ecs-setup

terraform/alb.tf

@@ -0,0 +1,50 @@
+resource "aws_security_group" "lb" {
+  name   = "allow-all-lb"
+  vpc_id = aws_vpc.awsvpc.id
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_lb" "ecs-lb" {
+  name               = "ecs-lb"
+  load_balancer_type = "application"
+  internal           = false
+  subnets            = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id]
+  security_groups = [aws_security_group.lb.id]
+}
+
+resource "aws_lb_target_group" "lb_target_group" {
+  name        = "target-group"
+  port        = "80"
+  protocol    = "HTTP"
+  target_type = "instance"
+  vpc_id      = aws_vpc.awsvpc.id
+  health_check {
+    path                = "/"
+    healthy_threshold   = 2
+    unhealthy_threshold = 10
+    timeout             = 60
+    interval            = 300
+    matcher             = "200,301,302"
+  }
+}
+
+resource "aws_lb_listener" "web-listener" {
+  load_balancer_arn = aws_lb.ecs-lb.arn
+  port              = "80"
+  protocol          = "HTTP"
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+  }
+}

terraform/app.tf

@@ -0,0 +1,27 @@
+resource "aws_ecs_task_definition" "task-definition-test" {
+  family                = "app-family"
+  container_definitions = file("container-definition/container-definition.json")
+  network_mode          = "bridge"
+}
+
+resource "aws_ecs_service" "service" {
+  name            = "ecs-service"
+  cluster         = aws_ecs_cluster.ecs-cluster.id
+  task_definition = aws_ecs_task_definition.task-definition-test.arn
+  desired_count   = 1
+  load_balancer {
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+    container_name   = "nginx"
+    container_port   = "80"
+  }
+  lifecycle {
+    ignore_changes = [desired_count]
+  }
+  launch_type = "EC2"
+  depends_on  = [aws_lb_listener.web-listener]
+}
+
+resource "aws_cloudwatch_log_group" "log_group" {
+  name = "/ecs/container"
+}
+

terraform/backend.tf

@@ -0,0 +1,6 @@
+terraform {
+  backend "s3" {
+    bucket = "ayushterraform-state"
+    region = "us-east-1"
+  }
+}

terraform/container-definition/container-definition.json

@@ -0,0 +1,82 @@
+[
+    {
+      "name": "spring3hibernate",
+      "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/spring3hibernate:latest",
+      "cpu": 10,
+      "memory": 512,
+      "essential": true,
+      "portMappings": [
+        {
+            "containerPort": 8080,
+            "hostPort": 8080,
+            "protocol": "tcp"
+        }
+    ],
+      "dependsOn": [
+          {
+            "containerName": "mysql",
+            "condition": "START"
+          }
+        ],
+      "links": [
+
+          "mysql"
+
+      ]
+    },
+
+    {
+        "name": "mysql",
+        "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/mysql:latest",
+        "cpu": 10,
+        "memory": 512,
+        "essential": true,
+          "portMappings": [
+            {
+                "containerPort": 3306,
+                "hostPort": 3306,
+                "protocol": "tcp"
+            }
+          ],
+          "environment": [
+              {
+                "name": "MYSQL_DATABASE",
+                "value": "employeedb"
+              },
+              {
+                "name": "MYSQL_PASSWORD",
+                "value": "password"
+              },
+              {
+                "name": "MYSQL_ROOT_PASSWORD",
+                "value": "password"
+              }              
+            ]
+    },
+    {
+        "name": "nginx",
+        "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest1",
+        "cpu": 10,
+        "memory": 512,
+        "essential": true,
+        "portMappings": [
+          {
+              "containerPort": 80,
+              "hostPort": 80,
+              "protocol": "tcp"
+          }
+      ],
+        "dependsOn": [
+            {
+              "containerName": "spring3hibernate",
+              "condition": "START"
+            }
+          ],
+        "links": [
+
+            "spring3hibernate"
+
+        ]
+    }
+
+]

