Merge pull request #3 from gpxlnx/maria-quiteria

Maria quiteria
mentoriaiac · Dec 20, 2023 · 81a36e0 · 81a36e0
2 parents fbef0dc + dfb1d2a
commit 81a36e0
Show file tree

Hide file tree

Showing 7 changed files with 182 additions and 107 deletions.
diff --git a/main.tf b/main.tf
@@ -12,13 +12,17 @@ provider "aws" {
   # Configuration options
 }
 
-module "rede_prototipo" {
+resource "aws_eip" "ip_nat_gw" {
+  domain   = "vpc"
+}
+
+module "rede" {
   source   = "./modules/rede"
   vpc_cidr = "10.1.0.0/16"
 
   subnets = {
-    primaria   = "10.1.1.0/24",
-    secundaria = "10.1.2.0/24",
+    primaria   = "10.1.1.0/24"
+    secundaria = "10.1.2.0/24"
   }
 
   ingress_rules = [
@@ -29,17 +33,11 @@ module "rede_prototipo" {
       cidr_blocks = ["0.0.0.0/0"]
     },
     {
-      from_port   = 443
-      to_port     = 443
-      protocol    = "tcp"
-      cidr_blocks = ["0.0.0.0/0"]
-    },
-    {
-      from_port   = 3306
-      to_port     = 3306
+      from_port   = 5432
+      to_port     = 5432
       protocol    = "tcp"
       cidr_blocks = ["0.0.0.0/0"]
-    },
+    }
   ]
 }
 
@@ -49,16 +47,42 @@ module "cluster" {
   name = "mentoria-teste"
 }
 
-module "apache" {
+resource "aws_lb_target_group" "maria_quiteria_web" {
+  name        = "maria-quiteria-web"
+  port        = 80
+  protocol    = "HTTP"
+  target_type = "ip"
+  vpc_id      = module.rede.vpc_id
+}
+
+resource "aws_lb_target_group" "maria_quiteria_db" {
+  name        = "maria-quiteria-db"
+  port        = 5432
+  protocol    = "TCP"
+  target_type = "ip"
+  vpc_id      = module.rede.vpc_id
+}
+
+data "aws_iam_role" "ecs_task_execution_role" {
+  name = "ecsTaskExecutionRole"
+}
+
+module "maria_quiteria_web" {
   source = "./modules/ecs-app"
 
-  name             = "apache"
+  name             = "maria_quiteria_web"
   cluster_id       = module.cluster.cluster_id
   desired_count    = 1
-  subnets          = [module.rede_prototipo.subnet_id.primaria]
-  security_groups  = [module.rede_prototipo.security_group_id]
-  target_group_arn = aws_lb_target_group.apache1.arn
-
+  subnets          = [module.rede.subnet_id.primaria]
+  security_groups  = [module.rede.security_group_id]
+  assign_public_ip = true
+  execution_role_arn = data.aws_iam_role.ecs_task_execution_role.arn
+
+load_balancer = {
+  target_group_arn = aws_lb_target_group.maria_quiteria_web.arn
+  container_name = "mariaquiteria-web"
+  container_port = 80
+}
   resources = {
     cpu    = 256
     memory = 512
@@ -67,8 +91,8 @@ module "apache" {
   container_definitions = <<EOF
     [
       {
-        "name": "fargate-app",
-        "image": "public.ecr.aws/docker/library/httpd:latest",
+        "name": "mariaquiteria-web",
+        "image": "laoqui/maria-quiteria:v2",
         "portMappings": [
           {
             "containerPort": 80,
@@ -77,135 +101,149 @@ module "apache" {
           }
         ],
         "essential": true,
-        "entryPoint": [
-          "sh",
-          "-c"
+        "entryPoint": ["python"],
+        "command": ["manage.py", "runserver", "0.0.0.0:80"],
+        "environment": [
+          { 
+            "name": "DJANGO_CONFIGURATION",
+            "value": "Prod"
+          },
+          { 
+            "name": "DJANGO_SECRET_KEY",
+            "value": "secret"
+          },
+          { 
+            "name": "DJANGO_ALLOWED_HOSTS",
+            "value": "${module.lb.lb_dns_name}"
+          }
         ],
-        "command": [
-          "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App 1</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App 1</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
-        ]
+        "logConfiguration": {
+          "logDriver": "awslogs",
+          "options": {
+            "awslogs-create-group": "true",
+            "awslogs-group": "maria-quiteria",
+            "awslogs-region": "us-east-1",
+            "awslogs-stream-prefix": "maria-quiteria-web",
+            "mode": "non-blocking", 
+            "max-buffer-size": "25m" 
+          }
+        }
       }
     ]
     EOF
-
 }
 
-module "apache2" {
+module "maria_quiteria_db" {
   source = "./modules/ecs-app"
 
-  name             = "apache2"
+  name             = "maria_quiteria_db"
   cluster_id       = module.cluster.cluster_id
   desired_count    = 1
-  subnets          = [module.rede_prototipo.subnet_id.secundaria]
-  security_groups  = [module.rede_prototipo.security_group_id]
-  target_group_arn = aws_lb_target_group.apache2.arn
+  subnets          = [module.rede.subnet_id.primaria]
+  security_groups  = [module.rede.security_group_id]
+  execution_role_arn = data.aws_iam_role.ecs_task_execution_role.arn
+  assign_public_ip = false
 
   resources = {
     cpu    = 256
     memory = 512
   }
 
+  load_balancer = {
+  target_group_arn = aws_lb_target_group.maria_quiteria_db.arn
+  container_name = "mariaquiteria-db"
+  container_port = 5432
+}
+
   container_definitions = <<EOF
     [
       {
-        "name": "fargate-app",
-        "image": "public.ecr.aws/docker/library/httpd:latest",
+        "name": "mariaquiteria-db",
+        "image": "public.ecr.aws/docker/library/postgres:11.22-bullseye",
         "portMappings": [
           {
-            "containerPort": 80,
-            "hostPort": 80,
+            "containerPort": 5432,
+            "hostPort": 5432,
             "protocol": "tcp"
           }
         ],
         "essential": true,
-        "entryPoint": [
-          "sh",
-          "-c"
+        "environment": [
+          { 
+            "name": "POSTGRES_DB",
+            "value": "mariaquiteria"
+          },
+          { 
+            "name": "POSTGRES_USER",
+            "value": "postgres"
+          },
+          { 
+            "name": "POSTGRES_PASSWORD",
+            "value": "postgres"
+          }
         ],
-        "command": [
-          "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App 2</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App 2</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
-        ]
+        "logConfiguration": {
+          "logDriver": "awslogs",
+          "options": {
+            "awslogs-create-group": "true",
+            "awslogs-group": "maria-quiteria",
+            "awslogs-region": "us-east-1",
+            "awslogs-stream-prefix": "maria-quiteria-db",
+            "mode": "non-blocking", 
+            "max-buffer-size": "25m" 
+          }
+        }
       }
     ]
     EOF
-
 }
 
 module "lb" {
   source = "./modules/load-balancer"
 
-  name = "apache"
+  name = "lb"
+  type = "application"
+  internal = false
 
   security_group_ids = [
-    module.rede_prototipo.security_group_id,
+    module.rede.security_group_id,
   ]
 
   subnet_ids = [
-    module.rede_prototipo.subnet_id.primaria,
-    module.rede_prototipo.subnet_id.secundaria,
+    module.rede.subnet_id.primaria,
+    module.rede.subnet_id.secundaria,
   ]
 
   listeners = {
     http = {
       port                     = "80"
       protocol                 = "HTTP"
-      default_target_group_arn = aws_lb_target_group.apache1.arn
-    },
-    https = {
-      port                     = "443"
-      protocol                 = "HTTP"
-      default_target_group_arn = aws_lb_target_group.apache1.arn
-    },
+      default_target_group_arn = aws_lb_target_group.maria_quiteria_web.arn
+    }
   }
 }
 
+module "lb_internal" {
+  source = "./modules/load-balancer"
 
-resource "aws_lb_listener_rule" "apache1" {
-  listener_arn = module.lb.listener_arns["http"]
-  priority     = 100
-
-  action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.apache1.arn
-  }
-
-  condition {
-    query_string {
-      key   = "apache"
-      value = "1"
-    }
-  }
-}
+  name = "lb-internal"
+  type = "network"
+  internal = true
 
-resource "aws_lb_listener_rule" "apache2" {
-  listener_arn = module.lb.listener_arns["http"]
-  priority     = 101
+  security_group_ids = [
+    module.rede.security_group_id,
+  ]
 
-  action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.apache2.arn
-  }
+  subnet_ids = [
+    module.rede.subnet_id.primaria,
+    module.rede.subnet_id.secundaria,
+  ]
 
-  condition {
-    query_string {
-      key   = "apache"
-      value = "2"
+  listeners = {
+    db = {
+      port                     = "5432"
+      protocol                 = "TCP"
+      default_target_group_arn = aws_lb_target_group.maria_quiteria_db.arn
     }
   }
 }
-
-resource "aws_lb_target_group" "apache1" {
-  name        = "apache1"
-  port        = 80
-  protocol    = "HTTP"
-  target_type = "ip"
-  vpc_id      = module.rede_prototipo.vpc_id
-}
-
-resource "aws_lb_target_group" "apache2" {
-  name        = "apache2"
-  port        = 80
-  protocol    = "HTTP"
-  target_type = "ip"
-  vpc_id      = module.rede_prototipo.vpc_id
-}
diff --git a/modules/ecs-app/main.tf b/modules/ecs-app/main.tf
@@ -7,14 +7,18 @@ resource "aws_ecs_service" "service" {
 
   network_configuration {
     subnets          = var.subnets
-    assign_public_ip = true
+    assign_public_ip = var.assign_public_ip
     security_groups  = var.security_groups
   }
 
-  load_balancer {
-    target_group_arn = var.target_group_arn
-    container_name   = "fargate-app"
-    container_port   = 80
+  dynamic "load_balancer" {
+    for_each = toset(var.load_balancer == null ? [] : [var.load_balancer])
+
+    content {
+      target_group_arn = load_balancer.value.target_group_arn
+      container_name   = load_balancer.value.container_name
+      container_port   = load_balancer.value.container_port
+    }
   }
 }
 
@@ -25,4 +29,5 @@ resource "aws_ecs_task_definition" "task" {
   requires_compatibilities = ["FARGATE"]
   network_mode             = "awsvpc"
   container_definitions    = var.container_definitions
-}
+  execution_role_arn       = var.execution_role_arn
+}
diff --git a/modules/ecs-app/variables.tf b/modules/ecs-app/variables.tf
@@ -19,6 +19,11 @@ variable "security_groups" {
   type = list(string)
 }
 
+variable "assign_public_ip" {
+  type = bool
+  default = false
+}
+
 variable "resources" {
   type = object({
     cpu    = number
@@ -30,7 +35,16 @@ variable "container_definitions" {
   type = string
 }
 
-variable "target_group_arn" {
+variable "execution_role_arn" {
   type = string
+  default = ""
 }
-
+
+variable "load_balancer" {
+  type = object({
+    target_group_arn = string
+    container_name = string
+    container_port = number
+  })
+  default = null
+}