kksudo/iam.tf

## iam.tf
# This role has a trust relationship which allows
# to assume the role of ec2
resource "aws_iam_role" "ecs" {
  name = "${var.appName}_ecs_${var.environ}"
  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "ec2.amazonaws.com"
        },
        "Effect": "Allow",
        "Sid": ""
      }
    ]
  }
  EOF
}

# This is a policy attachement for the "ecs" role, it provides access
# to the the ECS service.
resource "aws_iam_policy_attachment" "ecs_for_ec2" {
  name = "${var.appName}_${var.environ}"
  roles = [aws_iam_role.ecs.id]
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
}


resource "aws_iam_instance_profile" "ecs" {
  name = "${var.appName}_${var.environ}"
  role = aws_iam_role.ecs.name
}

## main.tf
resource "aws_ecs_task_definition" "sample_app" {
  container_definitions    = file("sampleApp.json")
  family                   = var.appName
  requires_compatibilities = ["EC2"]
}

resource "aws_ecs_service" "sample_app" {
  name            = "${var.appName}_${var.environ}"
  cluster         = aws_ecs_cluster.sample_app.id
  task_definition = aws_ecs_task_definition.sample_app.arn
  launch_type     = "EC2"

  desired_count = 1

  deployment_maximum_percent         = 100
  deployment_minimum_healthy_percent = 0
}

resource "aws_ecs_cluster" "sample_app" {
  name = "sample_app"
}


resource "aws_launch_configuration" "ecs_cluster" {
  name                        = "${var.appName}_cluster_conf_${var.environ}"
  associate_public_ip_address = true
  iam_instance_profile        = aws_iam_instance_profile.ecs.id
  image_id                    = lookup(var.ami, var.aws_region)
  instance_type               = "t2.micro"
  security_groups             = [
    aws_security_group.allow_all_outbound.id,
    aws_security_group.allow_cluster.id,
  ]
  user_data                   = "#!/bin/bash\necho ECS_CLUSTER=${aws_ecs_cluster.sample_app.name} > /etc/ecs/ecs.config"
}

resource "aws_autoscaling_group" "ecs_cluster" {
  name                 = "${var.appName}_${var.environ}"
  vpc_zone_identifier  = module.vpc.public_subnets
  min_size             = 0
  max_size             = 1
  desired_capacity     = 1
  launch_configuration = aws_launch_configuration.ecs_cluster.name
  health_check_type    = "EC2"
}

## net.tf
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  name = "${var.appName}-${var.environ}-vpc"
  version = "~> 3.0"

  azs = [var.aws_region_full]
  cidr = "10.100.0.0/16"
  public_subnets  = ["10.100.101.0/24"]
}

## provider.tf
# Use envs for setup your credentials OR provider settings below
# export AWS_ACCESS_KEY_ID="anaccesskey"
# export AWS_SECRET_ACCESS_KEY="asecretkey"
# export AWS_DEFAULT_REGION="us-west-2"

#provider "aws" {
#  access_key = "<You access_key>"
#  secret_key = "<You secret_key>"
#  region     = "<You AWS region>"
#}

## sampleApp.json
[
  {
    "entryPoint": [
      "sh",
      "-c"
    ],
    "portMappings": [
      {
        "hostPort": 80,
        "protocol": "tcp",
        "containerPort": 80
      }
    ],
    "command": [
      "/bin/sh -c \"echo '<html><head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> <h2>SkillFactory edition </h2> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
    ],
    "cpu": 10,
    "memory": 300,
    "image": "httpd:2.4",
    "name": "simple-app"
  }
]

## security.tf
resource "aws_security_group" "allow_all_outbound" {
  name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
  description = "Allow all outbound traffic"
  vpc_id      = module.vpc.vpc_id

  egress  {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "allow_all_inbound" {
  name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
  description = "Allow all inbound traffic"
  vpc_id      = module.vpc.vpc_id

  ingress  {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "allow_cluster" {
  name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
  description = "Allow all traffic within cluster"
  vpc_id      = module.vpc.vpc_id

  ingress {
    from_port   = 1
    to_port     = 65535
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

## variables.tf
variable "environ" { default = "demo" }
variable "appName" { default = "console-sample-app-static" }
variable "aws_region" { default = "eu-central-1" }
variable "aws_region_full" { default = "eu-central-1a" }

variable "ami" {
  description = "AWS ECS AMI id"
  default     = {
    eu-central-1   = "ami-0e8f6957a4eb67446"
  }
}

