-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdemo-application.tf
102 lines (83 loc) · 4.03 KB
/
demo-application.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
locals {
demo_settings = {
container_name = "${var.environment}-tutorial-python"
task_cpu = 512
task_memory = 1024
container_cpu = 512
container_memory = 512
container_port = 5000
load_balancer_port = 443
}
demo_definition = templatefile(("${path.module}/templates/demo_application_task_def.tpl"), {
name = local.demo_settings.container_name
cpu = local.demo_settings.container_cpu
memory = local.demo_settings.container_memory
port = local.demo_settings.container_port
log_group = var.deploy_demo_app ? aws_cloudwatch_log_group.demo[0].name : ""
log_stream = var.deploy_demo_app ? aws_cloudwatch_log_stream.demo_log_stream[0].name : ""
aws_region = local.region
controller_host = var.deploy_alb ? var.datastore_acm_certificate_arn != "" && var.controller_acm_certificate_arn == "" || var.internal_controller_alb ? "ws://${aws_alb.controller[0].dns_name}" : var.domain_name == "" ? "wss://${var.demo_app_controller_host}" : "wss://${aws_route53_record.controller[0].fqdn}" : var.demo_app_controller_host
controller_port = var.datastore_acm_certificate_arn != "" && var.controller_acm_certificate_arn == "" || var.internal_controller_alb ? 80 : 443
remote_origin = "https://github.com/Rookout/tutorial-python.git"
commit = "HEAD"
rookout_token = var.rookout_token
additional_env_vars = var.additional_demo_app_env_vars
})
}
resource "aws_ecs_task_definition" "demo" {
count = var.deploy_demo_app ? 1 : 0
family = "${local.demo_settings.container_name}-${var.environment}"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = local.demo_settings.task_cpu
memory = local.demo_settings.task_memory
execution_role_arn = var.custom_iam_task_exec_role_arn == "" ? aws_iam_role.task_exec_role[0].arn : var.custom_iam_task_exec_role_arn
task_role_arn = var.custom_iam_task_exec_role_arn == "" ? aws_iam_role.task_exec_role[0].arn : var.custom_iam_task_exec_role_arn
container_definitions = local.demo_definition
}
resource "aws_ecs_service" "demo" {
count = var.deploy_demo_app ? 1 : 0
name = local.demo_settings.container_name
cluster = var.create_cluster ? aws_ecs_cluster.rookout[0].id : data.aws_ecs_cluster.provided[0].id
task_definition = aws_ecs_task_definition.demo[0].arn
desired_count = 1
launch_type = "FARGATE"
network_configuration {
security_groups = [aws_security_group.allow_demo[0].id]
subnets = var.create_vpc ? module.vpc[0].private_subnets : var.vpc_private_subnets
}
dynamic "load_balancer" {
for_each = var.deploy_alb || length(var.demo_app_target_group_arn) > 0 ? [1] : [0]
content {
target_group_arn = var.deploy_alb ? aws_lb_target_group.demo[0].arn : var.demo_app_target_group_arn
container_name = local.demo_settings.container_name
container_port = local.demo_settings.container_port
}
}
}
resource "aws_cloudwatch_log_stream" "demo_log_stream" {
count = var.deploy_demo_app ? 1 : 0
name = "${var.environment}-demo"
log_group_name = aws_cloudwatch_log_group.demo[0].name
}
resource "aws_security_group" "allow_demo" {
count = var.deploy_demo_app ? 1 : 0
name = local.demo_settings.container_name
description = "Allow inbound/outbound traffic for Rookout demo application"
vpc_id = var.create_vpc ? module.vpc[0].vpc_id : var.vpc_id
ingress {
description = "Inbound from IGW to demo application"
from_port = local.demo_settings.container_port
to_port = local.demo_settings.container_port
protocol = "tcp"
cidr_blocks = var.demo_app_sg_igress_cidr_blocks
}
egress {
description = "Outbound all"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}