Untitled

mail@pastecode.io avatar
unknown
terraform
a month ago
6.5 kB
3
Indexable
Never
provider "aws" {
  region = "us-east-1"
}

resource "aws_ecs_cluster" "cluster" {
  name = "my-cluster"
}

resource "aws_iam_role" "ecs_task_execution_role" {
  name = "ecs_task_execution_role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Principal = {
          Service = "ecs-tasks.amazonaws.com"
        }
        Effect = "Allow"
        Sid    = ""
      },
    ]
  })
}

resource "aws_iam_role_policy" "ecr_policy" {
  name = "ecrPolicy"
  role = aws_iam_role.ecs_task_execution_role.id

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = [
          "ecr:GetAuthorizationToken",
          "ecr:BatchCheckLayerAvailability",
          "ecr:GetDownloadUrlForLayer",
          "ecr:GetRepositoryPolicy",
          "ecr:DescribeRepositories",
          "ecr:ListImages",
          "ecr:DescribeImages",
          "ecr:BatchGetImage",
          "logs:CreateLogStream",
          "logs:PutLogEvents",
          "secretsmanager:GetSecretValue"
        ],
        Effect = "Allow",
        Resource = "*"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
  role       = aws_iam_role.ecs_task_execution_role.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}

resource "aws_ecs_task_definition" "task" {
  family                   = "my-task"
  network_mode             = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  memory                   = 512
  cpu                      = 256

  execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
  container_definitions = jsonencode([
    {
      name      = "web_app-container"
      image     = "public.ecr.aws/d6f8s9u8/webapphayastan:latest"
      essential = true
      portMappings = [
        {
          containerPort = 80
          hostPort      = 80
          protocol      = "tcp"
        },
      ]
    }
  ])
}

resource "aws_vpc" "my_vpc" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "my_vpc"
  }
}

resource "aws_subnet" "my_subnet_1" {
  vpc_id                  = aws_vpc.my_vpc.id
  cidr_block              = "10.0.1.0/24"
  availability_zone       = "us-east-1a"
  map_public_ip_on_launch = true
  tags = {
    Name = "my_subnet_1"
  }
}

resource "aws_subnet" "my_subnet_2" {
  vpc_id                  = aws_vpc.my_vpc.id
  cidr_block              = "10.0.2.0/24"
  availability_zone       = "us-east-1b"
  map_public_ip_on_launch = true
  tags = {
    Name = "my_subnet_2"
  }
}

resource "aws_security_group" "my_sg" {
  name        = "my_sg"
  description = "Allow HTTP inbound traffic"
  vpc_id      = aws_vpc.my_vpc.id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "my_sg"
  }
}

resource "aws_ecs_service" "service" {
  name            = "web_app-service"
  cluster         = aws_ecs_cluster.cluster.id
  task_definition = aws_ecs_task_definition.task.arn
  desired_count   = 1
  launch_type     = "FARGATE"

  network_configuration {
    subnets          = [aws_subnet.my_subnet_1.id, aws_subnet.my_subnet_2.id]
    assign_public_ip = true
    security_groups  = [aws_security_group.my_sg.id]
  }
}






# provider "aws" {
#   region = "us-east-1"
# }

# resource "aws_vpc" "web_app_vpc" {
#   cidr_block = "10.0.0.0/16"
#   enable_dns_support   = true
#   enable_dns_hostnames = true
# }

# resource "aws_subnet" "web_app_subnet_1" {
#   vpc_id            = aws_vpc.web_app_vpc.id
#   cidr_block        = "10.0.1.0/24"
#   availability_zone = "us-east-1a"
# }

# resource "aws_subnet" "web_app_subnet_2" {
#   vpc_id            = aws_vpc.web_app_vpc.id
#   cidr_block        = "10.0.2.0/24"
#   availability_zone = "us-east-1b"
# }

# resource "aws_ecs_cluster" "web_app_cluster" {
#   name = "web_app-cluster"
# }

# resource "aws_ecs_task_definition" "web_app_task" {
#   family                   = "web_app-task"
#   network_mode             = "awsvpc"
#   requires_compatibilities = ["FARGATE"]
#   cpu                      = "256"
#   memory                   = "512"
#   execution_role_arn       = aws_iam_role.web_app_role.arn


#   container_definitions = jsonencode([{
#     name  = "web_app-container",
#     image = "public.ecr.aws/d6f8s9u8/webapphayastan:latest",
#     # image = "288296512273.dkr.ecr.us-east-1.amazonaws.com/main-ecr:latest",
#     portMappings = [{
#       containerPort = 80,
#       hostPort      = 80,
#       protocol      = "tcp"
#     }]
#   }])
# }


# resource "aws_iam_role" "web_app_role" {
#   name = "ecsTaskExecutionRole"

#   assume_role_policy = jsonencode({
#     Version = "2012-10-17",
#     Statement = [{
#       Action = "sts:AssumeRole",
#       Effect = "Allow",
#       Principal = {
#         Service = "ecs-tasks.amazonaws.com"
#       }
#     }]
#   })
# }

# resource "aws_iam_role_policy" "ecr_policy" {
#   name = "ecrPolicy"
#   role = aws_iam_role.web_app_role.id

#   policy = jsonencode({
#     Version = "2012-10-17",
#     Statement = [
#       {
#         Action = [
#           "ecr:GetAuthorizationToken",
#           "ecr:BatchCheckLayerAvailability",
#           "ecr:GetDownloadUrlForLayer",
#           "ecr:GetRepositoryPolicy",
#           "ecr:DescribeRepositories",
#           "ecr:ListImages",
#           "ecr:DescribeImages",
#           "ecr:BatchGetImage",
#           "logs:CreateLogStream",
#           "logs:PutLogEvents",
#           "secretsmanager:GetSecretValue"
#         ],
#         Effect = "Allow",
#         Resource = "*"
#       }
#     ]
#   })
# }

# resource "aws_ecs_service" "web_app_service" {
#   name            = "web_app-service"
#   cluster         = aws_ecs_cluster.web_app_cluster.id
#   task_definition = aws_ecs_task_definition.web_app_task.arn
#   launch_type     = "FARGATE"

#   network_configuration {
#     subnets = [aws_subnet.web_app_subnet_1.id, aws_subnet.web_app_subnet_2.id]
#     assign_public_ip = true
#   }

#   desired_count = 1
# }
Leave a Comment