++++++ LICENSE | 2 +- README.md | 116 +++++++------- alb.tf | 30 ++++ autoscaling.tf | 8 +- ecr.tf | 8 + efs.tf | 18 +++ examples/complete-tcp-app/main.tf | 3 +- examples/complete-web-windows/main.tf | 3 +- examples/complete-web/main.tf | 3 +- examples/complete-worker-ec2/main.tf | 1 - examples/complete-worker/main.tf | 1 - examples/web-nginx-proxy/main.tf | 5 +- examples/worker-scheduled-autoscale/main.tf | 1 - examples/worker-scheduled/main.tf | 1 - locals.tf | 9 +- main.tf | 90 ++--------- modules/ecs-service/README.md | 125 +++++++++++++++ .../ecs-service/autoscaling.tf | 0 {ecs-modules => modules}/ecs-service/data.tf | 0 {ecs-modules => modules}/ecs-service/iam.tf | 2 +- .../ecs-service/locals.tf | 0 {ecs-modules => modules}/ecs-service/main.tf | 0 .../ecs-service/outputs.tf | 0 .../ecs-service/variables.tf | 26 ++-- .../ecs-service/versions.tf | 0 modules/ecs-task/README.md | 92 +++++++++++ {ecs-modules => modules}/ecs-task/data.tf | 0 {ecs-modules => modules}/ecs-task/iam.tf | 0 {ecs-modules => modules}/ecs-task/locals.tf | 0 {ecs-modules => modules}/ecs-task/main.tf | 0 {ecs-modules => modules}/ecs-task/outputs.tf | 0 .../ecs-task/variables.tf | 17 +- {ecs-modules => modules}/ecs-task/versions.tf | 0 outputs.tf | 4 +- test/src/go.mod | 12 +- test/src/go.sum | 7 + variables.tf | 145 ++++++++++-------- 39 files changed, 614 insertions(+), 243 deletions(-) create mode 100644 .editorconfig create mode 100644 .github/workflows/pre-commit.yml create mode 100644 alb.tf create mode 100644 ecr.tf create mode 100644 efs.tf create mode 100644 modules/ecs-service/README.md rename {ecs-modules => modules}/ecs-service/autoscaling.tf (100%) rename {ecs-modules => modules}/ecs-service/data.tf (100%) rename {ecs-modules => modules}/ecs-service/iam.tf (93%) rename {ecs-modules => modules}/ecs-service/locals.tf (100%) rename {ecs-modules => modules}/ecs-service/main.tf (100%) rename {ecs-modules => modules}/ecs-service/outputs.tf (100%) rename {ecs-modules => modules}/ecs-service/variables.tf (98%) rename {ecs-modules => modules}/ecs-service/versions.tf (100%) create mode 100644 modules/ecs-task/README.md rename {ecs-modules => modules}/ecs-task/data.tf (100%) rename {ecs-modules => modules}/ecs-task/iam.tf (100%) rename {ecs-modules => modules}/ecs-task/locals.tf (100%) rename {ecs-modules => modules}/ecs-task/main.tf (100%) rename {ecs-modules => modules}/ecs-task/outputs.tf (100%) rename {ecs-modules => modules}/ecs-task/variables.tf (97%) rename {ecs-modules => modules}/ecs-task/versions.tf (100%) diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..88cb251 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,30 @@ +# EditorConfig is awesome: http://EditorConfig.org +# Uses editorconfig to maintain consistent coding styles + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +charset = utf-8 +end_of_line = lf +indent_size = 2 +indent_style = space +insert_final_newline = true +max_line_length = 80 +trim_trailing_whitespace = true + +[*.{tf,tfvars}] +indent_size = 2 +indent_style = space + +[*.md] +max_line_length = 0 +trim_trailing_whitespace = false + +[Makefile] +tab_width = 2 +indent_style = tab + +[COMMIT_EDITMSG] +max_line_length = 0 diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 0000000..68f08fd --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,98 @@ +name: Pre-Commit + +on: + pull_request: + branches: + - main + +env: + TERRAFORM_DOCS_VERSION: v0.16.0 + TFLINT_VERSION: v0.50.3 + +jobs: + collect-inputs: + name: Collect workflow inputs + runs-on: ubuntu-latest + outputs: + directories: ${{ steps.dirs.outputs.directories }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Get root directories + id: dirs + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 + + precommit-min-versions: + name: Min TF pre-commit + needs: collect-inputs + runs-on: ubuntu-latest + strategy: + matrix: + directory: ${{ fromJson(needs.collect-inputs.outputs.directories) }} + steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + + - name: Checkout + uses: actions/checkout@v4 + + - name: Terraform min/max versions + id: min-max + uses: clowdhaus/terraform-min-max@v1.3.0 + with: + directory: ${{ matrix.directory }} + + - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }} + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory != '.' }} + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + with: + terraform-version: ${{ steps.min-max.outputs.min-version }} + tflint-version: ${{ env.TFLINT_VERSION }} + args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' + + - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }} + # Run only validate pre-commit check on min version supported + if: ${{ matrix.directory == '.' }} + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + with: + terraform-version: ${{ steps.min-max.outputs.min-version }} + tflint-version: ${{ env.TFLINT_VERSION }} + args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' + + precommit-max-versions: + name: Max TF pre-commit + runs-on: ubuntu-latest + needs: collect-inputs + steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{github.event.pull_request.head.repo.full_name}} + + - name: Terraform min/max versions + id: min-max + uses: clowdhaus/terraform-min-max@v1.3.0 + + - name: Pre-commit Terraform ${{ steps.min-max.outputs.max-version }} + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + with: + terraform-version: ${{ steps.min-max.outputs.max-version }} + tflint-version: ${{ env.TFLINT_VERSION }} + terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} + install-hcledit: true diff --git a/LICENSE b/LICENSE index 41bbb0c..988877e 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2021-2022 HazelOps OÜ + Copyright 2021 HazelOps OÜ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 1089a61..3ffec14 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,34 @@ # Terraform AWS ECS App Module -Terraform module to create AWS ECS application. +Terraform module to create and manage AWS ECS application. -## Security & Compliance [](https://bridgecrew.io/) +## Usage +```hcl +module "api" { + source = "registry.terraform.io/hazelops/ecs-app/aws" + version = "~>2.0.0" + name = "api" + + env = "prod" + ecs_cluster_name = "prod-cluster" + vpc_id = "vpc-00000000000000000" + public_subnets = ["subnet-00000000000000000", "subnet-11111111111111111", "subnet-22222222222222222"] + private_subnets = ["subnet-33333333333333333", "subnet-44444444444444444", "subnet-55555555555555555"] + security_groups = ["sg-00000000000000000"] + + root_domain_name = "example.com" + zone_id = "Z00000000000000000000" -Security scanning is graciously provided by Bridgecrew. + environment = { + API_KEY = "00000000000000000000000000000000" + JWT_TOKEN = "99999999999999999999999999999999" + } +} +``` -| Benchmark | Description | -|--------|---------------| -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS V1.2 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE V1.1 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards V3.2 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=SOC2) | Service Organization Control 2 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=SOC2) | Center for Internet Security, GCP Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=PCI-DSS+V3.2.1) | PCI-DSS V3.2.1 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=FEDRAMP+%28MODERATE%29) | FEDRAMP (MODERATE) Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES V1.5 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+AWS+V1.3) | Center for Internet Security, AWS V1.3 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+AZURE+V1.3) | Center for Internet Security, AZURE V1.3 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_docker_12)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+DOCKER+V1.2) | Center for Internet Security, Docker V1.2 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+EKS+V1.1) | Center for Internet Security, EKS V1.1 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+GKE+V1.1) | Center for Internet Security, GKE V1.1 Compliance | -| [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/hazelops/terraform-aws-ecs-app/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=hazelops%2Fterraform-aws-ecs-app&benchmark=CIS+KUBERNETES+V1.6) | Center for Internet Security, KUBERNETES V1.6 Compliance | +See [examples](./examples) for more usage options. -### Requirements + +## Requirements | Name | Version | |------|---------| @@ -36,17 +38,17 @@ Security scanning is graciously provided by Bridgecrew. | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | -| [template](#provider\_template) | n/a | +| [aws](#provider\_aws) | 5.47.0 | +| [template](#provider\_template) | 2.2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [alb](#module\_alb) | registry.terraform.io/terraform-aws-modules/alb/aws | ~> 5.0 | -| [autoscaling](#module\_autoscaling) | terraform-aws-modules/autoscaling/aws | ~> 4.0 | -| [datadog](#module\_datadog) | registry.terraform.io/hazelops/ecs-datadog-agent/aws | ~> 3.2 | -| [ecr](#module\_ecr) | registry.terraform.io/hazelops/ecr/aws | ~> 1.0 | +| [alb](#module\_alb) | registry.terraform.io/terraform-aws-modules/alb/aws | ~> 7.0 | +| [autoscaling](#module\_autoscaling) | terraform-aws-modules/autoscaling/aws | ~> 6.0 | +| [datadog](#module\_datadog) | registry.terraform.io/hazelops/ecs-datadog-agent/aws | ~> 3.3 | +| [ecr](#module\_ecr) | registry.terraform.io/hazelops/ecr/aws | ~> 1.1 | | [efs](#module\_efs) | registry.terraform.io/cloudposse/efs/aws | ~> 0.31 | | [nginx](#module\_nginx) | registry.terraform.io/hazelops/ecs-nginx-proxy/aws | ~> 1.0 | | [route\_53\_health\_check](#module\_route\_53\_health\_check) | registry.terraform.io/hazelops/route53-healthcheck/aws | ~> 1.0 | @@ -70,22 +72,24 @@ Security scanning is graciously provided by Bridgecrew. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [additional\_container\_definition\_parameters](#input\_additional\_container\_definition\_parameters) | Additional parameters passed straight to the container definition, eg. tmpfs config | `any` | `{}` | no | -| [alb\_deregistration\_delay](#input\_alb\_deregistration\_delay) | n/a | `number` | `5` | no | -| [alb\_health\_check\_healthy\_threshold](#input\_alb\_health\_check\_healthy\_threshold) | n/a | `number` | `3` | no | -| [alb\_health\_check\_interval](#input\_alb\_health\_check\_interval) | n/a | `number` | `30` | no | +| [alb\_access\_logs\_enabled](#input\_alb\_access\_logs\_enabled) | If true, ALB access logs will be written to S3 | `bool` | `false` | no | +| [alb\_access\_logs\_s3bucket\_name](#input\_alb\_access\_logs\_s3bucket\_name) | S3 bucket name for ALB access logs | `string` | `""` | no | +| [alb\_deregistration\_delay](#input\_alb\_deregistration\_delay) | The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused | `number` | `5` | no | +| [alb\_health\_check\_healthy\_threshold](#input\_alb\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before considering an unhealthy target healthy | `number` | `3` | no | +| [alb\_health\_check\_interval](#input\_alb\_health\_check\_interval) | The approximate amount of time, in seconds, between health checks of an individual target | `number` | `30` | no | | [alb\_health\_check\_path](#input\_alb\_health\_check\_path) | ALB health check path | `string` | `"/health"` | no | -| [alb\_health\_check\_timeout](#input\_alb\_health\_check\_timeout) | n/a | `number` | `6` | no | -| [alb\_health\_check\_unhealthy\_threshold](#input\_alb\_health\_check\_unhealthy\_threshold) | n/a | `number` | `3` | no | -| [alb\_health\_check\_valid\_response\_codes](#input\_alb\_health\_check\_valid\_response\_codes) | n/a | `string` | `"200-399"` | no | +| [alb\_health\_check\_timeout](#input\_alb\_health\_check\_timeout) | The amount of time, in seconds, during which no response means a failed health check | `number` | `6` | no | +| [alb\_health\_check\_unhealthy\_threshold](#input\_alb\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before considering the target unhealthy | `number` | `3` | no | +| [alb\_health\_check\_valid\_response\_codes](#input\_alb\_health\_check\_valid\_response\_codes) | The HTTP codes to use when checking for a successful response from a target. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299"). | `string` | `"200-399"` | no | | [alb\_idle\_timeout](#input\_alb\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. | `number` | `60` | no | | [alb\_security\_groups](#input\_alb\_security\_groups) | Security groups to assign to ALB | `list(any)` | `[]` | no | | [app\_secrets](#input\_app\_secrets) | List of SSM ParameterStore secret parameters - by default, /$var.env/$var.name/* | `list(any)` | `[]` | no | | [app\_type](#input\_app\_type) | ECS application type. Valid values: web (with ALB), worker (without ALB). | `string` | `"web"` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | ECS service network configuration - assign public IP | `bool` | `false` | no | | [autoscale\_enabled](#input\_autoscale\_enabled) | ECS Autoscaling enabled | `bool` | `false` | no | -| [autoscale\_scheduled\_down](#input\_autoscale\_scheduled\_down) | List of Cron-like expressions for scheduled ecs autoscale DOWN | `list` | `[]` | no | +| [autoscale\_scheduled\_down](#input\_autoscale\_scheduled\_down) | List of Cron-like expressions for scheduled ecs autoscale DOWN | `list(string)` | `[]` | no | | [autoscale\_scheduled\_timezone](#input\_autoscale\_scheduled\_timezone) | Time Zone for the scheduled event | `string` | `"UTC"` | no | -| [autoscale\_scheduled\_up](#input\_autoscale\_scheduled\_up) | List of Cron-like expressions for scheduled ecs autoscale UP | `list` | `[]` | no | +| [autoscale\_scheduled\_up](#input\_autoscale\_scheduled\_up) | List of Cron-like expressions for scheduled ecs autoscale UP | `list(string)` | `[]` | no | | [autoscale\_target\_value\_cpu](#input\_autoscale\_target\_value\_cpu) | ECS Service Average CPU Utilization threshold. Integer value for percentage - IE 80 | `number` | `50` | no | | [autoscale\_target\_value\_memory](#input\_autoscale\_target\_value\_memory) | ECS Service Average Memory Utilization threshold. Integer value for percentage. IE 60 | `number` | `50` | no | | [autoscaling\_health\_check\_type](#input\_autoscaling\_health\_check\_type) | ECS 'EC2' or 'ELB' health check type | `string` | `"EC2"` | no | @@ -95,6 +99,7 @@ Security scanning is graciously provided by Bridgecrew. | [cloudwatch\_schedule\_expressions](#input\_cloudwatch\_schedule\_expressions) | List of Cron-like Cloudwatch Event Rule schedule expressions (UTC time zone) | `list(any)` | `[]` | no | | [cpu](#input\_cpu) | Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | | [cpu\_architecture](#input\_cpu\_architecture) | When you register a task definition, you specify the CPU architecture. The valid values are X86\_64 and ARM64 | `string` | `"X86_64"` | no | +| [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `true` | no | | [create\_schedule](#input\_create\_schedule) | Determines whether to create autoscaling group schedule or not | `bool` | `false` | no | | [datadog\_enabled](#input\_datadog\_enabled) | Datadog agent is enabled | `bool` | `false` | no | | [datadog\_jmx\_enabled](#input\_datadog\_jmx\_enabled) | Enables / Disables jmx monitor via the datadog agent | `bool` | `false` | no | @@ -113,28 +118,30 @@ Security scanning is graciously provided by Bridgecrew. | [ec2\_eip\_dns\_enabled](#input\_ec2\_eip\_dns\_enabled) | Whether to manage DNS records to be attached to the EIP | `bool` | `false` | no | | [ec2\_eip\_enabled](#input\_ec2\_eip\_enabled) | Enable EC2 ASG Auto Assign EIP mode | `bool` | `false` | no | | [ec2\_service\_group](#input\_ec2\_service\_group) | Service group name, e.g. app, service name etc. | `string` | `"app"` | no | +| [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the ECR repository even if it contains images on destroy | `bool` | `false` | no | | [ecr\_repo\_create](#input\_ecr\_repo\_create) | Creation of a ECR repo | `bool` | `false` | no | | [ecr\_repo\_name](#input\_ecr\_repo\_name) | ECR repository name | `string` | `""` | no | | [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | ECS cluster arn. Should be specified to avoid data query by cluster name | `string` | `""` | no | -| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS cluster name | `string` | `""` | no | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS cluster name | `string` | n/a | yes | | [ecs\_exec\_custom\_prompt\_enabled](#input\_ecs\_exec\_custom\_prompt\_enabled) | Enable Custom shell prompt on ECS Exec | `bool` | `false` | no | | [ecs\_exec\_enabled](#input\_ecs\_exec\_enabled) | Turns on the Amazon ECS Exec for the task | `bool` | `true` | no | | [ecs\_exec\_prompt\_string](#input\_ecs\_exec\_prompt\_string) | Shell prompt that contains ENV and APP\_NAME is enabled | `string` | `"\\e[1;35m★\\e[0m $ENV-$APP_NAME:$(wget -qO- $ECS_CONTAINER_METADATA_URI_V4 | sed -n 's/.*\"com.amazonaws.ecs.task-definition-version\":\"\\([^\"]*\\).*/\\1/p') \\e[1;36m★\\e[0m $(wget -qO- $ECS_CONTAINER_METADATA_URI_V4 | sed -n 's/.*\"Image\":\"\\([^\"]*\\).