-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from oozou/feat/add-cp
DTPK-208 feat: add capacity provider to cluster
- Loading branch information
Showing
14 changed files
with
372 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
resource "aws_ecs_capacity_provider" "this" { | ||
count = local.is_create_capacity_provider ? 1 : 0 | ||
name = format("%s-cp", local.cluster_name) | ||
|
||
auto_scaling_group_provider { | ||
auto_scaling_group_arn = var.capacity_provider_asg_config.asg_arn | ||
|
||
managed_scaling { | ||
target_capacity = try(var.capacity_provider_asg_config.target_capacity, "100") | ||
maximum_scaling_step_size = try(var.capacity_provider_asg_config.maximum_scaling_step_size, "1") | ||
minimum_scaling_step_size = try(var.capacity_provider_asg_config.minimum_scaling_step_size, "1") | ||
status = "ENABLED" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_ecs_cluster_capacity_providers" "this" { | ||
count = local.is_create_capacity_provider ? 1 : 0 | ||
cluster_name = aws_ecs_cluster.this.name | ||
capacity_providers = [aws_ecs_capacity_provider.this[0].name] | ||
|
||
default_capacity_provider_strategy { | ||
base = 0 | ||
weight = 100 | ||
capacity_provider = aws_ecs_capacity_provider.this[0].name | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_fargate_cluster"></a> [fargate\_cluster](#module\_fargate\_cluster) | ../.. | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_alb_certificate_arn"></a> [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | ARN of ssl in the ACM | `string` | n/a | yes | | ||
| <a name="input_generics_info"></a> [generics\_info](#input\_generics\_info) | Generic infomation | <pre>object({<br> region = string<br> prefix = string<br> environment = string<br> name = string<br> custom_tags = map(any)<br> })</pre> | n/a | yes | | ||
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes | | ||
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to deploy | `string` | n/a | yes | | ||
| <a name="input_allow_access_from_principals"></a> [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
module "fargate_cluster" { | ||
|
||
source = "../.." | ||
|
||
# Generics | ||
prefix = var.generics_info.prefix | ||
environment = var.generics_info.environment | ||
name = var.generics_info.name | ||
|
||
# IAM Role | ||
## If is_create_role is false, all of folowing argument is ignored | ||
is_create_role = true | ||
allow_access_from_principals = var.allow_access_from_principals | ||
additional_managed_policy_arns = [] | ||
|
||
# VPC Information | ||
vpc_id = var.vpc_id | ||
|
||
additional_security_group_ingress_rules = {} | ||
|
||
# ALB | ||
is_create_alb = true | ||
is_public_alb = true | ||
enable_deletion_protection = false | ||
alb_listener_port = 443 | ||
alb_certificate_arn = var.alb_certificate_arn | ||
public_subnet_ids = var.subnet_ids # If is_public_alb is true, public_subnet_ids is required | ||
|
||
capacity_provider_asg_config = { | ||
asg_arn = module.auto_scaling_group.autoscaling_group_arn | ||
target_capacity = 100 | ||
maximum_scaling_step_size = 1000 | ||
minimum_scaling_step_size = 1 | ||
} | ||
|
||
# ALB's DNS Record | ||
is_create_alb_dns_record = false | ||
|
||
tags = var.generics_info.custom_tags | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
generics_info = { | ||
region = "ap-southeast-1", | ||
prefix = "customer", | ||
environment = "dev", | ||
name = "pass", | ||
custom_tags = { | ||
"Workspace" = "901-customer-sandbox-terraform" | ||
} | ||
} | ||
|
||
vpc_id = "vpc-xxxxxxx" | ||
subnet_ids = ["subnet-xxxxxxxxx","subnet-xxxxxx"] | ||
alb_certificate_arn = "arn:aws:acm:ap-southeast-1:xxxxxxx:certificate/xxxxx-88e0-4a7b-8f7e-xxxxxxx" | ||
allow_access_from_principals = ["arn:aws:iam::xxxxxxxx:root"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
variable "generics_info" { | ||
description = "Generic infomation" | ||
type = object({ | ||
region = string | ||
prefix = string | ||
environment = string | ||
name = string | ||
custom_tags = map(any) | ||
}) | ||
} | ||
|
||
variable "vpc_id" { | ||
type = string | ||
description = "VPC ID to deploy" | ||
} | ||
|
||
variable "subnet_ids" { | ||
description = "A list of subnet IDs to launch resources in" | ||
type = list(string) | ||
} | ||
|
||
variable "alb_certificate_arn" { | ||
type = string | ||
description = "ARN of ssl in the ACM" | ||
} | ||
|
||
variable "allow_access_from_principals" { | ||
description = "A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster" | ||
type = list(string) | ||
default = [] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_fargate_cluster"></a> [fargate\_cluster](#module\_fargate\_cluster) | ../.. | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_alb_certificate_arn"></a> [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | ARN of ssl in the ACM | `string` | n/a | yes | | ||
| <a name="input_generics_info"></a> [generics\_info](#input\_generics\_info) | Generic infomation | <pre>object({<br> region = string<br> prefix = string<br> environment = string<br> name = string<br> custom_tags = map(any)<br> })</pre> | n/a | yes | | ||
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes | | ||
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to deploy | `string` | n/a | yes | | ||
| <a name="input_allow_access_from_principals"></a> [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
