main infra updates

hack4impact-upenn · May 1, 2024 · 6a01802 · 6a01802
1 parent 7340fdd
commit 6a01802
Showing 1 changed file with 67 additions and 54 deletions.
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -9,15 +9,60 @@ terraform {
   required_version = ">= 1.2.0"
 }
 
+///
+// Local variables
+///
 locals {
   client_image_tag = "ghcr.io/${var.github_repo_owner}/${var.github_repo_name}:client"
   server_image_tag = "ghcr.io/${var.github_repo_owner}/${var.github_repo_name}:server"
 }
 
 
+///
+// Provider
+///
 provider "aws" {
   region = var.region
 }
+
+///
+// Load balancer
+///
+# resource "aws_lb" "nlb" {
+#   name                             = "my-nlb"
+#   load_balancer_type               = "network"
+#   subnets                          = data.aws_subnets.default.ids
+#   enable_cross_zone_load_balancing = true
+#   internal                         = false // Set to false for internet-facing
+# }
+
+# resource "aws_eip" "nlb_ip" {
+#   vpc = true
+# }
+
+# resource "aws_lb_target_group" "nlb_tg" {
+#   name        = "my-nlb-tg"
+#   port        = 80
+#   protocol    = "TCP"
+#   vpc_id      = data.aws_vpc.default.id
+#   target_type = "ip"
+# }
+
+# resource "aws_lb_listener" "listener" {
+#   load_balancer_arn = aws_lb.nlb.arn
+#   port              = 80
+#   protocol          = "TCP"
+
+#   default_action {
+#     type             = "forward"
+#     target_group_arn = aws_lb_target_group.nlb_tg.arn
+#   }
+# }
+
+
+///
+// ECS resources, tasks, and cloudwatch
+///
 resource "aws_ecs_cluster" "cluster" {
   name = var.cluster_name
 
@@ -38,8 +83,8 @@ resource "aws_ecs_task_definition" "app" {
   family                   = "app-family"
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
-  cpu                      = "512"  # Adjust based on your needs
-  memory                   = "2048" # Adjust based on your needs
+  cpu                      = "512"
+  memory                   = "2048"
   execution_role_arn       = data.aws_iam_role.ecs_task_execution_role.arn
 
   container_definitions = jsonencode([
@@ -96,7 +141,9 @@ resource "aws_ecs_task_definition" "app" {
   ])
 }
 
+///
 // VPC configuration
+///
 data "aws_vpc" "default" {
   default = true
 }
@@ -108,6 +155,11 @@ data "aws_subnets" "default" {
   }
 }
 
+///
+// ECS service and discovery
+///
+
+
 
 resource "aws_ecs_service" "app_service" {
   name            = "app-service"
@@ -120,58 +172,20 @@ resource "aws_ecs_service" "app_service" {
     subnets          = data.aws_subnets.default.ids
     assign_public_ip = true
   }
-}
 
-# So that the ECS role can execute tasks
-# For CREATING a role
-# resource "aws_iam_role" "ecs_task_execution_role" {
-#   name = "ecs_task_execution_role"
-
-#   assume_role_policy = jsonencode({
-#     Version = "2012-10-17"
-#     Statement = [
-#       {
-#         Action = "sts:AssumeRole"
-#         Effect = "Allow"
-#         Principal = {
-#           Service = "ecs-tasks.amazonaws.com"
-#         }
-#       },
-#     ]
-#   })
-# }
+  # load_balancer {
+  #   target_group_arn = aws_lb_target_group.nlb_tg.arn
+  #   container_name   = "frontend"
+  #   container_port   = 3000
+  # }
 
-# For CREATING a policy
-# resource "aws_iam_policy" "cloudwatch_logs_policy" {
-#   name        = "ECSLogsPolicy"
-#   description = "Allow ECS Task Execution Role to push logs to CloudWatch"
-
-#   policy = jsonencode({
-#     Version = "2012-10-17",
-#     Statement = [
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "logs:CreateLogStream",
-#           "logs:CreateLogGroup"
-#         ],
-#         Resource = "arn:aws:logs:*:*:*"
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "logs:PutLogEvents"
-#         ],
-#         Resource = [
-#           "arn:aws:logs:*:*:log-group:/ecs/*:log-stream:*",
-#           "arn:aws:logs:*:*:log-group:/ecs/*"
-#         ]
-#       }
-#     ]
-#   })
-# }
+  # depends_on = [aws_lb_listener.listener]
+}
 
-# existing role/policy
+///
+// ECS IAM roles
+///
+# Declare based on existing roles
 data "aws_iam_role" "ecs_task_execution_role" {
   name = "ecs_task_execution_role"
 }
@@ -180,9 +194,7 @@ data "aws_iam_policy" "cloudwatch_logs_policy" {
   arn = "arn:aws:iam::${var.aws_account_id}:policy/ECSLogsPolicy"
 }
 
-
-
-# Attach the policies to the role
+# Attach policies to roles
 resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
   role       = data.aws_iam_role.ecs_task_execution_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
@@ -192,3 +204,4 @@ resource "aws_iam_role_policy_attachment" "cloudwatch_logs_policy_attachment" {
   role       = data.aws_iam_role.ecs_task_execution_role.name
   policy_arn = data.aws_iam_policy.cloudwatch_logs_policy.arn
 }
+