*/\\1/p' | awk -F\\: '{print $2}' )\\n\\e[1;33m\\e[0m \\w \\e[1;34m❯\\e[0m "` | no | | [ecs\_launch\_type](#input\_ecs\_launch\_type) | ECS launch type: FARGATE or EC2 | `string` | `"FARGATE"` | no | | [ecs\_network\_mode](#input\_ecs\_network\_mode) | Corresponds to networkMode in an ECS task definition. Supported values are none, bridge, host, or awsvpc | `string` | `"awsvpc"` | no | | [ecs\_platform\_version](#input\_ecs\_platform\_version) | The platform version on which to run your service. Only applicable when using Fargate launch type | `string` | `"LATEST"` | no | -| [ecs\_service\_deployed](#input\_ecs\_service\_deployed) | This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli) | `bool` | `false` | no | +| [ecs\_service\_deployed](#input\_ecs\_service\_deployed) | This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli or ize) | `bool` | `false` | no | | [ecs\_service\_discovery\_enabled](#input\_ecs\_service\_discovery\_enabled) | ECS service can optionally be configured to use Amazon ECS Service Discovery | `bool` | `false` | no | | [ecs\_service\_name](#input\_ecs\_service\_name) | The ECS service name | `string` | `""` | no | | [ecs\_task\_health\_check\_command](#input\_ecs\_task\_health\_check\_command) | Command to check for the health of the container | `string` | `""` | no | | [ecs\_volumes\_from](#input\_ecs\_volumes\_from) | The VolumeFrom property specifies details on a data volume from another container in the same task definition | `list(any)` | `[]` | no | -| [efs\_enabled](#input\_efs\_enabled) | EFS Enabled | `bool` | `false` | no | -| [efs\_mount\_point](#input\_efs\_mount\_point) | EFS mount point | `string` | `"/mnt/efs"` | no | +| [efs\_enabled](#input\_efs\_enabled) | Whether to enable EFS mount for ECS task | `bool` | `false` | no | +| [efs\_file\_system\_id](#input\_efs\_file\_system\_id) | EFS file system ID | `string` | `""` | no | +| [efs\_mount\_point](#input\_efs\_mount\_point) | EFS mount point in the container | `string` | `"/mnt/efs"` | no | | [efs\_root\_directory](#input\_efs\_root\_directory) | EFS root directory | `string` | `"/"` | no | +| [efs\_share\_create](#input\_efs\_share\_create) | Whether to create EFS share or not | `bool` | `false` | no | | [env](#input\_env) | Target environment name of the infrastructure | `string` | n/a | yes | -| [environment](#input\_environment) | Set of environment variables | `map(string)` | n/a | yes | -| [firelens\_ecs\_log\_enabled](#input\_firelens\_ecs\_log\_enabled) | AWSFirelens ECS logs enabled | `bool` | `false` | no | -| [force\_delete](#input\_force\_delete) | If true, will delete the ECR repository even if it contains images. | `bool` | `false` | no | +| [environment](#input\_environment) | Map of parameters to be set in SSM and then exposed into a Task Definition as environment variables. | `map(string)` | n/a | yes | +| [firelens\_ecs\_log\_enabled](#input\_firelens\_ecs\_log\_enabled) | AWS Firelens ECS logs enabled (used by FluentBit, Datadog, etc) | `bool` | `false` | no | | [global\_secrets](#input\_global\_secrets) | List of SSM ParameterStore global secrets - by default, /$var.env/global/* | `list(any)` | `[]` | no | | [gpu](#input\_gpu) | GPU-enabled container instances | `number` | `0` | no | | [http\_port](#input\_http\_port) | Port that is used for HTTP protocol | `number` | `80` | no | @@ -148,21 +155,20 @@ Security scanning is graciously provided by Bridgecrew. | [memory](#input\_memory) | Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | | [memory\_reservation](#input\_memory\_reservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `256` | no | | [min\_size](#input\_min\_size) | Minimum number of running ECS tasks | `number` | `1` | no | -| [name](#input\_name) | ECS app name | `string` | n/a | yes | -| [namespace](#input\_namespace) | Namespace name within the infrastructure | `string` | n/a | yes | +| [name](#input\_name) | ECS app name including all required namespaces | `string` | n/a | yes | | [operating\_system\_family](#input\_operating\_system\_family) | Platform to be used with ECS. The valid values for Amazon ECS tasks hosted on Fargate are LINUX, WINDOWS\_SERVER\_2019\_FULL, and WINDOWS\_SERVER\_2019\_CORE. The valid values for Amazon ECS tasks hosted on EC2 are LINUX, WINDOWS\_SERVER\_2022\_CORE, WINDOWS\_SERVER\_2022\_FULL, WINDOWS\_SERVER\_2019\_FULL, and WINDOWS\_SERVER\_2019\_CORE, WINDOWS\_SERVER\_2016\_FULL, WINDOWS\_SERVER\_2004\_CORE, and WINDOWS\_SERVER\_20H2\_CORE. | `string` | `"LINUX"` | no | -| [port\_mappings](#input\_port\_mappings) | List of ports to open from a service | `list(any)` | `[]` | no | +| [port\_mappings](#input\_port\_mappings) | List of ports to open from a service | `any` | `[]` | no | | [private\_subnets](#input\_private\_subnets) | VPC Private subnets to place ECS resources | `list(any)` | `[]` | no | | [proxy\_docker\_container\_command](#input\_proxy\_docker\_container\_command) | Proxy docker container CMD | `list(string)` | 
[
  "nginx",
  "-g",
  "daemon off;"
]
| no | -| [proxy\_docker\_entrypoint](#input\_proxy\_docker\_entrypoint) | Proxy docker container entrypoint | `list` | 
[
  "/docker-entrypoint.sh"
]
| no | +| [proxy\_docker\_entrypoint](#input\_proxy\_docker\_entrypoint) | Proxy docker container entrypoint | `string` | 
[
  "/docker-entrypoint.sh"
]
| no | | [proxy\_docker\_image\_name](#input\_proxy\_docker\_image\_name) | Nginx proxy docker image name | `string` | `"nginx"` | no | | [public](#input\_public) | It's publicity accessible application | `bool` | `true` | no | | [public\_ecs\_service](#input\_public\_ecs\_service) | It's publicity accessible service | `bool` | `false` | no | | [public\_subnets](#input\_public\_subnets) | VPC Public subnets to place ECS resources | `list(any)` | `[]` | no | | [resource\_requirements](#input\_resource\_requirements) | The ResourceRequirement property specifies the type and amount of a resource to assign to a container. The only supported resource is a GPU | `list(any)` | `[]` | no | -| [root\_block\_device\_size](#input\_root\_block\_device\_size) | n/a | `number` | `"50"` | no | -| [root\_block\_device\_type](#input\_root\_block\_device\_type) | n/a | `string` | `"gp2"` | no | -| [root\_domain\_name](#input\_root\_domain\_name) | Domain name of AWS Route53 Zone | `string` | `"example.com"` | no | +| [root\_block\_device\_size](#input\_root\_block\_device\_size) | EBS root block device size in GB | `number` | `"50"` | no | +| [root\_block\_device\_type](#input\_root\_block\_device\_type) | EBS root block device type | `string` | `"gp2"` | no | +| [root\_domain\_name](#input\_root\_domain\_name) | Domain name of AWS Route53 Zone | `string` | `""` | no | | [route53\_health\_check\_enabled](#input\_route53\_health\_check\_enabled) | AWS Route53 health check is enabled | `bool` | `false` | no | | [schedules](#input\_schedules) | Map of autoscaling group schedule to create | `map(any)` | `{}` | no | | [security\_groups](#input\_security\_groups) | Security groups to assign to ECS Fargate task/ECS EC2 | `list(any)` | `[]` | no | @@ -182,7 +188,7 @@ Security scanning is graciously provided by Bridgecrew. | [web\_proxy\_docker\_container\_port](#input\_web\_proxy\_docker\_container\_port) | Proxy docker container port | `number` | `80` | no | | [web\_proxy\_docker\_image\_tag](#input\_web\_proxy\_docker\_image\_tag) | Nginx proxy docker image tag | `string` | `"1.19.2-alpine"` | no | | [web\_proxy\_enabled](#input\_web\_proxy\_enabled) | Nginx proxy enabled | `bool` | `false` | no | -| [zone\_id](#input\_zone\_id) | AWS Route53 Zone ID | `string` | `"AWS123456789"` | no | +| [zone\_id](#input\_zone\_id) | AWS Route53 Zone ID | `string` | `""` | no | ## Outputs @@ -191,11 +197,13 @@ Security scanning is graciously provided by Bridgecrew. | [alb\_arn](#output\_alb\_arn) | n/a | | [alb\_dns\_name](#output\_alb\_dns\_name) | n/a | | [alb\_dns\_zone](#output\_alb\_dns\_zone) | n/a | +| [cloudwatch\_event\_rule\_id](#output\_cloudwatch\_event\_rule\_id) | n/a | | [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | n/a | | [ec2\_dns\_name](#output\_ec2\_dns\_name) | n/a | -| [efs](#output\_efs) | n/a | +| [efs\_mount\_target](#output\_efs\_mount\_target) | n/a | | [eips](#output\_eips) | n/a | | [public\_ip](#output\_public\_ip) | n/a | | [r53\_lb\_dns\_name](#output\_r53\_lb\_dns\_name) | n/a | | [this\_target\_group\_arn](#output\_this\_target\_group\_arn) | n/a | | [this\_task\_definition\_arn](#output\_this\_task\_definition\_arn) | n/a | + diff --git a/alb.tf b/alb.tf new file mode 100644 index 0000000..b61766b --- /dev/null +++ b/alb.tf @@ -0,0 +1,30 @@ +module "alb" { + count = var.app_type == "web" || var.app_type == "tcp-app" ? 1 : 0 + + source = "registry.terraform.io/terraform-aws-modules/alb/aws" + version = "~> 7.0" + + name = var.public ? local.name : "${local.name}-private" + load_balancer_type = var.app_type == "web" ? "application" : "network" + internal = var.public ? false : true + vpc_id = var.vpc_id + security_groups = var.alb_security_groups + subnets = var.public ? var.public_subnets : var.private_subnets + idle_timeout = var.alb_idle_timeout + + + + http_tcp_listeners = local.alb_http_tcp_listeners + https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : [] + + target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp) + + access_logs = var.alb_access_logs_enabled && var.alb_access_logs_s3bucket_name != "" ? { + bucket = var.alb_access_logs_s3bucket_name + } : {} + + tags = { + env = var.env + Env = var.env + } +} diff --git a/autoscaling.tf b/autoscaling.tf index 5bb8c81..16078e7 100644 --- a/autoscaling.tf +++ b/autoscaling.tf @@ -17,7 +17,7 @@ module "autoscaling" { create = var.ecs_launch_type == "EC2" ? true : false create_launch_template = var.ecs_launch_type == "EC2" ? true : false - + name = local.name launch_template_name = local.name @@ -29,13 +29,13 @@ module "autoscaling" { # EC2 Instance Profile create_iam_instance_profile = var.ecs_launch_type == "EC2" ? var.create_iam_instance_profile : false - iam_instance_profile_name = "${var.env}-${var.namespace}" - iam_role_name = "${var.env}-${var.namespace}-ec2-profile-role" + iam_instance_profile_name = "${var.env}-${var.name}" + iam_role_name = "${var.env}-${var.name}-ec2-profile-role" iam_role_path = "/ec2/" iam_role_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } - + block_device_mappings = [ { # Root volume diff --git a/ecr.tf b/ecr.tf new file mode 100644 index 0000000..975d3a9 --- /dev/null +++ b/ecr.tf @@ -0,0 +1,8 @@ +module "ecr" { + source = "registry.terraform.io/hazelops/ecr/aws" + version = "~> 1.1" + + name = local.ecr_repo_name + enabled = var.ecr_repo_create + force_delete = var.ecr_force_delete +} diff --git a/efs.tf b/efs.tf new file mode 100644 index 0000000..93d7eaa --- /dev/null +++ b/efs.tf @@ -0,0 +1,18 @@ +module "efs" { + source = "registry.terraform.io/cloudposse/efs/aws" + version = "~> 0.31" + + enabled = var.efs_enabled && var.efs_share_create ? true : false + stage = var.env + name = var.name + region = data.aws_region.current.name + vpc_id = var.vpc_id + security_groups = var.security_groups + + # This is a workaround for 2-zone legacy setups + subnets = length(regexall("legacy", var.env)) > 0 ? [ + var.private_subnets[0], + var.private_subnets[1] + ] : var.private_subnets + +} diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf index 8be1f1d..b51f717 100644 --- a/examples/complete-tcp-app/main.tf +++ b/examples/complete-tcp-app/main.tf @@ -102,8 +102,7 @@ module "tcp_app" { name = "tcpapp" app_type = "tcp-app" env = var.env - namespace = var.namespace - + # Containers ecs_cluster_name = module.ecs.cluster_name docker_registry = var.docker_registry diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf index c06cd15..7ed81c4 100644 --- a/examples/complete-web-windows/main.tf +++ b/examples/complete-web-windows/main.tf @@ -85,8 +85,7 @@ module "web_complete" { name = "app" app_type = "web" env = var.env - namespace = var.namespace - + # Containers cpu = 1024 memory = 2048 diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf index e672e3f..af4ce57 100644 --- a/examples/complete-web/main.tf +++ b/examples/complete-web/main.tf @@ -102,8 +102,7 @@ module "web_complete" { name = "app" app_type = "web" env = var.env - namespace = var.namespace - + # Containers ecs_cluster_name = module.ecs.cluster_name docker_registry = var.docker_registry diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf index 1f8a086..07fb3cf 100644 --- a/examples/complete-worker-ec2/main.tf +++ b/examples/complete-worker-ec2/main.tf @@ -94,7 +94,6 @@ module "worker_complete" { name = "worker" app_type = "worker" env = var.env - namespace = var.namespace public = false ecs_launch_type = "EC2" diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf index 17a43e0..07ffc55 100644 --- a/examples/complete-worker/main.tf +++ b/examples/complete-worker/main.tf @@ -67,7 +67,6 @@ module "worker_complete" { name = "worker" app_type = "worker" env = var.env - namespace = var.namespace public = false ecs_launch_type = "FARGATE" diff --git a/examples/web-nginx-proxy/main.tf b/examples/web-nginx-proxy/main.tf index cfb639b..308d923 100644 --- a/examples/web-nginx-proxy/main.tf +++ b/examples/web-nginx-proxy/main.tf @@ -88,11 +88,10 @@ module "web_proxy" { name = "proxy" app_type = "web" env = var.env - namespace = var.namespace - + # Nginx Proxy enabling web_proxy_enabled = true - # We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh. + # We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh. # Containers ecs_cluster_name = module.ecs.cluster_name diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf index dead2d1..87d7cb6 100644 --- a/examples/worker-scheduled-autoscale/main.tf +++ b/examples/worker-scheduled-autoscale/main.tf @@ -66,7 +66,6 @@ module "worker_scheduled" { name = "worker-scheduled-auto" app_type = "worker" env = var.env - namespace = var.namespace public = false ecs_launch_type = "FARGATE" diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf index 8d5d2e4..5dd89d2 100644 --- a/examples/worker-scheduled/main.tf +++ b/examples/worker-scheduled/main.tf @@ -66,7 +66,6 @@ module "worker_scheduled" { name = "worker-scheduled" app_type = "worker" env = var.env - namespace = var.namespace public = false ecs_launch_type = "FARGATE" diff --git a/locals.tf b/locals.tf index 7167cc1..0865671 100644 --- a/locals.tf +++ b/locals.tf @@ -1,14 +1,15 @@ locals { name = "${var.env}-${var.name}" ecs_service_name = var.ecs_service_name != "" ? var.ecs_service_name : "${var.env}-${var.name}" - ecs_cluster_name = var.ecs_cluster_name != "" ? var.ecs_cluster_name : "${var.env}-${var.namespace}" + ecs_cluster_name = var.ecs_cluster_name ecs_cluster_arn = length(var.ecs_cluster_arn) != "" ? var.ecs_cluster_arn : "arn:aws:ecs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:cluster/${local.ecs_cluster_name}" - ecr_repo_name = var.ecr_repo_name != "" ? var.ecr_repo_name : "${var.namespace}-${var.name}" + ecr_repo_name = var.ecr_repo_name != "" ? var.ecr_repo_name : var.name name_prefix = "${substr(var.name, 0, 5)}-" - domain_names = var.root_domain_name != "example.com" ? concat([ + domain_names = var.root_domain_name != "" ? concat([ "${var.name}.${var.env}.${var.root_domain_name}" ], var.domain_names) : [] + # Datadog Environment Variables: https://docs.datadoghq.com/agent/guide/environment-variables/ # https://docs.datadoghq.com/agent/docker/apm/?tab=linux#docker-apm-agent-environment-variables datadog_env_vars = var.datadog_enabled ? { @@ -95,7 +96,7 @@ locals { efs_volume_configuration = [ { - file_system_id : module.efs.id + file_system_id : var.efs_share_create ? module.efs.id : var.efs_file_system_id root_directory : var.efs_root_directory transit_encryption : "ENABLED" transit_encryption_port : 2999 diff --git a/main.tf b/main.tf index fc79920..c190632 100644 --- a/main.tf +++ b/main.tf @@ -1,69 +1,8 @@ -module "alb" { - count = var.app_type == "web" || var.app_type == "tcp-app" ? 1 : 0 - - source = "registry.terraform.io/terraform-aws-modules/alb/aws" - version = "~> 7.0" - - name = var.public ? local.name : "${local.name}-private" - load_balancer_type = var.app_type == "web" ? "application" : "network" - internal = var.public ? false : true - vpc_id = var.vpc_id - security_groups = var.alb_security_groups - subnets = var.public ? var.public_subnets : var.private_subnets - idle_timeout = var.alb_idle_timeout - - - - http_tcp_listeners = local.alb_http_tcp_listeners - https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : [] - - target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp) - - access_logs = var.alb_access_logs_enabled && var.alb_access_logs_s3bucket_name != "" ? { - bucket = var.alb_access_logs_s3bucket_name - } : {} - - tags = { - env = var.env - Env = var.env - } -} - -module "ecr" { - source = "registry.terraform.io/hazelops/ecr/aws" - version = "~> 1.1" - - name = local.ecr_repo_name - enabled = var.ecr_repo_create - force_delete = var.ecr_force_delete -} - -module "efs" { - source = "registry.terraform.io/cloudposse/efs/aws" - version = "~> 0.31" - - enabled = var.efs_enabled - namespace = var.namespace - stage = var.env - name = var.name - region = data.aws_region.current.name - vpc_id = var.vpc_id - security_groups = var.security_groups - - # This is a workaround for 2-zone legacy setups - subnets = length(regexall("legacy", var.env)) > 0 ? [ - var.private_subnets[0], - var.private_subnets[1] - ] : var.private_subnets - -} - module "service" { - source = "./ecs-modules/ecs-service" + source = "modules/ecs-service" env = var.env name = var.name - namespace = var.namespace app_type = var.app_type ecs_cluster_name = local.ecs_cluster_name ecs_cluster_arn = local.ecs_cluster_arn @@ -87,7 +26,7 @@ module "service" { web_proxy_enabled = var.web_proxy_enabled ecs_exec_enabled = var.ecs_exec_enabled - subnets = var.public_ecs_service ? var.public_subnets : var.private_subnets + subnets = var.public_ecs_service ? var.public_subnets : var.private_subnets # length(var.cloudwatch_schedule_expressions) > 1 means that it is cron task and desired_count should be 0 cloudwatch_schedule_expressions = var.cloudwatch_schedule_expressions @@ -104,10 +43,13 @@ module "service" { autoscaling_min_size = var.autoscaling_min_size autoscaling_max_size = var.autoscaling_max_size - docker_container_entrypoint = var.docker_container_entrypoint - docker_container_command = var.docker_container_command - docker_image_name = var.docker_image_name != "" ? var.docker_image_name : "${var.docker_registry}/${var.namespace}-${var.name}" - docker_image_tag = var.docker_image_tag + docker_container_entrypoint = var.docker_container_entrypoint + docker_container_command = var.docker_container_command + + # If docker_image_name is set then use it, otherwise check if we are managing ECR repo on this module and use it's repository_url. Otherwise use docker_registry/name + docker_image_name = var.docker_image_name != "" ? var.docker_image_name : var.ecr_repo_create ? module.ecr.repository_url : "${var.docker_registry}/${var.name}" + docker_image_tag = var.docker_image_tag + iam_role_policy_statement = var.iam_role_policy_statement additional_container_definition_parameters = var.additional_container_definition_parameters @@ -122,7 +64,7 @@ module "service" { tmpfs_size = var.tmpfs_size tmpfs_container_path = var.tmpfs_container_path tmpfs_mount_options = var.tmpfs_mount_options - shared_memory_size = var.shared_memory_size + shared_memory_size = var.shared_memory_size # TODO: This should be expanded to read some standard labels from datadog module to configure JMX, http and other checks. per https://docs.datadoghq.com/agent/docker/integrations/?tab=docker#configuration docker_labels = var.docker_labels @@ -136,23 +78,23 @@ module "service" { sidecar_container_definitions = concat( var.sidecar_container_definitions, - var.web_proxy_enabled ? [ + var.web_proxy_enabled ? [ module.nginx.container_definition ] : [], - var.datadog_enabled ? [ + var.datadog_enabled ? [ module.datadog.container_definition ] : [], - var.firelens_ecs_log_enabled ? local.fluentbit_container_definition : [] + var.firelens_ecs_log_enabled ? local.fluentbit_container_definition : [] ) docker_container_links = concat( - var.datadog_enabled && var.ecs_network_mode == "bridge" ? [ + var.datadog_enabled && var.ecs_network_mode == "bridge" ? [ "datadog-agent:datadog-agent" ] : []) docker_container_depends_on = concat( # TODO: This needs to be pulled from datadog agent module output - var.datadog_enabled ? [ + var.datadog_enabled ? [ { containerName = "datadog-agent", condition = "START" @@ -171,7 +113,7 @@ module "service" { host_port = var.ecs_network_mode == "awsvpc" ? (var.web_proxy_enabled ? var.web_proxy_docker_container_port : var.docker_container_port) : var.docker_host_port target_group_arn = length(module.alb[*].target_group_arns) >= 1 ? module.alb[0].target_group_arns[0] : "" } - ]) : ( var.app_type == "tcp-app" ? jsonencode(local.ecs_service_tcp_port_mappings) : jsonencode(var.port_mappings))) + ]) : (var.app_type == "tcp-app" ? jsonencode(local.ecs_service_tcp_port_mappings) : jsonencode(var.port_mappings))) environment = merge(var.environment, local.datadog_env_vars, local.ecs_exec_env_vars, { APP_NAME = var.name diff --git a/modules/ecs-service/README.md b/modules/ecs-service/README.md new file mode 100644 index 0000000..a5afcd0 --- /dev/null +++ b/modules/ecs-service/README.md @@ -0,0 +1,125 @@ +# ECS Service Module + +This module creates an ECS Service. +It's mainly meant to be used by [hazelops/ecs-app](https://registry.terraform.io/modules/hazelops/ecs/aws) Terraform module, but can be used by others too. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [task](#module\_task) | ../ecs-task | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_appautoscaling_policy.ecs_policy_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | +| [aws_appautoscaling_policy.ecs_policy_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | +| [aws_appautoscaling_scheduled_action.down](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_scheduled_action) | resource | +| [aws_appautoscaling_scheduled_action.up](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_scheduled_action) | resource | +| [aws_appautoscaling_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource | +| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_ecs_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_service.this_deployed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_iam_role.ecs_events](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.ecs_service_events_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_service_discovery_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.ecs_events_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [additional\_container\_definition\_parameters](#input\_additional\_container\_definition\_parameters) | Additional parameters passed straight to the container definition, eg. tmpfs config | `any` | `{}` | no | +| [app\_secrets](#input\_app\_secrets) | List of SSM ParameterStore secret parameters - by default, /$var.env/$var.name/* | `list(any)` | `[]` | no | +| [app\_type](#input\_app\_type) | ECS application type. Valid values: web (with load balancer), worker (scheduled task without ALB). | `string` | `"web"` | no | +| [assign\_public\_ip](#input\_assign\_public\_ip) | ECS service network configuration - assign public IP | `bool` | `false` | no | +| [autoscale\_enabled](#input\_autoscale\_enabled) | ECS Autoscaling enabled | `bool` | `false` | no | +| [autoscale\_scheduled\_down](#input\_autoscale\_scheduled\_down) | List of Cron-like expressions for scheduled ecs autoscale DOWN | `list(any)` | `[]` | no | +| [autoscale\_scheduled\_timezone](#input\_autoscale\_scheduled\_timezone) | Time Zone for the scheduled event | `string` | `"UTC"` | no | +| [autoscale\_scheduled\_up](#input\_autoscale\_scheduled\_up) | List of Cron-like expressions for scheduled ecs autoscale UP | `list(any)` | `[]` | no | +| [autoscale\_target\_value\_cpu](#input\_autoscale\_target\_value\_cpu) | ECS Service Average CPU Utilization threshold. Integer value for percentage - IE 80 | `number` | `50` | no | +| [autoscale\_target\_value\_memory](#input\_autoscale\_target\_value\_memory) | ECS Service Average Memory Utilization threshold. Integer value for percentage. IE 60 | `number` | `50` | no | +| [autoscaling\_max\_size](#input\_autoscaling\_max\_size) | Maximum number of running ECS tasks during scheduled-up-autoscaling action | `number` | `2` | no | +| [autoscaling\_min\_size](#input\_autoscaling\_min\_size) | Minimum number of running ECS tasks during scheduled-up-autoscaling action | `number` | `2` | no | +| [aws\_service\_discovery\_private\_dns\_namespace](#input\_aws\_service\_discovery\_private\_dns\_namespace) | Amazon ECS Service Discovery private DNS namespace | `string` | `""` | no | +| [cloudwatch\_schedule\_expressions](#input\_cloudwatch\_schedule\_expressions) | List of Cron-like Cloudwatch Event Rule schedule expressions | `list(any)` | `[]` | no | +| [cpu](#input\_cpu) | Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | +| [cpu\_architecture](#input\_cpu\_architecture) | n/a | `any` | n/a | yes | +| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | Lower limit on the number of running tasks. | `number` | `100` | no | +| [desired\_capacity](#input\_desired\_capacity) | Desired number (capacity) of running ECS tasks | `number` | `1` | no | +| [docker\_container\_command](#input\_docker\_container\_command) | Docker container command | `list(string)` | `[]` | no | +| [docker\_container\_depends\_on](#input\_docker\_container\_depends\_on) | Docker container dependencies | `list(any)` | `[]` | no | +| [docker\_container\_entrypoint](#input\_docker\_container\_entrypoint) | Docker container entrypoint | `list(string)` | `[]` | no | +| [docker\_container\_links](#input\_docker\_container\_links) | ECS container definitions links | `list(any)` | `[]` | no | +| [docker\_container\_port](#input\_docker\_container\_port) | Docker container port | `number` | `3000` | no | +| [docker\_image\_name](#input\_docker\_image\_name) | Docker image name | `string` | `""` | no | +| [docker\_image\_tag](#input\_docker\_image\_tag) | Docker image tag | `string` | n/a | yes | +| [docker\_labels](#input\_docker\_labels) | Labels to be added to the docker. Used for auto-configuration, for instance of JMX discovery | `map(any)` | `null` | no | +| [ec2\_service\_group](#input\_ec2\_service\_group) | Service group name, e.g. app, service name etc. Mainly used in scheduling tasks on different instances. | `string` | `"app"` | no | +| [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | ECS cluster arn. Should be specified to avoid data query by cluster name | `string` | n/a | yes | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS cluster name | `string` | n/a | yes | +| [ecs\_exec\_enabled](#input\_ecs\_exec\_enabled) | Turns on the Amazon ECS Exec for the task | `bool` | `true` | no | +| [ecs\_launch\_type](#input\_ecs\_launch\_type) | ECS launch type: FARGATE or EC2 | `string` | `"FARGATE"` | no | +| [ecs\_network\_mode](#input\_ecs\_network\_mode) | Corresponds to networkMode in an ECS task definition. Supported values are none, bridge, host, or awsvpc | `string` | `"awsvpc"` | no | +| [ecs\_platform\_version](#input\_ecs\_platform\_version) | The platform version on which to run your service. Only applicable when using Fargate launch type | `string` | `"LATEST"` | no | +| [ecs\_service\_deployed](#input\_ecs\_service\_deployed) | This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli) | `bool` | `false` | no | +| [ecs\_service\_discovery\_enabled](#input\_ecs\_service\_discovery\_enabled) | ECS service can optionally be configured to use Amazon ECS Service Discovery | `bool` | `false` | no | +| [ecs\_service\_name](#input\_ecs\_service\_name) | ECS service name | `string` | `""` | no | +| [ecs\_target\_task\_count](#input\_ecs\_target\_task\_count) | The target task count of 'worker' ecs app type, see $var.app\_type of the root module | `number` | `1` | no | +| [ecs\_task\_health\_check\_command](#input\_ecs\_task\_health\_check\_command) | Command to check for the health of the container | `string` | n/a | yes | +| [ecs\_volumes\_from](#input\_ecs\_volumes\_from) | The VolumeFrom property specifies details on a data volume from another container in the same task definition | `list(any)` | `[]` | no | +| [env](#input\_env) | Target environment name of the infrastructure | `string` | n/a | yes | +| [environment](#input\_environment) | Set of environment variables | `map(string)` | n/a | yes | +| [firelens\_ecs\_log\_enabled](#input\_firelens\_ecs\_log\_enabled) | AWSFirelens ECS logs enabled | `bool` | `false` | no | +| [global\_secrets](#input\_global\_secrets) | List of SSM ParameterStore global secrets - by default, /$var.env/global/* | `list(any)` | `[]` | no | +| [iam\_role\_policy\_statement](#input\_iam\_role\_policy\_statement) | ECS Service IAM Role policy statement | `list(any)` | `[]` | no | +| [max\_size](#input\_max\_size) | Maximum number of running ECS tasks | `number` | `1` | no | +| [memory](#input\_memory) | Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | +| [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `1024` | no | +| [memory\_reservation](#input\_memory\_reservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `256` | no | +| [min\_size](#input\_min\_size) | Minimum number of running ECS tasks | `number` | `1` | no | +| [name](#input\_name) | ECS app name including the namespace (if applies) | `string` | n/a | yes | +| [operating\_system\_family](#input\_operating\_system\_family) | n/a | `any` | n/a | yes | +| [port\_mappings](#input\_port\_mappings) | Docker container port mapping to a host port. We don't forward ports from the container if we are using proxy (proxy reaches out to container via internal network) | `list(any)` | `[]` | no | +| [resource\_requirements](#input\_resource\_requirements) | The ResourceRequirement property specifies the type and amount of a resource to assign to a container. The only supported resource is a GPU | `list(any)` | `[]` | no | +| [security\_groups](#input\_security\_groups) | Security groups to assign to ECS Fargate task/ECS EC2 | `list(any)` | `[]` | no | +| [service\_desired\_count](#input\_service\_desired\_count) | The number of instances of a task definition | `number` | `1` | no | +| [shared\_memory\_size](#input\_shared\_memory\_size) | Size of the /dev/shm shared memory in MB | `number` | `0` | no | +| [sidecar\_container\_definitions](#input\_sidecar\_container\_definitions) | ECS Sidecar container definitions, e.g. Datadog agent | `any` | `[]` | no | +| [ssm\_global\_secret\_path](#input\_ssm\_global\_secret\_path) | AWS SSM root path to global environment secrets like /dev/global | `string` | `null` | no | +| [ssm\_secret\_path](#input\_ssm\_secret\_path) | AWS SSM root path to environment secrets of an app like /dev/app1 | `string` | `null` | no | +| [subnets](#input\_subnets) | VPC subnets to place ECS task | `list(any)` | `[]` | no | +| [target\_group\_arn](#input\_target\_group\_arn) | Application load balancer target group ARN | `string` | `null` | no | +| [tmpfs\_container\_path](#input\_tmpfs\_container\_path) | Path where tmpfs shm would be mounted | `string` | `"/tmp/"` | no | +| [tmpfs\_enabled](#input\_tmpfs\_enabled) | TMPFS support for non-Fargate deployments | `bool` | `false` | no | +| [tmpfs\_mount\_options](#input\_tmpfs\_mount\_options) | Options for the mount of the ram disk. noatime by default to speed up access | `list(string)` | 
[
  "noatime"
]
| no | +| [tmpfs\_size](#input\_tmpfs\_size) | Size of the tmpfs in MB | `number` | `1024` | no | +| [volumes](#input\_volumes) | Amazon data volumes for ECS Task (efs/FSx/Docker volume/Bind mounts) | `list(any)` | `[]` | no | +| [web\_proxy\_enabled](#input\_web\_proxy\_enabled) | Nginx proxy enabled | `bool` | `false` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [cloudwatch\_event\_rule\_id](#output\_cloudwatch\_event\_rule\_id) | Cloudwatch event rule for ECS Scheduled Task | +| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | Cloudwatch Log group of ECS Service | +| [ecs\_cluster\_name](#output\_ecs\_cluster\_name) | ECS Cluster name | +| [task\_definition\_arn](#output\_task\_definition\_arn) | Deployed ECS Task definition ARN | + diff --git a/ecs-modules/ecs-service/autoscaling.tf b/modules/ecs-service/autoscaling.tf similarity index 100% rename from ecs-modules/ecs-service/autoscaling.tf rename to modules/ecs-service/autoscaling.tf diff --git a/ecs-modules/ecs-service/data.tf b/modules/ecs-service/data.tf similarity index 100% rename from ecs-modules/ecs-service/data.tf rename to modules/ecs-service/data.tf diff --git a/ecs-modules/ecs-service/iam.tf b/modules/ecs-service/iam.tf similarity index 93% rename from ecs-modules/ecs-service/iam.tf rename to modules/ecs-service/iam.tf index b0b4ca6..7b07dd2 100644 --- a/ecs-modules/ecs-service/iam.tf +++ b/modules/ecs-service/iam.tf @@ -2,7 +2,7 @@ resource "aws_iam_role" "ecs_events" { count = var.cloudwatch_schedule_expressions == [] ? 0 : 1 - name = var.ecs_service_name != "" ? "${var.ecs_service_name}_ECSEvents" : "${var.env}_${var.name}_ECSEvents" + name = var.ecs_service_name != "" ? "${var.ecs_service_name}-ECSEvents" : "${var.env}-${var.name}-ECSEvents" assume_role_policy = data.aws_iam_policy_document.ecs_events_assume_role[0].json path = "/" description = "CloudWatch Events IAM Role" diff --git a/ecs-modules/ecs-service/locals.tf b/modules/ecs-service/locals.tf similarity index 100% rename from ecs-modules/ecs-service/locals.tf rename to modules/ecs-service/locals.tf diff --git a/ecs-modules/ecs-service/main.tf b/modules/ecs-service/main.tf similarity index 100% rename from ecs-modules/ecs-service/main.tf rename to modules/ecs-service/main.tf diff --git a/ecs-modules/ecs-service/outputs.tf b/modules/ecs-service/outputs.tf similarity index 100% rename from ecs-modules/ecs-service/outputs.tf rename to modules/ecs-service/outputs.tf diff --git a/ecs-modules/ecs-service/variables.tf b/modules/ecs-service/variables.tf similarity index 98% rename from ecs-modules/ecs-service/variables.tf rename to modules/ecs-service/variables.tf index f1ff265..a6d5f31 100644 --- a/ecs-modules/ecs-service/variables.tf +++ b/modules/ecs-service/variables.tf @@ -5,7 +5,7 @@ variable "env" { variable "name" { type = string - description = "ECS app name" + description = "ECS app name including the namespace (if applies)" } variable "app_type" { @@ -19,25 +19,21 @@ variable "app_type" { } } -variable "namespace" { - type = string - description = "Namespace name within the infrastructure" -} - variable "memoryReservation" { type = number - default = 1024 description = "The soft limit (in MiB) of memory to reserve for the container" + default = 1024 } + variable "environment" { type = map(string) description = "Set of environment variables" } variable "ecs_platform_version" { + type = string description = "The platform version on which to run your service. Only applicable when using Fargate launch type" default = "LATEST" - type = string } variable "app_secrets" { @@ -127,27 +123,27 @@ variable "docker_container_links" { } variable "ec2_service_group" { - description = "Service group name, e.g. app, service name etc." type = string + description = "Service group name, e.g. app, service name etc. Mainly used in scheduling tasks on different instances." default = "app" } variable "service_desired_count" { + type = number description = "The number of instances of a task definition" default = 1 - type = number } variable "ecs_target_task_count" { + type = number description = "The target task count of 'worker' ecs app type, see $var.app_type of the root module" default = 1 - type = number } variable "deployment_minimum_healthy_percent" { + type = number description = "Lower limit on the number of running tasks." default = 100 - type = number } variable "target_group_arn" { @@ -189,8 +185,8 @@ variable "ecs_launch_type" { # The var.cpu & var.memory vars are valid only for FARGATE. EC2 instance type is used to set ECS EC2 specs variable "cpu" { type = number - default = 256 description = "Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 256 validation { condition = can(regex("256|512|1024|2048|4096", var.cpu)) @@ -200,8 +196,8 @@ variable "cpu" { variable "memory" { type = number - default = 512 description = "Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 512 validation { condition = can(regex("512|1024|2048|3072|4096|5120|6144|7168|8192|9216|10240|11264|12288|13312|14336|15360|16384|17408|18432|19456|20480|21504|22528|23552|24576|25600|26624|27648|28672|29696|30720", var.memory)) @@ -348,8 +344,8 @@ variable "web_proxy_enabled" { # https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html variable "cloudwatch_schedule_expressions" { - description = "List of Cron-like Cloudwatch Event Rule schedule expressions" type = list(any) + description = "List of Cron-like Cloudwatch Event Rule schedule expressions" default = [] } diff --git a/ecs-modules/ecs-service/versions.tf b/modules/ecs-service/versions.tf similarity index 100% rename from ecs-modules/ecs-service/versions.tf rename to modules/ecs-service/versions.tf diff --git a/modules/ecs-task/README.md b/modules/ecs-task/README.md new file mode 100644 index 0000000..7c56a3c --- /dev/null +++ b/modules/ecs-task/README.md @@ -0,0 +1,92 @@ +# ECS Task Module + +This module creates an ECS Task. +It's mainly meant to be used by [hazelops/ecs-app](https://registry.terraform.io/modules/hazelops/ecs/aws) Terraform module, but can be used by others too. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_ecs_task_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [aws_iam_role.ecs_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.ecs_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.ecs_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.ecs_task](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_ssm_parameter.dd_api_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [additional\_container\_definition\_parameters](#input\_additional\_container\_definition\_parameters) | Additional parameters passed straight to the container definition, eg. tmpfs config | `any` | `{}` | no | +| [app\_secrets](#input\_app\_secrets) | List of SSM ParameterStore secret parameters - by default, /$var.env/$var.name/* | `list(any)` | `[]` | no | +| [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days) | Default AWS Cloudwatch retention in days | `number` | `90` | no | +| [cloudwatch\_schedule\_expressions](#input\_cloudwatch\_schedule\_expressions) | List of Cron-like Cloudwatch Event Rule schedule expressions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html) | `list(any)` | `[]` | no | +| [cpu](#input\_cpu) | Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | +| [cpu\_architecture](#input\_cpu\_architecture) | n/a | `any` | n/a | yes | +| [docker\_container\_command](#input\_docker\_container\_command) | Docker container command | `list(string)` | `[]` | no | +| [docker\_container\_depends\_on](#input\_docker\_container\_depends\_on) | Docker container dependencies | `list(any)` | `[]` | no | +| [docker\_container\_entrypoint](#input\_docker\_container\_entrypoint) | Docker container entrypoint | `list(string)` | `[]` | no | +| [docker\_container\_links](#input\_docker\_container\_links) | ECS container definitions links | `list(any)` | `[]` | no | +| [docker\_container\_port](#input\_docker\_container\_port) | Docker container port | `number` | `3000` | no | +| [docker\_image\_name](#input\_docker\_image\_name) | Docker image name | `string` | `""` | no | +| [docker\_image\_tag](#input\_docker\_image\_tag) | Docker image tag | `string` | `"latest"` | no | +| [docker\_labels](#input\_docker\_labels) | Labels to be added to the docker. Used for auto-configuration, for instance of JMX discovery | `map(any)` | `null` | no | +| [ecs\_exec\_enabled](#input\_ecs\_exec\_enabled) | Turns on the Amazon ECS Exec for the task | `bool` | `true` | no | +| [ecs\_launch\_type](#input\_ecs\_launch\_type) | ECS launch type: FARGATE or EC2 | `string` | `"FARGATE"` | no | +| [ecs\_network\_configuration](#input\_ecs\_network\_configuration) | ECS Network Configuration | `map(any)` | `{}` | no | +| [ecs\_network\_mode](#input\_ecs\_network\_mode) | Corresponds to networkMode in an ECS task definition. Supported values are none, bridge, host, or awsvpc | `string` | `"awsvpc"` | no | +| [ecs\_task\_family\_name](#input\_ecs\_task\_family\_name) | ECS Task Family Name | `string` | `""` | no | +| [ecs\_task\_health\_check\_command](#input\_ecs\_task\_health\_check\_command) | Command to check for the health of the container | `string` | n/a | yes | +| [ecs\_volumes\_from](#input\_ecs\_volumes\_from) | The VolumeFrom property specifies details on a data volume from another container in the same task definition | `list(any)` | `[]` | no | +| [env](#input\_env) | Target environment name of the infrastructure | `string` | n/a | yes | +| [environment](#input\_environment) | Set of environment variables | `map(string)` | n/a | yes | +| [firelens\_ecs\_log\_enabled](#input\_firelens\_ecs\_log\_enabled) | AWSFirelens ECS logs enabled | `bool` | `false` | no | +| [global\_secrets](#input\_global\_secrets) | List of SSM ParameterStore global secrets - by default, /$var.env/global/* | `list(any)` | `[]` | no | +| [iam\_role\_policy\_statement](#input\_iam\_role\_policy\_statement) | ECS Task IAM Role policy statement | `list(any)` | `[]` | no | +| [memory](#input\_memory) | Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | +| [memory\_reservation](#input\_memory\_reservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `256` | no | +| [name](#input\_name) | ECS app name including namespace (if applies) | `string` | n/a | yes | +| [operating\_system\_family](#input\_operating\_system\_family) | n/a | `any` | n/a | yes | +| [port\_mappings](#input\_port\_mappings) | Docker container port mapping to a host port. We don't forward ports from the container if we are using proxy (proxy reaches out to container via internal network) | `list(any)` | `[]` | no | +| [resource\_requirements](#input\_resource\_requirements) | The ResourceRequirement property specifies the type and amount of a resource to assign to a container. The only supported resource is a GPU | `list(any)` | `[]` | no | +| [shared\_memory\_size](#input\_shared\_memory\_size) | Size of the /dev/shm shared memory in MB | `number` | `0` | no | +| [sidecar\_container\_definitions](#input\_sidecar\_container\_definitions) | ECS Sidecar container definitions, e.g. Datadog agent | `any` | `[]` | no | +| [ssm\_global\_secret\_path](#input\_ssm\_global\_secret\_path) | AWS SSM root path to global environment secrets like /dev/global | `string` | `null` | no | +| [ssm\_secret\_path](#input\_ssm\_secret\_path) | AWS SSM root path to environment secrets of an app like /dev/app1 | `string` | `null` | no | +| [task\_group](#input\_task\_group) | ECS Task group name, e.g. app, service name etc. | `string` | `"app"` | no | +| [tmpfs\_container\_path](#input\_tmpfs\_container\_path) | Path where tmpfs tmpfs would be mounted | `string` | `"/tmp/"` | no | +| [tmpfs\_enabled](#input\_tmpfs\_enabled) | TMPFS support for non-Fargate deployments | `bool` | `false` | no | +| [tmpfs\_mount\_options](#input\_tmpfs\_mount\_options) | Options for the mount of the ram disk. noatime by default to speed up access | `list(string)` | 
[
  "noatime"
]
| no | +| [tmpfs\_size](#input\_tmpfs\_size) | Size of the tmpfs in MB | `number` | `1024` | no | +| [volumes](#input\_volumes) | Amazon data volumes for ECS Task (efs/FSx/Docker volume/Bind mounts) | `list(any)` | `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | Cloudwatch Log group of ECS Service | +| [ecs\_launch\_type](#output\_ecs\_launch\_type) | ECS launch type: FARGATE or EC2 | +| [ecs\_network\_configuration](#output\_ecs\_network\_configuration) | ECS Network Configuration of ECS Task | +| [task\_definition\_arn](#output\_task\_definition\_arn) | Deployed ECS Task definition ARN | + diff --git a/ecs-modules/ecs-task/data.tf b/modules/ecs-task/data.tf similarity index 100% rename from ecs-modules/ecs-task/data.tf rename to modules/ecs-task/data.tf diff --git a/ecs-modules/ecs-task/iam.tf b/modules/ecs-task/iam.tf similarity index 100% rename from ecs-modules/ecs-task/iam.tf rename to modules/ecs-task/iam.tf diff --git a/ecs-modules/ecs-task/locals.tf b/modules/ecs-task/locals.tf similarity index 100% rename from ecs-modules/ecs-task/locals.tf rename to modules/ecs-task/locals.tf diff --git a/ecs-modules/ecs-task/main.tf b/modules/ecs-task/main.tf similarity index 100% rename from ecs-modules/ecs-task/main.tf rename to modules/ecs-task/main.tf diff --git a/ecs-modules/ecs-task/outputs.tf b/modules/ecs-task/outputs.tf similarity index 100% rename from ecs-modules/ecs-task/outputs.tf rename to modules/ecs-task/outputs.tf diff --git a/ecs-modules/ecs-task/variables.tf b/modules/ecs-task/variables.tf similarity index 97% rename from ecs-modules/ecs-task/variables.tf rename to modules/ecs-task/variables.tf index 9208eb0..647427c 100644 --- a/ecs-modules/ecs-task/variables.tf +++ b/modules/ecs-task/variables.tf @@ -5,7 +5,7 @@ variable "env" { variable "name" { type = string - description = "ECS app name" + description = "ECS app name including namespace (if applies)" } variable "memory_reservation" { @@ -17,8 +17,8 @@ variable "memory_reservation" { # The var.cpu & var.memory vars are valid only for FARGATE. EC2 instance type is used to set ECS EC2 specs variable "cpu" { type = number - default = 256 description = "Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 256 validation { condition = can(regex("256|512|1024|2048|4096", var.cpu)) @@ -28,8 +28,8 @@ variable "cpu" { variable "memory" { type = number - default = 512 description = "Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 512 validation { condition = can(regex("512|1024|2048|3072|4096|5120|6144|7168|8192|9216|10240|11264|12288|13312|14336|15360|16384|17408|18432|19456|20480|21504|22528|23552|24576|25600|26624|27648|28672|29696|30720", var.memory)) @@ -87,8 +87,8 @@ variable "docker_image_tag" { } variable "docker_container_port" { - description = "Docker container port" type = number + description = "Docker container port" default = 3000 } @@ -140,8 +140,8 @@ variable "additional_container_definition_parameters" { variable "task_group" { - description = "ECS Task group name, e.g. app, service name etc." type = string + description = "ECS Task group name, e.g. app, service name etc." default = "app" } @@ -174,9 +174,9 @@ variable "ecs_network_mode" { } variable "ecs_network_configuration" { + type = map(any) description = "ECS Network Configuration" default = {} - type = map(any) } variable "ecs_task_family_name" { @@ -208,16 +208,15 @@ variable "volumes" { default = [] } -# https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html variable "cloudwatch_schedule_expressions" { - description = "List of Cron-like Cloudwatch Event Rule schedule expressions" type = list(any) + description = "List of Cron-like Cloudwatch Event Rule schedule expressions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html)" default = [] } variable "cloudwatch_retention_in_days" { - description = "Default AWS Cloudwatch retention in days" type = number + description = "Default AWS Cloudwatch retention in days" default = 90 } diff --git a/ecs-modules/ecs-task/versions.tf b/modules/ecs-task/versions.tf similarity index 100% rename from ecs-modules/ecs-task/versions.tf rename to modules/ecs-task/versions.tf diff --git a/outputs.tf b/outputs.tf index e3336ea..c905c1e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -26,8 +26,8 @@ output "alb_arn" { value = length(module.alb[*].lb_arn) >= 1 ? module.alb[0].lb_arn : "" } -output "efs" { - value = var.efs_enabled ? module.efs.mount_target_dns_names[*] : "" +output "efs_mount_target" { + value = var.efs_enabled && var.efs_share_create ? module.efs.mount_target_dns_names[0] : "" } output "eips" { diff --git a/test/src/go.mod b/test/src/go.mod index 6fb7bc9..2694e0d 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -61,14 +61,14 @@ require ( go.opencensus.io v0.23.0 // indirect golang.org/x/crypto v0.1.0 // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect - golang.org/x/mod v0.4.2 // indirect - golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect - golang.org/x/sys v0.0.0-20210603125802-9665404d3644 // indirect - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect - golang.org/x/text v0.3.6 // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect - golang.org/x/tools v0.1.2 // indirect + golang.org/x/tools v0.1.12 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/api v0.47.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/test/src/go.sum b/test/src/go.sum index d4e2a8f..e85a215 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -375,6 +375,7 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -412,6 +413,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -453,6 +455,7 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -526,8 +529,10 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -537,6 +542,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -594,6 +600,7 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/variables.tf b/variables.tf index 94d2106..658c3d2 100644 --- a/variables.tf +++ b/variables.tf @@ -3,14 +3,9 @@ variable "env" { description = "Target environment name of the infrastructure" } -variable "namespace" { - type = string - description = "Namespace name within the infrastructure" -} - variable "name" { type = string - description = "ECS app name" + description = "ECS app name including all required namespaces" } variable "app_type" { @@ -25,21 +20,21 @@ variable "app_type" { } variable "ecs_service_name" { - default = "" type = string description = "The ECS service name" + default = "" } variable "ecs_platform_version" { + type = string description = "The platform version on which to run your service. Only applicable when using Fargate launch type" default = "LATEST" - type = string } variable "ec2_service_group" { - description = "Service group name, e.g. app, service name etc." type = string + description = "Service group name, e.g. app, service name etc." default = "app" } @@ -51,12 +46,12 @@ variable "instance_type" { variable "environment" { type = map(string) - description = "Set of environment variables" + description = "Map of parameters to be set in SSM and then exposed into a Task Definition as environment variables." } variable "public" { - description = "It's publicity accessible application" type = bool + description = "It's publicity accessible application" default = true } @@ -67,8 +62,8 @@ variable "app_secrets" { } variable "public_ecs_service" { - description = "It's publicity accessible service" type = bool + description = "It's publicity accessible service" default = false } @@ -135,7 +130,7 @@ variable "image_id" { variable "root_domain_name" { type = string description = "Domain name of AWS Route53 Zone" - default = "example.com" + default = "" } variable "domain_names" { @@ -147,7 +142,7 @@ variable "domain_names" { variable "zone_id" { type = string description = "AWS Route53 Zone ID" - default = "AWS123456789" + default = "" } variable "vpc_id" { @@ -187,21 +182,21 @@ variable "docker_image_tag" { } variable "docker_container_port" { - description = "Docker container port" type = number + description = "Docker container port" default = 3000 } variable "docker_host_port" { - description = "Docker host port. 0 means Auto-assign." type = number + description = "Docker host port. 0 means Auto-assign." default = 0 } variable "port_mappings" { + type = any description = "List of ports to open from a service" - type = any - default = [] + default = [] } variable "docker_container_entrypoint" { @@ -223,8 +218,8 @@ variable "sidecar_container_definitions" { } variable "alb_idle_timeout" { - description = "The time in seconds that the connection is allowed to be idle." type = number + description = "The time in seconds that the connection is allowed to be idle." default = 60 } @@ -251,6 +246,7 @@ variable "web_proxy_docker_image_tag" { default = "1.19.2-alpine" } variable "proxy_docker_image_name" { + type = string description = "Nginx proxy docker image name" default = "nginx" } @@ -262,30 +258,33 @@ variable "web_proxy_docker_container_port" { } variable "proxy_docker_container_command" { - description = "Proxy docker container CMD" type = list(string) + description = "Proxy docker container CMD" default = ["nginx", "-g", "daemon off;"] } variable "proxy_docker_entrypoint" { + type = string description = "Proxy docker container entrypoint" default = ["/docker-entrypoint.sh"] } variable "autoscale_scheduled_up" { + type = list(string) description = "List of Cron-like expressions for scheduled ecs autoscale UP" default = [] } variable "autoscale_scheduled_down" { + type = list(string) description = "List of Cron-like expressions for scheduled ecs autoscale DOWN" default = [] } variable "autoscale_scheduled_timezone" { - type = string + type = string description = "Time Zone for the scheduled event" - default = "UTC" + default = "UTC" } variable "ec2_eip_enabled" { @@ -310,13 +309,12 @@ variable "ec2_eip_dns_enabled" { variable "ecs_cluster_name" { type = string description = "ECS cluster name" - default = "" } variable "ecs_cluster_arn" { type = string description = "ECS cluster arn. Should be specified to avoid data query by cluster name" - default = "" + default = "" } variable "autoscaling_health_check_type" { @@ -386,9 +384,9 @@ variable "autoscale_target_value_memory" { } variable "deployment_minimum_healthy_percent" { + type = number description = "Lower limit on the number of running tasks" default = 100 - type = number } @@ -399,9 +397,9 @@ variable "datadog_enabled" { } variable "datadog_jmx_enabled" { - type = bool + type = bool description = "Enables / Disables jmx monitor via the datadog agent" - default = false + default = false } variable "route53_health_check_enabled" { @@ -425,8 +423,8 @@ variable "sns_service_subscription_endpoint_protocol" { # The var.cpu & var.memory vars are valid only for FARGATE. EC2 instance type is used to set ECS EC2 specs variable "cpu" { type = number - default = 256 description = "Fargate CPU value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 256 validation { condition = can(regex("256|512|1024|2048|4096", var.cpu)) @@ -436,8 +434,8 @@ variable "cpu" { variable "memory" { type = number - default = 512 description = "Fargate Memory value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)" + default = 512 validation { condition = can(regex("512|1024|2048|3072|4096|5120|6144|7168|8192|9216|10240|11264|12288|13312|14336|15360|16384|17408|18432|19456|20480|21504|22528|23552|24576|25600|26624|27648|28672|29696|30720", var.memory)) @@ -517,49 +515,62 @@ variable "resource_requirements" { } variable "root_block_device_size" { - type = number - default = "50" + type = number + description = "EBS root block device size in GB" + default = "50" } variable "http_port" { type = number - default = 80 description = "Port that is used for HTTP protocol" + default = 80 } variable "root_block_device_type" { - type = string - default = "gp2" + type = string + description = "EBS root block device type" + default = "gp2" + + validation { + condition = can(regex("io1|io2|gp2|gp3", var.root_block_device_type)) + error_message = "The root_block_device_type value must be a valid type: io1, io2, gp2, gp3 (https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html)" + } } variable "alb_health_check_valid_response_codes" { - type = string - default = "200-399" + type = string + description = "The HTTP codes to use when checking for a successful response from a target. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\")." + default = "200-399" } variable "alb_deregistration_delay" { - type = number - default = 5 + type = number + description = "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused" + default = 5 } variable "alb_health_check_interval" { - type = number - default = 30 + type = number + description = "The approximate amount of time, in seconds, between health checks of an individual target" + default = 30 } variable "alb_health_check_healthy_threshold" { - type = number - default = 3 + type = number + description = "The number of consecutive health checks successes required before considering an unhealthy target healthy" + default = 3 } variable "alb_health_check_unhealthy_threshold" { - type = number - default = 3 + type = number + description = "The number of consecutive health check failures required before considering the target unhealthy" + default = 3 } variable "alb_health_check_timeout" { - type = number - default = 6 + type = number + description = "The amount of time, in seconds, during which no response means a failed health check" + default = 6 } variable "volumes" { @@ -570,13 +581,25 @@ variable "volumes" { variable "efs_enabled" { type = bool - description = "EFS Enabled" + description = "Whether to enable EFS mount for ECS task" default = false } +variable "efs_share_create" { + type = bool + description = "Whether to create EFS share or not" + default = false +} + +variable "efs_file_system_id" { + type = string + description = "EFS file system ID" + default = "" +} + variable "efs_mount_point" { type = string - description = "EFS mount point" + description = "EFS mount point in the container" default = "/mnt/efs" } @@ -588,7 +611,7 @@ variable "efs_root_directory" { variable "ecs_service_deployed" { type = bool - description = "This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli)" + description = "This service resource doesn't have task definition lifecycle policy, so terraform is used to deploy it (instead of ecs cli or ize)" default = false } @@ -607,7 +630,7 @@ variable "cloudwatch_schedule_expressions" { variable "firelens_ecs_log_enabled" { type = bool - description = "AWSFirelens ECS logs enabled" + description = "AWS Firelens ECS logs enabled (used by FluentBit, Datadog, etc)" default = false } @@ -633,7 +656,7 @@ variable "ecs_exec_prompt_string" { variable "additional_container_definition_parameters" { type = any description = "Additional parameters passed straight to the container definition, eg. tmpfs config" - default = {} + default = {} } @@ -668,21 +691,21 @@ variable "shared_memory_size" { } variable "create_schedule" { - description = "Determines whether to create autoscaling group schedule or not" type = bool + description = "Determines whether to create autoscaling group schedule or not" default = false } variable "schedules" { - description = "Map of autoscaling group schedule to create" type = map(any) - default = {} + description = "Map of autoscaling group schedule to create" + default = {} } variable "docker_labels" { - type = map(any) + type = map(any) description = "Labels to be added to the docker. Used for auto-configuration, for instance of JMX discovery" - default = null + default = null } variable "operating_system_family" { @@ -698,13 +721,15 @@ variable "cpu_architecture" { } variable "ecr_force_delete" { - default = false - description = "If true, will delete the ECR repository even if it contains images." + type = bool + description = "If true, will delete the ECR repository even if it contains images on destroy" + default = false } variable "alb_access_logs_enabled" { - default = false - description = "If true, ALB access logs will be writing to S3" + type = bool + description = "If true, ALB access logs will be written to S3" + default = false } variable "alb_access_logs_s3bucket_name" { From e736a1343e8fd82ad175e8c5f05c6d02cb288daa Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:26:40 +0000 Subject: [PATCH 02/19] Add .pre-commit-config.yaml --- .pre-commit-config.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..52094d4 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,31 @@ +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.89.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - '--args=--lockfile=false' + - id: terraform_tflint + args: + - '--args=--only=terraform_deprecated_interpolation' + - '--args=--only=terraform_deprecated_index' + - '--args=--only=terraform_unused_declarations' + - '--args=--only=terraform_comment_syntax' + - '--args=--only=terraform_documented_outputs' + - '--args=--only=terraform_documented_variables' + - '--args=--only=terraform_typed_variables' + - '--args=--only=terraform_module_pinned_source' + - '--args=--only=terraform_naming_convention' + - '--args=--only=terraform_required_version' + - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_standard_module_structure' + - '--args=--only=terraform_workspace_remote' + - '--args=--only=terraform_unused_required_providers' + - id: terraform_validate + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: check-merge-conflict + - id: end-of-file-fixer + - id: trailing-whitespace From 09d6fc3a108b2358d51f08066f74593b42f272b7 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:29:52 +0000 Subject: [PATCH 03/19] Add Versions to examples --- examples/complete-tcp-app/versions.tf | 9 +++++++++ examples/complete-web-windows/versions.tf | 9 +++++++++ examples/complete-web/versions.tf | 9 +++++++++ examples/complete-worker-ec2/versions.tf | 9 +++++++++ examples/complete-worker/versions.tf | 9 +++++++++ examples/web-nginx-proxy/versions.tf | 9 +++++++++ examples/worker-scheduled-autoscale/versions.tf | 9 +++++++++ examples/worker-scheduled/versions.tf | 9 +++++++++ 8 files changed, 72 insertions(+) create mode 100644 examples/complete-tcp-app/versions.tf create mode 100644 examples/complete-web-windows/versions.tf create mode 100644 examples/complete-web/versions.tf create mode 100644 examples/complete-worker-ec2/versions.tf create mode 100644 examples/complete-worker/versions.tf create mode 100644 examples/web-nginx-proxy/versions.tf create mode 100644 examples/worker-scheduled-autoscale/versions.tf create mode 100644 examples/worker-scheduled/versions.tf diff --git a/examples/complete-tcp-app/versions.tf b/examples/complete-tcp-app/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/complete-tcp-app/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/complete-web-windows/versions.tf b/examples/complete-web-windows/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/complete-web-windows/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/complete-web/versions.tf b/examples/complete-web/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/complete-web/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/complete-worker-ec2/versions.tf b/examples/complete-worker-ec2/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/complete-worker-ec2/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/complete-worker/versions.tf b/examples/complete-worker/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/complete-worker/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/web-nginx-proxy/versions.tf b/examples/web-nginx-proxy/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/web-nginx-proxy/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/worker-scheduled-autoscale/versions.tf b/examples/worker-scheduled-autoscale/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/worker-scheduled-autoscale/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} diff --git a/examples/worker-scheduled/versions.tf b/examples/worker-scheduled/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/examples/worker-scheduled/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} From 2f78bad77dc21af9f70fedee747b6dbb12a3372c Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:32:16 +0000 Subject: [PATCH 04/19] proxy_docker_entrypoint type --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 658c3d2..7f945f3 100644 --- a/variables.tf +++ b/variables.tf @@ -264,7 +264,7 @@ variable "proxy_docker_container_command" { } variable "proxy_docker_entrypoint" { - type = string + type = list(string) description = "Proxy docker container entrypoint" default = ["/docker-entrypoint.sh"] } From b688dbd1d2aa11fcc642f7324eeaed7dc26e3cea Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:33:09 +0000 Subject: [PATCH 05/19] Fix ecs-service module path --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index c190632..f4d13f3 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ module "service" { - source = "modules/ecs-service" + source = "./modules/ecs-service" env = var.env name = var.name From 33ec85014965fd0fa5a515e3311bf7f40e6e05cf Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:36:33 +0000 Subject: [PATCH 06/19] Remove version duplicates --- examples/complete-tcp-app/main.tf | 10 ---------- examples/complete-web-windows/main.tf | 10 ---------- examples/complete-web/main.tf | 10 ---------- examples/complete-worker-ec2/main.tf | 10 ---------- examples/complete-worker/main.tf | 10 ---------- examples/web-nginx-proxy/main.tf | 10 ---------- examples/worker-scheduled-autoscale/main.tf | 10 ---------- examples/worker-scheduled/main.tf | 10 ---------- test/src/go.mod | 1 - test/src/go.sum | 16 +++++++--------- 10 files changed, 7 insertions(+), 90 deletions(-) diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf index b51f717..634f825 100644 --- a/examples/complete-tcp-app/main.tf +++ b/examples/complete-tcp-app/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Data data "aws_route53_zone" "root" { name = "${var.root_domain_name}." diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf index 7ed81c4..9e1e7f0 100644 --- a/examples/complete-web-windows/main.tf +++ b/examples/complete-web-windows/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Data data "aws_route53_zone" "root" { name = "${var.root_domain_name}." diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf index af4ce57..8e5b467 100644 --- a/examples/complete-web/main.tf +++ b/examples/complete-web/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Data data "aws_route53_zone" "root" { name = "${var.root_domain_name}." diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf index 07fb3cf..2b19dde 100644 --- a/examples/complete-worker-ec2/main.tf +++ b/examples/complete-worker-ec2/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Data data "aws_ami" "amazon_linux_ecs_generic" { most_recent = true diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf index 07ffc55..b22125f 100644 --- a/examples/complete-worker/main.tf +++ b/examples/complete-worker/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" diff --git a/examples/web-nginx-proxy/main.tf b/examples/web-nginx-proxy/main.tf index 308d923..48c3b53 100644 --- a/examples/web-nginx-proxy/main.tf +++ b/examples/web-nginx-proxy/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Data data "aws_route53_zone" "root" { name = "${var.root_domain_name}." diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf index 87d7cb6..d84ab6b 100644 --- a/examples/worker-scheduled-autoscale/main.tf +++ b/examples/worker-scheduled-autoscale/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf index 5dd89d2..7a117ff 100644 --- a/examples/worker-scheduled/main.tf +++ b/examples/worker-scheduled/main.tf @@ -1,13 +1,3 @@ -# Versions -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 1.0" -} - # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" diff --git a/test/src/go.mod b/test/src/go.mod index 2694e0d..4279bd8 100644 --- a/test/src/go.mod +++ b/test/src/go.mod @@ -69,7 +69,6 @@ require ( golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect golang.org/x/tools v0.1.12 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/api v0.47.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect diff --git a/test/src/go.sum b/test/src/go.sum index e85a215..8606b34 100644 --- a/test/src/go.sum +++ b/test/src/go.sum @@ -373,8 +373,7 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -411,8 +410,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -453,8 +452,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -527,11 +526,10 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -540,8 +538,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -598,8 +596,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From cbd9bb9bd347da1517e34e56603b84f2f3398053 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:40:15 +0000 Subject: [PATCH 07/19] Upgrade VPC to ~>5.0 in examples --- ...f-examples-tests.yml => run.e2e-tests.yml} | 22 +++++++++---------- .../{pre-commit.yml => run.pre-commit.yml} | 2 +- examples/complete-tcp-app/main.tf | 2 +- examples/complete-web-windows/main.tf | 2 +- examples/complete-web/main.tf | 2 +- examples/complete-worker-ec2/main.tf | 2 +- examples/complete-worker/main.tf | 2 +- examples/web-nginx-proxy/main.tf | 2 +- examples/worker-scheduled-autoscale/main.tf | 2 +- examples/worker-scheduled/main.tf | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) rename .github/workflows/{run.tf-examples-tests.yml => run.e2e-tests.yml} (96%) rename .github/workflows/{pre-commit.yml => run.pre-commit.yml} (99%) diff --git a/.github/workflows/run.tf-examples-tests.yml b/.github/workflows/run.e2e-tests.yml similarity index 96% rename from .github/workflows/run.tf-examples-tests.yml rename to .github/workflows/run.e2e-tests.yml index 3482d12..0c66e8f 100644 --- a/.github/workflows/run.tf-examples-tests.yml +++ b/.github/workflows/run.e2e-tests.yml @@ -1,4 +1,4 @@ -name: "Tests: TF Examples" +name: "Tests: E2E" defaults: run: shell: bash @@ -53,9 +53,9 @@ jobs: - name: IZE create AWS Profile run: ize gen aws-profile - - name: IZE gen tfenv + - name: IZE gen tfenv run: ize gen tfenv - + - name: Copy generated files run: | cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ github.job }}/ @@ -105,9 +105,9 @@ jobs: - name: IZE create AWS Profile run: ize gen aws-profile - - name: IZE gen tfenv + - name: IZE gen tfenv run: ize gen tfenv - + - name: Copy generated files run: | cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ github.job }}/ @@ -158,9 +158,9 @@ jobs: - name: IZE create AWS Profile run: ize gen aws-profile - - name: IZE gen tfenv + - name: IZE gen tfenv run: ize gen tfenv - + - name: Copy generated files run: | cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ github.job }}/ @@ -208,9 +208,9 @@ jobs: - name: IZE create AWS Profile run: ize gen aws-profile - - name: IZE gen tfenv + - name: IZE gen tfenv run: ize gen tfenv - + - name: Copy generated files run: | cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ github.job }}/ @@ -259,9 +259,9 @@ jobs: - name: IZE create AWS Profile run: ize gen aws-profile - - name: IZE gen tfenv + - name: IZE gen tfenv run: ize gen tfenv - + - name: Copy generated files run: | cp -R .ize/env/${{ env.ENV }}/*.* examples/${{ github.job }}/ diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/run.pre-commit.yml similarity index 99% rename from .github/workflows/pre-commit.yml rename to .github/workflows/run.pre-commit.yml index 68f08fd..1aae6a6 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/run.pre-commit.yml @@ -1,4 +1,4 @@ -name: Pre-Commit +name: "Tests: Pre-commit" on: pull_request: diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf index 634f825..4a80929 100644 --- a/examples/complete-tcp-app/main.tf +++ b/examples/complete-tcp-app/main.tf @@ -7,7 +7,7 @@ data "aws_route53_zone" "root" { # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.0.0.0/16" diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf index 9e1e7f0..b808edb 100644 --- a/examples/complete-web-windows/main.tf +++ b/examples/complete-web-windows/main.tf @@ -7,7 +7,7 @@ data "aws_route53_zone" "root" { # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.0.0.0/16" diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf index 8e5b467..4e77a81 100644 --- a/examples/complete-web/main.tf +++ b/examples/complete-web/main.tf @@ -7,7 +7,7 @@ data "aws_route53_zone" "root" { # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.1.0.0/16" diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf index 2b19dde..5a16d23 100644 --- a/examples/complete-worker-ec2/main.tf +++ b/examples/complete-worker-ec2/main.tf @@ -18,7 +18,7 @@ data "aws_ami" "amazon_linux_ecs_generic" { # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.0.0.0/16" diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf index b22125f..6792621 100644 --- a/examples/complete-worker/main.tf +++ b/examples/complete-worker/main.tf @@ -1,7 +1,7 @@ # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.0.0.0/16" diff --git a/examples/web-nginx-proxy/main.tf b/examples/web-nginx-proxy/main.tf index 48c3b53..cf2422a 100644 --- a/examples/web-nginx-proxy/main.tf +++ b/examples/web-nginx-proxy/main.tf @@ -7,7 +7,7 @@ data "aws_route53_zone" "root" { # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.2.0.0/16" diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf index d84ab6b..08c6b43 100644 --- a/examples/worker-scheduled-autoscale/main.tf +++ b/examples/worker-scheduled-autoscale/main.tf @@ -1,7 +1,7 @@ # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.5.0.0/16" diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf index 7a117ff..531d4a3 100644 --- a/examples/worker-scheduled/main.tf +++ b/examples/worker-scheduled/main.tf @@ -1,7 +1,7 @@ # Main module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" - version = "~> 3.0" + version = "~> 5.0" name = "${var.env}-vpc" cidr = "10.4.0.0/16" From 3a717e3feb3407af5e7bb7033eb93cd10ff8da83 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 09:47:14 +0000 Subject: [PATCH 08/19] Update pre-commit workflow --- .github/workflows/run.pre-commit.yml | 30 ++++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/run.pre-commit.yml b/.github/workflows/run.pre-commit.yml index 1aae6a6..e05b2e0 100644 --- a/.github/workflows/run.pre-commit.yml +++ b/.github/workflows/run.pre-commit.yml @@ -1,4 +1,4 @@ -name: "Tests: Pre-commit" +name: "Tests: Pre-Commit" on: pull_request: @@ -10,7 +10,7 @@ env: TFLINT_VERSION: v0.50.3 jobs: - collect-inputs: + collectInputs: name: Collect workflow inputs runs-on: ubuntu-latest outputs: @@ -23,13 +23,13 @@ jobs: id: dirs uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 - precommit-min-versions: + preCommitMinVersions: name: Min TF pre-commit - needs: collect-inputs + needs: collectInputs runs-on: ubuntu-latest strategy: matrix: - directory: ${{ fromJson(needs.collect-inputs.outputs.directories) }} + directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - name: Delete huge unnecessary tools folder @@ -43,33 +43,33 @@ jobs: uses: actions/checkout@v4 - name: Terraform min/max versions - id: min-max + id: minMax uses: clowdhaus/terraform-min-max@v1.3.0 with: directory: ${{ matrix.directory }} - - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }} + - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: - terraform-version: ${{ steps.min-max.outputs.min-version }} + terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*' - - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }} + - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: - terraform-version: ${{ steps.min-max.outputs.min-version }} + terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)' - precommit-max-versions: + preCommitMaxVersion: name: Max TF pre-commit runs-on: ubuntu-latest - needs: collect-inputs + needs: collectInputs steps: # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 - name: Delete huge unnecessary tools folder @@ -86,13 +86,13 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions - id: min-max + id: minMax uses: clowdhaus/terraform-min-max@v1.3.0 - - name: Pre-commit Terraform ${{ steps.min-max.outputs.max-version }} + - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: - terraform-version: ${{ steps.min-max.outputs.max-version }} + terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }} install-hcledit: true From cc0d04358a302d0bd78a2ce2e6f5484c71be1cb4 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:14:12 +0000 Subject: [PATCH 09/19] Move tests into tests directory --- .github/workflows/run.e2e-tests.yml | 10 +++++----- test/{src => }/examples_complete-web_test.go | 6 +++--- ...amples_complete-worker-scheduled-autoscale_test.go} | 6 +++--- .../examples_complete-worker-scheduled_test.go | 6 +++--- test/{src => }/examples_complete-worker_test.go | 6 +++--- test/{src => }/examples_web-proxy_test.go | 6 +++--- test/{src => }/go.mod | 0 test/{src => }/go.sum | 0 8 files changed, 20 insertions(+), 20 deletions(-) rename test/{src => }/examples_complete-web_test.go (98%) rename test/{src/examples_complete-worker-scheduled-auto_test.go => examples_complete-worker-scheduled-autoscale_test.go} (98%) rename test/{src => }/examples_complete-worker-scheduled_test.go (98%) rename test/{src => }/examples_complete-worker_test.go (98%) rename test/{src => }/examples_web-proxy_test.go (98%) rename test/{src => }/go.mod (100%) rename test/{src => }/go.sum (100%) diff --git a/.github/workflows/run.e2e-tests.yml b/.github/workflows/run.e2e-tests.yml index 0c66e8f..390d5de 100644 --- a/.github/workflows/run.e2e-tests.yml +++ b/.github/workflows/run.e2e-tests.yml @@ -62,7 +62,7 @@ jobs: - name: Go TF Test run: | - cd test/src + cd test go mod tidy go test -v -timeout 60m -run TestExamplesCompleteWorker @@ -114,7 +114,7 @@ jobs: - name: Go TF Test run: | - cd test/src + cd test go mod tidy go test -v -timeout 60m -run TestExamplesWorkerSchedule @@ -167,7 +167,7 @@ jobs: - name: Go TF Test run: | - cd test/src + cd test go mod tidy go test -v -timeout 60m -run TestExamplesCompleteWeb @@ -217,7 +217,7 @@ jobs: - name: Go TF Test run: | - cd test/src + cd test go mod tidy go test -v -timeout 60m -run TestExamplesWebProxy @@ -268,6 +268,6 @@ jobs: - name: Go TF Test run: | - cd test/src + cd test go mod tidy go test -v -timeout 60m -run TestExamplesWorkerAutoScheduled diff --git a/test/src/examples_complete-web_test.go b/test/examples_complete-web_test.go similarity index 98% rename from test/src/examples_complete-web_test.go rename to test/examples_complete-web_test.go index d503f14..4739d33 100644 --- a/test/src/examples_complete-web_test.go +++ b/test/examples_complete-web_test.go @@ -76,7 +76,7 @@ func TestExamplesCompleteWeb(t *testing.T) { // randID := strings.ToLower(random.UniqueId()) // attributes := []string{randID} - rootFolder := "../../" + rootFolder := "../" terraformFolderRelativeToRoot := "examples/complete-web" tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) @@ -104,8 +104,8 @@ func TestExamplesCompleteWeb(t *testing.T) { // Variables to pass to our Terraform code using -var-file options VarFiles: varFiles, /*Vars: map[string]interface{}{ - "attributes": attributes, - }, + "attributes": attributes, + }, */ } diff --git a/test/src/examples_complete-worker-scheduled-auto_test.go b/test/examples_complete-worker-scheduled-autoscale_test.go similarity index 98% rename from test/src/examples_complete-worker-scheduled-auto_test.go rename to test/examples_complete-worker-scheduled-autoscale_test.go index 1d2718f..ec9dd65 100644 --- a/test/src/examples_complete-worker-scheduled-auto_test.go +++ b/test/examples_complete-worker-scheduled-autoscale_test.go @@ -76,7 +76,7 @@ func TestExamplesWorkerAutoScheduled(t *testing.T) { // randID := strings.ToLower(random.UniqueId()) // attributes := []string{randID} - rootFolder := "../../" + rootFolder := "../" terraformFolderRelativeToRoot := "examples/worker-scheduled-autoscale" tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) @@ -104,8 +104,8 @@ func TestExamplesWorkerAutoScheduled(t *testing.T) { // Variables to pass to our Terraform code using -var-file options VarFiles: varFiles, /*Vars: map[string]interface{}{ - "attributes": attributes, - }, + "attributes": attributes, + }, */ } diff --git a/test/src/examples_complete-worker-scheduled_test.go b/test/examples_complete-worker-scheduled_test.go similarity index 98% rename from test/src/examples_complete-worker-scheduled_test.go rename to test/examples_complete-worker-scheduled_test.go index 6e25d63..5552334 100644 --- a/test/src/examples_complete-worker-scheduled_test.go +++ b/test/examples_complete-worker-scheduled_test.go @@ -76,7 +76,7 @@ func TestExamplesWorkerSchedule(t *testing.T) { // randID := strings.ToLower(random.UniqueId()) // attributes := []string{randID} - rootFolder := "../../" + rootFolder := "../" terraformFolderRelativeToRoot := "examples/worker-scheduled" tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) @@ -104,8 +104,8 @@ func TestExamplesWorkerSchedule(t *testing.T) { // Variables to pass to our Terraform code using -var-file options VarFiles: varFiles, /*Vars: map[string]interface{}{ - "attributes": attributes, - }, + "attributes": attributes, + }, */ } diff --git a/test/src/examples_complete-worker_test.go b/test/examples_complete-worker_test.go similarity index 98% rename from test/src/examples_complete-worker_test.go rename to test/examples_complete-worker_test.go index 751ab10..b943cb1 100644 --- a/test/src/examples_complete-worker_test.go +++ b/test/examples_complete-worker_test.go @@ -76,7 +76,7 @@ func TestExamplesCompleteWorker(t *testing.T) { // randID := strings.ToLower(random.UniqueId()) // attributes := []string{randID} - rootFolder := "../../" + rootFolder := "../" terraformFolderRelativeToRoot := "examples/complete-worker" tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) @@ -104,8 +104,8 @@ func TestExamplesCompleteWorker(t *testing.T) { // Variables to pass to our Terraform code using -var-file options VarFiles: varFiles, /*Vars: map[string]interface{}{ - "attributes": attributes, - }, + "attributes": attributes, + }, */ } diff --git a/test/src/examples_web-proxy_test.go b/test/examples_web-proxy_test.go similarity index 98% rename from test/src/examples_web-proxy_test.go rename to test/examples_web-proxy_test.go index 801db8f..ac926c9 100644 --- a/test/src/examples_web-proxy_test.go +++ b/test/examples_web-proxy_test.go @@ -76,7 +76,7 @@ func TestExamplesWebProxy(t *testing.T) { // randID := strings.ToLower(random.UniqueId()) // attributes := []string{randID} - rootFolder := "../../" + rootFolder := "../" terraformFolderRelativeToRoot := "examples/web-nginx-proxy" tempTestFolder := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot) @@ -104,8 +104,8 @@ func TestExamplesWebProxy(t *testing.T) { // Variables to pass to our Terraform code using -var-file options VarFiles: varFiles, /*Vars: map[string]interface{}{ - "attributes": attributes, - }, + "attributes": attributes, + }, */ } diff --git a/test/src/go.mod b/test/go.mod similarity index 100% rename from test/src/go.mod rename to test/go.mod diff --git a/test/src/go.sum b/test/go.sum similarity index 100% rename from test/src/go.sum rename to test/go.sum From 55f347c2015876a4651dacf1d2b59b1662a3996a Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:15:14 +0000 Subject: [PATCH 10/19] Trigger precommit on v.2.x branch as well --- .github/workflows/run.pre-commit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/run.pre-commit.yml b/.github/workflows/run.pre-commit.yml index e05b2e0..5957979 100644 --- a/.github/workflows/run.pre-commit.yml +++ b/.github/workflows/run.pre-commit.yml @@ -4,6 +4,7 @@ on: pull_request: branches: - main + - v.2.x env: TERRAFORM_DOCS_VERSION: v0.16.0 From c96f85dc68cb7082081f765fac5914d120cbcaa5 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:17:24 +0000 Subject: [PATCH 11/19] E2E Concurrency: 1 --- .github/workflows/run.e2e-tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/run.e2e-tests.yml b/.github/workflows/run.e2e-tests.yml index 390d5de..6cccb53 100644 --- a/.github/workflows/run.e2e-tests.yml +++ b/.github/workflows/run.e2e-tests.yml @@ -1,4 +1,8 @@ name: "Tests: E2E" +concurrency: # This need to ensure that only a single job or workflow using the same concurrency group will run at a time. + group: ${{ github.workflow }} + cancel-in-progress: false + defaults: run: shell: bash From cc05547844e7aa1e2a464dca52d3e34bdb9c6a2a Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:21:48 +0000 Subject: [PATCH 12/19] Set concurrency on pre-commit to 1 --- .github/workflows/run.pre-commit.yml | 4 +++- test/go.sum | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/.github/workflows/run.pre-commit.yml b/.github/workflows/run.pre-commit.yml index 5957979..57e31ab 100644 --- a/.github/workflows/run.pre-commit.yml +++ b/.github/workflows/run.pre-commit.yml @@ -1,10 +1,12 @@ name: "Tests: Pre-Commit" +concurrency: # This need to ensure that only a single job or workflow using the same concurrency group will run at a time. + group: ${{ github.workflow }} + cancel-in-progress: false on: pull_request: branches: - main - - v.2.x env: TERRAFORM_DOCS_VERSION: v0.16.0 diff --git a/test/go.sum b/test/go.sum index 8606b34..37fee1e 100644 --- a/test/go.sum +++ b/test/go.sum @@ -39,14 +39,22 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/azure-sdk-for-go v50.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.20/go.mod h1:o3tqFY+QR40VOlk+pV4d77mORO64jOXSgEnPQgLK6JY= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -61,6 +69,7 @@ github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.40.56 h1:FM2yjR0UUYFzDTMx+mH9Vyw1k1EUUxsAFzk+BjkzANA= github.com/aws/aws-sdk-go v1.40.56/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= @@ -86,12 +95,18 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c h1:ZfSZ3P3BedhKGUhzj7BQlPSU4OvT6tfOKe3DVHzOA7s= github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik= +github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -107,6 +122,7 @@ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= @@ -179,6 +195,7 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -272,6 +289,7 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -283,6 +301,7 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -307,6 +326,9 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/oracle/oci-go-sdk v7.1.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -318,10 +340,12 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -351,6 +375,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= @@ -479,6 +504,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From d781f590e245f63e4fc74c551c344ea4cb896b70 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:25:59 +0000 Subject: [PATCH 13/19] Fixes validation issue with error_message. --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 7f945f3..2058dbe 100644 --- a/variables.tf +++ b/variables.tf @@ -533,7 +533,7 @@ variable "root_block_device_type" { validation { condition = can(regex("io1|io2|gp2|gp3", var.root_block_device_type)) - error_message = "The root_block_device_type value must be a valid type: io1, io2, gp2, gp3 (https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html)" + error_message = "The root_block_device_type value must be a valid type: io1, io2, gp2, gp3 (https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html)." } } From 0974c2ccc1199a126e0991621a5c89f76f3d2206 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:32:31 +0000 Subject: [PATCH 14/19] - Bump minimal terraform to v1.1 - Upgrade cloudposse efs module to the latest 0.x.x --- efs.tf | 2 +- examples/complete-tcp-app/versions.tf | 2 +- examples/complete-web-windows/versions.tf | 2 +- examples/complete-web/versions.tf | 2 +- examples/complete-worker-ec2/versions.tf | 2 +- examples/complete-worker/versions.tf | 2 +- examples/web-nginx-proxy/versions.tf | 2 +- examples/worker-scheduled-autoscale/versions.tf | 2 +- examples/worker-scheduled/versions.tf | 2 +- versions.tf | 3 ++- 10 files changed, 11 insertions(+), 10 deletions(-) diff --git a/efs.tf b/efs.tf index 93d7eaa..8a7e586 100644 --- a/efs.tf +++ b/efs.tf @@ -1,6 +1,6 @@ module "efs" { source = "registry.terraform.io/cloudposse/efs/aws" - version = "~> 0.31" + version = "~> 0.36" enabled = var.efs_enabled && var.efs_share_create ? true : false stage = var.env diff --git a/examples/complete-tcp-app/versions.tf b/examples/complete-tcp-app/versions.tf index b3dfba4..1182721 100644 --- a/examples/complete-tcp-app/versions.tf +++ b/examples/complete-tcp-app/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/complete-web-windows/versions.tf b/examples/complete-web-windows/versions.tf index b3dfba4..1182721 100644 --- a/examples/complete-web-windows/versions.tf +++ b/examples/complete-web-windows/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/complete-web/versions.tf b/examples/complete-web/versions.tf index b3dfba4..1182721 100644 --- a/examples/complete-web/versions.tf +++ b/examples/complete-web/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/complete-worker-ec2/versions.tf b/examples/complete-worker-ec2/versions.tf index b3dfba4..1182721 100644 --- a/examples/complete-worker-ec2/versions.tf +++ b/examples/complete-worker-ec2/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/complete-worker/versions.tf b/examples/complete-worker/versions.tf index b3dfba4..1182721 100644 --- a/examples/complete-worker/versions.tf +++ b/examples/complete-worker/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/web-nginx-proxy/versions.tf b/examples/web-nginx-proxy/versions.tf index b3dfba4..1182721 100644 --- a/examples/web-nginx-proxy/versions.tf +++ b/examples/web-nginx-proxy/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/worker-scheduled-autoscale/versions.tf b/examples/worker-scheduled-autoscale/versions.tf index b3dfba4..1182721 100644 --- a/examples/worker-scheduled-autoscale/versions.tf +++ b/examples/worker-scheduled-autoscale/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/examples/worker-scheduled/versions.tf b/examples/worker-scheduled/versions.tf index b3dfba4..1182721 100644 --- a/examples/worker-scheduled/versions.tf +++ b/examples/worker-scheduled/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.1" required_providers { aws = { diff --git a/versions.tf b/versions.tf index cc9e018..894d0fa 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,6 @@ terraform { + required_version = ">= 1.1" + required_providers { aws = { source = "hashicorp/aws" @@ -7,5 +9,4 @@ terraform { source = "hashicorp/template" } } - required_version = ">= 1.0" } From 861a1ac54d7dbf176700ed7f20be5d9a36651cb6 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:40:03 +0000 Subject: [PATCH 15/19] Format, update editorconfig format --- .editorconfig | 2 +- modules/ecs-service/main.tf | 24 ++++++------- modules/ecs-service/outputs.tf | 2 +- modules/ecs-service/variables.tf | 32 ++++++++--------- modules/ecs-task/iam.tf | 4 +-- modules/ecs-task/locals.tf | 62 +++++++++++++++++--------------- modules/ecs-task/main.tf | 2 +- modules/ecs-task/variables.tf | 30 ++++++++-------- 8 files changed, 81 insertions(+), 77 deletions(-) diff --git a/.editorconfig b/.editorconfig index 88cb251..d4f4302 100644 --- a/.editorconfig +++ b/.editorconfig @@ -11,7 +11,7 @@ end_of_line = lf indent_size = 2 indent_style = space insert_final_newline = true -max_line_length = 80 +max_line_length = 300 trim_trailing_whitespace = true [*.