Merge pull request #1 from mateuscacabuenaPUCRS/T3

T3 - Finished

.github/workflows/main.yml

@@ -27,5 +27,5 @@ jobs:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'
     - run: npm ci
-    - run: npm run build --if-present
+    - run: npm run build
     - run: npm test

README.md

@@ -199,14 +199,18 @@ For this step you should have a Docker Hub account and be logged in on the termi
 $ docker login
 ```
 
-Remember to change the image name and tag variables in the [`update-image.sh`](scripts/update-image.sh) script to your own image name and tag.
-This is the most important step, you must update the image on Docker Hub so that the instance can download it and run the application with the latest changes.
+Remember to change the image name and tag variables in the [`update-image-dockerhub.sh`](scripts/update-image.sh) and [`update-image-ecr.sh`] scripts to your own image name and tag.
+This is the most important step, you must update the image on Docker Hub / ECR so that the instance can download it and run the application with the latest changes.
 
 ```bash
-$ scripts/update-image.sh
+$ scripts/update-image-dockerhub.sh
+```
+
+```bash
+$ scripts/update-image-ecr.sh
 ```
 
-2. (Optional) Update the `docker-compose` file on the s3 bucket:
+1. (Optional) Update the `docker-compose` file on the s3 bucket:
 
 Remember to change the bucket name variable in the [`upload-compose.sh`](scripts/upload-compose.sh) script to your own bucket name.
 Run this only if you have made changes to the `docker-compose.prod.yml` file and want to update the one on the s3 bucket.

infra/alb.tf

@@ -0,0 +1,53 @@
+module "alb" {
+  source = "terraform-aws-modules/alb/aws"
+
+  name = "${local.name}-alb"
+
+  load_balancer_type = "application"
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.public_subnets
+
+  security_groups = [aws_security_group.security_group.id]
+
+  enable_deletion_protection = false
+
+  listeners = {
+    http = {
+      port     = local.container_port
+      protocol = "HTTP"
+
+      forward = {
+        target_group_key = "ecs"
+      }
+    }
+  }
+
+  target_groups = {
+    ecs = {
+      backend_protocol                  = "HTTP"
+      backend_port                      = local.container_port
+      target_type                       = "ip"
+      deregistration_delay              = 5
+      load_balancing_cross_zone_enabled = true
+
+      health_check = {
+        enabled             = true
+        healthy_threshold   = 5
+        interval            = 30
+        matcher             = "200"
+        path                = "/"
+        port                = "traffic-port"
+        protocol            = "HTTP"
+        timeout             = 5
+        unhealthy_threshold = 2
+      }
+
+      # Theres nothing to attach here in this definition. Instead,
+      # ECS will attach the IPs of the tasks to this target group
+      create_attachment = false
+    }
+  }
+
+  tags = local.tags
+}

infra/data.tf

@@ -0,0 +1,3 @@
+data "aws_availability_zones" "available" {}
+
+data "aws_caller_identity" "current" {}

infra/ec2.tf

@@ -1,12 +1,16 @@
-resource "aws_instance" "csw24-grupob-ticket" {
+resource "aws_instance" "ec2" {
   ami           = "ami-007855ac798b5175e" # Ubuntu 22.04 LTS
   instance_type = "t2.micro"
   key_name      = aws_key_pair.my_key_pair.key_name
 
-  vpc_security_group_ids = [aws_security_group.csw24_ticket_ports_access.id]
+  associate_public_ip_address = true
+
+  subnet_id = module.vpc.public_subnets[0]
+
+  vpc_security_group_ids = [aws_security_group.security_group.id]
 
   tags = {
-    Name = "csw24-grupob-ticket"
+    Name = "${local.name}-ec2"
   }
 
   # User data script to install Docker and start your container
@@ -33,7 +37,7 @@ resource "aws_instance" "csw24-grupob-ticket" {
     touch success.txt
 
     # Download docker-compose.yml from S3 (if bucket name changes, this line has to be updated manually)
-    curl -O https://csw24-ticket-docker-compose-bucket.s3.amazonaws.com/docker-compose.yml
+    curl -O https://csw24-docker-compose-bucket.s3.amazonaws.com/docker-compose.yml
 
