diff options
| author | Paul Buetow <paul@buetow.org> | 2023-12-17 16:15:59 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2023-12-17 16:15:59 +0200 |
| commit | 39ab5ff2cc75d3e2972949ecc554a2b207a1cf29 (patch) | |
| tree | 49c768eed1d552ca7e5f47a2019cc54eab38237d | |
| parent | 712c77dc31fbc7fffee67c852ed6b0d5548e5906 (diff) | |
add ELB to Farget
| -rw-r--r-- | playground/fargate/ecs.tf | 65 | ||||
| -rw-r--r-- | playground/fargate/elb.tf | 62 | ||||
| -rw-r--r-- | playground/fargate/main.tf | 146 | ||||
| -rw-r--r-- | playground/fargate/vpc.tf | 87 |
4 files changed, 214 insertions, 146 deletions
diff --git a/playground/fargate/ecs.tf b/playground/fargate/ecs.tf new file mode 100644 index 0000000..9cc4b61 --- /dev/null +++ b/playground/fargate/ecs.tf @@ -0,0 +1,65 @@ +resource "aws_ecs_cluster" "my_cluster" { + name = "my-cluster" +} + +resource "aws_ecs_task_definition" "nginx_task" { + family = "nginx" + network_mode = "awsvpc" + requires_compatibilities = ["FARGATE"] + cpu = "256" + memory = "512" + execution_role_arn = aws_iam_role.ecs_execution_role.arn + + container_definitions = jsonencode([{ + name = "nginx", + image = "nginx:latest", + portMappings = [{ + containerPort = 80, + hostPort = 80 + }] + }]) +} + +resource "aws_iam_role" "ecs_execution_role" { + name = "ecs_execution_role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [{ + Action = "sts:AssumeRole", + Effect = "Allow", + Principal = { + Service = "ecs-tasks.amazonaws.com" + }, + }] + }) +} + +resource "aws_iam_role_policy_attachment" "ecs_execution_role_policy_attach" { + role = aws_iam_role.ecs_execution_role.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" +} + +resource "aws_ecs_service" "nginx_service" { + name = "nginx-service" + cluster = aws_ecs_cluster.my_cluster.id + task_definition = aws_ecs_task_definition.nginx_task.arn + launch_type = "FARGATE" + desired_count = 1 + + load_balancer { + target_group_arn = aws_lb_target_group.my_tg.arn + container_name = "nginx" # Must match the name in your container definition + container_port = 80 # The port your container is listening on + } + + network_configuration { + subnets = [ + aws_subnet.my_public_subnet_a.id, + aws_subnet.my_public_subnet_b.id, + aws_subnet.my_public_subnet_c.id, + ] + security_groups = [aws_security_group.nginx_sg.id] + assign_public_ip = true + } +} diff --git a/playground/fargate/elb.tf b/playground/fargate/elb.tf new file mode 100644 index 0000000..e2f5f98 --- /dev/null +++ b/playground/fargate/elb.tf @@ -0,0 +1,62 @@ +resource "aws_lb" "my_alb" { + name = "my-alb" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.alb_sg.id] + subnets = [ + aws_subnet.my_public_subnet_a.id, + aws_subnet.my_public_subnet_b.id, + aws_subnet.my_public_subnet_c.id, + ] + + enable_deletion_protection = false +} + +resource "aws_security_group" "alb_sg" { + vpc_id = aws_vpc.my_vpc.id + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb_target_group" "my_tg" { + name = "my-tg" + port = 80 + protocol = "HTTP" + vpc_id = aws_vpc.my_vpc.id + target_type = "ip" + + health_check { + enabled = true + healthy_threshold = 2 + unhealthy_threshold = 2 + interval = 30 + path = "/" # Modify if your app has a specific health check path + protocol = "HTTP" + timeout = 3 + matcher = "200-299" + } +} + +resource "aws_lb_listener" "my_listener" { + load_balancer_arn = aws_lb.my_alb.arn + port = "80" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.my_tg.arn + } +} + diff --git a/playground/fargate/main.tf b/playground/fargate/main.tf index 305871d..664b42b 100644 --- a/playground/fargate/main.tf +++ b/playground/fargate/main.tf @@ -12,149 +12,3 @@ provider "aws" { region = "eu-central-1" # or your preferred AWS region } -resource "aws_vpc" "my_vpc" { - cidr_block = "10.0.0.0/16" - enable_dns_support = true - enable_dns_hostnames = true - - tags = { - Name = "my_vpc" - } -} - -resource "aws_internet_gateway" "my_gateway" { - vpc_id = aws_vpc.my_vpc.id -} - -resource "aws_subnet" "my_public_subnet_a" { - vpc_id = aws_vpc.my_vpc.id - cidr_block = "10.0.1.0/24" - availability_zone = "eu-central-1a" - - tags = { - Name = "my_public_subnet_a" - } -} - -resource "aws_subnet" "my_public_subnet_b" { - vpc_id = aws_vpc.my_vpc.id - cidr_block = "10.0.2.0/24" - availability_zone = "eu-central-1b" - - tags = { - Name = "my_public_subnet_b" - } -} - -resource "aws_subnet" "my_public_subnet_c" { - vpc_id = aws_vpc.my_vpc.id - cidr_block = "10.0.3.0/24" - availability_zone = "eu-central-1c" - - tags = { - Name = "my_public_subnet_c" - } -} - -resource "aws_route_table" "public_route_table" { - vpc_id = aws_vpc.my_vpc.id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.my_gateway.id - } -} - -resource "aws_route_table_association" "public_route_table_assoc_a" { - subnet_id = aws_subnet.my_public_subnet_a.id - route_table_id = aws_route_table.public_route_table.id -} - -resource "aws_route_table_association" "public_route_table_assoc_b" { - subnet_id = aws_subnet.my_public_subnet_b.id - route_table_id = aws_route_table.public_route_table.id -} - -resource "aws_route_table_association" "public_route_table_assoc_c" { - subnet_id = aws_subnet.my_public_subnet_c.id - route_table_id = aws_route_table.public_route_table.id -} - -resource "aws_security_group" "nginx_sg" { - vpc_id = aws_vpc.my_vpc.id - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_ecs_cluster" "my_cluster" { - name = "my-cluster" -} - -resource "aws_ecs_task_definition" "nginx_task" { - family = "nginx" - network_mode = "awsvpc" - requires_compatibilities = ["FARGATE"] - cpu = "256" - memory = "512" - execution_role_arn = aws_iam_role.ecs_execution_role.arn - - container_definitions = jsonencode([{ - name = "nginx", - image = "nginx:latest", - portMappings = [{ - containerPort = 80, - hostPort = 80 - }] - }]) -} - -resource "aws_iam_role" "ecs_execution_role" { - name = "ecs_execution_role" - - assume_role_policy = jsonencode({ - Version = "2012-10-17", - Statement = [{ - Action = "sts:AssumeRole", - Effect = "Allow", - Principal = { - Service = "ecs-tasks.amazonaws.com" - }, - }] - }) -} - -resource "aws_iam_role_policy_attachment" "ecs_execution_role_policy_attach" { - role = aws_iam_role.ecs_execution_role.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" -} - -resource "aws_ecs_service" "nginx_service" { - name = "nginx-service" - cluster = aws_ecs_cluster.my_cluster.id - task_definition = aws_ecs_task_definition.nginx_task.arn - launch_type = "FARGATE" - desired_count = 1 - - network_configuration { - subnets = [ - aws_subnet.my_public_subnet_a.id, - aws_subnet.my_public_subnet_b.id, - aws_subnet.my_public_subnet_c.id, - ] - security_groups = [aws_security_group.nginx_sg.id] - assign_public_ip = true - } -} - diff --git a/playground/fargate/vpc.tf b/playground/fargate/vpc.tf new file mode 100644 index 0000000..1ab8c95 --- /dev/null +++ b/playground/fargate/vpc.tf @@ -0,0 +1,87 @@ +resource "aws_vpc" "my_vpc" { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + + tags = { + Name = "my_vpc" + } +} + +resource "aws_internet_gateway" "my_gateway" { + vpc_id = aws_vpc.my_vpc.id +} + +resource "aws_subnet" "my_public_subnet_a" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.1.0/24" + availability_zone = "eu-central-1a" + + tags = { + Name = "my_public_subnet_a" + } +} + +resource "aws_subnet" "my_public_subnet_b" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.2.0/24" + availability_zone = "eu-central-1b" + + tags = { + Name = "my_public_subnet_b" + } +} + +resource "aws_subnet" "my_public_subnet_c" { + vpc_id = aws_vpc.my_vpc.id + cidr_block = "10.0.3.0/24" + availability_zone = "eu-central-1c" + + tags = { + Name = "my_public_subnet_c" + } +} + +resource "aws_route_table" "public_route_table" { + vpc_id = aws_vpc.my_vpc.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.my_gateway.id + } +} + +resource "aws_route_table_association" "public_route_table_assoc_a" { + subnet_id = aws_subnet.my_public_subnet_a.id + route_table_id = aws_route_table.public_route_table.id +} + +resource "aws_route_table_association" "public_route_table_assoc_b" { + subnet_id = aws_subnet.my_public_subnet_b.id + route_table_id = aws_route_table.public_route_table.id +} + +resource "aws_route_table_association" "public_route_table_assoc_c" { + subnet_id = aws_subnet.my_public_subnet_c.id + route_table_id = aws_route_table.public_route_table.id +} + +resource "aws_security_group" "nginx_sg" { + vpc_id = aws_vpc.my_vpc.id + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + + |