Untitled
unknown
terraform
2 years ago
4.3 kB
11
Indexable
provider "aws" {
region = "us-east-1"
}
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
resource "aws_ecr_repository" "app_repository" {
name = "288296512273.dkr.ecr.us-east-1.amazonaws.com/main-ecr"
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = true
}
}
resource "aws_ecr_repository_policy" "public_access" {
repository = aws_ecr_repository.app_repository.name
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "PublicReadAccess"
Effect = "Allow"
Principal = "*"
Action = "ecr:GetDownloadUrlForLayer"
}
]
})
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 3.0"
name = "final-web-app-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b"]
public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnets = ["10.0.3.0/24", "10.0.4.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
public_subnet_tags = {
"Name" = "public-subnet"
"Tier" = "public"
}
private_subnet_tags = {
"Name" = "private-subnet"
"Tier" = "private"
}
}
resource "aws_ecs_cluster" "app_cluster" {
name = "final-web-app-cluster"
}
# resource "aws_iam_role" "ecs_task_execution_role" {
# name = "ecs_task_execution_role"
# assume_role_policy = jsonencode({
# Version = "2012-10-17"
# Statement = [
# {
# Action = "sts:AssumeRole"
# Principal = {
# Service = "ecs-tasks.amazonaws.com"
# }
# Effect = "Allow"
# Sid = ""
# },
# ]
# })
# }
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecs_task_execution_role"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Principal = {
Service = "ecs-tasks.amazonaws.com"
},
Effect = "Allow",
Sid = ""
},
],
})
inline_policy {
name = "ecr_permissions"
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = ["ecr:BatchCheckLayerAvailability", "ecr:GetAuthorizationToken"],
Effect = "Allow",
Resource = "*",
},
],
})
}
}
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy_attachment" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.ecs_task_execution_role.name
}
resource "aws_ecs_task_definition" "app_task" {
family = "final-web-app-task-def"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = "256"
memory = "512"
container_definitions = jsonencode([
{
name = "final-web-app-container"
image = "${aws_ecr_repository.app_repository.repository_url}:latest"
essential = true
portMappings = [
{
containerPort = 80
hostPort = 80
}
]
}
])
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
}
resource "aws_security_group" "app_sg" {
name = "final-web-app-sg"
description = "Allow web traffic to ECS service"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "final-web-app-sg"
}
}
resource "aws_ecs_service" "app_service" {
name = "final-web-app-ecs-service"
cluster = aws_ecs_cluster.app_cluster.id
task_definition = aws_ecs_task_definition.app_task.arn
desired_count = 1
launch_type = "FARGATE"
network_configuration {
subnets = module.vpc.public_subnets
assign_public_ip = true
security_groups = [aws_security_group.app_sg.id]
}
}
Editor is loading...
Leave a Comment