From 8caf7e3ec872db9cc3a2c958b7b74730cf72c148 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Sun, 1 Nov 2020 02:21:05 +0530 Subject: [PATCH 01/12] ecs-setup --- terraform/alb.tf | 50 ++++++++ terraform/app.tf | 27 ++++ terraform/backend.tf | 6 + .../container-definition.json | 83 +++++++++++++ terraform/ecs.tf | 70 +++++++++++ terraform/iam.tf | 117 ++++++++++++++++++ terraform/provider.tf | 3 + terraform/variable.tf | 4 + terraform/vpc.tf | 117 ++++++++++++++++++ 9 files changed, 477 insertions(+) create mode 100644 terraform/alb.tf create mode 100644 terraform/app.tf create mode 100644 terraform/backend.tf create mode 100644 terraform/container-definition/container-definition.json create mode 100644 terraform/ecs.tf create mode 100644 terraform/iam.tf create mode 100644 terraform/provider.tf create mode 100644 terraform/variable.tf create mode 100644 terraform/vpc.tf diff --git a/terraform/alb.tf b/terraform/alb.tf new file mode 100644 index 00000000..c1751af3 --- /dev/null +++ b/terraform/alb.tf @@ -0,0 +1,50 @@ +resource "aws_security_group" "lb" { + name = "allow-all-lb" + vpc_id = "${aws_vpc.awsvpc.id}" + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lb" "ecs-lb" { + name = "ecs-lb" + load_balancer_type = "application" + internal = false + subnets = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id] + security_groups = [aws_security_group.lb.id] +} + +resource "aws_lb_target_group" "lb_target_group" { + name = "target-group" + port = "80" + protocol = "HTTP" + target_type = "instance" + vpc_id = "${aws_vpc.awsvpc.id}" + health_check { + path = "/" + healthy_threshold = 2 + unhealthy_threshold = 10 + timeout = 60 + interval = 300 + matcher = "200,301,302" + } +} + +resource "aws_lb_listener" "web-listener" { + load_balancer_arn = "${aws_lb.ecs-lb.arn}" + port = "80" + protocol = "HTTP" + default_action { + type = "forward" + target_group_arn = "${aws_lb_target_group.lb_target_group.arn}" + } +} \ No newline at end of file diff --git a/terraform/app.tf b/terraform/app.tf new file mode 100644 index 00000000..cc19d840 --- /dev/null +++ b/terraform/app.tf @@ -0,0 +1,27 @@ +resource "aws_ecs_task_definition" "task-definition-test" { + family = "app-family" + container_definitions = file("container-definition/container-def.json") + network_mode = "bridge" +} + +resource "aws_ecs_service" "service" { + name = "ecs-service" + cluster = "${aws_ecs_cluster.ecs-cluster.id}" + task_definition = "${aws_ecs_task_definition.task-definition-test.arn}" + desired_count = 1 + load_balancer { + target_group_arn = "${aws_lb_target_group.lb_target_group.arn}" + container_name = "nginx" + container_port = "80" + } + lifecycle { + ignore_changes = [desired_count] + } + launch_type = "EC2" + depends_on = [aws_lb_listener.web-listener] +} + +resource "aws_cloudwatch_log_group" "log_group" { + name = "/ecs/container" +} + diff --git a/terraform/backend.tf b/terraform/backend.tf new file mode 100644 index 00000000..e67c5964 --- /dev/null +++ b/terraform/backend.tf @@ -0,0 +1,6 @@ +terraform { + backend "s3" { + bucket = "ayush-terraform-state" + region = "us-east-1" + } +} \ No newline at end of file diff --git a/terraform/container-definition/container-definition.json b/terraform/container-definition/container-definition.json new file mode 100644 index 00000000..e8f5bf81 --- /dev/null +++ b/terraform/container-definition/container-definition.json @@ -0,0 +1,83 @@ +[ + { + "name": "spring3hibernate", + "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/spring3hibernate:latest", + "cpu": 10, + "memory": 128, + "essential": true, + "portMappings": [ + { + "containerPort": 8080, + "hostPort": 8080, + "protocol": "tcp" + } + ], + "dependsOn": [ + { + "containerName": "mysql", + "condition": "START" + } + ], + "links": [ + + "mysql" + + ] + }, + + { + "name": "mysql", + "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/mysql:latest", + "cpu": 10, + "memory": 128, + "essential": true, + "portMappings": [ + { + "containerPort": 3306, + "hostPort": 3306, + "protocol": "tcp" + } + ], + "environment": [ + { + "name": "MYSQL_DATABASE", + "value": "employeedb" + }, + { + "name": "MYSQL_PASSWORD", + "value": "password" + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "value": "password" + } + ] + + }, + { + "name": "nginx", + "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest", + "cpu": 10, + "memory": 128, + "essential": true, + "portMappings": [ + { + "containerPort": 80, + "hostPort": 80, + "protocol": "tcp" + } + ], + "dependsOn": [ + { + "containerName": "spring3hibernate", + "condition": "START" + } + ], + "links": [ + + "spring3hibernate" + + ] + } + +] \ No newline at end of file diff --git a/terraform/ecs.tf b/terraform/ecs.tf new file mode 100644 index 00000000..9e87c94d --- /dev/null +++ b/terraform/ecs.tf @@ -0,0 +1,70 @@ + +resource "aws_ecs_cluster" "ecs-cluster" { + name = "ecs-cluster" +} + +data "aws_ami" "amazon_linux" { + most_recent = true + + filter { + name = "name" + values = ["amzn-ami*amazon-ecs-optimized"] + } + + filter { + name = "architecture" + values = ["x86_64"] + } + owners = ["amazon", "self"] +} + +resource "aws_security_group" "ec2-sg" { + name = "allow-all-ec2" + description = "allow all" + vpc_id = "${aws_vpc.awsvpc.id}" + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + security_groups = [aws_security_group.lb.id] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_launch_configuration" "lc" { + name = "test_ecs" + image_id = "${data.aws_ami.amazon_linux.id}" + instance_type = "t3.medium" + lifecycle { + create_before_destroy = true + } + iam_instance_profile = "${aws_iam_instance_profile.ecs-ec2-role.name}" + key_name = "mykeypair" + security_groups = [aws_security_group.ec2-sg.id] + associate_public_ip_address = true + user_data = <> /etc/ecs/ecs.config +EOF +} + +resource "aws_autoscaling_group" "asg" { + name = "test-asg" + launch_configuration = "${aws_launch_configuration.lc.name}" + min_size = 1 + max_size = 1 + desired_capacity = 1 + health_check_type = "ELB" + health_check_grace_period = 300 + vpc_zone_identifier = [aws_subnet.public-subnet-1.id, aws_subnet.public-subnet-2.id] + protect_from_scale_in = true + lifecycle { + create_before_destroy = true + } +} diff --git a/terraform/iam.tf b/terraform/iam.tf new file mode 100644 index 00000000..7c4d9959 --- /dev/null +++ b/terraform/iam.tf @@ -0,0 +1,117 @@ +# ecs ec2 role +resource "aws_iam_role" "ecs-ec2-role" { + name = "ecs-ec2-role" + assume_role_policy = < Date: Sun, 1 Nov 2020 02:27:15 +0530 Subject: [PATCH 02/12] ecs-setup --- terraform/backend.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index e67c5964..337cad36 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,6 +1,6 @@ terraform { backend "s3" { - bucket = "ayush-terraform-state" + bucket = "ayushterraform-state" region = "us-east-1" } } \ No newline at end of file From e73555297a31916d4b28a39983135fd4a07ecbd2 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Sun, 1 Nov 2020 02:51:13 +0530 Subject: [PATCH 03/12] ecs-setup --- terraform/ecs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ecs.tf b/terraform/ecs.tf index 9e87c94d..894bda32 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -58,7 +58,7 @@ resource "aws_autoscaling_group" "asg" { name = "test-asg" launch_configuration = "${aws_launch_configuration.lc.name}" min_size = 1 - max_size = 1 + max_size = 4 desired_capacity = 1 health_check_type = "ELB" health_check_grace_period = 300 From d9764dd125af9aff85b4611caa3e479a1f6362ef Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Sun, 1 Nov 2020 18:01:05 +0530 Subject: [PATCH 04/12] ecs-setup final --- terraform/alb.tf | 8 ++++---- terraform/app.tf | 8 ++++---- terraform/container-definition/container-definition.json | 9 ++++----- terraform/ecs.tf | 8 ++++---- terraform/provider.tf | 2 +- terraform/vpc.tf | 4 ++-- 6 files changed, 19 insertions(+), 20 deletions(-) diff --git a/terraform/alb.tf b/terraform/alb.tf index c1751af3..e79d6e31 100644 --- a/terraform/alb.tf +++ b/terraform/alb.tf @@ -1,6 +1,6 @@ resource "aws_security_group" "lb" { name = "allow-all-lb" - vpc_id = "${aws_vpc.awsvpc.id}" + vpc_id = aws_vpc.awsvpc.id ingress { from_port = 0 to_port = 0 @@ -28,7 +28,7 @@ resource "aws_lb_target_group" "lb_target_group" { port = "80" protocol = "HTTP" target_type = "instance" - vpc_id = "${aws_vpc.awsvpc.id}" + vpc_id = aws_vpc.awsvpc.id health_check { path = "/" healthy_threshold = 2 @@ -40,11 +40,11 @@ resource "aws_lb_target_group" "lb_target_group" { } resource "aws_lb_listener" "web-listener" { - load_balancer_arn = "${aws_lb.ecs-lb.arn}" + load_balancer_arn = aws_lb.ecs-lb.arn port = "80" protocol = "HTTP" default_action { type = "forward" - target_group_arn = "${aws_lb_target_group.lb_target_group.arn}" + target_group_arn = aws_lb_target_group.lb_target_group.arn } } \ No newline at end of file diff --git a/terraform/app.tf b/terraform/app.tf index cc19d840..c0a3a369 100644 --- a/terraform/app.tf +++ b/terraform/app.tf @@ -1,16 +1,16 @@ resource "aws_ecs_task_definition" "task-definition-test" { family = "app-family" - container_definitions = file("container-definition/container-def.json") + container_definitions = file("container-definition/container-definition.json") network_mode = "bridge" } resource "aws_ecs_service" "service" { name = "ecs-service" - cluster = "${aws_ecs_cluster.ecs-cluster.id}" - task_definition = "${aws_ecs_task_definition.task-definition-test.arn}" + cluster = aws_ecs_cluster.ecs-cluster.id + task_definition = aws_ecs_task_definition.task-definition-test.arn desired_count = 1 load_balancer { - target_group_arn = "${aws_lb_target_group.lb_target_group.arn}" + target_group_arn = aws_lb_target_group.lb_target_group.arn container_name = "nginx" container_port = "80" } diff --git a/terraform/container-definition/container-definition.json b/terraform/container-definition/container-definition.json index e8f5bf81..9f922037 100644 --- a/terraform/container-definition/container-definition.json +++ b/terraform/container-definition/container-definition.json @@ -3,7 +3,7 @@ "name": "spring3hibernate", "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/spring3hibernate:latest", "cpu": 10, - "memory": 128, + "memory": 512, "essential": true, "portMappings": [ { @@ -29,7 +29,7 @@ "name": "mysql", "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/mysql:latest", "cpu": 10, - "memory": 128, + "memory": 512, "essential": true, "portMappings": [ { @@ -51,14 +51,13 @@ "name": "MYSQL_ROOT_PASSWORD", "value": "password" } - ] - + ] }, { "name": "nginx", "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest", "cpu": 10, - "memory": 128, + "memory": 512, "essential": true, "portMappings": [ { diff --git a/terraform/ecs.tf b/terraform/ecs.tf index 894bda32..22fff6a8 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -21,7 +21,7 @@ data "aws_ami" "amazon_linux" { resource "aws_security_group" "ec2-sg" { name = "allow-all-ec2" description = "allow all" - vpc_id = "${aws_vpc.awsvpc.id}" + vpc_id = aws_vpc.awsvpc.id ingress { from_port = 0 to_port = 0 @@ -38,12 +38,12 @@ resource "aws_security_group" "ec2-sg" { resource "aws_launch_configuration" "lc" { name = "test_ecs" - image_id = "${data.aws_ami.amazon_linux.id}" + image_id = data.aws_ami.amazon_linux.id instance_type = "t3.medium" lifecycle { create_before_destroy = true } - iam_instance_profile = "${aws_iam_instance_profile.ecs-ec2-role.name}" + iam_instance_profile = aws_iam_instance_profile.ecs-ec2-role.name key_name = "mykeypair" security_groups = [aws_security_group.ec2-sg.id] associate_public_ip_address = true @@ -56,7 +56,7 @@ EOF resource "aws_autoscaling_group" "asg" { name = "test-asg" - launch_configuration = "${aws_launch_configuration.lc.name}" + launch_configuration = aws_launch_configuration.lc.name min_size = 1 max_size = 4 desired_capacity = 1 diff --git a/terraform/provider.tf b/terraform/provider.tf index faa99b67..6d33ab9e 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,3 +1,3 @@ provider "aws" { - region = "${var.AWS_REGION}" + region = var.AWS_REGION } diff --git a/terraform/vpc.tf b/terraform/vpc.tf index 285d3991..5d3b1456 100644 --- a/terraform/vpc.tf +++ b/terraform/vpc.tf @@ -65,8 +65,8 @@ resource "aws_eip" "eip" { # NAT Gateway resource "aws_nat_gateway" "nat" { - allocation_id = "${aws_eip.eip.id}" - subnet_id = "${aws_subnet.public-subnet-1.id}" + allocation_id = aws_eip.eip.id + subnet_id = aws_subnet.public-subnet-1.id depends_on = [aws_internet_gateway.main-gw] } From 4fe034a2b06235270eae254f13eb4737ee3ee964 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Sun, 1 Nov 2020 19:26:07 +0530 Subject: [PATCH 05/12] ecs-setup readme --- terraform/readme.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 terraform/readme.md diff --git a/terraform/readme.md b/terraform/readme.md new file mode 100644 index 00000000..e69de29b From 049d9e3515d6a21f4afcfe9fd2ec53ff72024a8f Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 02:03:59 +0530 Subject: [PATCH 06/12] ecs-setup final --- terraform/readme.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/terraform/readme.md b/terraform/readme.md index e69de29b..dd4a48b5 100644 --- a/terraform/readme.md +++ b/terraform/readme.md @@ -0,0 +1,18 @@ +############################################################################################ +input steps: +1. create a erc or docker repository and add the image url with tag under image section of container definiton file +2. terraform init +3. terraform plan +4. terraform apply +5. ECS ensure application availabiity all the time, you can define the desired, max and min count of Ec2 instance in asg. + +container-definition.json : define docker containers to run in the form task to be executed by the ecs service on ecs cluster. +appication load balancer : to alow traffic to ecs service running task. +task definition: required to run docker container in ECS. +ecs service: to run and maintain particular no of task on ecs cluster. +ecs cluster: grouping of task and service. + +Ec2 instance is running all the three containers. lb is connecting to nginx at port 80. +when hitting the DNS name for loadbalancer with port 80 nginx page is loading with message that page is unavailable, but the application is working as you can check at port 8080 of the Ec2 instance. +facing issue with mounting volumes in container defintion. +you need to change proxy_pass proxy_pass to http://0.0.0.0/0:8080/ in default.conf of nginx, since we are not using docker compose From 48307c958d5c5adb623e168e5d279fa3e5ab81a3 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 02:06:18 +0530 Subject: [PATCH 07/12] ecs-setup final --- terraform/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/readme.md b/terraform/readme.md index dd4a48b5..8398d65f 100644 --- a/terraform/readme.md +++ b/terraform/readme.md @@ -1,6 +1,6 @@ ############################################################################################ input steps: -1. create a erc or docker repository and add the image url with tag under image section of container definiton file +1. create a ECR repository and add the image url with tag under image section of container definiton file 2. terraform init 3. terraform plan 4. terraform apply From 8d8a8328cdb7a7883447c87b2e171ddc247e30f8 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 11:30:04 +0530 Subject: [PATCH 08/12] ecs-setup --- terraform/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/readme.md b/terraform/readme.md index 8398d65f..277af269 100644 --- a/terraform/readme.md +++ b/terraform/readme.md @@ -15,4 +15,4 @@ ecs cluster: grouping of task and service. Ec2 instance is running all the three containers. lb is connecting to nginx at port 80. when hitting the DNS name for loadbalancer with port 80 nginx page is loading with message that page is unavailable, but the application is working as you can check at port 8080 of the Ec2 instance. facing issue with mounting volumes in container defintion. -you need to change proxy_pass proxy_pass to http://0.0.0.0/0:8080/ in default.conf of nginx, since we are not using docker compose + From 09bc696552e0015430bc95043f9fed8c61e82154 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 11:51:41 +0530 Subject: [PATCH 09/12] ecs-setup --- terraform/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/readme.md b/terraform/readme.md index 277af269..000a2b09 100644 --- a/terraform/readme.md +++ b/terraform/readme.md @@ -13,6 +13,5 @@ ecs service: to run and maintain particular no of task on ecs cluster. ecs cluster: grouping of task and service. Ec2 instance is running all the three containers. lb is connecting to nginx at port 80. -when hitting the DNS name for loadbalancer with port 80 nginx page is loading with message that page is unavailable, but the application is working as you can check at port 8080 of the Ec2 instance. facing issue with mounting volumes in container defintion. From ccd1eaa918f508fd85216f376ecbaae8ba88bf0b Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 21:20:29 +0530 Subject: [PATCH 10/12] ecs-setup --- terraform/variable.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/variable.tf b/terraform/variable.tf index 76797232..f8cf9801 100644 --- a/terraform/variable.tf +++ b/terraform/variable.tf @@ -1,4 +1,4 @@ variable "AWS_REGION" { - default = "us-east-1" + default = "us-east-2" } From 99472d87830b1e306155ca9e976e284f73f9f42b Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Mon, 2 Nov 2020 21:21:22 +0530 Subject: [PATCH 11/12] ecs-setup --- terraform/variable.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/variable.tf b/terraform/variable.tf index f8cf9801..76797232 100644 --- a/terraform/variable.tf +++ b/terraform/variable.tf @@ -1,4 +1,4 @@ variable "AWS_REGION" { - default = "us-east-2" + default = "us-east-1" } From 292d9131076f558415aeb8a3fb24edc8833c0b00 Mon Sep 17 00:00:00 2001 From: ayush upadhyay Date: Tue, 3 Nov 2020 21:58:31 +0530 Subject: [PATCH 12/12] ecs-setup --- terraform/container-definition/container-definition.json | 2 +- terraform/ecs.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/container-definition/container-definition.json b/terraform/container-definition/container-definition.json index 9f922037..a11568f5 100644 --- a/terraform/container-definition/container-definition.json +++ b/terraform/container-definition/container-definition.json @@ -55,7 +55,7 @@ }, { "name": "nginx", - "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest", + "image": "188078574990.dkr.ecr.us-east-1.amazonaws.com/nginx:latest1", "cpu": 10, "memory": 512, "essential": true, diff --git a/terraform/ecs.tf b/terraform/ecs.tf index 22fff6a8..a741582f 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -44,7 +44,7 @@ resource "aws_launch_configuration" "lc" { create_before_destroy = true } iam_instance_profile = aws_iam_instance_profile.ecs-ec2-role.name - key_name = "mykeypair" + key_name = "" security_groups = [aws_security_group.ec2-sg.id] associate_public_ip_address = true user_data = <