forked from cloudposse/terraform-aws-ecs-web-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
151 lines (130 loc) · 4.55 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
provider "aws" {
region = var.region
}
module "vpc" {
source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
namespace = var.namespace
stage = var.stage
name = var.name
cidr_block = "172.16.0.0/16"
}
data "aws_availability_zones" "available" {
}
locals {
availability_zones = slice(data.aws_availability_zones.available.names, 0, 2)
}
module "subnets" {
source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.1"
availability_zones = local.availability_zones
namespace = var.namespace
stage = var.stage
name = var.name
region = var.region
vpc_id = module.vpc.vpc_id
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
nat_gateway_enabled = true
nat_instance_enabled = false
}
module "alb" {
source = "git::https://github.com/cloudposse/terraform-aws-alb.git?ref=tags/0.7.0"
name = var.name
namespace = var.namespace
stage = var.stage
attributes = compact(concat(var.attributes, ["alb"]))
vpc_id = module.vpc.vpc_id
ip_address_type = "ipv4"
subnet_ids = module.subnets.public_subnet_ids
security_group_ids = [module.vpc.vpc_default_security_group_id]
access_logs_region = var.region
https_enabled = true
http_ingress_cidr_blocks = ["0.0.0.0/0"]
https_ingress_cidr_blocks = ["0.0.0.0/0"]
certificate_arn = var.certificate_arn
health_check_interval = 60
}
module "label" {
source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
name = var.name
namespace = var.namespace
stage = var.stage
tags = var.tags
attributes = var.attributes
delimiter = var.delimiter
}
# ECS Cluster (needed even if using FARGATE launch type)
resource "aws_ecs_cluster" "default" {
name = module.label.id
}
resource "aws_cloudwatch_log_group" "app" {
name = module.label.id
tags = module.label.tags
}
module "web_app" {
source = "../../"
namespace = var.namespace
stage = var.stage
name = var.name
attributes = compact(concat(var.attributes, ["app"]))
region = var.region
launch_type = "FARGATE"
vpc_id = module.vpc.vpc_id
environment = [
{
name = "LAUNCH_TYPE"
value = "FARGATE"
},
{
name = "VPC_ID"
value = module.vpc.vpc_id
}
]
desired_count = 1
container_image = var.default_container_image
container_cpu = 256
container_memory = 512
container_port = 80
build_timeout = 5
log_configuration = {
logDriver = "awslogs"
options = {
"awslogs-region" = var.region
"awslogs-group" = aws_cloudwatch_log_group.app.name
"awslogs-stream-prefix" = var.name
}
secretOptions = null
}
codepipeline_enabled = false
webhook_enabled = false
badge_enabled = false
ecs_alarms_enabled = false
autoscaling_enabled = false
autoscaling_dimension = "cpu"
autoscaling_min_capacity = 1
autoscaling_max_capacity = 2
autoscaling_scale_up_adjustment = 1
autoscaling_scale_up_cooldown = 60
autoscaling_scale_down_adjustment = -1
autoscaling_scale_down_cooldown = 300
aws_logs_region = var.region
ecs_cluster_arn = aws_ecs_cluster.default.arn
ecs_cluster_name = aws_ecs_cluster.default.name
ecs_security_group_ids = [module.vpc.vpc_default_security_group_id]
ecs_private_subnet_ids = module.subnets.private_subnet_ids
alb_security_group = "xxxxxxxx"
alb_target_group_alarms_enabled = true
alb_target_group_alarms_3xx_threshold = 25
alb_target_group_alarms_4xx_threshold = 25
alb_target_group_alarms_5xx_threshold = 25
alb_target_group_alarms_response_time_threshold = 0.5
alb_target_group_alarms_period = 300
alb_target_group_alarms_evaluation_periods = 1
alb_arn_suffix = module.alb.alb_arn_suffix
alb_ingress_healthcheck_path = "/"
# Without authentication, both HTTP and HTTPS endpoints are supported
alb_ingress_unauthenticated_listener_arns = module.alb.listener_arns
alb_ingress_unauthenticated_listener_arns_count = 2
# All paths are unauthenticated
alb_ingress_unauthenticated_paths = ["/*"]
alb_ingress_listener_unauthenticated_priority = 100
}