Skip to content

Instantly share code, notes, and snippets.

@nhammad

nhammad/gtm.tf

Created November 27, 2023 12:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nhammad/97d6173566e6225edeed7816ea9e554d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nhammad/97d6173566e6225edeed7816ea9e554d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gtm.tf
resource "aws_ecs_cluster" "gtm" {
name = "gtm"
setting {
name = "containerInsights"
value = "enabled"
}
}
resource "aws_ecs_task_definition" "PrimaryServerSideContainer" {
family = "PrimaryServerSideContainer"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = 2048
memory = 4096
execution_role_arn = aws_iam_role.gtm_container_exec_role.arn
task_role_arn = aws_iam_role.gtm_container_role.arn
runtime_platform {
operating_system_family = "LINUX"
cpu_architecture = "X86_64"
}
container_definitions = <<TASK_DEFINITION
[
{
"name": "primary",
"image": "gcr.io/cloud-tagging-10302018/gtm-cloud-image",
"environment": [
{
"name": "PORT",
"value": "80"
},
{
"name": "PREVIEW_SERVER_URL",
"value": "${var.PREVIEW_SERVER_URL}"
},
{
"name": "CONTAINER_CONFIG",
"value": "${var.CONTAINER_CONFIG}"
}
],
"cpu": 2048,
"memory": 4096,
"essential": true,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "gtm-primary",
"awslogs-create-group": "true",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "ecs"
}
},
"portMappings" : [
{
"containerPort" : 80,
"hostPort" : 80
}
]
}
]
TASK_DEFINITION
}
resource "aws_ecs_task_definition" "PreviewContainer" {
family = "PreviewContainer"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = 2048
memory = 4096
execution_role_arn = aws_iam_role.gtm_container_exec_role.arn
task_role_arn = aws_iam_role.gtm_container_role.arn
runtime_platform {
operating_system_family = "LINUX"
cpu_architecture = "X86_64"
}
container_definitions = <<TASK_DEFINITION
[
{
"name": "preview",
"image": "gcr.io/cloud-tagging-10302018/gtm-cloud-image",
"environment": [
{
"name": "PORT",
"value": "80"
},
{
"name": "RUN_AS_PREVIEW_SERVER",
"value": "true"
},
{
"name": "CONTAINER_CONFIG",
"value": "${var.CONTAINER_CONFIG}"
}
],
"cpu": 1024,
"memory": 2048,
"essential": true,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "gtm-preview",
"awslogs-region": "eu-central-1",
"awslogs-create-group": "true",
"awslogs-stream-prefix": "ecs"
}
},
"portMappings" : [
{
"containerPort" : 80,
"hostPort" : 80
}
]
}
]
TASK_DEFINITION
}
resource "aws_ecs_service" "PrimaryServerSideService" {
name = var.primary_service_name
cluster = aws_ecs_cluster.gtm.id
task_definition = aws_ecs_task_definition.PrimaryServerSideContainer.id
desired_count = var.primary_service_desired_count
launch_type = "FARGATE"
platform_version = "LATEST"
scheduling_strategy = "REPLICA"
deployment_maximum_percent = 200
deployment_minimum_healthy_percent = 50
network_configuration {
assign_public_ip = true
security_groups = [aws_security_group.gtm-security-group.id]
subnets = module.vpc.private_subnet_ids
}
load_balancer {
target_group_arn = aws_lb_target_group.PrimaryServerSideTarget.arn
container_name = "primary"
container_port = 80
}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_ecs_service" "PreviewService" {
name = var.preview_service_name
cluster = aws_ecs_cluster.gtm.id
task_definition = aws_ecs_task_definition.PreviewContainer.id
desired_count = var.preview_service_desired_count
launch_type = "FARGATE"
platform_version = "LATEST"
scheduling_strategy = "REPLICA"
network_configuration {
assign_public_ip = true
security_groups = [aws_security_group.gtm-security-group.id]
subnets = module.vpc.private_subnet_ids
}
load_balancer {
target_group_arn = aws_lb_target_group.PreviewTarget.arn
container_name = "preview"
container_port = 80
}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_lb" "PrimaryServerSideLoadBalancer" {
name = "PrimaryServerSideLoadBalancer"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.gtm-security-group.id]
subnets = module.vpc.public_subnet_ids
enable_deletion_protection = false
}
resource "aws_security_group" "gtm-security-group" {
name = "gtm-security-group"
description = "Security Group that allows all traffic for GTM"
vpc_id = module.vpc.vpc_id
// Allow all inbound traffic for IPv4
ingress {
from_port = 0
to_port = 65535
protocol = "tcp" # All TCP traffic
cidr_blocks = ["0.0.0.0/0"] # Allow all sources (IPv4)
}
// Allow all outbound traffic for IPv4
egress {
from_port = 0
to_port = 65535
protocol = "tcp" # All TCP traffic
cidr_blocks = ["0.0.0.0/0"] # Allow all destinations (IPv4)
}
}
resource "aws_lb_target_group" "PrimaryServerSideTarget" {
name = "PrimaryServerSideTarget"
port = 80
protocol = "HTTP"
vpc_id = module.vpc.vpc_id
target_type = "ip"
health_check {
path = "/healthz"
}
}
resource "aws_lb_listener" "primarylistener" {
load_balancer_arn = aws_lb.PrimaryServerSideLoadBalancer.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_acm_certificate.cert.arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.PrimaryServerSideTarget.arn
}
}
// Public subnets
resource "aws_lb" "PreviewLoadBalancer" {
name = "PreviewLoadBalancer"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.gtm-security-group.id]
subnets = module.vpc.public_subnet_ids
enable_deletion_protection = false
}
resource "aws_lb_listener" "previewlistener" {
load_balancer_arn = aws_lb.PreviewLoadBalancer.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_acm_certificate.cert.arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.PreviewTarget.arn
}
}
resource "aws_lb_target_group" "PreviewTarget" {
name = "PreviewTarget"
port = 80
protocol = "HTTP"
vpc_id = module.vpc.vpc_id
target_type = "ip"
health_check {
path = "/healthz"
}
}
resource "aws_appautoscaling_target" "ecs_service_target" {
max_capacity = 10
min_capacity = 1
resource_id = "service/${aws_ecs_cluster.gtm.name}/${aws_ecs_service.PrimaryServerSideService.name}"
scalable_dimension = "ecs:service:DesiredCount"
service_namespace = "ecs"
}
resource "aws_appautoscaling_policy" "ecs_policy" {
name = "scale-cpu"
policy_type = "TargetTrackingScaling"
resource_id = aws_appautoscaling_target.ecs_service_target.resource_id
scalable_dimension = aws_appautoscaling_target.ecs_service_target.scalable_dimension
service_namespace = aws_appautoscaling_target.ecs_service_target.service_namespace
target_tracking_scaling_policy_configuration {
predefined_metric_specification {
predefined_metric_type = "ECSServiceAverageCPUUtilization"
}
target_value = 60
scale_in_cooldown = 2
scale_out_cooldown = 300
}
depends_on = [aws_appautoscaling_target.ecs_service_target]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment