Add nginx ecs-service (#143)

stacks/prod/config.tm.hcl

@@ -1,7 +1,8 @@
 globals "terraform" "module" "version" {
+  alb         = "9.9.0"
   vpc         = "5.7.1"
   ecs_cluster = "5.11.1"
-  alb         = "9.9.0"
+  ecs_service = "5.11.1"
 }
 
 globals "vpc" {

stacks/prod/us-east-1/alb/stack.tm.hcl

@@ -2,6 +2,7 @@ stack {
   name        = "Production Application Load Balancer (ALB)"
   description = "Production Application Load Balancer (ALB) deployed in us-east-1"
   id          = "93e0c782-1635-48cd-8717-d0728438fbac"
+  tags        = ["loadbalancing"]
   after = [
     "tag:networking"
   ]

stacks/prod/us-east-1/ecs-fargate-cluster/stack.tm.hcl

@@ -2,4 +2,5 @@ stack {
   name        = "ECS Fargate Cluster Production"
   description = "Production ECS Fargate Cluster deployed in us-east-1"
   id          = "ac1cbc21-a7d8-451e-a12e-f390bbcc1a51"
+  tags        = ["ecs-cluster"]
 }

stacks/prod/us-east-1/ecs-fargate-services/nginx/backend.tf

@@ -0,0 +1,11 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  backend "s3" {
+    bucket         = "terramate-example-terraform-state-backend"
+    dynamodb_table = "terraform-lock"
+    encrypt        = true
+    key            = "terraform/stacks/by-id/df307956-cf80-4621-ab63-124a90cc65d1/terraform.tfstate"
+    region         = "us-east-1"
+  }
+}

stacks/prod/us-east-1/ecs-fargate-services/nginx/main.tf

@@ -0,0 +1,95 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+resource "null_resource" "initial_deployment_trigger" {
+}
+data "aws_ecs_cluster" "ecs_cluster" {
+  cluster_name = "prd-ecs-cluster"
+  depends_on = [
+    null_resource.initial_deployment_trigger,
+  ]
+}
+data "aws_vpc" "vpc" {
+  depends_on = [
+    null_resource.initial_deployment_trigger,
+  ]
+  tags = {
+    Environment = "prd"
+    Terraform   = "true"
+  }
+}
+data "aws_subnets" "subnets" {
+  tags = {
+    Tier = "private"
+  }
+  filter {
+    name = "vpc-id"
+    values = [
+      data.aws_vpc.vpc.id,
+    ]
+  }
+}
+data "aws_lb_target_group" "target_group" {
+  depends_on = [
+    null_resource.initial_deployment_trigger,
+  ]
+  name = "ex_ecs"
+}
+data "aws_security_group" "security_group" {
+  depends_on = [
+    null_resource.initial_deployment_trigger,
+  ]
+  id = "sg-0c8333576937a6733"
+}
+module "ecs_service" {
+  cluster_arn = data.aws_ecs_cluster.ecs_cluster.arn
+  container_definitions = {
+    ("nginx") = {
+      cpu       = 256
+      memory    = 512
+      essential = true
+      image     = "public.ecr.aws/nginx/nginx:1.25-bookworm"
+      port_mappings = [
+        {
+          name          = "nginx"
+          containerPort = 3000
+          hostPort      = 3000
+          protocol      = "tcp"
+        },
+      ]
+    }
+  }
+  load_balancer = {
+    service = {
+      target_group_arn = data.aws_lb_target_group.target_group.arn
+      container_name   = "nginx"
+      container_port   = 3000
+    }
+  }
+  name = "nginx"
+  security_group_rules = {
+    alb_ingress_3000 = {
+      type                     = "ingress"
+      from_port                = 3000
+      to_port                  = 3000
+      protocol                 = "tcp"
+      description              = "Service port"
+      source_security_group_id = data.aws_security_group.security_group.id
+    }
+    egress_all = {
+      type      = "egress"
+      from_port = 0
+      to_port   = 0
+      protocol  = "-1"
+      cidr_blocks = [
+        "0.0.0.0/0",
+      ]
+    }
+  }
+  source     = "terraform-aws-modules/ecs/aws//modules/service"
+  subnet_ids = data.aws_subnets.subnets.ids
+  tags = {
+    Environment = "prd"
+    Terraform   = "true"
+  }
+  version = "5.11.1"
+}

