jdb/to.cler.be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate off of ECS onto sobeck. Migrate to OpenTofu.

Browse Source
This commit is contained in:
Jonathan Bernard
2024-08-02 22:46:08 -05:00
parent e50d39fb8e
commit 9034cfe83b
8 changed files with 58 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
operations/terraform/ecs.tf
View File

@ -1,84 +0,0 @@
resource "aws_secretsmanager_secret" "toclerbe" {
name = "${var.app_name}-config"
}
resource "aws_efs_mount_target" "ortis" {
file_system_id = data.terraform_remote_state.jdbsoft.outputs.sobeck-efs.id
subnet_id = data.terraform_remote_state.jdbsoft.outputs.aws_subnet_private2.id
security_groups = [ data.terraform_remote_state.jdbsoft.outputs.aws_security_group_private_traffic.id ]
}
resource "aws_ecs_task_definition" "toclerbe" {
family = var.app_name
network_mode = "bridge"
requires_compatibilities = ["EC2"]
execution_role_arn = aws_iam_role.ecs_task.arn
# See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
container_definitions = jsonencode([
{
name = var.app_name
image = "${aws_ecr_repository.toclerbe.repository_url}:${data.external.git_describe.result.version}"
cpu = 128
memory = 128
memoryReservation = 32
environment = [
{
name = "TOCLERBE_PORT"
value = "80"
}
]
mountPoints = [
{
containerPath = "/data"
sourceVolume = "efs-toclerbe-data"
}
]
portMappings = [
{
protocol = "tcp"
containerPort = 80
}
]
secrets = [
{
name = "TOCLERBE_API_KEYS"
description = "API keys allowed to configure the service.."
valueFrom = "${aws_secretsmanager_secret.toclerbe.arn}:apiKeys::"
}
]
}
])
volume {
name = "efs-toclerbe-data"
efs_volume_configuration {
file_system_id = data.terraform_remote_state.jdbsoft.outputs.sobeck-efs.id
root_directory = "/toclerbe/data"
}
}
tags = {
Name = var.app_domain
}
}
resource "aws_ecs_service" "toclerbe" {
name = var.app_name
cluster = data.terraform_remote_state.jdbsoft.outputs.aws_ecs_cluster_ortis.id
task_definition = aws_ecs_task_definition.toclerbe.arn
desired_count = 1
launch_type = "EC2"
load_balancer {
target_group_arn = aws_lb_target_group.toclerbe.arn
container_name = var.app_name
container_port = 80
}
tags = {
Name = var.app_domain
}
}

68
operations/terraform/iam.tf
View File

@ -1,68 +0,0 @@
resource "aws_iam_role" "ecs_task" {
name = "${var.app_name}-EcsTaskRole"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
}
]
})
inline_policy {
name = "AllowSecretsAccessFor${var.app_name}Tasks"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"secretsmanager:GetSecretValue",
"kms:Decrypt"
]
Resource = [
aws_secretsmanager_secret.toclerbe.arn
]
}
]
})
}
inline_policy {
name = "AllowAccessToEcrFor${var.app_name}Tasks"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ecr:GetAuthorizationToken"
]
Resource = [ "*" ]
},
{
Effect = "Allow"
Action = [
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:DescribeImages",
"ecr:GetDownloadUrlForLayer"
]
Resource = [
aws_ecr_repository.toclerbe.arn
]
}
]
})
}
tags = {
Name = "${var.app_name}-EcsTaskRole"
}
}

6
operations/terraform/load-balancer.tf
View File

@ -44,3 +44,9 @@ resource "aws_lb_listener_certificate" "toclerbe" {
listener_arn = data.terraform_remote_state.jdbsoft.outputs.aws_lb_listener_https.arn
certificate_arn = aws_acm_certificate.clerbe.arn
}
resource "aws_lb_target_group_attachment" "toclerbe" {
target_group_arn = aws_lb_target_group.toclerbe.arn
target_id = data.terraform_remote_state.jdbsoft.outputs.sobeck-instance-id
port = 6001
}