Untitled
unknown
terraform
2 years ago
6.5 kB
10
Indexable
provider "aws" {
region = "us-east-1"
}
resource "aws_ecs_cluster" "cluster" {
name = "my-cluster"
}
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecs_task_execution_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
Effect = "Allow"
Sid = ""
},
]
})
}
resource "aws_iam_role_policy" "ecr_policy" {
name = "ecrPolicy"
role = aws_iam_role.ecs_task_execution_role.id
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents",
"secretsmanager:GetSecretValue"
],
Effect = "Allow",
Resource = "*"
}
]
})
}
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
resource "aws_ecs_task_definition" "task" {
family = "my-task"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
memory = 512
cpu = 256
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
container_definitions = jsonencode([
{
name = "web_app-container"
image = "public.ecr.aws/d6f8s9u8/webapphayastan:latest"
essential = true
portMappings = [
{
containerPort = 80
hostPort = 80
protocol = "tcp"
},
]
}
])
}
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "my_vpc"
}
}
resource "aws_subnet" "my_subnet_1" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
tags = {
Name = "my_subnet_1"
}
}
resource "aws_subnet" "my_subnet_2" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.2.0/24"
availability_zone = "us-east-1b"
map_public_ip_on_launch = true
tags = {
Name = "my_subnet_2"
}
}
resource "aws_security_group" "my_sg" {
name = "my_sg"
description = "Allow HTTP inbound traffic"
vpc_id = aws_vpc.my_vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "my_sg"
}
}
resource "aws_ecs_service" "service" {
name = "web_app-service"
cluster = aws_ecs_cluster.cluster.id
task_definition = aws_ecs_task_definition.task.arn
desired_count = 1
launch_type = "FARGATE"
network_configuration {
subnets = [aws_subnet.my_subnet_1.id, aws_subnet.my_subnet_2.id]
assign_public_ip = true
security_groups = [aws_security_group.my_sg.id]
}
}
# provider "aws" {
# region = "us-east-1"
# }
# resource "aws_vpc" "web_app_vpc" {
# cidr_block = "10.0.0.0/16"
# enable_dns_support = true
# enable_dns_hostnames = true
# }
# resource "aws_subnet" "web_app_subnet_1" {
# vpc_id = aws_vpc.web_app_vpc.id
# cidr_block = "10.0.1.0/24"
# availability_zone = "us-east-1a"
# }
# resource "aws_subnet" "web_app_subnet_2" {
# vpc_id = aws_vpc.web_app_vpc.id
# cidr_block = "10.0.2.0/24"
# availability_zone = "us-east-1b"
# }
# resource "aws_ecs_cluster" "web_app_cluster" {
# name = "web_app-cluster"
# }
# resource "aws_ecs_task_definition" "web_app_task" {
# family = "web_app-task"
# network_mode = "awsvpc"
# requires_compatibilities = ["FARGATE"]
# cpu = "256"
# memory = "512"
# execution_role_arn = aws_iam_role.web_app_role.arn
# container_definitions = jsonencode([{
# name = "web_app-container",
# image = "public.ecr.aws/d6f8s9u8/webapphayastan:latest",
# # image = "288296512273.dkr.ecr.us-east-1.amazonaws.com/main-ecr:latest",
# portMappings = [{
# containerPort = 80,
# hostPort = 80,
# protocol = "tcp"
# }]
# }])
# }
# resource "aws_iam_role" "web_app_role" {
# name = "ecsTaskExecutionRole"
# assume_role_policy = jsonencode({
# Version = "2012-10-17",
# Statement = [{
# Action = "sts:AssumeRole",
# Effect = "Allow",
# Principal = {
# Service = "ecs-tasks.amazonaws.com"
# }
# }]
# })
# }
# resource "aws_iam_role_policy" "ecr_policy" {
# name = "ecrPolicy"
# role = aws_iam_role.web_app_role.id
# policy = jsonencode({
# Version = "2012-10-17",
# Statement = [
# {
# Action = [
# "ecr:GetAuthorizationToken",
# "ecr:BatchCheckLayerAvailability",
# "ecr:GetDownloadUrlForLayer",
# "ecr:GetRepositoryPolicy",
# "ecr:DescribeRepositories",
# "ecr:ListImages",
# "ecr:DescribeImages",
# "ecr:BatchGetImage",
# "logs:CreateLogStream",
# "logs:PutLogEvents",
# "secretsmanager:GetSecretValue"
# ],
# Effect = "Allow",
# Resource = "*"
# }
# ]
# })
# }
# resource "aws_ecs_service" "web_app_service" {
# name = "web_app-service"
# cluster = aws_ecs_cluster.web_app_cluster.id
# task_definition = aws_ecs_task_definition.web_app_task.arn
# launch_type = "FARGATE"
# network_configuration {
# subnets = [aws_subnet.web_app_subnet_1.id, aws_subnet.web_app_subnet_2.id]
# assign_public_ip = true
# }
# desired_count = 1
# }
Editor is loading...
Leave a Comment