module "fargate_cluster" { | ||
|
||
source = "../.." | ||
|
||
# Generics | ||
prefix = var.generics_info.prefix | ||
environment = var.generics_info.environment | ||
name = var.generics_info.name | ||
|
||
# IAM Role | ||
## If is_create_role is false, all of folowing argument is ignored | ||
is_create_role = true | ||
allow_access_from_principals = var.allow_access_from_principals | ||
additional_managed_policy_arns = [] | ||
|
||
# VPC Information | ||
vpc_id = var.vpc_id | ||
|
||
additional_security_group_ingress_rules = {} | ||
|
||
# ALB | ||
is_create_alb = true | ||
is_public_alb = true | ||
enable_deletion_protection = false | ||
alb_listener_port = 443 | ||
alb_certificate_arn = var.alb_certificate_arn | ||
public_subnet_ids = var.subnet_ids # If is_public_alb is true, public_subnet_ids is required | ||
|
||
# ALB's DNS Record | ||
is_create_alb_dns_record = false | ||
|
||
tags = var.generics_info.custom_tags | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
generics_info = { | ||
region = "ap-southeast-1", | ||
prefix = "customer", | ||
environment = "dev", | ||
name = "pass", | ||
custom_tags = { | ||
"Workspace" = "901-customer-sandbox-terraform" | ||
} | ||
} | ||
|
||
vpc_id = "vpc-xxxxxxx" | ||
subnet_ids = ["subnet-xxxxxxxxx","subnet-xxxxxx"] | ||
alb_certificate_arn = "arn:aws:acm:ap-southeast-1:xxxxxxx:certificate/xxxxx-88e0-4a7b-8f7e-xxxxxxx" | ||
allow_access_from_principals = ["arn:aws:iam::xxxxxxxx:root"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
variable "generics_info" { | ||
description = "Generic infomation" | ||
type = object({ | ||
region = string | ||
prefix = string | ||
environment = string | ||
name = string | ||
custom_tags = map(any) | ||
}) | ||
} | ||
|
||
variable "vpc_id" { | ||
type = string | ||
description = "VPC ID to deploy" | ||
} | ||
|
||
variable "subnet_ids" { | ||
description = "A list of subnet IDs to launch resources in" | ||
type = list(string) | ||
} | ||
|
||
variable "alb_certificate_arn" { | ||
type = string | ||
description = "ARN of ssl in the ACM" | ||
} | ||
|
||
variable "allow_access_from_principals" { | ||
description = "A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster" | ||
type = list(string) | ||
default = [] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* -------------------------------------------------------------------------- */ | ||
/* Generics */ | ||
/* -------------------------------------------------------------------------- */ | ||
locals { | ||
cluster_name = "${var.prefix}-${var.environment}-${var.name}" | ||
|
||
ecs_task_security_group_id = var.is_create_ecs_task_security_group ? aws_security_group.ecs_tasks[0].id : var.ecs_task_security_group_id | ||
alb_aws_security_group_id = var.is_create_alb_security_group ? aws_security_group.alb[0].id : var.alb_aws_security_group_id | ||
|
||
is_create_capacity_provider = var.capacity_provider_asg_config == null ? false : true | ||
|
||
tags = merge( | ||
{ | ||
"Environment" = var.environment, | ||
"Terraform" = "true" | ||
}, | ||
var.tags | ||
) | ||
} | ||
/* ----------------------------- Raise Condition ---------------------------- */ | ||
locals { | ||
raise_is_create_both_sg_group = var.is_create_ecs_task_security_group != var.is_create_alb_security_group ? file("is_create_ecs_task_security_group and is_create_alb_security_group must equal") : "pass" | ||
raise_is_ecs_security_group_empty = var.is_create_ecs_task_security_group == false && length(var.ecs_task_security_group_id) == 0 ? file("Variable `ecs_task_security_group_id` is required when `is_create_ecs_task_security_group` is false") : "pass" | ||
raise_is_alb_security_group_empty = var.is_create_alb_security_group == false && length(var.alb_aws_security_group_id) == 0 ? file("Variable `alb_aws_security_group_id` is required when `is_create_alb_security_group` is false") : "pass" | ||
raise_is_public_subnet_ids_empty = var.is_public_alb && length(var.public_subnet_ids) == 0 ? file("Variable `public_subnet_ids` is required when `is_public_alb` is true") : "pass" | ||
raise_is_private_subnet_ids_empty = !var.is_public_alb && length(var.private_subnet_ids) == 0 ? file("Variable `private_subnet_ids` is required when `is_public_alb` is false") : "pass" | ||
raise_is_http_security = var.is_ignore_unsecured_connection == false && var.alb_listener_port == 80 ? file("This will expose the alb as public on port http 80") : "pass" | ||
raise_is_alb_certificate_arn_empty = var.is_create_alb && var.alb_listener_port == 443 && length(var.alb_certificate_arn) == 0 ? file("Variable `alb_certificate_arn` is required when `is_create_alb` is true and `alb_listener_port` == 443") : "pass" | ||
raise_is_principle_empty = var.is_create_role && length(var.allow_access_from_principals) == 0 ? file("Variable `allow_access_from_principals` is required when `is_create_role` is true") : "pass" | ||
raise_is_hoste_zone_empty = var.is_create_alb && var.is_create_alb_dns_record && length(var.route53_hosted_zone_name) == 0 ? file("`route53_hosted_zone_name` is required to create alb alias record") : "pass" | ||
raise_is_alb_domain_name_empty = var.is_create_alb && var.is_create_alb_dns_record && length(var.fully_qualified_domain_name) == 0 ? file("`fully_qualified_domain_name` is required to create alb alias record") : "pass" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters