Created
November 27, 2023 12:05
-
-
Save nhammad/97d6173566e6225edeed7816ea9e554d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_ecs_cluster" "gtm" { | |
| name = "gtm" | |
| setting { | |
| name = "containerInsights" | |
| value = "enabled" | |
| } | |
| } | |
| resource "aws_ecs_task_definition" "PrimaryServerSideContainer" { | |
| family = "PrimaryServerSideContainer" | |
| network_mode = "awsvpc" | |
| requires_compatibilities = ["FARGATE"] | |
| cpu = 2048 | |
| memory = 4096 | |
| execution_role_arn = aws_iam_role.gtm_container_exec_role.arn | |
| task_role_arn = aws_iam_role.gtm_container_role.arn | |
| runtime_platform { | |
| operating_system_family = "LINUX" | |
| cpu_architecture = "X86_64" | |
| } | |
| container_definitions = <<TASK_DEFINITION | |
| [ | |
| { | |
| "name": "primary", | |
| "image": "gcr.io/cloud-tagging-10302018/gtm-cloud-image", | |
| "environment": [ | |
| { | |
| "name": "PORT", | |
| "value": "80" | |
| }, | |
| { | |
| "name": "PREVIEW_SERVER_URL", | |
| "value": "${var.PREVIEW_SERVER_URL}" | |
| }, | |
| { | |
| "name": "CONTAINER_CONFIG", | |
| "value": "${var.CONTAINER_CONFIG}" | |
| } | |
| ], | |
| "cpu": 2048, | |
| "memory": 4096, | |
| "essential": true, | |
| "logConfiguration": { | |
| "logDriver": "awslogs", | |
| "options": { | |
| "awslogs-group": "gtm-primary", | |
| "awslogs-create-group": "true", | |
| "awslogs-region": "eu-central-1", | |
| "awslogs-stream-prefix": "ecs" | |
| } | |
| }, | |
| "portMappings" : [ | |
| { | |
| "containerPort" : 80, | |
| "hostPort" : 80 | |
| } | |
| ] | |
| } | |
| ] | |
| TASK_DEFINITION | |
| } | |
| resource "aws_ecs_task_definition" "PreviewContainer" { | |
| family = "PreviewContainer" | |
| network_mode = "awsvpc" | |
| requires_compatibilities = ["FARGATE"] | |
| cpu = 2048 | |
| memory = 4096 | |
| execution_role_arn = aws_iam_role.gtm_container_exec_role.arn | |
| task_role_arn = aws_iam_role.gtm_container_role.arn | |
| runtime_platform { | |
| operating_system_family = "LINUX" | |
| cpu_architecture = "X86_64" | |
| } | |
| container_definitions = <<TASK_DEFINITION | |
| [ | |
| { | |
| "name": "preview", | |
| "image": "gcr.io/cloud-tagging-10302018/gtm-cloud-image", | |
| "environment": [ | |
| { | |
| "name": "PORT", | |
| "value": "80" | |
| }, | |
| { | |
| "name": "RUN_AS_PREVIEW_SERVER", | |
| "value": "true" | |
| }, | |
| { | |
| "name": "CONTAINER_CONFIG", | |
| "value": "${var.CONTAINER_CONFIG}" | |
| } | |
| ], | |
| "cpu": 1024, | |
| "memory": 2048, | |
| "essential": true, | |
| "logConfiguration": { | |
| "logDriver": "awslogs", | |
| "options": { | |
| "awslogs-group": "gtm-preview", | |
| "awslogs-region": "eu-central-1", | |
| "awslogs-create-group": "true", | |
| "awslogs-stream-prefix": "ecs" | |
| } | |
| }, | |
| "portMappings" : [ | |
| { | |
| "containerPort" : 80, | |
| "hostPort" : 80 | |
| } | |
| ] | |
| } | |
| ] | |
| TASK_DEFINITION | |
| } | |
| resource "aws_ecs_service" "PrimaryServerSideService" { | |
| name = var.primary_service_name | |
| cluster = aws_ecs_cluster.gtm.id | |
| task_definition = aws_ecs_task_definition.PrimaryServerSideContainer.id | |
| desired_count = var.primary_service_desired_count | |
| launch_type = "FARGATE" | |
| platform_version = "LATEST" | |
| scheduling_strategy = "REPLICA" | |
| deployment_maximum_percent = 200 | |
| deployment_minimum_healthy_percent = 50 | |
| network_configuration { | |
| assign_public_ip = true | |
| security_groups = [aws_security_group.gtm-security-group.id] | |
| subnets = module.vpc.private_subnet_ids | |
| } | |
| load_balancer { | |
| target_group_arn = aws_lb_target_group.PrimaryServerSideTarget.arn | |
| container_name = "primary" | |
| container_port = 80 | |
| } | |
| lifecycle { | |
| ignore_changes = [task_definition] | |
| } | |
| } | |
| resource "aws_ecs_service" "PreviewService" { | |
| name = var.preview_service_name | |
| cluster = aws_ecs_cluster.gtm.id | |
| task_definition = aws_ecs_task_definition.PreviewContainer.id | |
| desired_count = var.preview_service_desired_count | |
| launch_type = "FARGATE" | |
| platform_version = "LATEST" | |