## versions.tf
terraform {
  required_version = ">= 1.0.0"

  required_providers {
    aws = ">= 2.0"
  }
}
	# This role has a trust relationship which allows
	# to assume the role of ec2
	resource "aws_iam_role" "ecs" {
	name = "${var.appName}_ecs_${var.environ}"
	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	},
	"Effect": "Allow",
	"Sid": ""
	}
	]
	}
	EOF
	}

	# This is a policy attachement for the "ecs" role, it provides access
	# to the the ECS service.
	resource "aws_iam_policy_attachment" "ecs_for_ec2" {
	name = "${var.appName}_${var.environ}"
	roles = [aws_iam_role.ecs.id]
	policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
	}


	resource "aws_iam_instance_profile" "ecs" {
	name = "${var.appName}_${var.environ}"
	role = aws_iam_role.ecs.name
	}
	resource "aws_ecs_task_definition" "sample_app" {
	container_definitions = file("sampleApp.json")
	family = var.appName
	requires_compatibilities = ["EC2"]
	}

	resource "aws_ecs_service" "sample_app" {
	name = "${var.appName}_${var.environ}"
	cluster = aws_ecs_cluster.sample_app.id
	task_definition = aws_ecs_task_definition.sample_app.arn
	launch_type = "EC2"

	desired_count = 1

	deployment_maximum_percent = 100
	deployment_minimum_healthy_percent = 0
	}

	resource "aws_ecs_cluster" "sample_app" {
	name = "sample_app"
	}


	resource "aws_launch_configuration" "ecs_cluster" {
	name = "${var.appName}_cluster_conf_${var.environ}"
	associate_public_ip_address = true
	iam_instance_profile = aws_iam_instance_profile.ecs.id
	image_id = lookup(var.ami, var.aws_region)
	instance_type = "t2.micro"
	security_groups = [
	aws_security_group.allow_all_outbound.id,
	aws_security_group.allow_cluster.id,
	]
	user_data = "#!/bin/bash\necho ECS_CLUSTER=${aws_ecs_cluster.sample_app.name} > /etc/ecs/ecs.config"
	}

	resource "aws_autoscaling_group" "ecs_cluster" {
	name = "${var.appName}_${var.environ}"
	vpc_zone_identifier = module.vpc.public_subnets
	min_size = 0
	max_size = 1
	desired_capacity = 1
	launch_configuration = aws_launch_configuration.ecs_cluster.name
	health_check_type = "EC2"
	}
	module "vpc" {
	source = "terraform-aws-modules/vpc/aws"
	name = "${var.appName}-${var.environ}-vpc"
	version = "~> 3.0"

	azs = [var.aws_region_full]
	cidr = "10.100.0.0/16"
	public_subnets = ["10.100.101.0/24"]
	}
	# Use envs for setup your credentials OR provider settings below
	# export AWS_ACCESS_KEY_ID="anaccesskey"
	# export AWS_SECRET_ACCESS_KEY="asecretkey"
	# export AWS_DEFAULT_REGION="us-west-2"

	#provider "aws" {
	# access_key = "<You access_key>"
	# secret_key = "<You secret_key>"
	# region = "<You AWS region>"
	#}
	[
	{
	"entryPoint": [
	"sh",
	"-c"
	],
	"portMappings": [
	{
	"hostPort": 80,
	"protocol": "tcp",
	"containerPort": 80
	}
	],
	"command": [
	"/bin/sh -c \"echo '<html><head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> <h2>SkillFactory edition </h2> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground\""
	],
	"cpu": 10,
	"memory": 300,
	"image": "httpd:2.4",
	"name": "simple-app"
	}
	]
	resource "aws_security_group" "allow_all_outbound" {
	name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
	description = "Allow all outbound traffic"
	vpc_id = module.vpc.vpc_id

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_security_group" "allow_all_inbound" {
	name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
	description = "Allow all inbound traffic"
	vpc_id = module.vpc.vpc_id

	ingress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_security_group" "allow_cluster" {
	name_prefix = "${var.appName}-${var.environ}-${module.vpc.vpc_id}-"
	description = "Allow all traffic within cluster"
	vpc_id = module.vpc.vpc_id

	ingress {
	from_port = 1
	to_port = 65535
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}
	variable "environ" { default = "demo" }
	variable "appName" { default = "console-sample-app-static" }
	variable "aws_region" { default = "eu-central-1" }
	variable "aws_region_full" { default = "eu-central-1a" }

	variable "ami" {
	description = "AWS ECS AMI id"
	default = {
	eu-central-1 = "ami-0e8f6957a4eb67446"
	}
	}
	terraform {
	required_version = ">= 1.0.0"

	required_providers {
	aws = ">= 2.0"
	}
	}