Skip to content

Commit 8b0dc55

Browse files
committed
docker-demo-2
1 parent d324757 commit 8b0dc55

7 files changed

Lines changed: 298 additions & 0 deletions

File tree

docker-demo-2/ecs.tf

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
resource "aws_launch_configuration" "ecs-example-launchconfig" {
2+
name_prefix = "ecs-launchconfig"
3+
image_id = "${lookup(var.ECS_AMIS, var.AWS_REGION)}"
4+
instance_type = "${var.ECS_INSTANCE_TYPE}"
5+
key_name = "${aws_key_pair.mykeypair.key_name}"
6+
iam_instance_profile = "${aws_iam_instance_profile.ecs-ec2-role.id}"
7+
security_groups = ["${aws_security_group.ecs-securitygroup.id}"]
8+
user_data = "#!/bin/bash\necho 'ECS_CLUSTER=example' > /etc/ecs/ecs.config\nstart ecs"
9+
lifecycle { create_before_destroy = true }
10+
}
11+
resource "aws_autoscaling_group" "ecs-example-autoscaling" {
12+
name = "ecs-example-autoscaling"
13+
vpc_zone_identifier = ["${aws_subnet.main-private-1.id}", "${aws_subnet.main-private-2.id}"]
14+
launch_configuration = "${aws_launch_configuration.ecs-example-launchconfig.name}"
15+
min_size = 3
16+
max_size = 5
17+
desired_capacity = 3
18+
tag {
19+
key = "Name"
20+
value = "ecs-ec2-container"
21+
propagate_at_launch = true
22+
}
23+
}

docker-demo-2/iam.tf

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,113 @@
1+
# ecs ec2 role
2+
resource "aws_iam_role" "ecs-ec2-role" {
3+
name = "ecs-ec2-role"
4+
assume_role_policy = <<EOF
5+
{
6+
"Version": "2012-10-17",
7+
"Statement": [
8+
{
9+
"Action": "sts:AssumeRole",
10+
"Principal": {
11+
"Service": "ec2.amazonaws.com"
12+
},
13+
"Effect": "Allow",
14+
"Sid": ""
15+
}
16+
]
17+
}
18+
EOF
19+
}
20+
resource "aws_iam_instance_profile" "ecs-ec2-role" {
21+
name = "ecs-ec2-role"
22+
roles = ["${aws_iam_role.ecs-ec2-role.name}"]
23+
}
24+
25+
resource "aws_iam_role" "ecs-consul-server-role" {
26+
name = "ecs-consul-server-role"
27+
assume_role_policy = <<EOF
28+
{
29+
"Version": "2012-10-17",
30+
"Statement": [
31+
{
32+
"Action": "sts:AssumeRole",
33+
"Principal": {
34+
"Service": "ec2.amazonaws.com"
35+
},
36+
"Effect": "Allow",
37+
"Sid": ""
38+
}
39+
]
40+
}
41+
EOF
42+
}
43+
44+
resource "aws_iam_role_policy" "ecs-ec2-role-policy" {
45+
name = "ecs-ec2-role-policy"
46+
role = "${aws_iam_role.ecs-ec2-role.id}"
47+
policy = <<EOF
48+
{
49+
"Version": "2012-10-17",
50+
"Statement": [
51+
{
52+
"Effect": "Allow",
53+
"Action": [
54+
"ecs:CreateCluster",
55+
"ecs:DeregisterContainerInstance",
56+
"ecs:DiscoverPollEndpoint",
57+
"ecs:Poll",
58+
"ecs:RegisterContainerInstance",
59+
"ecs:StartTelemetrySession",
60+
"ecs:Submit*",
61+
"ecs:StartTask",
62+
"ecr:GetAuthorizationToken",
63+
"ecr:BatchCheckLayerAvailability",
64+
"ecr:GetDownloadUrlForLayer",
65+
"ecr:BatchGetImage",
66+
"logs:CreateLogStream",
67+
"logs:PutLogEvents"
68+
],
69+
"Resource": "*"
70+
},
71+
{
72+
"Effect": "Allow",
73+
"Action": [
74+
"logs:CreateLogGroup",
75+
"logs:CreateLogStream",
76+
"logs:PutLogEvents",
77+
"logs:DescribeLogStreams"
78+
],
79+
"Resource": [
80+
"arn:aws:logs:*:*:*"
81+
]
82+
}
83+
]
84+
}
85+
EOF
86+
}
87+
88+
# ecs service role
89+
resource "aws_iam_role" "ecs-service-role" {
90+
name = "ecs-service-role"
91+
assume_role_policy = <<EOF
92+
{
93+
"Version": "2012-10-17",
94+
"Statement": [
95+
{
96+
"Action": "sts:AssumeRole",
97+
"Principal": {
98+
"Service": "ecs.amazonaws.com"
99+
},
100+
"Effect": "Allow",
101+
"Sid": ""
102+
}
103+
]
104+
}
105+
EOF
106+
}
107+
108+
resource "aws_iam_policy_attachment" "ecs-service-attach1" {
109+
name = "ecs-service-attach1"
110+
roles = ["${aws_iam_role.ecs-service-role.name}"]
111+
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
112+
}
113+

docker-demo-2/key.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
resource "aws_key_pair" "mykeypair" {
2+
key_name = "mykeypair"
3+
public_key = "${file("${var.PATH_TO_PUBLIC_KEY}")}"
4+
lifecycle {
5+
ignore_changes = ["public_key"]
6+
}
7+
}

docker-demo-2/provider.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
provider "aws" {
2+
region = "${var.AWS_REGION}"
3+
}

docker-demo-2/securitygroup.tf

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
resource "aws_security_group" "ecs-securitygroup" {
2+
vpc_id = "${aws_vpc.main.id}"
3+
name = "ecs"
4+
description = "security group for ecs"
5+
egress {
6+
from_port = 0
7+
to_port = 0
8+
protocol = "-1"
9+
cidr_blocks = ["0.0.0.0/0"]
10+
}
11+
12+
ingress {
13+
from_port = 80
14+
to_port = 80
15+
protocol = "tcp"
16+
cidr_blocks = ["0.0.0.0/0"]
17+
}
18+
tags {
19+
Name = "ecs"
20+
}
21+
}

docker-demo-2/vars.tf

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
variable "AWS_REGION" {
2+
default = "eu-west-1"
3+
}
4+
variable "PATH_TO_PRIVATE_KEY" {
5+
default = "mykey"
6+
}
7+
variable "PATH_TO_PUBLIC_KEY" {
8+
default = "mykey.pub"
9+
}
10+
variable "ECS_INSTANCE_TYPE" {
11+
default = "t2.micro"
12+
}
13+
variable "ECS_AMIS" {
14+
type = "map"
15+
default = {
16+
us-east-1 = "ami-1924770e"
17+
us-west-2 = "ami-56ed4936"
18+
eu-west-1 = "ami-c8337dbb"
19+
}
20+
}
21+
# Full List: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html

docker-demo-2/vpc.tf

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
# Internet VPC
2+
resource "aws_vpc" "main" {
3+
cidr_block = "10.0.0.0/16"
4+
instance_tenancy = "default"
5+
enable_dns_support = "true"
6+
enable_dns_hostnames = "true"
7+
enable_classiclink = "false"
8+
tags {
9+
Name = "main"
10+
}
11+
}
12+
13+
14+
# Subnets
15+
resource "aws_subnet" "main-public-1" {
16+
vpc_id = "${aws_vpc.main.id}"
17+
cidr_block = "10.0.1.0/24"
18+
map_public_ip_on_launch = "true"
19+
availability_zone = "eu-west-1a"
20+
21+
tags {
22+
Name = "main-public-1"
23+
}
24+
}
25+
resource "aws_subnet" "main-public-2" {
26+
vpc_id = "${aws_vpc.main.id}"
27+
cidr_block = "10.0.2.0/24"
28+
map_public_ip_on_launch = "true"
29+
availability_zone = "eu-west-1b"
30+
31+
tags {
32+
Name = "main-public-2"
33+
}
34+
}
35+
resource "aws_subnet" "main-public-3" {
36+
vpc_id = "${aws_vpc.main.id}"
37+
cidr_block = "10.0.3.0/24"
38+
map_public_ip_on_launch = "true"
39+
availability_zone = "eu-west-1c"
40+
41+
tags {
42+
Name = "main-public-3"
43+
}
44+
}
45+
resource "aws_subnet" "main-private-1" {
46+
vpc_id = "${aws_vpc.main.id}"
47+
cidr_block = "10.0.4.0/24"
48+
map_public_ip_on_launch = "false"
49+
availability_zone = "eu-west-1a"
50+
51+
tags {
52+
Name = "main-private-1"
53+
}
54+
}
55+
resource "aws_subnet" "main-private-2" {
56+
vpc_id = "${aws_vpc.main.id}"
57+
cidr_block = "10.0.5.0/24"
58+
map_public_ip_on_launch = "false"
59+
availability_zone = "eu-west-1b"
60+
61+
tags {
62+
Name = "main-private-2"
63+
}
64+
}
65+
resource "aws_subnet" "main-private-3" {
66+
vpc_id = "${aws_vpc.main.id}"
67+
cidr_block = "10.0.6.0/24"
68+
map_public_ip_on_launch = "false"
69+
availability_zone = "eu-west-1c"
70+
71+
tags {
72+
Name = "main-private-3"
73+
}
74+
}
75+
76+
# Internet GW
77+
resource "aws_internet_gateway" "main-gw" {
78+
vpc_id = "${aws_vpc.main.id}"
79+
80+
tags {
81+
Name = "main"
82+
}
83+
}
84+
85+
# route tables
86+
resource "aws_route_table" "main-public" {
87+
vpc_id = "${aws_vpc.main.id}"
88+
route {
89+
cidr_block = "0.0.0.0/0"
90+
gateway_id = "${aws_internet_gateway.main-gw.id}"
91+
}
92+
93+
tags {
94+
Name = "main-public-1"
95+
}
96+
}
97+
98+
# route associations public
99+
resource "aws_route_table_association" "main-public-1-a" {
100+
subnet_id = "${aws_subnet.main-public-1.id}"
101+
route_table_id = "${aws_route_table.main-public.id}"
102+
}
103+
resource "aws_route_table_association" "main-public-2-a" {
104+
subnet_id = "${aws_subnet.main-public-2.id}"
105+
route_table_id = "${aws_route_table.main-public.id}"
106+
}
107+
resource "aws_route_table_association" "main-public-3-a" {
108+
subnet_id = "${aws_subnet.main-public-3.id}"
109+
route_table_id = "${aws_route_table.main-public.id}"
110+
}

0 commit comments

Comments
 (0)