stacks/prod/us-east-1/ecs-fargate-services/nginx/main.tm.hcl

@@ -0,0 +1,112 @@
+generate_hcl "main.tf" {
+  inherit = false
+
+  lets {
+    container_port = 3000
+  }
+
+  content {
+    resource "null_resource" "initial_deployment_trigger" {}
+
+    data "aws_ecs_cluster" "ecs_cluster" {
+      cluster_name = global.ecs.cluster_name
+
+      depends_on = [
+        null_resource.initial_deployment_trigger
+      ]
+    }
+
+    data "aws_vpc" "vpc" {
+      tags = global.tags
+
+      depends_on = [
+        null_resource.initial_deployment_trigger
+      ]
+    }
+
+    data "aws_subnets" "subnets" {
+      filter {
+        name   = "vpc-id"
+        values = [data.aws_vpc.vpc.id]
+      }
+
+      tags = {
+        Tier = "private"
+      }
+    }
+
+    data "aws_lb_target_group" "target_group" {
+      name = "ex_ecs"
+
+      depends_on = [
+        null_resource.initial_deployment_trigger
+      ]
+    }
+
+    data "aws_security_group" "security_group" {
+      id = "sg-0c8333576937a6733"
+
+      depends_on = [
+        null_resource.initial_deployment_trigger
+      ]
+    }
+
+    module "ecs_service" {
+      source  = "terraform-aws-modules/ecs/aws//modules/service"
+      version = global.terraform.module.version.ecs_service
+
+      name        = terramate.stack.path.basename
+      cluster_arn = data.aws_ecs_cluster.ecs_cluster.arn
+
+      #   cpu    = 1024
+      #   memory = 4096
+
+      # Container definition(s)
+      container_definitions = {
+        ("nginx") = {
+          cpu       = 256
+          memory    = 512
+          essential = true
+          image     = "public.ecr.aws/nginx/nginx:1.25-bookworm"
+          port_mappings = [
+            {
+              name          = "nginx"
+              containerPort = let.container_port
+              hostPort      = let.container_port
+              protocol      = "tcp"
+            }
+          ]
+        }
+      }
+
+      load_balancer = {
+        service = {
+          target_group_arn = data.aws_lb_target_group.target_group.arn
+          container_name   = "nginx"
+          container_port   = let.container_port
+        }
+      }
+
+      subnet_ids = data.aws_subnets.subnets.ids
+      security_group_rules = {
+        alb_ingress_3000 = {
+          type                     = "ingress"
+          from_port                = let.container_port
+          to_port                  = let.container_port
+          protocol                 = "tcp"
+          description              = "Service port"
+          source_security_group_id = data.aws_security_group.security_group.id
+        }
+        egress_all = {
+          type        = "egress"
+          from_port   = 0
+          to_port     = 0
+          protocol    = "-1"
+          cidr_blocks = ["0.0.0.0/0"]
+        }
+      }
+
+      tags = tm_try(global.tags, {})
+    }
+  }
+}

stacks/prod/us-east-1/ecs-fargate-services/nginx/stack.tm.hcl

@@ -0,0 +1,11 @@
+stack {
+  name        = "nginx"
+  description = "nginx"
+  id          = "df307956-cf80-4621-ab63-124a90cc65d1"
+  after = [
+    "tag:networking",
+    "tag:loadbalancer",
+    "tag:ecs-cluster",
+  ]
+
+}

stacks/prod/us-east-1/ecs-fargate-services/nginx/terraform.tf

@@ -0,0 +1,16 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  required_version = "1.7.5"
+}
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.31"
+    }
+  }
+}
+provider "aws" {
+  region = "us-east-1"
+}

stacks/prod/us-east-1/vpc/stack.tm.hcl

@@ -1,6 +1,6 @@
 stack {
-  name        = "Production VPC"
-  description = "Production VPC deployed in us-east-1"
+  name        = "Production Virtual Private Network (VPC)"
+  description = "Production Virtual Private Network (VPC) deployed in us-east-1"
   id          = "6f9c219c-cb68-4cac-8753-d94336f565e7"
   tags        = ["networking"]
 }