{tf,tfvars}] diff --git a/modules/ecs-service/main.tf b/modules/ecs-service/main.tf index 5e6768d..88e252f 100644 --- a/modules/ecs-service/main.tf +++ b/modules/ecs-service/main.tf @@ -19,7 +19,7 @@ module "task" { docker_container_links = var.docker_container_links - environment = var.environment + environment = var.environment # Non-secret Environment variables app_secrets = local.app_secrets global_secrets = local.global_secrets @@ -106,13 +106,13 @@ resource "aws_ecs_service" "this" { dynamic "load_balancer" { for_each = var.app_type == "web" || var.app_type == "tcp-app" ? [ - for port_mapping in var.port_mappings : { - container_name = port_mapping.container_name - target_group_arn = port_mapping.target_group_arn - container_port = port_mapping.container_port + for port_mapping in var.port_mappings : { + container_name = port_mapping.container_name + target_group_arn = port_mapping.target_group_arn + container_port = port_mapping.container_port - } - ]: [] + } + ] : [] content { target_group_arn = load_balancer.value.target_group_arn @@ -180,11 +180,11 @@ resource "aws_ecs_service" "this_deployed" { dynamic "load_balancer" { for_each = var.app_type == "web" || var.app_type == "tcp-app" ? [ - for p in var.port_mappings : { - container_name = p.container_name - container_port = p.container_port - target_group_arn = p.target_group_arn - } + for p in var.port_mappings : { + container_name = p.container_name + container_port = p.container_port + target_group_arn = p.target_group_arn + } ] : [] diff --git a/modules/ecs-service/outputs.tf b/modules/ecs-service/outputs.tf index 28b199c..2f3fd12 100644 --- a/modules/ecs-service/outputs.tf +++ b/modules/ecs-service/outputs.tf @@ -15,5 +15,5 @@ output "cloudwatch_log_group" { output "cloudwatch_event_rule_id" { description = "Cloudwatch event rule for ECS Scheduled Task" - value = (var.app_type == "worker" && length(var.cloudwatch_schedule_expressions)>0) ? aws_cloudwatch_event_rule.this[0].id : "" + value = (var.app_type == "worker" && length(var.cloudwatch_schedule_expressions)>0) ? aws_cloudwatch_event_rule.this[0].id : "" } diff --git a/modules/ecs-service/variables.tf b/modules/ecs-service/variables.tf index a6d5f31..a6f874a 100644 --- a/modules/ecs-service/variables.tf +++ b/modules/ecs-service/variables.tf @@ -161,7 +161,7 @@ variable "sidecar_container_definitions" { variable "additional_container_definition_parameters" { type = any description = "Additional parameters passed straight to the container definition, eg. tmpfs config" - default = {} + default = {} } @@ -189,7 +189,7 @@ variable "cpu" { default = 256 validation { - condition = can(regex("256|512|1024|2048|4096", var.cpu)) + condition = can(regex("256|512|1024|2048|4096", var.cpu)) error_message = "The cpu value must be a valid CPU value, https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html." } } @@ -362,9 +362,9 @@ variable "autoscale_scheduled_down" { } variable "autoscale_scheduled_timezone" { - type = string + type = string description = "Time Zone for the scheduled event" - default = "UTC" + default = "UTC" } variable "ecs_exec_enabled" { @@ -380,40 +380,40 @@ variable "firelens_ecs_log_enabled" { } variable "tmpfs_enabled" { - type = bool + type = bool description = "TMPFS support for non-Fargate deployments" - default = false + default = false } variable "tmpfs_size" { - type = number + type = number description = "Size of the tmpfs in MB" - default = 1024 + default = 1024 } variable "tmpfs_container_path" { - type = string + type = string description = "Path where tmpfs shm would be mounted" - default = "/tmp/" + default = "/tmp/" } variable "tmpfs_mount_options" { - type = list(string) + type = list(string) description = "Options for the mount of the ram disk. noatime by default to speed up access" - default = ["noatime"] + default = ["noatime"] } variable "shared_memory_size" { - type = number + type = number description = "Size of the /dev/shm shared memory in MB" - default = 0 + default = 0 } variable "docker_labels" { - type = map(any) + type = map(any) description = "Labels to be added to the docker. Used for auto-configuration, for instance of JMX discovery" - default = null + default = null } variable "operating_system_family" {} diff --git a/modules/ecs-task/iam.tf b/modules/ecs-task/iam.tf index 1ce8795..9e65b7f 100644 --- a/modules/ecs-task/iam.tf +++ b/modules/ecs-task/iam.tf @@ -8,7 +8,7 @@ resource "aws_iam_role" "ecs_execution" { name = "${var.env}-${var.name}-ecs-execution-role" assume_role_policy = jsonencode({ - "Version" = "2012-10-17", + "Version" = "2012-10-17", "Statement" = [ { "Sid" = "", @@ -32,7 +32,7 @@ resource "aws_iam_role" "ecs_task_role" { name = "${var.env}-${var.name}-ecs-task-role" assume_role_policy = jsonencode({ - "Version" = "2012-10-17", + "Version" = "2012-10-17", "Statement" = [ { "Sid" = "", diff --git a/modules/ecs-task/locals.tf b/modules/ecs-task/locals.tf index 9644ba8..d852c19 100644 --- a/modules/ecs-task/locals.tf +++ b/modules/ecs-task/locals.tf @@ -3,7 +3,7 @@ locals { docker_container_command = (var.docker_container_command == [] ? [] : var.docker_container_command) docker_container_entrypoint = (var.docker_container_entrypoint == [] ? [] : var.docker_container_entrypoint) - ssm_secret_path = var.ssm_secret_path != null ? var.ssm_secret_path : "/${var.env}/${var.name}" + ssm_secret_path = var.ssm_secret_path != null ? var.ssm_secret_path : "/${var.env}/${var.name}" ssm_global_secret_path = var.ssm_global_secret_path != null ? var.ssm_global_secret_path : "/${var.env}/global" # ECS Task Container definition file is filled with content here @@ -15,7 +15,7 @@ locals { image = "${var.docker_image_name}:${var.docker_image_tag}" resourceRequirements = var.resource_requirements - dockerLabels: var.docker_labels + dockerLabels : var.docker_labels cpu = var.ecs_launch_type == "FARGATE" ? var.cpu : null @@ -34,39 +34,43 @@ locals { linuxParameters = var.operating_system_family == "LINUX" ? { sharedMemorySize = (var.shared_memory_size > 0 && var.ecs_launch_type != "FARGATE") ? var.shared_memory_size : null - tmpfs = (var.tmpfs_enabled && var.ecs_launch_type != "FARGATE") ? [ + tmpfs = (var.tmpfs_enabled && var.ecs_launch_type != "FARGATE") ? [ { ContainerPath = var.tmpfs_container_path - MountOptions = var.tmpfs_mount_options - Size = var.tmpfs_size - }] : null, + MountOptions = var.tmpfs_mount_options + Size = var.tmpfs_size + } + ] : null, initProcessEnabled = var.ecs_exec_enabled ? true : null } : null mountPoints = [ - # This way we ensure that we only mount main app volumes to the main app container. - for volume in var.volumes : lookup(volume, "mount_point", {}) if(contains(keys(volume), "mount_point")) + # This way we ensure that we only mount main app volumes to the main app container. + for volume in var.volumes : lookup(volume, "mount_point", {}) if(contains(keys(volume), "mount_point")) ] environment = [for k, v in local.environment : { name = k, value = v }] - secrets = concat([for param_name in var.app_secrets : - { - name = param_name - valueFrom = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_secret_path}/${param_name}" - } - ], [for param_name in var.global_secrets : - { - name = replace(param_name, "/", "") != param_name ? element(split("/", param_name), 1) : param_name - valueFrom = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_global_secret_path}/${param_name}" - } + secrets = concat([ + for param_name in var.app_secrets : + { + name = param_name + valueFrom = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_secret_path}/${param_name}" + } + ], [ + for param_name in var.global_secrets : + { + name = replace(param_name, "/", "") != param_name ? element(split("/", param_name), 1) : param_name + valueFrom = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_global_secret_path}/${param_name}" + } ]) - portMappings = [for p in var.port_mappings : - { - containerPort = p.container_port - hostPort = p.host_port - } + portMappings = [ + for p in var.port_mappings : + { + containerPort = p.container_port + hostPort = p.host_port + } ] links = var.docker_container_links @@ -106,7 +110,7 @@ locals { iam_ecs_execution_role_policy = { - "Version" = "2012-10-17", + "Version" = "2012-10-17", "Statement" = concat(var.iam_role_policy_statement, [ { "Effect" = "Allow", @@ -150,11 +154,11 @@ locals { ] }, { - "Action" = [ - "kms:Decrypt" - ], - "Effect" = "Allow", - "Resource" = "*" + "Action" = [ + "kms:Decrypt" + ], + "Effect" = "Allow", + "Resource" = "*" } ]) } diff --git a/modules/ecs-task/main.tf b/modules/ecs-task/main.tf index 8ab707b..9baa714 100644 --- a/modules/ecs-task/main.tf +++ b/modules/ecs-task/main.tf @@ -47,7 +47,7 @@ resource "aws_ecs_task_definition" "this" { requires_compatibilities = [ var.ecs_launch_type ] - container_definitions = jsonencode(local.container_definitions) + container_definitions = jsonencode(local.container_definitions) runtime_platform { operating_system_family = var.operating_system_family diff --git a/modules/ecs-task/variables.tf b/modules/ecs-task/variables.tf index 647427c..012a118 100644 --- a/modules/ecs-task/variables.tf +++ b/modules/ecs-task/variables.tf @@ -21,7 +21,7 @@ variable "cpu" { default = 256 validation { - condition = can(regex("256|512|1024|2048|4096", var.cpu)) + condition = can(regex("256|512|1024|2048|4096", var.cpu)) error_message = "The cpu value must be a valid CPU value, https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html." } } @@ -135,7 +135,7 @@ variable "sidecar_container_definitions" { variable "additional_container_definition_parameters" { type = any description = "Additional parameters passed straight to the container definition, eg. tmpfs config" - default = {} + default = {} } @@ -176,7 +176,7 @@ variable "ecs_network_mode" { variable "ecs_network_configuration" { type = map(any) description = "ECS Network Configuration" - default = {} + default = {} } variable "ecs_task_family_name" { @@ -227,40 +227,40 @@ variable "firelens_ecs_log_enabled" { } variable "tmpfs_enabled" { - type = bool + type = bool description = "TMPFS support for non-Fargate deployments" - default = false + default = false } variable "tmpfs_size" { - type = number + type = number description = "Size of the tmpfs in MB" - default = 1024 + default = 1024 } variable "tmpfs_container_path" { - type = string + type = string description = "Path where tmpfs tmpfs would be mounted" - default = "/tmp/" + default = "/tmp/" } variable "tmpfs_mount_options" { - type = list(string) + type = list(string) description = "Options for the mount of the ram disk. noatime by default to speed up access" - default = ["noatime"] + default = ["noatime"] } variable "shared_memory_size" { - type = number + type = number description = "Size of the /dev/shm shared memory in MB" - default = 0 + default = 0 } variable "docker_labels" { - type = map(any) + type = map(any) description = "Labels to be added to the docker. Used for auto-configuration, for instance of JMX discovery" - default = null + default = null } variable "operating_system_family" {} From a47a9d68cfacf8fafc068396ac9a74527d31343b Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:44:15 +0000 Subject: [PATCH 16/19] Reformat examples --- examples/complete-tcp-app/main.tf | 44 +++++++++--------- examples/complete-tcp-app/variables.tf | 6 +-- examples/complete-web-windows/main.tf | 42 ++++++++--------- examples/complete-web-windows/variables.tf | 4 +- examples/complete-web/main.tf | 46 +++++++++---------- examples/complete-web/variables.tf | 8 ++-- examples/complete-worker-ec2/main.tf | 42 ++++++++--------- examples/complete-worker-ec2/variables.tf | 4 +- examples/complete-worker/main.tf | 42 ++++++++--------- examples/complete-worker/variables.tf | 4 +- examples/web-nginx-proxy/main.tf | 46 +++++++++---------- examples/web-nginx-proxy/variables.tf | 6 +-- examples/worker-scheduled-autoscale/main.tf | 42 ++++++++--------- .../worker-scheduled-autoscale/variables.tf | 4 +- examples/worker-scheduled/main.tf | 44 +++++++++--------- examples/worker-scheduled/variables.tf | 4 +- 16 files changed, 194 insertions(+), 194 deletions(-) diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf index 4a80929..9d4f85d 100644 --- a/examples/complete-tcp-app/main.tf +++ b/examples/complete-tcp-app/main.tf @@ -24,12 +24,12 @@ module "vpc" { private_subnets = [ "10.0.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -81,27 +81,27 @@ module "env_acm" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" } module "tcp_app" { source = "../.." - name = "tcpapp" - app_type = "tcp-app" - env = var.env + name = "tcpapp" + app_type = "tcp-app" + env = var.env # Containers - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag # Load Balancer - public = true - https_enabled = true - tls_cert_arn = local.tls_cert_arn + public = true + https_enabled = true + tls_cert_arn = local.tls_cert_arn port_mappings = [ { @@ -120,12 +120,12 @@ module "tcp_app" { ] # Network - vpc_id = module.vpc.vpc_id - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] - root_domain_name = var.root_domain_name - zone_id = aws_route53_zone.env_domain.id + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id # Environment variables app_secrets = [ diff --git a/examples/complete-tcp-app/variables.tf b/examples/complete-tcp-app/variables.tf index 2f87977..9a8f635 100644 --- a/examples/complete-tcp-app/variables.tf +++ b/examples/complete-tcp-app/variables.tf @@ -1,5 +1,5 @@ locals { - tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null + tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null } variable "env" {} @@ -7,9 +7,9 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } variable "root_domain_name" {} diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf index b808edb..70401e9 100644 --- a/examples/complete-web-windows/main.tf +++ b/examples/complete-web-windows/main.tf @@ -24,12 +24,12 @@ module "vpc" { private_subnets = [ "10.0.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -64,17 +64,17 @@ resource "aws_route53_zone" "env_domain" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" } module "web_complete" { source = "../.." - name = "app" - app_type = "web" - env = var.env + name = "app" + app_type = "web" + env = var.env # Containers cpu = 1024 @@ -82,26 +82,26 @@ module "web_complete" { operating_system_family = "WINDOWS_SERVER_2019_CORE" ecs_cluster_name = module.ecs.cluster_name docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + docker_image_tag = var.docker_image_tag # Load Balancer public = true https_enabled = false alb_health_check_path = "/" - alb_security_groups = [aws_security_group.default_permissive.id] + alb_security_groups = [aws_security_group.default_permissive.id] # EFS settings - efs_enabled = false - efs_mount_point = "/mnt/efs" - efs_root_directory = "/" + efs_enabled = false + efs_mount_point = "/mnt/efs" + efs_root_directory = "/" # Network - vpc_id = module.vpc.vpc_id - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] - root_domain_name = var.root_domain_name - zone_id = aws_route53_zone.env_domain.id + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id # Environment variables app_secrets = [ diff --git a/examples/complete-web-windows/variables.tf b/examples/complete-web-windows/variables.tf index 26e0394..f14940d 100644 --- a/examples/complete-web-windows/variables.tf +++ b/examples/complete-web-windows/variables.tf @@ -3,9 +3,9 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } variable "root_domain_name" {} diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf index 4e77a81..a2635da 100644 --- a/examples/complete-web/main.tf +++ b/examples/complete-web/main.tf @@ -24,12 +24,12 @@ module "vpc" { private_subnets = [ "10.1.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -81,42 +81,42 @@ module "env_acm" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}-app" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}-app" } module "web_complete" { source = "../.." - name = "app" - app_type = "web" - env = var.env + name = "app" + app_type = "web" + env = var.env # Containers - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag # Load Balancer public = true https_enabled = true alb_health_check_path = "/" alb_security_groups = [aws_security_group.default_permissive.id] - tls_cert_arn = local.tls_cert_arn + tls_cert_arn = local.tls_cert_arn # EFS settings - efs_enabled = false - efs_mount_point = "/mnt/efs" - efs_root_directory = "/" + efs_enabled = false + efs_mount_point = "/mnt/efs" + efs_root_directory = "/" # Network - vpc_id = module.vpc.vpc_id - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] - root_domain_name = var.root_domain_name - zone_id = aws_route53_zone.env_domain.id + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id # Environment variables app_secrets = [ diff --git a/examples/complete-web/variables.tf b/examples/complete-web/variables.tf index da7b061..5b2728f 100644 --- a/examples/complete-web/variables.tf +++ b/examples/complete-web/variables.tf @@ -1,5 +1,5 @@ locals { - tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null + tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null } variable "env" {} @@ -7,11 +7,11 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } variable "root_domain_name" { - default = "nutcorp.net" + default = "nutcorp.net" } diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf index 5a16d23..99e7fc2 100644 --- a/examples/complete-worker-ec2/main.tf +++ b/examples/complete-worker-ec2/main.tf @@ -34,12 +34,12 @@ module "vpc" { "10.0.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -73,17 +73,17 @@ resource "aws_key_pair" "root" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}" } module "worker_complete" { source = "../.." - name = "worker" - app_type = "worker" - env = var.env + name = "worker" + app_type = "worker" + env = var.env public = false ecs_launch_type = "EC2" @@ -94,21 +94,21 @@ module "worker_complete" { # Containers - ecs_cluster_arn = module.ecs.cluster_arn - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag - docker_container_command = ["echo", "command-output"] + docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 # Network - vpc_id = module.vpc.vpc_id - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] - key_name = var.ec2_key_pair_name - create_iam_instance_profile = true - image_id = data.aws_ami.amazon_linux_ecs_generic.id + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + key_name = var.ec2_key_pair_name + create_iam_instance_profile = true + image_id = data.aws_ami.amazon_linux_ecs_generic.id # Environment variables app_secrets = [ diff --git a/examples/complete-worker-ec2/variables.tf b/examples/complete-worker-ec2/variables.tf index bbb8678..b174766 100644 --- a/examples/complete-worker-ec2/variables.tf +++ b/examples/complete-worker-ec2/variables.tf @@ -3,10 +3,10 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } variable "ec2_key_pair_name" {} variable "ssh_public_key" {} diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf index 6792621..a6ca0f6 100644 --- a/examples/complete-worker/main.tf +++ b/examples/complete-worker/main.tf @@ -17,12 +17,12 @@ module "vpc" { "10.0.