Feature/ecs deploy awsvpc (#25)

* ecs-deploy awsvpc
in4it · Jul 3, 2019 · 3b16d1e · 3b16d1e
1 parent 0670cc4
commit 3b16d1e
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 1 deletion.
diff --git a/terraform/alb.tf b/terraform/alb.tf
@@ -24,6 +24,7 @@ resource "aws_alb_target_group" "ecs-deploy" {
   name                 = "ecs-deploy"
   port                 = 8080
   protocol             = "HTTP"
+  target_type          = var.ecs_deploy_awsvpc ? "ip" : "instance"
   vpc_id               = var.vpc_id
   deregistration_delay = 30
 

diff --git a/terraform/ecs-deploy.tf b/terraform/ecs-deploy.tf
@@ -16,11 +16,21 @@ resource "aws_ecs_service" "ecs-deploy" {
   name                               = "ecs-deploy"
   cluster                            = aws_ecs_cluster.cluster.id
   task_definition                    = aws_ecs_task_definition.ecs-deploy.arn
-  iam_role                           = aws_iam_role.cluster-service-role.arn
+  iam_role                           = var.ecs_deploy_awsvpc ? "" : aws_iam_role.cluster-service-role.arn
   desired_count                      = 1
   deployment_minimum_healthy_percent = 100
   deployment_maximum_percent         = 200
 
+  network_configuration {
+    subnets = var.ecs_deploy_awsvpc ? var.vpc_private_subnets : []
+    security_groups = var.ecs_deploy_awsvpc ? [aws_security_group.ecs-deploy-awsvpc.id] : []
+    assign_public_ip = false
+  }
+
+  service_registries {
+    registry_arn = var.ecs_deploy_service_discovery_id == "" ? "" : aws_service_discovery_service.ecs-deploy[0].arn
+  }
+
   load_balancer {
     target_group_arn = aws_alb_target_group.ecs-deploy.id
     container_name   = "ecs-deploy"
@@ -45,6 +55,8 @@ resource "aws_ecs_task_definition" "ecs-deploy" {
   family                = "ecs-deploy"
   container_definitions = data.template_file.ecs-deploy.rendered
   task_role_arn         = aws_iam_role.ecs-deploy.arn
+  network_mode          = var.ecs_deploy_awsvpc ? "awsvpc" : "bridge"
+  execution_role_arn    = var.ecs_deploy_awsvpc ? aws_iam_role.ecs-task-execution-role.arn : "" 
 }
 
 #

diff --git a/terraform/securitygroups.tf b/terraform/securitygroups.tf
@@ -45,3 +45,30 @@ resource "aws_security_group" "cluster" {
   }
 }
 
+
+resource "aws_security_group" "ecs-deploy-awsvpc" {
+  name        = "${var.cluster_name} ECS - ecs-deploy-awsvpc"
+  vpc_id      = var.vpc_id
+  description = "${var.cluster_name} ECS - ecs-deploy-awsvpc"
+
+  ingress {
+    from_port       = 8080
+    to_port         = 8080
+    protocol        = "tcp"
+    security_groups = compact(
+    split(
+      ",",
+      format("%s,%s", aws_security_group.alb.id, var.ecs_deploy_awsvpc_allowsg),
+    ),
+  )
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+
diff --git a/terraform/servicediscovery.tf b/terraform/servicediscovery.tf
@@ -0,0 +1,19 @@
+resource "aws_service_discovery_service" "ecs-deploy" {
+  count = var.ecs_deploy_service_discovery_id == "" ? 0 : 1
+  name = "ecs-deploy"
+
+  dns_config {
+    namespace_id = var.ecs_deploy_service_discovery_id
+
+    dns_records {
+      ttl  = 30
+      type = "A"
+    }
+
+    routing_policy = "MULTIVALUE"
+  }
+
+  health_check_custom_config {
+    failure_threshold = 1
+  }
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -12,6 +12,20 @@ variable "ecs_deploy_debug" {
   default     = "false"
 }
 
+variable "ecs_deploy_awsvpc" {
+  description = "enable awsvpc for the ecs-deploy ecs service"
+  default     = false
+}
+variable "ecs_deploy_awsvpc_allowsg" {
+  description = "allow extra sgs when using awsvpc"
+  default     = ""
+}
+
+variable "ecs_deploy_service_discovery_id" {
+  description = "join a service discovery domain"
+  default     = ""
+}
+
 variable "cluster_name" {
   description = "Cluster name"
   default     = "services"