     # Start container
     sudo docker-compose up -d

infra/ecr.tf

@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "ecr" {
+  name = "${local.name}-ecr"
+}

infra/ecs.tf

@@ -0,0 +1,53 @@
+resource "aws_ecs_cluster" "ecs_cluster" {
+  name = "${local.name}-ecs-cluster"
+}
+
+resource "aws_ecs_task_definition" "task" {
+  family                   = "${local.name}-ecs-task"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+
+  cpu    = "1024"
+  memory = "2048"
+
+  container_definitions = jsonencode([{
+    name      = local.container_name
+    cpu       = 512
+    memory    = 1024
+    essential = true
+    image     = "${local.user_id}.dkr.ecr.${local.region}.amazonaws.com/${local.container_name}:latest"
+
+    portMappings = [{
+      containerPort = local.container_port
+      hostPort      = local.container_port
+      protocol      = "tcp"
+    }]
+  }])
+
+  execution_role_arn = "arn:aws:iam::${local.user_id}:role/LabRole"
+  task_role_arn      = "arn:aws:iam::${local.user_id}:role/LabRole"
+
+  tags = local.tags
+}
+
+resource "aws_ecs_service" "ecs_service" {
+  name            = "${local.name}-ecs-service"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.task.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = module.vpc.public_subnets
+    security_groups  = [aws_security_group.security_group.id]
+    assign_public_ip = true
+  }
+
+  load_balancer {
+    target_group_arn = module.alb.target_groups["ecs"].arn
+    container_name   = local.container_name
+    container_port   = local.container_port
+  }
+
+  tags = local.tags
+}

infra/ecs.tf.ignore

@@ -0,0 +1,47 @@
+module "ecs" {
+  source = "terraform-aws-modules/ecs/aws"
+
+  cluster_name = "${local.name}-ecs-cluster"
+
+  services = {
+    "${local.container_name}" = {
+      cpu    = 1024
+      memory = 4096
+
+      # Container definition(s)
+      container_definitions = {
+        "${local.container_name}" = {
+          cpu       = 512
+          memory    = 1024
+          essential = true
+          image     = "${local.user_id}.dkr.ecr.${local.region}.amazonaws.com/${local.container_name}:latest"
+
+          port_mappings = [
+            {
+              containerPort = local.container_port
+              hostPort      = local.container_port
+              protocol      = "tcp"
+            }
+          ]
+        }
+      }
+
+      subnet_ids = module.vpc.public_subnets
+      # subnet_ids = module.vpc.private_subnets
+
+      load_balancer = {
+        service = {
+          target_group_arn = module.alb.target_groups["ecs"].arn
+          container_name   = local.container_name
+          container_port   = local.container_port
+        }
+      }
+
+      # Roles attempted: LabRole, ecs.amazonaws.com/AWSServiceRoleForECS, vocareum, AdministratorAccess
+      task_execution_role_arn = "arn:aws:iam::${local.user_id}:role/LabRole"
+      task_role_arn           = "arn:aws:iam::${local.user_id}:role/LabRole"
+    }
+  }
+
+  tags = local.tags
+}

infra/keys.tf

@@ -6,4 +6,10 @@ resource "tls_private_key" "my_key" {
 resource "aws_key_pair" "my_key_pair" {
   key_name   = "my-key"
   public_key = tls_private_key.my_key.public_key_openssh
-}
+}
+
+resource "local_file" "private_key_pem" {
+  filename        = "${path.module}/my-key.pem"
+  content         = tls_private_key.my_key.private_key_pem
+  file_permission = "0400"
+}

infra/locals.tf

@@ -0,0 +1,16 @@
+locals {
+  region      = var.region
+  environment = var.environment
+  name        = "${local.environment}-${var.project_name}"
+
+  container_name = "${local.name}-ecr"
+  container_port = 8000
+
+  user_id = data.aws_caller_identity.current.account_id
+
+  tags = {
+    Name       = local.name
+    Example    = local.name
+    Repository = "https://github.com/terraform-aws-modules/terraform-aws-ecs"
+  }
+}

infra/main.tf

@@ -1,5 +1,5 @@
 provider "aws" {
-  region     = "us-east-1"
+  region     = local.region
   access_key = var.AWS_ACCESS_KEY_ID
   secret_key = var.AWS_SECRET_ACCESS_KEY
   token      = var.AWS_SESSION_TOKEN