Merge pull request #9 from oozou/feat/add-cp

DTPK-208 feat: add capacity provider to cluster
oozou · Aug 3, 2022 · eb5ce71 · eb5ce71
2 parents 079cb42 + 0ce1053
commit eb5ce71
Show file tree

Hide file tree

Showing 14 changed files with 372 additions and 142 deletions.
diff --git a/README.md b/README.md
diff --git a/capacity_provider.tf b/capacity_provider.tf
@@ -0,0 +1,27 @@
+resource "aws_ecs_capacity_provider" "this" {
+  count = local.is_create_capacity_provider ? 1 : 0
+  name  = format("%s-cp", local.cluster_name)
+
+  auto_scaling_group_provider {
+    auto_scaling_group_arn = var.capacity_provider_asg_config.asg_arn
+
+    managed_scaling {
+      target_capacity           = try(var.capacity_provider_asg_config.target_capacity, "100")
+      maximum_scaling_step_size = try(var.capacity_provider_asg_config.maximum_scaling_step_size, "1")
+      minimum_scaling_step_size = try(var.capacity_provider_asg_config.minimum_scaling_step_size, "1")
+      status                    = "ENABLED"
+    }
+  }
+}
+
+resource "aws_ecs_cluster_capacity_providers" "this" {
+  count              = local.is_create_capacity_provider ? 1 : 0
+  cluster_name       = aws_ecs_cluster.this.name
+  capacity_providers = [aws_ecs_capacity_provider.this[0].name]
+
+  default_capacity_provider_strategy {
+    base              = 0
+    weight            = 100
+    capacity_provider = aws_ecs_capacity_provider.this[0].name
+  }
+}
diff --git a/examples/cluster_ec2_asg/README.md b/examples/cluster_ec2_asg/README.md
@@ -0,0 +1,33 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_fargate_cluster"></a> [fargate\_cluster](#module\_fargate\_cluster) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alb_certificate_arn"></a> [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | ARN of ssl in the ACM | `string` | n/a | yes |
+| <a name="input_generics_info"></a> [generics\_info](#input\_generics\_info) | Generic infomation | <pre>object({<br>    region      = string<br>    prefix      = string<br>    environment = string<br>    name        = string<br>    custom_tags = map(any)<br>  })</pre> | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to deploy | `string` | n/a | yes |
+| <a name="input_allow_access_from_principals"></a> [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/examples/cluster_ec2_asg/main.tf b/examples/cluster_ec2_asg/main.tf
@@ -0,0 +1,40 @@
+module "fargate_cluster" {
+
+  source = "../.."
+
+  # Generics
+  prefix      = var.generics_info.prefix
+  environment = var.generics_info.environment
+  name        = var.generics_info.name
+
+  # IAM Role
+  ## If is_create_role is false, all of folowing argument is ignored
+  is_create_role                 = true
+  allow_access_from_principals   = var.allow_access_from_principals
+  additional_managed_policy_arns = []
+
+  # VPC Information
+  vpc_id = var.vpc_id
+
+  additional_security_group_ingress_rules = {}
+
+  # ALB
+  is_create_alb              = true
+  is_public_alb              = true
+  enable_deletion_protection = false
+  alb_listener_port          = 443
+  alb_certificate_arn        = var.alb_certificate_arn
+  public_subnet_ids          = var.subnet_ids # If is_public_alb is true, public_subnet_ids is required
+
+  capacity_provider_asg_config = {
+    asg_arn                   = module.auto_scaling_group.autoscaling_group_arn
+    target_capacity           = 100
+    maximum_scaling_step_size = 1000
+    minimum_scaling_step_size = 1
+  }
+
+  # ALB's DNS Record
+  is_create_alb_dns_record = false
+
+  tags = var.generics_info.custom_tags
+}
diff --git a/examples/cluster_ec2_asg/variables.example b/examples/cluster_ec2_asg/variables.example
@@ -0,0 +1,14 @@
+generics_info = {
+  region      = "ap-southeast-1",
+  prefix      = "customer",
+  environment = "dev",
+  name        = "pass",
+  custom_tags = {
+    "Workspace" = "901-customer-sandbox-terraform"