| scheduling_strategy = "REPLICA" | |
| network_configuration { | |
| assign_public_ip = true | |
| security_groups = [aws_security_group.gtm-security-group.id] | |
| subnets = module.vpc.private_subnet_ids | |
| } | |
| load_balancer { | |
| target_group_arn = aws_lb_target_group.PreviewTarget.arn | |
| container_name = "preview" | |
| container_port = 80 | |
| } | |
| lifecycle { | |
| ignore_changes = [task_definition] | |
| } | |
| } | |
| resource "aws_lb" "PrimaryServerSideLoadBalancer" { | |
| name = "PrimaryServerSideLoadBalancer" | |
| internal = false | |
| load_balancer_type = "application" | |
| security_groups = [aws_security_group.gtm-security-group.id] | |
| subnets = module.vpc.public_subnet_ids | |
| enable_deletion_protection = false | |
| } | |
| resource "aws_security_group" "gtm-security-group" { | |
| name = "gtm-security-group" | |
| description = "Security Group that allows all traffic for GTM" | |
| vpc_id = module.vpc.vpc_id | |
| // Allow all inbound traffic for IPv4 | |
| ingress { | |
| from_port = 0 | |
| to_port = 65535 | |
| protocol = "tcp" # All TCP traffic | |
| cidr_blocks = ["0.0.0.0/0"] # Allow all sources (IPv4) | |
| } | |
| // Allow all outbound traffic for IPv4 | |
| egress { | |
| from_port = 0 | |
| to_port = 65535 | |
| protocol = "tcp" # All TCP traffic | |
| cidr_blocks = ["0.0.0.0/0"] # Allow all destinations (IPv4) | |
| } | |
| } | |
| resource "aws_lb_target_group" "PrimaryServerSideTarget" { | |
| name = "PrimaryServerSideTarget" | |
| port = 80 | |
| protocol = "HTTP" | |
| vpc_id = module.vpc.vpc_id | |
| target_type = "ip" | |
| health_check { | |
| path = "/healthz" | |
| } | |
| } | |
| resource "aws_lb_listener" "primarylistener" { | |
| load_balancer_arn = aws_lb.PrimaryServerSideLoadBalancer.arn | |
| port = "443" | |
| protocol = "HTTPS" | |
| ssl_policy = "ELBSecurityPolicy-2016-08" | |
| certificate_arn = aws_acm_certificate.cert.arn | |
| default_action { | |
| type = "forward" | |
| target_group_arn = aws_lb_target_group.PrimaryServerSideTarget.arn | |
| } | |
| } | |
| // Public subnets | |
| resource "aws_lb" "PreviewLoadBalancer" { | |
| name = "PreviewLoadBalancer" | |
| internal = false | |
| load_balancer_type = "application" | |
| security_groups = [aws_security_group.gtm-security-group.id] | |
| subnets = module.vpc.public_subnet_ids | |
| enable_deletion_protection = false | |
| } | |
| resource "aws_lb_listener" "previewlistener" { | |
| load_balancer_arn = aws_lb.PreviewLoadBalancer.arn | |
| port = "443" | |
| protocol = "HTTPS" | |
| ssl_policy = "ELBSecurityPolicy-2016-08" | |
| certificate_arn = aws_acm_certificate.cert.arn | |
| default_action { | |
| type = "forward" | |
| target_group_arn = aws_lb_target_group.PreviewTarget.arn | |
| } | |
| } | |
| resource "aws_lb_target_group" "PreviewTarget" { | |
| name = "PreviewTarget" | |
| port = 80 | |
| protocol = "HTTP" | |
| vpc_id = module.vpc.vpc_id | |
| target_type = "ip" | |
| health_check { | |
| path = "/healthz" | |
| } | |
| } | |
| resource "aws_appautoscaling_target" "ecs_service_target" { | |
| max_capacity = 10 | |
| min_capacity = 1 | |
| resource_id = "service/${aws_ecs_cluster.gtm.name}/${aws_ecs_service.PrimaryServerSideService.name}" | |
| scalable_dimension = "ecs:service:DesiredCount" | |
| service_namespace = "ecs" | |
| } | |
| resource "aws_appautoscaling_policy" "ecs_policy" { | |
| name = "scale-cpu" | |
| policy_type = "TargetTrackingScaling" | |
| resource_id = aws_appautoscaling_target.ecs_service_target.resource_id | |
| scalable_dimension = aws_appautoscaling_target.ecs_service_target.scalable_dimension | |
| service_namespace = aws_appautoscaling_target.ecs_service_target.service_namespace | |
| target_tracking_scaling_policy_configuration { | |
| predefined_metric_specification { | |
| predefined_metric_type = "ECSServiceAverageCPUUtilization" | |
| } | |
| target_value = 60 | |
| scale_in_cooldown = 2 | |
| scale_out_cooldown = 300 | |
| } | |
| depends_on = [aws_appautoscaling_target.ecs_service_target] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment