-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
112 lines (89 loc) · 3.21 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
module "ecs" {
source = "terraform-aws-modules/ecs/aws"
version = "v1.1.0"
name = "${var.name}"
}
locals {
container_environment_variables = [
{
name = "ATLANTIS_GH_USER"
value = "${var.atlantis_github_user}"
},
{
name = "ATLANTIS_REPO_WHITELIST"
value = "${join(",", var.atlantis_repo_whitelist)}"
},
]
container_definition_secrets_1 = [
{
name = "ATLANTIS_GH_TOKEN"
valueFrom = "${var.atlantis_github_user_token_ssm_parameter_name}"
},
]
container_definition_secrets_2 = [
{
name = "ATLANTIS_GITLAB_WEBHOOK_SECRET"
valueFrom = "${var.webhook_ssm_parameter_name}"
},
]
}
module "container_definition_atlantis" {
source = "cloudposse/ecs-container-definition/aws"
version = "v0.7.0"
container_name = "${var.name}"
container_image = "runatlantis/atlantis:v0.7.1"
container_cpu = "${var.ecs_task_cpu}"
container_memory = "${var.ecs_task_memory}"
container_memory_reservation = "${var.container_memory_reservation}"
port_mappings = [
{
containerPort = "${var.atlantis_port}"
hostPort = "${var.atlantis_port}"
protocol = "tcp"
},
]
log_options = [
{
"awslogs-region" = "${data.aws_region.current.name}"
"awslogs-group" = "${aws_cloudwatch_log_group.atlantis.name}"
"awslogs-stream-prefix" = "ecs"
},
]
environment = "${local.container_environment_variables}"
secrets = ["${concat(local.container_definition_secrets_1, local.container_definition_secrets_2)}" ]
}
resource "aws_ecs_task_definition" "atlantis" {
family = "${var.name}"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = "${var.ecs_task_cpu}"
memory = "${var.ecs_task_memory}"
execution_role_arn = "${aws_iam_role.ecs_task_execution.arn}"
task_role_arn = "${aws_iam_role.ecs_task_execution.arn}"
container_definitions = "${module.container_definition_atlantis.json}"
}
data "aws_ecs_task_definition" "atlantis" {
task_definition = "${var.name}"
depends_on = ["aws_ecs_task_definition.atlantis"]
}
resource "aws_ecs_service" "atlantis" {
name = "${var.name}"
cluster = "${module.ecs.this_ecs_cluster_id}"
task_definition = "${data.aws_ecs_task_definition.atlantis.family}:${max(aws_ecs_task_definition.atlantis.revision, data.aws_ecs_task_definition.atlantis.revision)}"
desired_count = "${var.ecs_service_desired_count}"
launch_type = "FARGATE"
deployment_maximum_percent = "${var.ecs_service_deployment_maximum_percent}"
deployment_minimum_healthy_percent = "${var.ecs_service_deployment_minimum_healthy_percent}"
network_configuration {
subnets = ["${values(local.private_subnets)}"]
security_groups = ["${module.atlantis_sg.this_security_group_id}"]
}
load_balancer {
target_group_arn = "${aws_lb_target_group.main.id}"
container_name = "atlantis"
container_port = "${var.atlantis_port}"
}
depends_on = [
"aws_lb_listener.main",
]
}