init

Author: andreiio

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.tf]
+indent_size = 2

.gitignore

@@ -0,0 +1,36 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+*tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+.infracost

.terraform.lock.hcl

@@ -1,50 +1,38 @@
-# Project name
+# terraform-aws-ecs-service
 
 [![GitHub contributors][ico-contributors]][link-contributors]
 [![GitHub last commit][ico-last-commit]][link-last-commit]
 [![License: MPL 2.0][ico-license]][link-license]
 
-Insert bullets description of the project if available.
+A Terraform module to provision and manage an AWS ECS Cluster.
 
-[See the project live][link-production]
-
-Give a short introduction of your project. Let this section explain the objectives or the motivation behind this project.
-
-[Contributing](#contributing) | [Built with](#built-with) | [Repos and projects](#repos-and-projects) | [Deployment](#deployment) | [Feedback](#feedback) | [License](#license) | [About Code for Romania](#about-code-for-romania)
+[Contributing](#contributing) | [Usage](#usage) | [Feedback](#feedback) | [License](#license) | [About Code for Romania](#about-code-for-romania)
 
 ## Contributing
 
 This project is built by amazing volunteers and you can be one of them! Here's a list of ways in [which you can contribute to this project][link-contributing]. If you want to make any change to this repository, please **make a fork first**.
 
-Help us out by testing this project in the [staging environment][link-staging]. If you see something that doesn't quite work the way you expect it to, open an Issue. Make sure to describe what you _expect to happen_ and _what is actually happening_ in detail.
+If you see something that doesn't quite work the way you expect it to, open an Issue. Make sure to describe what you _expect to happen_ and _what is actually happening_ in detail.
 
 If you would like to suggest new functionality, open an Issue and mark it as a __[Feature request]__. Please be specific about why you think this functionality will be of use. If you can, please include some visual description of what you would like the UI to look like, if you are suggesting new UI elements.
 
-## Built With
-
-### Programming languages
-
-### Platforms
+## Usage
 
-### Frontend framework
+```hcl
+module "ecs_cluster" {
+  source    = "code4romania/ecs-service/aws"
+  version   = "0.1.0"
+  namespace = "project_name"
+}
+```
 
-### Package managers
+### Inputs
 
-### Database technology & provider
+TBD
 
-## Repos and projects
+### Outputs
 
-Mention all related repos and projects.
-
-## Deployment
-
-Guide users through getting your code up and running on their own system. In this section you can talk about:
-1. Installation process
-2. Software dependencies
-3. Latest releases
-4. API references
-
-Describe and show how to build your code and run the tests.
+TBD
 
 ## Feedback
 
@@ -64,17 +52,14 @@ Started in 2016, Code for Romania is a civic tech NGO, official member of the Co
 Last, but not least, we rely on donations to ensure the infrastructure, logistics and management of our community that is widely spread across 11 timezones, coding for social change to make Romania and the world a better place. If you want to support us, [you can do it here][link-donate].
 
 
-[ico-contributors]: https://img.shields.io/github/contributors/code4romania/standard-repo-template.svg?style=for-the-badge
-[ico-last-commit]: https://img.shields.io/github/last-commit/code4romania/standard-repo-template.svg?style=for-the-badge
+[ico-contributors]: https://img.shields.io/github/contributors/code4romania/terraform-aws-ecs-service.svg?style=for-the-badge
+[ico-last-commit]: https://img.shields.io/github/last-commit/code4romania/terraform-aws-ecs-service.svg?style=for-the-badge
 [ico-license]: https://img.shields.io/badge/license-MPL%202.0-brightgreen.svg?style=for-the-badge
 
-[link-contributors]: https://github.com/code4romania/standard-repo-template/graphs/contributors
-[link-last-commit]: https://github.com/code4romania/standard-repo-template/commits/main
+[link-contributors]: https://github.com/code4romania/terraform-aws-ecs-service/graphs/contributors
+[link-last-commit]: https://github.com/code4romania/terraform-aws-ecs-service/commits/main
 [link-license]: https://opensource.org/licenses/MPL-2.0
 [link-contributing]: https://github.com/code4romania/.github/blob/main/CONTRIBUTING.md
 
-[link-production]: insert_link_here
-[link-staging]: insert_link_here
-
 [link-code4]: https://www.code4.ro/en/
 [link-donate]: https://code4.ro/en/donate/

README.md

@@ -0,0 +1,29 @@
+resource "aws_appautoscaling_target" "this" {
+  count = local.fixed_capacity ? 0 : 1
+
+  service_namespace  = "ecs"
+  resource_id        = "service/${data.aws_ecs_cluster.this.cluster_name}/${aws_ecs_service.this.name}"
+  scalable_dimension = "ecs:service:DesiredCount"
+  min_capacity       = var.min_capacity
+  max_capacity       = var.max_capacity
+}
+
+resource "aws_appautoscaling_policy" "this" {
+  count = local.fixed_capacity ? 0 : 1
+
+  name               = "${var.namespace}-target-scaling"
+  resource_id        = aws_appautoscaling_target.this.0.resource_id
+  scalable_dimension = aws_appautoscaling_target.this.0.scalable_dimension
+  service_namespace  = aws_appautoscaling_target.this.0.service_namespace
+  policy_type        = "TargetTrackingScaling"
+
+  target_tracking_scaling_policy_configuration {
+    target_value       = var.target_value
+    scale_in_cooldown  = var.scale_in_cooldown
+    scale_out_cooldown = var.scale_out_cooldown
+
+    predefined_metric_specification {
+      predefined_metric_type = var.predefined_metric_type
+    }
+  }
+}

