-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.tf
119 lines (96 loc) · 2.28 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Data
data "aws_ami" "amazon_linux_ecs_generic" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-ecs-hvm-*-x86_64-ebs"]
}
filter {
name = "owner-alias"
values = ["amazon"]
}
}
# Main
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "${var.env}-vpc"
cidr = "10.0.0.0/16"
azs = [
"${var.aws_region}a"
]
public_subnets = [
"10.0.10.0/23"
]
private_subnets = [
"10.0.20.0/23"
]
manage_default_network_acl = true
default_network_acl_name = "${var.env}-${var.namespace}"
}
resource "aws_security_group" "default_permissive" {
name = "${var.env}-default-permissive"
vpc_id = module.vpc.vpc_id
ingress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = [
"0.0.0.0/0"
]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = [
"0.0.0.0/0"
]
}
}
resource "aws_key_pair" "root" {
key_name = var.ec2_key_pair_name
public_key = var.ssh_public_key
lifecycle {
ignore_changes = [
public_key
]
}
}
module "ecs" {
source = "registry.terraform.io/terraform-aws-modules/ecs/aws"
version = "~> 4.0"
cluster_name = "${var.env}-${var.namespace}-worker-ec2"
}
module "worker_complete" {
source = "../.."
name = "worker-ec2"
app_type = "worker"
env = var.env
public = false
ecs_launch_type = "EC2"
ecs_network_mode = "host"
instance_type = "t3.medium"
max_size = 1
desired_capacity = 0
# Containers
ecs_cluster_arn = module.ecs.cluster_arn
ecs_cluster_name = module.ecs.cluster_name
docker_registry = var.docker_registry
docker_image_tag = var.docker_image_tag
docker_container_command = ["echo", "command-output"]
deployment_minimum_healthy_percent = 0
# Network
vpc_id = module.vpc.vpc_id
private_subnets = module.vpc.private_subnets
security_groups = [aws_security_group.default_permissive.id]
key_name = var.ec2_key_pair_name
create_iam_instance_profile = true
image_id = data.aws_ami.amazon_linux_ecs_generic.id
# Environment variables
app_secrets = [
]
environment = {
}
}