docker-demo-2

Author: wardviaene

docker-demo-2/ecs.tf

@@ -0,0 +1,23 @@
+resource "aws_launch_configuration" "ecs-example-launchconfig" {
+  name_prefix          = "ecs-launchconfig"
+  image_id             = "${lookup(var.ECS_AMIS, var.AWS_REGION)}"
+  instance_type        = "${var.ECS_INSTANCE_TYPE}"
+  key_name             = "${aws_key_pair.mykeypair.key_name}"
+  iam_instance_profile = "${aws_iam_instance_profile.ecs-ec2-role.id}"
+  security_groups      = ["${aws_security_group.ecs-securitygroup.id}"]
+  user_data            = "#!/bin/bash\necho 'ECS_CLUSTER=example' > /etc/ecs/ecs.config\nstart ecs"
+  lifecycle              { create_before_destroy = true }
+}
+resource "aws_autoscaling_group" "ecs-example-autoscaling" {
+  name                 = "ecs-example-autoscaling"
+  vpc_zone_identifier  = ["${aws_subnet.main-private-1.id}", "${aws_subnet.main-private-2.id}"]
+  launch_configuration = "${aws_launch_configuration.ecs-example-launchconfig.name}"
+  min_size             = 3
+  max_size             = 5
+  desired_capacity     = 3
+  tag {
+      key = "Name"
+      value = "ecs-ec2-container"
+      propagate_at_launch = true
+  }
+}

docker-demo-2/iam.tf

@@ -0,0 +1,113 @@
+# ecs ec2 role
+resource "aws_iam_role" "ecs-ec2-role" {
+    name = "ecs-ec2-role"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+resource "aws_iam_instance_profile" "ecs-ec2-role" {
+    name = "ecs-ec2-role"
+    roles = ["${aws_iam_role.ecs-ec2-role.name}"]
+}
+
+resource "aws_iam_role" "ecs-consul-server-role" {
+    name = "ecs-consul-server-role"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "ecs-ec2-role-policy" {
+    name = "ecs-ec2-role-policy"
+    role = "${aws_iam_role.ecs-ec2-role.id}"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+              "ecs:CreateCluster",
+              "ecs:DeregisterContainerInstance",
+              "ecs:DiscoverPollEndpoint",
+              "ecs:Poll",
+              "ecs:RegisterContainerInstance",
+              "ecs:StartTelemetrySession",
+              "ecs:Submit*",
+              "ecs:StartTask",
+              "ecr:GetAuthorizationToken",
+              "ecr:BatchCheckLayerAvailability",
+              "ecr:GetDownloadUrlForLayer",
+              "ecr:BatchGetImage",
+              "logs:CreateLogStream",
+              "logs:PutLogEvents"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents",
+                "logs:DescribeLogStreams"
+            ],
+            "Resource": [
+                "arn:aws:logs:*:*:*"
+            ]
+        }
+    ]
+}
+EOF
+}
+
+# ecs service role
+resource "aws_iam_role" "ecs-service-role" {
+    name = "ecs-service-role"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ecs.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_policy_attachment" "ecs-service-attach1" {
+    name = "ecs-service-attach1"
+    roles = ["${aws_iam_role.ecs-service-role.name}"]
+    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
+}
+

docker-demo-2/key.tf

@@ -0,0 +1,7 @@
+resource "aws_key_pair" "mykeypair" {
+  key_name = "mykeypair"
+  public_key = "${file("${var.PATH_TO_PUBLIC_KEY}")}"
+  lifecycle {
+    ignore_changes = ["public_key"]
+  }
+}

docker-demo-2/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" { 
+    region = "${var.AWS_REGION}"
+}

docker-demo-2/securitygroup.tf

@@ -0,0 +1,21 @@
+resource "aws_security_group" "ecs-securitygroup" {
+  vpc_id = "${aws_vpc.main.id}"
+  name = "ecs"
+  description = "security group for ecs"
+  egress {
+      from_port = 0
+      to_port = 0
+      protocol = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+      from_port = 80
+      to_port = 80
+      protocol = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+  } 
+  tags {
+    Name = "ecs"
+  }
+}

docker-demo-2/vars.tf

@@ -0,0 +1,21 @@
+variable "AWS_REGION" {
+  default = "eu-west-1"
+}
+variable "PATH_TO_PRIVATE_KEY" {
+  default = "mykey"
+}
+variable "PATH_TO_PUBLIC_KEY" {
+  default = "mykey.pub"
+}
+variable "ECS_INSTANCE_TYPE" {
+  default = "t2.micro"
+}
+variable "ECS_AMIS" {
+  type = "map"
+  default = {
+    us-east-1 = "ami-1924770e"
+    us-west-2 = "ami-56ed4936"
+    eu-west-1 = "ami-c8337dbb"
+  }
+}
+# Full List: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html

docker-demo-2/vpc.tf

@@ -0,0 +1,110 @@
+# Internet VPC
+resource "aws_vpc" "main" {
+    cidr_block = "10.0.0.0/16"
+    instance_tenancy = "default"
+    enable_dns_support = "true"
+    enable_dns_hostnames = "true"
+    enable_classiclink = "false"
+    tags {
+        Name = "main"
+    }
+}
+
+
+# Subnets
+resource "aws_subnet" "main-public-1" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.1.0/24"
+    map_public_ip_on_launch = "true"
+    availability_zone = "eu-west-1a"
+
+    tags {
+        Name = "main-public-1"
+    }
+}
+resource "aws_subnet" "main-public-2" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.2.0/24"
+    map_public_ip_on_launch = "true"
+    availability_zone = "eu-west-1b"
+
+    tags {
+        Name = "main-public-2"
+    }
+}
+resource "aws_subnet" "main-public-3" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.3.0/24"
+    map_public_ip_on_launch = "true"
+    availability_zone = "eu-west-1c"
+
+    tags {
+        Name = "main-public-3"
+    }
+}
+resource "aws_subnet" "main-private-1" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.4.0/24"
+    map_public_ip_on_launch = "false"
+    availability_zone = "eu-west-1a"
+
+    tags {
+        Name = "main-private-1"
+    }
+}
+resource "aws_subnet" "main-private-2" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.5.0/24"
+    map_public_ip_on_launch = "false"
+    availability_zone = "eu-west-1b"
+
+    tags {
+        Name = "main-private-2"
+    }
+}
+resource "aws_subnet" "main-private-3" {
+    vpc_id = "${aws_vpc.main.id}"
+    cidr_block = "10.0.6.0/24"
+    map_public_ip_on_launch = "false"
+    availability_zone = "eu-west-1c"
+
+    tags {
+        Name = "main-private-3"
+    }
+}
+
+# Internet GW
+resource "aws_internet_gateway" "main-gw" {
+    vpc_id = "${aws_vpc.main.id}"
+
+    tags {
+        Name = "main"
+    }
+}
+
+# route tables
+resource "aws_route_table" "main-public" {
+    vpc_id = "${aws_vpc.main.id}"
+    route {
+        cidr_block = "0.0.0.0/0"
+        gateway_id = "${aws_internet_gateway.main-gw.id}"
+    }
+
+    tags {
+        Name = "main-public-1"
+    }
+}
+
+# route associations public
+resource "aws_route_table_association" "main-public-1-a" {
+    subnet_id = "${aws_subnet.main-public-1.id}"
+    route_table_id = "${aws_route_table.main-public.id}"
+}
+resource "aws_route_table_association" "main-public-2-a" {
+    subnet_id = "${aws_subnet.main-public-2.id}"
+    route_table_id = "${aws_route_table.main-public.id}"
+}
+resource "aws_route_table_association" "main-public-3-a" {
+    subnet_id = "${aws_subnet.main-public-3.id}"
+    route_table_id = "${aws_route_table.main-public.id}"
+}