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -46,37 +46,37 @@ resource "aws_security_group" "default_permissive" { module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}-worker" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}-worker" } module "worker_complete" { source = "../.." - name = "worker" - app_type = "worker" - env = var.env + name = "worker" + app_type = "worker" + env = var.env - public = false - ecs_launch_type = "FARGATE" - max_size = 1 + public = false + ecs_launch_type = "FARGATE" + max_size = 1 desired_capacity = 0 # Containers - ecs_cluster_arn = module.ecs.cluster_arn - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag - docker_container_command = ["echo", "command-output"] + docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 # Network - vpc_id = module.vpc.vpc_id - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] # Environment variables app_secrets = [ diff --git a/examples/complete-worker/variables.tf b/examples/complete-worker/variables.tf index 6827614..8466966 100644 --- a/examples/complete-worker/variables.tf +++ b/examples/complete-worker/variables.tf @@ -3,8 +3,8 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } diff --git a/examples/web-nginx-proxy/main.tf b/examples/web-nginx-proxy/main.tf index cf2422a..0eef76a 100644 --- a/examples/web-nginx-proxy/main.tf +++ b/examples/web-nginx-proxy/main.tf @@ -25,14 +25,14 @@ module "vpc" { "10.2.20.0/23" ] - enable_nat_gateway = true - single_nat_gateway = true - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + enable_nat_gateway = true + single_nat_gateway = true + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -67,40 +67,40 @@ resource "aws_route53_zone" "env_domain" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}-proxy" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}-proxy" } module "web_proxy" { source = "../.." - name = "proxy" - app_type = "web" - env = var.env + name = "proxy" + app_type = "web" + env = var.env # Nginx Proxy enabling - web_proxy_enabled = true + web_proxy_enabled = true # We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh. # Containers - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag # Load Balancer public = true https_enabled = false alb_health_check_path = "/" - alb_security_groups = [aws_security_group.default_permissive.id] + alb_security_groups = [aws_security_group.default_permissive.id] # Network - vpc_id = module.vpc.vpc_id - public_subnets = module.vpc.public_subnets - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] - root_domain_name = var.root_domain_name - zone_id = aws_route53_zone.env_domain.id + vpc_id = module.vpc.vpc_id + public_subnets = module.vpc.public_subnets + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] + root_domain_name = var.root_domain_name + zone_id = aws_route53_zone.env_domain.id # Environment variables app_secrets = [ diff --git a/examples/web-nginx-proxy/variables.tf b/examples/web-nginx-proxy/variables.tf index ab4dbcd..a5f61cd 100644 --- a/examples/web-nginx-proxy/variables.tf +++ b/examples/web-nginx-proxy/variables.tf @@ -3,11 +3,11 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } variable "root_domain_name" { - default = "nutcorp.net" + default = "nutcorp.net" } diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf index 08c6b43..91ae4c9 100644 --- a/examples/worker-scheduled-autoscale/main.tf +++ b/examples/worker-scheduled-autoscale/main.tf @@ -17,12 +17,12 @@ module "vpc" { "10.5.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -45,35 +45,35 @@ resource "aws_security_group" "default_permissive" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}-worker-scheduled-auto" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}-worker-scheduled-auto" } module "worker_scheduled" { source = "../.." - name = "worker-scheduled-auto" - app_type = "worker" - env = var.env + name = "worker-scheduled-auto" + app_type = "worker" + env = var.env - public = false - ecs_launch_type = "FARGATE" + public = false + ecs_launch_type = "FARGATE" # Containers - ecs_cluster_arn = module.ecs.cluster_arn - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag - docker_container_command = ["echo", "command-output"] + docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 # Autoscaling autoscale_enabled = true min_size = 1 max_size = 1 - desired_capacity = 1 + desired_capacity = 1 # Scheduled ECS scaling up/down autoscaling_min_size = 1 @@ -94,9 +94,9 @@ module "worker_scheduled" { ] # Network - vpc_id = module.vpc.vpc_id - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] # Environment variables app_secrets = [ diff --git a/examples/worker-scheduled-autoscale/variables.tf b/examples/worker-scheduled-autoscale/variables.tf index 6827614..8466966 100644 --- a/examples/worker-scheduled-autoscale/variables.tf +++ b/examples/worker-scheduled-autoscale/variables.tf @@ -3,8 +3,8 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf index 531d4a3..e77de1f 100644 --- a/examples/worker-scheduled/main.tf +++ b/examples/worker-scheduled/main.tf @@ -17,12 +17,12 @@ module "vpc" { "10.4.20.0/23" ] - manage_default_network_acl = true - default_network_acl_name = "${var.env}-${var.namespace}" + manage_default_network_acl = true + default_network_acl_name = "${var.env}-${var.namespace}" } resource "aws_security_group" "default_permissive" { - name = "${var.env}-default-permissive" - vpc_id = module.vpc.vpc_id + name = "${var.env}-default-permissive" + vpc_id = module.vpc.vpc_id ingress { protocol = -1 @@ -45,38 +45,38 @@ resource "aws_security_group" "default_permissive" { } module "ecs" { - source = "registry.terraform.io/terraform-aws-modules/ecs/aws" - version = "~> 4.0" - cluster_name = "${var.env}-${var.namespace}-worker-scheduled" + source = "registry.terraform.io/terraform-aws-modules/ecs/aws" + version = "~> 4.0" + cluster_name = "${var.env}-${var.namespace}-worker-scheduled" } module "worker_scheduled" { source = "../.." - name = "worker-scheduled" - app_type = "worker" - env = var.env + name = "worker-scheduled" + app_type = "worker" + env = var.env - public = false - ecs_launch_type = "FARGATE" - min_size = 1 - max_size = 1 + public = false + ecs_launch_type = "FARGATE" + min_size = 1 + max_size = 1 desired_capacity = 0 # Containers - ecs_cluster_arn = module.ecs.cluster_arn - ecs_cluster_name = module.ecs.cluster_name - docker_registry = var.docker_registry - docker_image_tag = var.docker_image_tag + ecs_cluster_arn = module.ecs.cluster_arn + ecs_cluster_name = module.ecs.cluster_name + docker_registry = var.docker_registry + docker_image_tag = var.docker_image_tag docker_container_command = ["echo", "command-output"] deployment_minimum_healthy_percent = 0 - cloudwatch_schedule_expressions = ["cron(0 * * * ? *)"] + cloudwatch_schedule_expressions = ["cron(0 * * * ? *)"] # Network - vpc_id = module.vpc.vpc_id - private_subnets = module.vpc.private_subnets - security_groups = [aws_security_group.default_permissive.id] + vpc_id = module.vpc.vpc_id + private_subnets = module.vpc.private_subnets + security_groups = [aws_security_group.default_permissive.id] # Environment variables app_secrets = [ diff --git a/examples/worker-scheduled/variables.tf b/examples/worker-scheduled/variables.tf index 6827614..8466966 100644 --- a/examples/worker-scheduled/variables.tf +++ b/examples/worker-scheduled/variables.tf @@ -3,8 +3,8 @@ variable "namespace" {} variable "aws_profile" {} variable "aws_region" {} variable "docker_registry" { - default = "docker.io" + default = "docker.io" } variable "docker_image_tag" { - default = "latest" + default = "latest" } From 211358b77ccc59291a0eb9d0cb2851fd896e89f0 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:49:41 +0000 Subject: [PATCH 17/19] Reformat main module --- alb.tf | 4 ++-- autoscaling.tf | 58 +++++++++++++++++++++++++------------------------- efs.tf | 10 ++++----- locals.tf | 36 +++++++++++++++---------------- main.tf | 6 +++--- monitoring.tf | 4 ++-- proxy.tf | 4 ++-- 7 files changed, 61 insertions(+), 61 deletions(-) diff --git a/alb.tf b/alb.tf index b61766b..f93f51f 100644 --- a/alb.tf +++ b/alb.tf @@ -14,8 +14,8 @@ module "alb" { - http_tcp_listeners = local.alb_http_tcp_listeners - https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : [] + http_tcp_listeners = local.alb_http_tcp_listeners + https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : [] target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp) diff --git a/autoscaling.tf b/autoscaling.tf index 16078e7..e55f26b 100644 --- a/autoscaling.tf +++ b/autoscaling.tf @@ -1,12 +1,12 @@ resource "aws_eip" "autoscaling" { # If ec2_eip_count is set, use that number for number of EIPs, otherwise use var.max_size + 1 (but that might not be the best during downscaling and deletion of EIPs - count = var.ec2_eip_enabled ? (var.ec2_eip_count > 0 ? var.ec2_eip_count : var.max_size + 1) : 0 - public_ipv4_pool = "amazon" - vpc = true + count = var.ec2_eip_enabled ? (var.ec2_eip_count > 0 ? var.ec2_eip_count : var.max_size + 1) : 0 + public_ipv4_pool = "amazon" + vpc = true tags = { - Name = "${local.name}-${count.index + 1}" - env = var.env + Name = "${local.name}-${count.index + 1}" + env = var.env service = local.name } } @@ -15,23 +15,23 @@ module "autoscaling" { source = "terraform-aws-modules/autoscaling/aws" version = "~> 6.0" - create = var.ecs_launch_type == "EC2" ? true : false - create_launch_template = var.ecs_launch_type == "EC2" ? true : false + create = var.ecs_launch_type == "EC2" ? true : false + create_launch_template = var.ecs_launch_type == "EC2" ? true : false - name = local.name - launch_template_name = local.name + name = local.name + launch_template_name = local.name # Auto scaling group - image_id = var.image_id - instance_type = var.instance_type - security_groups = var.security_groups - key_name = var.key_name + image_id = var.image_id + instance_type = var.instance_type + security_groups = var.security_groups + key_name = var.key_name # EC2 Instance Profile - create_iam_instance_profile = var.ecs_launch_type == "EC2" ? var.create_iam_instance_profile : false - iam_instance_profile_name = "${var.env}-${var.name}" - iam_role_name = "${var.env}-${var.name}-ec2-profile-role" - iam_role_path = "/ec2/" + create_iam_instance_profile = var.ecs_launch_type == "EC2" ? var.create_iam_instance_profile : false + iam_instance_profile_name = "${var.env}-${var.name}" + iam_role_name = "${var.env}-${var.name}-ec2-profile-role" + iam_role_path = "/ec2/" iam_role_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } @@ -50,8 +50,8 @@ module "autoscaling" { } ] - target_group_arns = var.app_type == "web" || var.app_type == "tcp-app" ? module.alb[0].target_group_arns : [] - user_data = var.ecs_launch_type == "EC2" ? base64encode(data.template_file.asg_ecs_ec2_user_data.rendered) : null + target_group_arns = var.app_type == "web" || var.app_type == "tcp-app" ? module.alb[0].target_group_arns : [] + user_data = var.ecs_launch_type == "EC2" ? base64encode(data.template_file.asg_ecs_ec2_user_data.rendered) : null vpc_zone_identifier = var.public_ecs_service ? var.public_subnets : var.private_subnets health_check_type = var.autoscaling_health_check_type @@ -60,26 +60,26 @@ module "autoscaling" { desired_capacity = var.desired_capacity wait_for_capacity_timeout = 0 - create_schedule = var.create_schedule - schedules = var.schedules + create_schedule = var.create_schedule + schedules = var.schedules tags = { - env = var.env - cluster = local.ecs_cluster_name - service-groups = var.ec2_service_group + env = var.env + cluster = local.ecs_cluster_name + service-groups = var.ec2_service_group } } # IAM Role changes for ASG Auto EIP resource "aws_iam_role_policy" "ec2_auto_eip" { - count = var.ec2_eip_enabled && var.ecs_launch_type == "EC2" ? 1 : 0 - name = "EC2ChangeEIP_Policy" - role = data.aws_iam_instance_profile.this[0].role_name + count = var.ec2_eip_enabled && var.ecs_launch_type == "EC2" ? 1 : 0 + name = "EC2ChangeEIP_Policy" + role = data.aws_iam_instance_profile.this[0].role_name - policy = jsonencode({ - Version = "2012-10-17" + policy = jsonencode({ + Version = "2012-10-17" Statement = [ { Action = [ diff --git a/efs.tf b/efs.tf index 8a7e586..84d3899 100644 --- a/efs.tf +++ b/efs.tf @@ -2,11 +2,11 @@ module "efs" { source = "registry.terraform.io/cloudposse/efs/aws" version = "~> 0.36" - enabled = var.efs_enabled && var.efs_share_create ? true : false - stage = var.env - name = var.name - region = data.aws_region.current.name - vpc_id = var.vpc_id + enabled = var.efs_enabled && var.efs_share_create ? true : false + stage = var.env + name = var.name + region = data.aws_region.current.name + vpc_id = var.vpc_id security_groups = var.security_groups # This is a workaround for 2-zone legacy setups diff --git a/locals.tf b/locals.tf index 0865671..34d22e6 100644 --- a/locals.tf +++ b/locals.tf @@ -34,12 +34,12 @@ locals { fluentbit_container_definition = [ { - essential = true - image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:latest" - name = "log_router" - memoryReservation = 75 + essential = true + image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:latest" + name = "log_router" + memoryReservation = 75 firelensConfiguration = { - "type" = "fluentbit" + "type" = "fluentbit" "options" = { "enable-ecs-log-metadata" = "true" } @@ -49,7 +49,7 @@ locals { volumes = concat(var.web_proxy_enabled ? [ { - name = "nginx-templates", + name = "nginx-templates", mount_point = { "sourceVolume" = "nginx-templates" "containerPath" = "/etc/nginx/templates/" @@ -67,7 +67,7 @@ locals { ] }, { - name = "nginx-app", + name = "nginx-app", mount_point = { "sourceVolume" = "nginx-app" "containerPath" = "/etc/nginx/app/" @@ -85,9 +85,9 @@ locals { ] }, ] : [], - var.efs_enabled ? [ + var.efs_enabled ? [ { - name = "efs", + name = "efs", mount_point = { "sourceVolume" = "efs" "containerPath" = var.efs_mount_point, @@ -105,7 +105,7 @@ locals { ] } ] : [], - (var.datadog_enabled && var.ecs_launch_type == "EC2") ? module.datadog.volumes : [] + (var.datadog_enabled && var.ecs_launch_type == "EC2") ? module.datadog.volumes : [] ) alb_http_tcp_listeners = var.app_type == "tcp-app" ? [ @@ -114,13 +114,13 @@ locals { port = port_mapping["host_port"] protocol = "TCP" target_group_index = index - } if ! lookup(port_mapping, "tls", false) - ] : [ - { - port = var.http_port - protocol = "HTTP" - target_group_index = 0 - } + } if !lookup(port_mapping, "tls", false) + ] : [ + { + port = var.http_port + protocol = "HTTP" + target_group_index = 0 + } ] # In case app type is "tcp-app" and port_mapping has "tls" config and is true we use tcp over tls. @@ -158,7 +158,7 @@ locals { backend_port = var.web_proxy_enabled ? var.web_proxy_docker_container_port : var.docker_container_port target_type = var.ecs_launch_type == "EC2" ? "instance" : "ip" deregistration_delay = var.alb_deregistration_delay - preserve_client_ip = null + preserve_client_ip = null # This is specified for compatibility with the tcp target groups. It's not actually used in a lookup. health_check = { diff --git a/main.tf b/main.tf index f4d13f3..d0959ca 100644 --- a/main.tf +++ b/main.tf @@ -44,11 +44,11 @@ module "service" { autoscaling_max_size = var.autoscaling_max_size docker_container_entrypoint = var.docker_container_entrypoint - docker_container_command = var.docker_container_command + docker_container_command = var.docker_container_command # If docker_image_name is set then use it, otherwise check if we are managing ECR repo on this module and use it's repository_url. Otherwise use docker_registry/name - docker_image_name = var.docker_image_name != "" ? var.docker_image_name : var.ecr_repo_create ? module.ecr.repository_url : "${var.docker_registry}/${var.name}" - docker_image_tag = var.docker_image_tag + docker_image_name = var.docker_image_name != "" ? var.docker_image_name : var.ecr_repo_create ? module.ecr.repository_url : "${var.docker_registry}/${var.name}" + docker_image_tag = var.docker_image_tag iam_role_policy_statement = var.iam_role_policy_statement additional_container_definition_parameters = var.additional_container_definition_parameters diff --git a/monitoring.tf b/monitoring.tf index 37a01a0..5ae8c74 100644 --- a/monitoring.tf +++ b/monitoring.tf @@ -8,12 +8,12 @@ module "datadog" { cloudwatch_log_group = module.service.cloudwatch_log_group ecs_launch_type = var.ecs_launch_type enabled = var.datadog_enabled - docker_image_tag = var.datadog_jmx_enabled ? "latest-jmx" : "latest" + docker_image_tag = var.datadog_jmx_enabled ? "latest-jmx" : "latest" } # Route53-healthcheck Monitoring Module (can be enabled/disabled via route53_health_check_enabled) module "route_53_health_check" { - count = var.route53_health_check_enabled ? 1 : 0 + count = var.route53_health_check_enabled ? 1 : 0 source = "registry.terraform.io/hazelops/route53-healthcheck/aws" version = "~> 1.0" diff --git a/proxy.tf b/proxy.tf index 4420426..f141e2e 100644 --- a/proxy.tf +++ b/proxy.tf @@ -2,8 +2,8 @@ module "nginx" { source = "registry.terraform.io/hazelops/ecs-nginx-proxy/aws" version = "~> 1.0" - app_name = var.name - env = var.env + app_name = var.name + env = var.env environment = merge(var.environment, { PROXY_ENABLED = var.web_proxy_enabled ? "true" : "false" APP_HOST = "127.0.0.1:${var.docker_container_port}" From d9d880fae95f8fc4546b0c618ed0ee3d2e329030 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:55:17 +0000 Subject: [PATCH 18/19] Add versions to ecs-modules --- modules/ecs-service/versions.tf | 3 ++- modules/ecs-task/versions.tf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ecs-service/versions.tf b/modules/ecs-service/versions.tf index 77ef34b..1182721 100644 --- a/modules/ecs-service/versions.tf +++ b/modules/ecs-service/versions.tf @@ -1,8 +1,9 @@ terraform { + required_version = ">= 1.1" + required_providers { aws = { source = "hashicorp/aws" } } - required_version = ">= 1.0" } diff --git a/modules/ecs-task/versions.tf b/modules/ecs-task/versions.tf index 77ef34b..1182721 100644 --- a/modules/ecs-task/versions.tf +++ b/modules/ecs-task/versions.tf @@ -1,8 +1,9 @@ terraform { + required_version = ">= 1.1" + required_providers { aws = { source = "hashicorp/aws" } } - required_version = ">= 1.0" } From 965dd39b81db26fd6d224c97c5bc9993f7adfda3 Mon Sep 17 00:00:00 2001 From: Dmitry Kireev Date: Wed, 8 May 2024 11:58:27 +0000 Subject: [PATCH 19/19] Remove deprecated vpc parameter, disable pre-commit for now --- .github/workflows/{run.pre-commit.yml => run.pre-commit.yml_} | 0 autoscaling.tf | 1 - 2 files changed, 1 deletion(-) rename .github/workflows/{run.pre-commit.yml => run.pre-commit.yml_} (100%) diff --git a/.github/workflows/run.pre-commit.yml b/.github/workflows/run.pre-commit.yml_ similarity index 100% rename from .github/workflows/run.pre-commit.yml rename to .github/workflows/run.pre-commit.yml_ diff --git a/autoscaling.tf b/autoscaling.tf index e55f26b..898648a 100644 --- a/autoscaling.tf +++ b/autoscaling.tf @@ -2,7 +2,6 @@ resource "aws_eip" "autoscaling" { # If ec2_eip_count is set, use that number for number of EIPs, otherwise use var.max_size + 1 (but that might not be the best during downscaling and deletion of EIPs count = var.ec2_eip_enabled ? (var.ec2_eip_count > 0 ? var.ec2_eip_count : var.max_size + 1) : 0 public_ipv4_pool = "amazon" - vpc = true tags = { Name = "${local.name}-${count.index + 1}"