terraform/ecs.tf

@@ -0,0 +1,70 @@
+
+resource "aws_ecs_cluster" "ecs-cluster" {
+  name = "ecs-cluster"
+}
+
+data "aws_ami" "amazon_linux" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["amzn-ami*amazon-ecs-optimized"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+  owners = ["amazon", "self"]
+}
+
+resource "aws_security_group" "ec2-sg" {
+  name        = "allow-all-ec2"
+  description = "allow all"
+  vpc_id      = aws_vpc.awsvpc.id
+  ingress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    security_groups = [aws_security_group.lb.id]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_launch_configuration" "lc" {
+  name          = "test_ecs"
+  image_id      = data.aws_ami.amazon_linux.id
+  instance_type = "t3.medium"
+  lifecycle {
+    create_before_destroy = true
+  }
+  iam_instance_profile        = aws_iam_instance_profile.ecs-ec2-role.name
+  key_name                    = ""
+  security_groups             = [aws_security_group.ec2-sg.id]
+  associate_public_ip_address = true
+  user_data                   = <<EOF
+#! /bin/bash
+sudo apt-get update
+sudo echo ECS_CLUSTER=ecs-cluster >> /etc/ecs/ecs.config
+EOF
+}
+
+resource "aws_autoscaling_group" "asg" {
+  name                      = "test-asg"
+  launch_configuration      = aws_launch_configuration.lc.name
+  min_size                  = 1
+  max_size                  = 4
+  desired_capacity          = 1
+  health_check_type         = "ELB"
+  health_check_grace_period = 300
+  vpc_zone_identifier       = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id]
+  protect_from_scale_in = true
+  lifecycle {
+    create_before_destroy = true
+  }
+}

terraform/iam.tf

@@ -0,0 +1,117 @@
+# ecs ec2 role
+resource "aws_iam_role" "ecs-ec2-role" {
+  name               = "ecs-ec2-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_instance_profile" "ecs-ec2-role" {
+  name = "ecs-ec2-role"
+  role = aws_iam_role.ecs-ec2-role.name
+}
+
+resource "aws_iam_role" "ecs-server-role" {
+  name = "ecs-server-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_role_policy" "ecs-ec2-role-policy" {
+name   = "ecs-ec2-role-policy"
+role   = aws_iam_role.ecs-ec2-role.id
+policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+              "ecs:CreateCluster",
+              "ecs:DeregisterContainerInstance",
+              "ecs:DiscoverPollEndpoint",
+              "ecs:Poll",
+              "ecs:RegisterContainerInstance",
+              "ecs:StartTelemetrySession",
+              "ecs:Submit*",
+              "ecs:StartTask",
+              "ecr:GetAuthorizationToken",
+              "ecr:BatchCheckLayerAvailability",
+              "ecr:GetDownloadUrlForLayer",
+              "ecr:BatchGetImage",
+              "logs:CreateLogStream",
+              "logs:PutLogEvents"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+            ],
+            "Resource": [
+                "arn:aws:logs:*:*:*"
+            ]
+        }
+    ]
+}
+EOF
+
+}
+
+# ecs service role
+resource "aws_iam_role" "ecs-service-role" {
+name = "ecs-service-role"
+assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ecs.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_policy_attachment" "ecs-service-attach" {
+  name       = "ecs-service-attach"
+  roles      = [aws_iam_role.ecs-service-role.name]
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
+}

terraform/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.AWS_REGION
+}

terraform/readme.md

@@ -0,0 +1,17 @@
+############################################################################################
+input steps:
+1. create a ECR repository and add the image url with tag under image section of container definiton file
+2. terraform init
+3. terraform plan
+4. terraform apply
+5. ECS ensure application availabiity all the time, you can define the desired, max and min count of Ec2 instance in asg.
+
+container-definition.json : define docker containers to run in the form task to be executed by the ecs service on ecs cluster.
+appication load balancer : to alow traffic to ecs service running task.
+task definition: required to run docker container in ECS.
+ecs service: to run and maintain particular no of task on ecs cluster.
+ecs cluster: grouping of task and service.
+
+Ec2 instance is running all the three containers. lb is connecting to nginx at port 80.
+facing issue with mounting volumes in container defintion.
+

terraform/variable.tf

@@ -0,0 +1,4 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+