Terraform ECS recipe sample

containers.tf

locals {
  ecr_name         = "ecrname"
  ecs_cluster_name = "clustername"
  application_name = "appname"
}

resource "aws_ecr_repository" "ecr" {
  name                 = local.ecr_name
  image_tag_mutability = "MUTABLE"

  tags = {
    terraformed = "true"
  }
}

module "ecs" {
  source = "terraform-aws-modules/ecs/aws"
  name   = local.ecs_cluster_name

  container_insights = false # Incur costs

  capacity_providers = ["FARGATE"]
  default_capacity_provider_strategy = [
    {
      capacity_provider = "FARGATE"
    }
  ]

  tags = {
    terraformed = "true"
  }
}

# !!! Preferably don't create it as it might change frequently
resource "aws_ecs_task_definition" "profly_task_definition" {
  family = local.application_name
  cpu    = 1024
  memory = 2048

  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"

  execution_role_arn = aws_iam_role.ecs_role.arn

  container_definitions = jsonencode([
    {
      name      = local.application_name
      image     = "${aws_ecr_repository.ecr.repository_url}:latest"
      essential = true

      cpu    = 1024
      memory = 2048

      environment = [
        { "name" : "DJANGO_SETTINGS_MODULE", "value" : "app.settings.prod" },
        { "name" : "DB_NAME", "value" : var.db_name },
        { "name" : "DB_USERNAME", "value" : var.db_user },
        { "name" : "DB_PASSWORD", "value" : var.db_password },
        { "name" : "DB_HOSTNAME", "value" : module.aurora_db.cluster_endpoint },
      ]

      volumesFrom = []
      mountPoints = []

      portMappings = [
        {
          containerPort = 8080
          hostPort      = 8080
          protocol      = "tcp"
        }
      ]

      logConfiguration : {
        logDriver : "awslogs",
        options : {
          "awslogs-group" : aws_cloudwatch_log_group.log_group.name,
          "awslogs-region" : "us-east-1",
          "awslogs-stream-prefix" : "ecs"
        }
      },
  }])

  tags = {
    terraformed = "true"
  }
}

resource "aws_ecs_service" "service" {
  name            = local.application_name
  cluster         = module.ecs.ecs_cluster_id
  task_definition = "${aws_ecs_task_definition.task_definition.family}:${aws_ecs_task_definition.task_definition.revision}"

  desired_count = 1

  capacity_provider_strategy {
    capacity_provider = "FARGATE"
    base              = 0
    weight            = 1
  }

  load_balancer {
    container_name   = local.application_name
    container_port   = 8080
    target_group_arn = module.alb.target_group_arns[0]
  }

  network_configuration {
    assign_public_ip = true
    security_groups  = var.security_groups
    subnets          = var.subnets
  }

  tags = {
    terraformed = "true"
  }
}

loadbalancers.tf

locals {
  elb_name = "lbname"
}

module "alb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "~> 6.0"

  name = local.elb_name

  load_balancer_type = "application"

  vpc_id          = "VPCIDHERE"
  subnets         = var.subnets
  security_groups = var.security_groups

  target_groups = [
    {
      name             = "target-group-http"
      backend_protocol = "HTTP"
      backend_port     = 80
      target_type      = "ip"

      health_check = {
        enabled = true

        protocol = "HTTP"
        path     = "/"
        matcher  = "200"

        healthy_threshold   = 5
        unhealthy_threshold = 2
        interval            = 30
        timeout             = 5
      }
    }
  ]

  http_tcp_listeners = [
    {
      port        = 80
      protocol    = "HTTP"
      action_type = "redirect"
      redirect = {
        port        = "443"
        protocol    = "HTTPS"
        status_code = "HTTP_301"
      }
    }
  ]

  https_listeners = [
    {
      port               = 443
      protocol           = "HTTPS"
      ssl_policy         = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
      certificate_arn    = aws_acm_certificate.api_cert.arn
      target_group_index = 0
    }
  ]

  tags = {
    terraformed = "true"
  }
}