|
1 | | -#TODO: Remove after release |
2 | | -resource "aws_security_group" "ecs_service_sg" { |
3 | | - name = "ecs-service-sg" |
4 | | - description = "Security Group for communication with ECS" |
5 | | - vpc_id = aws_vpc.application_vpc.id |
6 | | - lifecycle { |
7 | | - ignore_changes = [description] |
8 | | - } |
9 | | -} |
10 | | - |
11 | | -#TODO: Remove after release |
12 | | -resource "aws_security_group_rule" "ecs_ingress_http" { |
13 | | - type = "ingress" |
14 | | - from_port = 4000 |
15 | | - to_port = 4000 |
16 | | - protocol = "tcp" |
17 | | - security_group_id = aws_security_group.ecs_service_sg.id |
18 | | - source_security_group_id = aws_security_group.lb_service_sg.id |
19 | | - lifecycle { |
20 | | - create_before_destroy = true |
21 | | - } |
22 | | -} |
23 | | - |
24 | | -#TODO: Remove after release |
25 | | -resource "aws_security_group_rule" "ecs_talk_to_internet" { |
26 | | - type = "egress" |
27 | | - from_port = 0 |
28 | | - to_port = 0 |
29 | | - protocol = "-1" |
30 | | - cidr_blocks = ["0.0.0.0/0"] |
31 | | - security_group_id = aws_security_group.ecs_service_sg.id |
32 | | -} |
33 | | - |
34 | | -#TODO: Remove after release |
35 | | -resource "aws_ecs_service" "service" { |
36 | | - name = "mavis-${var.environment}" |
37 | | - cluster = aws_ecs_cluster.cluster.id |
38 | | - task_definition = aws_ecs_task_definition.task_definition.arn |
39 | | - desired_count = var.minimum_web_replicas |
40 | | - launch_type = "FARGATE" |
41 | | - enable_execute_command = true |
42 | | - health_check_grace_period_seconds = 60 |
43 | | - |
44 | | - network_configuration { |
45 | | - subnets = [aws_subnet.private_subnet_a.id, aws_subnet.private_subnet_b.id] |
46 | | - security_groups = [aws_security_group.ecs_service_sg.id] |
47 | | - } |
48 | | - |
49 | | - load_balancer { |
50 | | - target_group_arn = aws_lb_target_group.blue.arn |
51 | | - container_name = "mavis-${var.environment}" |
52 | | - container_port = 4000 |
53 | | - } |
54 | | - deployment_controller { |
55 | | - type = "CODE_DEPLOY" |
56 | | - } |
57 | | - |
58 | | - lifecycle { |
59 | | - ignore_changes = [ |
60 | | - load_balancer, |
61 | | - task_definition, |
62 | | - # desired_count TODO: uncomment this when we proceed with enabling autoscaler |
63 | | - ] |
64 | | - } |
65 | | -} |
66 | | - |
67 | | -#TODO: Remove after release |
68 | | -resource "aws_ecs_task_definition" "task_definition" { |
69 | | - family = "task-definition-${var.environment}" |
70 | | - requires_compatibilities = ["FARGATE"] |
71 | | - network_mode = "awsvpc" |
72 | | - cpu = 1024 |
73 | | - memory = 2048 |
74 | | - execution_role_arn = aws_iam_role.ecs_task_execution_role.arn |
75 | | - task_role_arn = aws_iam_role.ecs_task_role.arn |
76 | | - container_definitions = jsonencode([ |
77 | | - { |
78 | | - name = "mavis-${var.environment}" |
79 | | - image = "${var.account_id}.dkr.ecr.eu-west-2.amazonaws.com/${var.docker_image}@${var.image_digest}" |
80 | | - essential = true |
81 | | - portMappings = [ |
82 | | - { |
83 | | - containerPort = 4000 |
84 | | - hostPort = 4000 |
85 | | - } |
86 | | - ] |
87 | | - environment = concat(local.task_envs, [{ name = "SERVER_TYPE", value = "web" }]) |
88 | | - secrets = local.task_secrets |
89 | | - logConfiguration = { |
90 | | - logDriver = "awslogs" |
91 | | - options = { |
92 | | - awslogs-group = aws_cloudwatch_log_group.ecs_log_group.name |
93 | | - awslogs-region = var.region |
94 | | - awslogs-stream-prefix = "${var.environment}-logs" |
95 | | - } |
96 | | - } |
97 | | - healthCheck = { |
98 | | - command = ["CMD-SHELL", "curl -f http://localhost:4000/up || exit 1"] |
99 | | - interval = 30 |
100 | | - timeout = 5 |
101 | | - retries = 3 |
102 | | - startPeriod = 10 |
103 | | - } |
104 | | - } |
105 | | - ]) |
106 | | - depends_on = [aws_cloudwatch_log_group.ecs_log_group] |
107 | | -} |
108 | | - |
109 | 1 | resource "aws_security_group_rule" "web_service_alb_ingress" { |
110 | 2 | type = "ingress" |
111 | 3 | from_port = 4000 |
|
0 commit comments