notid/integreat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1439f291b4016d00b14c75b8f01a8034acb55314
integreat/terraform/deploy.tf
Bryce Covert e7ae9e5df0 small tweaks to prep for staging environment.
2021-12-24 08:19:11 -08:00

306 lines
7.3 KiB
HCL
Raw Blame History

variable "task_role_arn" {}
variable "execution_role_arn" {}
variable "ecs_cluster" {}
variable "local_namespace" {}
variable "desired_count" {}
variable "http_listener_sg" {
default = "sg-0024906e0e1f78048"
}
variable "lb_subnets" {
default = [ "subnet-16161a39", "subnet-323deb78", "subnet-44c2774b", "subnet-5e675761", "subnet-8519fde2", "subnet-89bab8d4", ]
}
resource "aws_ecs_task_definition" "integreat_app" {
family = "integreat_app_${var.stage}"
container_definitions = file("${var.stage}-taskdef.json")
memory = 8192
cpu = 2048
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = var.execution_role_arn
task_role_arn = var.task_role_arn
}
resource "aws_ecs_task_definition" "integreat_background_worker" {
family = "integreat_background-worker_${var.stage}"
container_definitions = file("${var.stage}-background-worker-taskdef.json")
memory = 4096
cpu = 1024
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = var.execution_role_arn
task_role_arn = var.task_role_arn
}
resource "aws_ecs_service" "integreat_app" {
name = "integreat_app_${var.stage}"
cluster = var.ecs_cluster
task_definition = aws_ecs_task_definition.integreat_app.arn
desired_count = var.desired_count
health_check_grace_period_seconds = 600
deployment_controller {
type = "ECS"
}
scheduling_strategy = "REPLICA"
launch_type = "FARGATE"
platform_version = "LATEST"
network_configuration {
assign_public_ip = true
security_groups = [ "sg-004e5855310c453a3", "sg-02d167406b1082698"]
subnets = [ "subnet-5e675761", "subnet-8519fde2", "subnet-89bab8d4" ]
}
load_balancer {
target_group_arn = aws_lb_target_group.integreat_app.arn
container_name = "integreat-app"
container_port = 3000
}
service_registries {
container_port = 0
port = 0
registry_arn = aws_service_discovery_service.service.arn
}
timeouts {}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_ecs_service" "integreat_background_worker" {
name = "integreat_background_worker_${var.stage}"
cluster = var.ecs_cluster
task_definition = aws_ecs_task_definition.integreat_background_worker.arn
desired_count = 1
deployment_controller {
type = "ECS"
}
scheduling_strategy = "REPLICA"
launch_type = "FARGATE"
platform_version = "LATEST"
network_configuration {
assign_public_ip = true
security_groups = [ "sg-004e5855310c453a3", "sg-02d167406b1082698"]
subnets = [ "subnet-5e675761", "subnet-8519fde2", "subnet-89bab8d4" ]
}
service_registries {
container_port = 0
port = 0
registry_arn = aws_service_discovery_service.background_worker_service.arn
}
timeouts {}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_lb" "integreat_app" {
name = "integreat-app-${var.stage}"
internal = false
load_balancer_type = "application"
security_groups = [var.http_listener_sg]
subnets = var.lb_subnets
ip_address_type = "ipv4"
enable_deletion_protection = true
idle_timeout = 120
}
resource "aws_lb_target_group" "integreat_app" {
name = "integreat-app-${var.stage}"
port = 80
protocol = "HTTP"
vpc_id = "vpc-b5b7d6ce"
deregistration_delay = 120
load_balancing_algorithm_type = "round_robin"
slow_start = 0
tags = {}
target_type = "ip"
health_check {
enabled = true
healthy_threshold = 2
interval = 15
matcher = "200"
path = "/api/health-check"
port = "traffic-port"
protocol = "HTTP"
timeout = 14
unhealthy_threshold = 5
}
stickiness {
cookie_duration = 86400
enabled = false
type = "lb_cookie"
}
}
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.integreat_app.arn
port = 80
protocol = "HTTP"
default_action {
order = 1
type = "redirect"
redirect {
host = "#{host}"
path = "/#{path}"
port = "443"
protocol = "HTTPS"
query = "#{query}"
status_code = "HTTP_301"
}
}
timeouts {}
}
resource "aws_lb_listener" "https" {
certificate_arn = aws_acm_certificate.cert.arn
load_balancer_arn = aws_lb.integreat_app.arn
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
default_action {
order = 1
target_group_arn = aws_lb_target_group.integreat_app.arn
type = "forward"
}
timeouts {}
}
resource "aws_lb_listener_rule" "static" {
listener_arn = aws_lb_listener.https.arn
priority = 1
action {
order = 1
type = "redirect"
redirect {
host = "s3.amazonaws.com"
path = "/${var.domain}/#{path}"
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
path_pattern {
values = [
"/css/*",
"/finance-font/*",
"/img/*",
"/js/compiled/*",
"index.html",
]
}
}
}
resource "aws_s3_bucket" "static" {
bucket = var.domain
request_payer = "BucketOwner"
tags = {}
cors_rule {
allowed_headers = [
"*",
]
allowed_methods = [
"PUT",
"POST",
"DELETE",
"GET",
]
allowed_origins = [
var.base_url,
]
expose_headers = []
max_age_seconds = 0
}
versioning {
enabled = false
mfa_delete = false
}
website {
index_document = "index.html"
}
policy = <<POLICY
{
"Id": "Policy1526084187222",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1526084185514",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::${var.domain}/*",
"Principal": "*"
}
]
}
POLICY
}
resource "aws_acm_certificate" "cert" {
domain_name = var.domain
validation_method = "DNS"
}
resource "aws_service_discovery_service" "service" {
name = "integreat-app-${var.stage}"
dns_config {
namespace_id = var.local_namespace
dns_records {
ttl = 10
type = "A"
}
routing_policy = "MULTIVALUE"
}
health_check_custom_config {
failure_threshold = 1
}
}
resource "aws_service_discovery_service" "background_worker_service" {
name = "integreat-background-worker-${var.stage}"
dns_config {
namespace_id = var.local_namespace
dns_records {
ttl = 10
type = "A"
}
routing_policy = "MULTIVALUE"
}
health_check_custom_config {
failure_threshold = 1
}
}
Reference in New Issue View Git Blame Copy Permalink