-
-
Notifications
You must be signed in to change notification settings - Fork 197
/
Copy pathmain.tf
105 lines (87 loc) · 3.41 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
provider "aws" {
region = var.region
}
locals {
enabled = module.this.enabled
}
module "vpc" {
source = "cloudposse/vpc/aws"
version = "2.0.0"
ipv4_primary_cidr_block = var.vpc_cidr_block
context = module.this.context
}
module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
version = "2.1.0"
availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
igw_id = [module.vpc.igw_id]
ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
context = module.this.context
}
resource "aws_ecs_cluster" "default" {
#bridgecrew:skip=BC_AWS_LOGGING_11: not required for testing
count = local.enabled ? 1 : 0
name = module.this.id
tags = module.this.tags
}
module "container_definition" {
count = local.enabled ? 1 : 0
source = "cloudposse/ecs-container-definition/aws"
version = "0.58.2"
container_name = var.container_name
container_image = var.container_image
container_memory = var.container_memory
container_memory_reservation = var.container_memory_reservation
container_cpu = var.container_cpu
essential = var.container_essential
readonly_root_filesystem = var.container_readonly_root_filesystem
environment = var.container_environment
port_mappings = var.container_port_mappings
}
module "test_policy" {
source = "cloudposse/iam-policy/aws"
version = "0.4.0"
name = "policy"
attributes = ["test"]
iam_policy_enabled = true
description = "Test policy"
iam_policy_statements = [
{
sid = "DummyStatement"
effect = "Allow"
actions = ["none:null"]
resources = ["*"]
conditions = []
}
]
context = module.this.context
}
module "ecs_alb_service_task" {
source = "../.."
alb_security_group = module.vpc.vpc_default_security_group_id
container_definition_json = one(module.container_definition.*.json_map_encoded_list)
ecs_cluster_arn = one(aws_ecs_cluster.default.*.id)
launch_type = var.ecs_launch_type
vpc_id = module.vpc.vpc_id
security_group_ids = [module.vpc.vpc_default_security_group_id]
subnet_ids = module.subnets.public_subnet_ids
ignore_changes_task_definition = var.ignore_changes_task_definition
network_mode = var.network_mode
assign_public_ip = var.assign_public_ip
propagate_tags = var.propagate_tags
deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
deployment_maximum_percent = var.deployment_maximum_percent
deployment_controller_type = var.deployment_controller_type
desired_count = var.desired_count
task_memory = var.task_memory
task_cpu = var.task_cpu
ecs_service_enabled = var.ecs_service_enabled
force_new_deployment = var.force_new_deployment
redeploy_on_apply = var.redeploy_on_apply
task_policy_arns = [module.test_policy.policy_arn]
task_exec_policy_arns_map = { test = module.test_policy.policy_arn }
context = module.this.context
}