+  }
+}
+
+vpc_id = "vpc-xxxxxxx"
+subnet_ids = ["subnet-xxxxxxxxx","subnet-xxxxxx"]
+alb_certificate_arn = "arn:aws:acm:ap-southeast-1:xxxxxxx:certificate/xxxxx-88e0-4a7b-8f7e-xxxxxxx"
+allow_access_from_principals = ["arn:aws:iam::xxxxxxxx:root"]
diff --git a/examples/cluster_ec2_asg/variables.tf b/examples/cluster_ec2_asg/variables.tf
@@ -0,0 +1,31 @@
+variable "generics_info" {
+  description = "Generic infomation"
+  type = object({
+    region      = string
+    prefix      = string
+    environment = string
+    name        = string
+    custom_tags = map(any)
+  })
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC ID to deploy"
+}
+
+variable "subnet_ids" {
+  description = "A list of subnet IDs to launch resources in"
+  type        = list(string)
+}
+
+variable "alb_certificate_arn" {
+  type        = string
+  description = "ARN of ssl in the ACM"
+}
+
+variable "allow_access_from_principals" {
+  description = "A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster"
+  type        = list(string)
+  default     = []
+}
diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -0,0 +1,33 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_fargate_cluster"></a> [fargate\_cluster](#module\_fargate\_cluster) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_alb_certificate_arn"></a> [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | ARN of ssl in the ACM | `string` | n/a | yes |
+| <a name="input_generics_info"></a> [generics\_info](#input\_generics\_info) | Generic infomation | <pre>object({<br>    region      = string<br>    prefix      = string<br>    environment = string<br>    name        = string<br>    custom_tags = map(any)<br>  })</pre> | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in | `list(string)` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to deploy | `string` | n/a | yes |
+| <a name="input_allow_access_from_principals"></a> [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -0,0 +1,33 @@
+module "fargate_cluster" {
+
+  source = "../.."
+
+  # Generics
+  prefix      = var.generics_info.prefix
+  environment = var.generics_info.environment
+  name        = var.generics_info.name
+
+  # IAM Role
+  ## If is_create_role is false, all of folowing argument is ignored
+  is_create_role                 = true
+  allow_access_from_principals   = var.allow_access_from_principals
+  additional_managed_policy_arns = []
+
+  # VPC Information
+  vpc_id = var.vpc_id
+
+  additional_security_group_ingress_rules = {}
+
+  # ALB
+  is_create_alb              = true
+  is_public_alb              = true
+  enable_deletion_protection = false
+  alb_listener_port          = 443
+  alb_certificate_arn        = var.alb_certificate_arn
+  public_subnet_ids          = var.subnet_ids # If is_public_alb is true, public_subnet_ids is required
+
+  # ALB's DNS Record
+  is_create_alb_dns_record = false
+
+  tags = var.generics_info.custom_tags
+}
diff --git a/examples/simple/variables.example b/examples/simple/variables.example
@@ -0,0 +1,14 @@
+generics_info = {
+  region      = "ap-southeast-1",
+  prefix      = "customer",
+  environment = "dev",
+  name        = "pass",
+  custom_tags = {
+    "Workspace" = "901-customer-sandbox-terraform"
+  }
+}
+
+vpc_id = "vpc-xxxxxxx"
+subnet_ids = ["subnet-xxxxxxxxx","subnet-xxxxxx"]
+alb_certificate_arn = "arn:aws:acm:ap-southeast-1:xxxxxxx:certificate/xxxxx-88e0-4a7b-8f7e-xxxxxxx"
+allow_access_from_principals = ["arn:aws:iam::xxxxxxxx:root"]
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -0,0 +1,31 @@
+variable "generics_info" {
+  description = "Generic infomation"
+  type = object({
+    region      = string
+    prefix      = string
+    environment = string
+    name        = string
+    custom_tags = map(any)
+  })
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC ID to deploy"
+}
+
+variable "subnet_ids" {
+  description = "A list of subnet IDs to launch resources in"
+  type        = list(string)
+}
+
+variable "alb_certificate_arn" {
+  type        = string
+  description = "ARN of ssl in the ACM"
+}
+
+variable "allow_access_from_principals" {
+  description = "A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster"
+  type        = list(string)
+  default     = []
+}
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,32 @@
+/* -------------------------------------------------------------------------- */
+/*                                  Generics                                  */
+/* -------------------------------------------------------------------------- */
+locals {
+  cluster_name = "${var.prefix}-${var.environment}-${var.name}"
+
+  ecs_task_security_group_id = var.is_create_ecs_task_security_group ? aws_security_group.ecs_tasks[0].id : var.ecs_task_security_group_id
+  alb_aws_security_group_id  = var.is_create_alb_security_group ? aws_security_group.alb[0].id : var.alb_aws_security_group_id
+
+  is_create_capacity_provider = var.capacity_provider_asg_config == null ? false : true
+
+  tags = merge(
+    {
+      "Environment" = var.environment,
+      "Terraform"   = "true"
+    },
+    var.tags
+  )
+}
+/* ----------------------------- Raise Condition ---------------------------- */
+locals {
+  raise_is_create_both_sg_group      = var.is_create_ecs_task_security_group != var.is_create_alb_security_group ? file("is_create_ecs_task_security_group and is_create_alb_security_group must equal") : "pass"
+  raise_is_ecs_security_group_empty  = var.is_create_ecs_task_security_group == false && length(var.ecs_task_security_group_id) == 0 ? file("Variable `ecs_task_security_group_id` is required when `is_create_ecs_task_security_group` is false") : "pass"
+  raise_is_alb_security_group_empty  = var.is_create_alb_security_group == false && length(var.alb_aws_security_group_id) == 0 ? file("Variable `alb_aws_security_group_id` is required when `is_create_alb_security_group` is false") : "pass"
+  raise_is_public_subnet_ids_empty   = var.is_public_alb && length(var.public_subnet_ids) == 0 ? file("Variable `public_subnet_ids` is required when `is_public_alb` is true") : "pass"
+  raise_is_private_subnet_ids_empty  = !var.is_public_alb && length(var.private_subnet_ids) == 0 ? file("Variable `private_subnet_ids` is required when `is_public_alb` is false") : "pass"
+  raise_is_http_security             = var.is_ignore_unsecured_connection == false && var.alb_listener_port == 80 ? file("This will expose the alb as public on port http 80") : "pass"
+  raise_is_alb_certificate_arn_empty = var.is_create_alb && var.alb_listener_port == 443 && length(var.alb_certificate_arn) == 0 ? file("Variable `alb_certificate_arn` is required when `is_create_alb` is true and `alb_listener_port` == 443") : "pass"
+  raise_is_principle_empty           = var.is_create_role && length(var.allow_access_from_principals) == 0 ? file("Variable `allow_access_from_principals` is required when `is_create_role` is true") : "pass"
+  raise_is_hoste_zone_empty          = var.is_create_alb && var.is_create_alb_dns_record && length(var.route53_hosted_zone_name) == 0 ? file("`route53_hosted_zone_name` is required to create alb alias record") : "pass"
+  raise_is_alb_domain_name_empty     = var.is_create_alb && var.is_create_alb_dns_record && length(var.fully_qualified_domain_name) == 0 ? file("`fully_qualified_domain_name` is required to create alb alias record") : "pass"
+}
diff --git a/main.tf b/main.tf
@@ -1,34 +1,3 @@
-/* -------------------------------------------------------------------------- */
-/*                                  Generics                                  */
-/* -------------------------------------------------------------------------- */
-locals {
-  cluster_name = "${var.prefix}-${var.environment}-${var.name}"
-
-  ecs_task_security_group_id = var.is_create_ecs_task_security_group ? aws_security_group.ecs_tasks[0].id : var.ecs_task_security_group_id
-  alb_aws_security_group_id  = var.is_create_alb_security_group ? aws_security_group.alb[0].id : var.alb_aws_security_group_id
-
-  tags = merge(
-    {
-      "Environment" = var.environment,
-      "Terraform"   = "true"
-    },
-    var.tags
-  )
-}
-/* ----------------------------- Raise Condition ---------------------------- */
-locals {
-  raise_is_create_both_sg_group      = var.is_create_ecs_task_security_group != var.is_create_alb_security_group ? file("is_create_ecs_task_security_group and is_create_alb_security_group must equal") : "pass"
-  raise_is_ecs_security_group_empty  = var.is_create_ecs_task_security_group == false && length(var.ecs_task_security_group_id) == 0 ? file("Variable `ecs_task_security_group_id` is required when `is_create_ecs_task_security_group` is false") : "pass"
-  raise_is_alb_security_group_empty  = var.is_create_alb_security_group == false && length(var.alb_aws_security_group_id) == 0 ? file("Variable `alb_aws_security_group_id` is required when `is_create_alb_security_group` is false") : "pass"
-  raise_is_public_subnet_ids_empty   = var.is_public_alb && length(var.public_subnet_ids) == 0 ? file("Variable `public_subnet_ids` is required when `is_public_alb` is true") : "pass"
-  raise_is_private_subnet_ids_empty  = !var.is_public_alb && length(var.private_subnet_ids) == 0 ? file("Variable `private_subnet_ids` is required when `is_public_alb` is false") : "pass"
-  raise_is_http_security             = var.is_ignore_unsecured_connection == false && var.alb_listener_port == 80 ? file("This will expose the alb as public on port http 80") : "pass"
-  raise_is_alb_certificate_arn_empty = var.is_create_alb && var.alb_listener_port == 443 && length(var.alb_certificate_arn) == 0 ? file("Variable `alb_certificate_arn` is required when `is_create_alb` is true and `alb_listener_port` == 443") : "pass"
-  raise_is_principle_empty           = var.is_create_role && length(var.allow_access_from_principals) == 0 ? file("Variable `allow_access_from_principals` is required when `is_create_role` is true") : "pass"
-  raise_is_hoste_zone_empty          = var.is_create_alb && var.is_create_alb_dns_record && length(var.route53_hosted_zone_name) == 0 ? file("`route53_hosted_zone_name` is required to create alb alias record") : "pass"
-  raise_is_alb_domain_name_empty     = var.is_create_alb && var.is_create_alb_dns_record && length(var.fully_qualified_domain_name) == 0 ? file("`fully_qualified_domain_name` is required to create alb alias record") : "pass"
-}
-
 /* -------------------------------------------------------------------------- */
 /*                                 ECS Cluster                                */
 /* -------------------------------------------------------------------------- */

diff --git a/outputs.tf b/outputs.tf
@@ -49,3 +49,9 @@ output "service_discovery_namespace" {
   description = "The ID of a namespace."
   value       = aws_service_discovery_private_dns_namespace.internal.id
 }
+
+/* ----------------------------------- CP ---------------------------------- */
+output "capacity_provider_name" {
+  description = "Name of capacity provider."
+  value       = try(aws_ecs_capacity_provider.this[0].name, "")
+}
diff --git a/variables.tf b/variables.tf
@@ -165,3 +165,12 @@ variable "additional_managed_policy_arns" {
   type        = list(string)
   default     = []
 }
+
+/* -------------------------------------------------------------------------- */
+/*                                 Capacity Provider                          */
+/* -------------------------------------------------------------------------- */
+variable "capacity_provider_asg_config" {
+  description = "Auto scaling group arn for capacity provider EC2"
+  type        = map(any)
+  default     = null
+}