-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Service 2: backend-fargate-svc (aws-samples#15)
Adding backend-fargate-svc.
- Loading branch information
1 parent
e8e0c0a
commit 9fcb061
Showing
14 changed files
with
1,120 additions
and
0 deletions.
There are no files selected for viewing
57 changes: 57 additions & 0 deletions
57
service-templates/backend-fargate-svc/dev-resources/proton.auto.tfvars.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
{ | ||
"service": { | ||
"name": "backend-fargate-svc", | ||
"inputs": { | ||
}, | ||
"repository_connection_arn": "REPLACE_ME", | ||
"repository_id": "REPLACE_ME", | ||
"branch_name": "REPLACE_ME" | ||
}, | ||
"service_instances": [ | ||
{ | ||
"name": "instance1", | ||
"inputs": { | ||
}, | ||
"outputs": { | ||
"LambdaRuntime": "nodejs12.x" | ||
}, | ||
"environment": { | ||
"account_id": "", | ||
"name": "", | ||
"outputs": {} | ||
} | ||
} | ||
], | ||
"pipeline": { | ||
"inputs": { | ||
"service_dir": "ecs-backend", | ||
"environment_account_ids": "", | ||
"unit_test_command": "echo 'add your unit test command here'", | ||
"dockerfile": "Dockerfile" | ||
} | ||
}, | ||
"environment": { | ||
"outputs": { | ||
"ServiceTaskDefExecutionRoleArn" : "REPLACE_ME", | ||
"CloudMapNamespaceId": "REPLACE_ME", | ||
"VpcId": "REPLACE_ME", | ||
"SnsTopicArn": "REPLACE_ME", | ||
"SnsTopicName": "REPLACE_ME", | ||
"ClusterName": "REPLACE_ME", | ||
"PrivateSubnetOneId": "REPLACE_ME", | ||
"PrivateSubnetTwoId": "REPLACE_ME", | ||
"PublicSubnetOneId": "REPLACE_ME", | ||
"PublicSubnetTwoId": "REPLACE_ME" | ||
} | ||
}, | ||
"service_instance": { | ||
"name": "instance1", | ||
"inputs": { | ||
"port": "80", | ||
"image": "public.ecr.aws/z9d2n7e1/nginx:1.21.0", | ||
"task_size": "x-small", | ||
"desired_count": "1", | ||
"subnet_type": "public" | ||
} | ||
} | ||
} |
47 changes: 47 additions & 0 deletions
47
service-templates/backend-fargate-svc/dev-resources/proton.variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
|
||
variable "service_instances" { | ||
type = list( | ||
object({ | ||
name = string | ||
inputs = map(string) | ||
outputs = map(string) | ||
environment = object({ | ||
account_id = string | ||
name = string | ||
outputs = map(string) | ||
}) | ||
}) | ||
) | ||
} | ||
|
||
variable "service_instance" { | ||
type = object({ | ||
name = string | ||
inputs = map(string) | ||
}) | ||
default = null | ||
} | ||
|
||
variable "service" { | ||
type = object({ | ||
name = string | ||
repository_id = string | ||
repository_connection_arn = string | ||
branch_name = string | ||
}) | ||
default = null | ||
} | ||
|
||
variable "environment" { | ||
type = object({ | ||
outputs = map(string) | ||
}) | ||
default = null | ||
} | ||
|
||
variable "pipeline" { | ||
type = object({ | ||
inputs = map(string) | ||
}) | ||
default = null | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
fargate-env:1 |
27 changes: 27 additions & 0 deletions
27
service-templates/backend-fargate-svc/v1/instance_infrastructure/config.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "~> 3.0" | ||
} | ||
} | ||
|
||
backend "s3" {} | ||
} | ||
|
||
# Configure the AWS Provider | ||
provider "aws" { | ||
region = var.aws_region | ||
alias = "default" | ||
|
||
default_tags { | ||
tags = { | ||
"proton:service" = var.service.name | ||
} | ||
} | ||
} | ||
|
||
variable "aws_region" { | ||
type = string | ||
default = "us-east-1" | ||
} |
16 changes: 16 additions & 0 deletions
16
service-templates/backend-fargate-svc/v1/instance_infrastructure/data.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
data "aws_region" "current" {} | ||
|
||
data "aws_caller_identity" "current" {} | ||
|
||
data "aws_partition" "current" {} | ||
|
||
data "aws_iam_policy_document" "sns_publish_policy_document" { | ||
statement { | ||
actions = [ | ||
"sns:Publish" | ||
] | ||
resources = [ | ||
var.environment.outputs.SnsTopicArn | ||
] | ||
} | ||
} |
170 changes: 170 additions & 0 deletions
170
service-templates/backend-fargate-svc/v1/instance_infrastructure/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,170 @@ | ||
resource "aws_iam_role" "service_task_def_role" { | ||
assume_role_policy = jsonencode({ | ||
"Version" : "2012-10-17", | ||
"Statement" : [ | ||
{ | ||
"Effect" : "Allow", | ||
"Principal" : { | ||
"Service" : "ecs-tasks.amazonaws.com" | ||
}, | ||
"Action" : "sts:AssumeRole" | ||
} | ||
] | ||
}) | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "ssn_publish_policy" { | ||
role = aws_iam_role.service_task_def_role.name | ||
policy_arn = aws_iam_policy.sns_publish_policy.arn | ||
} | ||
|
||
resource "aws_iam_policy" "sns_publish_policy" { | ||
policy = data.aws_iam_policy_document.sns_publish_policy_document.json | ||
} | ||
|
||
variable "task_sizes" { | ||
default = { | ||
x-small = { cpu = 256, memory = 512 } | ||
small = { cpu = 512, memory = 1024 } | ||
medium = { cpu = 1024, memory = 2048 } | ||
large = { cpu = 2048, memory = 4096 } | ||
x-large = { cpu = 4096, memory = 8192 } | ||
} | ||
} | ||
|
||
resource "aws_ecs_task_definition" "service_task_def" { | ||
container_definitions = jsonencode([ | ||
{ | ||
essential = true, | ||
image = var.service_instance.inputs.image, | ||
logConfiguration = { | ||
logDriver = "awslogs", | ||
options = { | ||
awslogs-group : aws_cloudwatch_log_group.service_log_group.name, | ||
awslogs-region : var.aws_region, | ||
awslogs-stream-prefix : "${var.service.name}/${var.service_instance.name}" | ||
} | ||
}, | ||
name = var.service_instance.name, | ||
portMappings = [ | ||
{ | ||
containerPort = tonumber(var.service_instance.inputs.port) | ||
protocol = "tcp" | ||
} | ||
], | ||
environment = [ | ||
{ name = "SNS_TOPIC_ARN", value = "{'ping':'${var.environment.outputs.SnsTopicArn}'}" }, | ||
{ name = "SNS_REGION", value = var.aws_region } | ||
], | ||
} | ||
]) | ||
cpu = lookup(var.task_sizes[var.service_instance.inputs.task_size], "cpu") | ||
execution_role_arn = var.environment.outputs.ServiceTaskDefExecutionRoleArn | ||
family = "${var.service.name}_${var.service_instance.name}" | ||
memory = lookup(var.task_sizes[var.service_instance.inputs.task_size], "memory") | ||
network_mode = "awsvpc" | ||
requires_compatibilities = ["FARGATE"] | ||
task_role_arn = aws_iam_role.service_task_def_role.arn | ||
} | ||
|
||
resource "aws_cloudwatch_log_group" "service_log_group" { | ||
} | ||
|
||
resource "aws_ecs_service" "service" { | ||
cluster = var.environment.outputs.ClusterName | ||
name = "${var.service.name}_${var.service_instance.name}" | ||
deployment_maximum_percent = 200 | ||
deployment_minimum_healthy_percent = 50 | ||
desired_count = var.service_instance.inputs.desired_count | ||
enable_ecs_managed_tags = false | ||
launch_type = "FARGATE" | ||
network_configuration { | ||
assign_public_ip = var.service_instance.inputs.subnet_type == "private" ? false : true | ||
security_groups = [aws_security_group.service_security_group.id] | ||
subnets = var.service_instance.inputs.subnet_type == "private" ? [ | ||
var.environment.outputs.PrivateSubnetOneId, var.environment.outputs.PrivateSubnetTwoId | ||
] : [ | ||
var.environment.outputs.PublicSubnetOneId, var.environment.outputs.PublicSubnetTwoId | ||
] | ||
} | ||
|
||
service_registries { | ||
registry_arn = aws_service_discovery_service.cloudmap_service.arn | ||
} | ||
task_definition = aws_ecs_task_definition.service_task_def.arn | ||
} | ||
|
||
resource "aws_service_discovery_service" "cloudmap_service" { | ||
dns_config { | ||
dns_records { | ||
ttl = 60 | ||
type = "A" | ||
} | ||
namespace_id = var.environment.outputs.CloudMapNamespaceId | ||
routing_policy = "MULTIVALUE" | ||
} | ||
health_check_custom_config { | ||
failure_threshold = 1 | ||
} | ||
name = "${var.service.name}.${var.service_instance.name}" | ||
namespace_id = var.environment.outputs.CloudMapNamespaceId | ||
} | ||
|
||
resource "aws_security_group" "service_security_group" { | ||
description = "Automatically created Security Group for the Service" | ||
|
||
ingress { | ||
cidr_blocks = ["0.0.0.0/0"] | ||
description = "Allow all inbound traffic by default" | ||
protocol = "-1" | ||
to_port = 0 | ||
from_port = 0 | ||
} | ||
|
||
egress { | ||
cidr_blocks = ["0.0.0.0/0"] | ||
description = "Allow all outbound traffic by default" | ||
protocol = "-1" | ||
to_port = 0 | ||
from_port = 0 | ||
} | ||
vpc_id = var.environment.outputs.VpcId | ||
} | ||
|
||
resource "aws_appautoscaling_target" "service_task_count_target" { | ||
depends_on = [aws_ecs_service.service] | ||
max_capacity = 10 | ||
min_capacity = 1 | ||
resource_id = "service/${var.environment.outputs.ClusterName}/${aws_ecs_service.service.name}" | ||
role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" | ||
scalable_dimension = "ecs:service:DesiredCount" | ||
service_namespace = "ecs" | ||
} | ||
|
||
resource "aws_appautoscaling_policy" "service_task_count_target_cpu_scaling" { | ||
name = "${aws_ecs_service.service.name}_BackendFargateServiceTaskCountTargetCpuScaling" | ||
policy_type = "TargetTrackingScaling" | ||
resource_id = aws_appautoscaling_target.service_task_count_target.resource_id | ||
scalable_dimension = aws_appautoscaling_target.service_task_count_target.scalable_dimension | ||
service_namespace = aws_appautoscaling_target.service_task_count_target.service_namespace | ||
target_tracking_scaling_policy_configuration { | ||
target_value = 50 | ||
predefined_metric_specification { | ||
predefined_metric_type = "ECSServiceAverageCPUUtilization" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_appautoscaling_policy" "service_task_count_target_memory_scaling" { | ||
name = "${aws_ecs_service.service.name}_BackendFargateServiceTaskCountTargetMemoryScaling" | ||
policy_type = "TargetTrackingScaling" | ||
resource_id = aws_appautoscaling_target.service_task_count_target.resource_id | ||
scalable_dimension = aws_appautoscaling_target.service_task_count_target.scalable_dimension | ||
service_namespace = aws_appautoscaling_target.service_task_count_target.service_namespace | ||
target_tracking_scaling_policy_configuration { | ||
target_value = 50 | ||
predefined_metric_specification { | ||
predefined_metric_type = "ECSServiceAverageMemoryUtilization" | ||
} | ||
} | ||
} |
5 changes: 5 additions & 0 deletions
5
service-templates/backend-fargate-svc/v1/instance_infrastructure/manifest.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
infrastructure: | ||
templates: | ||
- file: "*" | ||
rendering_engine: hcl | ||
template_language: terraform |
27 changes: 27 additions & 0 deletions
27
service-templates/backend-fargate-svc/v1/pipeline_infrastructure/config.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "~> 3.0" | ||
} | ||
} | ||
|
||
backend "s3" {} | ||
} | ||
|
||
# Configure the AWS Provider | ||
provider "aws" { | ||
region = var.aws_region | ||
alias = "default" | ||
|
||
default_tags { | ||
tags = { | ||
"proton:pipeline" = var.service.name | ||
} | ||
} | ||
} | ||
|
||
variable "aws_region" { | ||
type = string | ||
default = "us-east-1" | ||
} |
Oops, something went wrong.