autoscaling.tf

@@ -0,0 +1,5 @@
+data "aws_region" "current" {}
+
+data "aws_ecs_cluster" "this" {
+  cluster_name = var.cluster_name
+}

data.tf

@@ -0,0 +1,54 @@
+resource "aws_ecs_task_definition" "this" {
+  container_definitions = local.container_definitions
+  execution_role_arn    = aws_iam_role.ecs_task_execution_role.arn
+  task_role_arn         = var.task_role_arn
+  family                = var.namespace
+  ipc_mode              = var.ipc_mode
+  network_mode          = var.network_mode
+  pid_mode              = var.pid_mode
+
+  memory = var.container_memory_hard_limit
+
+  dynamic "placement_constraints" {
+    for_each = var.placement_constraints
+    content {
+      expression = lookup(placement_constraints.value, "expression", null)
+      type       = placement_constraints.value.type
+    }
+  }
+
+  requires_compatibilities = var.requires_compatibilities
+
+  dynamic "volume" {
+    for_each = var.volumes
+
+    content {
+      host_path = lookup(volume.value, "host_path", null)
+      name      = volume.value.name
+
+      dynamic "docker_volume_configuration" {
+        for_each = lookup(volume.value, "docker_volume_configuration", [])
+
+        content {
+          autoprovision = lookup(docker_volume_configuration.value, "autoprovision", null)
+          driver        = lookup(docker_volume_configuration.value, "driver", null)
+          driver_opts   = lookup(docker_volume_configuration.value, "driver_opts", null)
+          labels        = lookup(docker_volume_configuration.value, "labels", null)
+          scope         = lookup(docker_volume_configuration.value, "scope", null)
+        }
+      }
+
+      dynamic "efs_volume_configuration" {
+        for_each = lookup(volume.value, "efs_volume_configuration", [])
+
+        content {
+          file_system_id     = element(lookup(efs_volume_configuration.value, "file_system_id", null), 0)
+          root_directory     = lookup(efs_volume_configuration.value, "root_directory", null)
+          transit_encryption = lookup(efs_volume_configuration.value, "transit_encryption", null)
+        }
+      }
+    }
+  }
+
+  tags = var.tags
+}

ecs_task_definition.tf

@@ -0,0 +1,75 @@
+### IAM resources
+data "aws_iam_policy_document" "ecs_task_assume" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "ecs_secret_policy" {
+  statement {
+    actions   = ["secretsmanager:GetSecretValue"]
+    resources = var.allowed_secrets
+  }
+}
+
+data "aws_iam_policy_document" "ssm_policy" {
+  statement {
+    actions = [
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+      "ssmmessages:OpenDataChannel"
+    ]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role" "ecs_task_execution_role" {
+  name               = "${var.namespace}-ecs-task-execution-role"
+  assume_role_policy = data.aws_iam_policy_document.ecs_task_assume.json
+
+  dynamic "inline_policy" {
+    for_each = var.allowed_secrets == null ? [] : [1]
+
+    content {
+      name   = "SecretsPolicy"
+      policy = data.aws_iam_policy_document.ecs_secret_policy.json
+    }
+  }
+
+  dynamic "inline_policy" {
+    for_each = var.enable_execute_command ? [1] : []
+
+    content {
+      name   = "SSMPolicy"
+      policy = data.aws_iam_policy_document.ssm_policy.json
+    }
+  }
+
+  dynamic "inline_policy" {
+    for_each = var.additional_policy == null ? [] : [1]
+
+    content {
+      name   = "AdditionalPolicy"
+      policy = var.additional_policy
+    }
+  }
+
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerServiceforEC2Role" {
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_role_policy_attachment" "managed_policies_attachment" {
+  count      = length(var.managed_policies)
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = var.managed_policies[count.index]
+}

iam.tf

@@ -0,0 +1,37 @@
+resource "aws_lb_target_group" "this" {
+  count = var.use_load_balancer ? 1 : 0
+
+  name        = var.namespace
+  port        = var.container_port
+  protocol    = "HTTP"
+  vpc_id      = var.lb_vpc_id
+  target_type = "ip"
+
+  health_check {
+    enabled             = var.lb_health_check_enabled
+    healthy_threshold   = var.lb_healthy_threshold
+    interval            = var.lb_interval
+    protocol            = var.lb_protocol
+    matcher             = var.lb_matcher
+    timeout             = var.lb_timeout
+    path                = var.lb_path
+    unhealthy_threshold = var.lb_unhealthy_threshold
+  }
+}
+
+resource "aws_lb_listener_rule" "routing" {
+  count = var.use_load_balancer ? 1 : 0
+
+  listener_arn = var.lb_listener_arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.0.arn
+  }
+
+  condition {
+    host_header {
+      values = var.lb_hosts
+    }
+  }
+}