Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prmp 763 - Weekly ods update ecs #194

Merged
merged 26 commits into from
Sep 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
0790124
[PRMDR-763] weekly update fargate
NogaNHS Sep 11, 2024
60c252e
[PRMDR-763] format
NogaNHS Sep 11, 2024
07f4810
[PRMDR-763] remove alarm list from new ecs
NogaNHS Sep 11, 2024
2e627e9
[PRMDR-763] add cluster name to resources
NogaNHS Sep 11, 2024
654b215
[PRMDR-763] add scheduler
NogaNHS Sep 11, 2024
1dc6b09
[PRMDR-763] add ecs_parameters to aws_scheduler_schedule
NogaNHS Sep 11, 2024
f2481d3
[PRMDR-763] fix ecs_parameters to aws_scheduler_schedule
NogaNHS Sep 11, 2024
d428132
[PRMDR-763] fix ecs_parameters to aws_scheduler_schedule
NogaNHS Sep 11, 2024
ba8bf34
[PRMDR-763] change memory and add env vars
NogaNHS Sep 11, 2024
e908819
[PRMDR-763] add cpu vars
NogaNHS Sep 11, 2024
791fa2f
[PRMDR-763] add task_role to task_definition
NogaNHS Sep 12, 2024
4303f9e
[PRMDR-763] change subnet from list to set
NogaNHS Sep 12, 2024
ea1083e
[PRMDR-763] add name to iam role
NogaNHS Sep 12, 2024
10ba076
[PRMDR-763] add env var
NogaNHS Sep 12, 2024
e1f8bc0
[PRMDR-763] optional ecs service
NogaNHS Sep 12, 2024
f3cd090
[PRMDR-763] optional ecs service
NogaNHS Sep 12, 2024
bda5a4f
[PRMDR-763] name chage
NogaNHS Sep 12, 2024
9a5fd13
[PRMDR-763] change count logic error
NogaNHS Sep 13, 2024
75311c4
[PRMDR-763] remove alarm when no service
NogaNHS Sep 13, 2024
2096e79
[PRMDR-763] change ecs app name
NogaNHS Sep 13, 2024
c313da5
[PRMDR-763] add flag to disable build on sandbox
NogaNHS Sep 13, 2024
a016874
[PRMDR-763] add flags to app ecs for clarity
NogaNHS Sep 13, 2024
fc6ee59
[PRMDR-763] PR changes
NogaNHS Sep 13, 2024
48bd907
PRMP-763 PR name changes
NogaNHS Sep 13, 2024
16b92c1
PRMP-763 add tf plan to git ignore
NogaNHS Sep 13, 2024
eedfbec
PRMP-763 name change
NogaNHS Sep 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ terraform.rc
node_modules/
tfplan
*.zip
*tf.plan

.idea/
.vscode/
9 changes: 7 additions & 2 deletions infrastructure/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.62.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.66.0 |

## Modules

Expand Down Expand Up @@ -84,9 +84,11 @@
| <a name="module_ndr-app-config"></a> [ndr-app-config](#module\_ndr-app-config) | ./modules/app_config | n/a |
| <a name="module_ndr-bulk-staging-store"></a> [ndr-bulk-staging-store](#module\_ndr-bulk-staging-store) | ./modules/s3/ | n/a |
| <a name="module_ndr-docker-ecr-ui"></a> [ndr-docker-ecr-ui](#module\_ndr-docker-ecr-ui) | ./modules/ecr/ | n/a |
| <a name="module_ndr-docker-ecr-weekly-ods-update"></a> [ndr-docker-ecr-weekly-ods-update](#module\_ndr-docker-ecr-weekly-ods-update) | ./modules/ecr/ | n/a |
| <a name="module_ndr-document-store"></a> [ndr-document-store](#module\_ndr-document-store) | ./modules/s3/ | n/a |
| <a name="module_ndr-ecs-container-port-ssm-parameter"></a> [ndr-ecs-container-port-ssm-parameter](#module\_ndr-ecs-container-port-ssm-parameter) | ./modules/ssm_parameter | n/a |
| <a name="module_ndr-ecs-fargate"></a> [ndr-ecs-fargate](#module\_ndr-ecs-fargate) | ./modules/ecs | n/a |
| <a name="module_ndr-ecs-fargate-app"></a> [ndr-ecs-fargate-app](#module\_ndr-ecs-fargate-app) | ./modules/ecs | n/a |
| <a name="module_ndr-ecs-fargate-ods-update"></a> [ndr-ecs-fargate-ods-update](#module\_ndr-ecs-fargate-ods-update) | ./modules/ecs | n/a |
| <a name="module_ndr-feedback-mailbox"></a> [ndr-feedback-mailbox](#module\_ndr-feedback-mailbox) | ./modules/ses | n/a |
| <a name="module_ndr-lloyd-george-store"></a> [ndr-lloyd-george-store](#module\_ndr-lloyd-george-store) | ./modules/s3/ | n/a |
| <a name="module_ndr-vpc-ui"></a> [ndr-vpc-ui](#module\_ndr-vpc-ui) | ./modules/vpc/ | n/a |
Expand Down Expand Up @@ -188,6 +190,8 @@
| [aws_iam_role.ecs_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.manifest_presign_url_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.mesh_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.ods_weekly_update_ecs_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.ods_weekly_update_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.s3_backup_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.sns_failure_feedback_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.splunk_sqs_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
Expand Down Expand Up @@ -218,6 +222,7 @@
| [aws_s3_bucket_lifecycle_configuration.lg-lifecycle-rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
| [aws_s3_bucket_lifecycle_configuration.staging-store-lifecycle-rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
| [aws_s3_bucket_policy.logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_scheduler_schedule.ods_weekly_update_ecs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/scheduler_schedule) | resource |
| [aws_security_group.ndr_mesh_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_sns_topic.alarm_notifications_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_subscription.alarm_notifications_sns_topic_subscription](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/api.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ resource "aws_api_gateway_rest_api" "ndr_doc_store_api" {

resource "aws_api_gateway_domain_name" "custom_api_domain" {
domain_name = local.api_gateway_full_domain_name
regional_certificate_arn = module.ndr-ecs-fargate.certificate_arn
regional_certificate_arn = module.ndr-ecs-fargate-app.certificate_arn

endpoint_configuration {
types = ["REGIONAL"]
Expand Down
8 changes: 8 additions & 0 deletions infrastructure/ecr.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,11 @@ module "ndr-docker-ecr-ui" {
environment = var.environment
owner = var.owner
}
module "ndr-docker-ecr-weekly-ods-update" {
count = local.is_sandbox ? 0 : 1
source = "./modules/ecr/"
app_name = "${terraform.workspace}-weekly-ods-update"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice the app_name of the docker-ecr-ui above is stamped as ndr- at the beginning, is that a convention we want to replicate here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The terraform.workspace is ndrX, so it would be ndr-ndr. I would have changed the other one but that is out of scope 😅


environment = var.environment
owner = var.owner
}
71 changes: 68 additions & 3 deletions infrastructure/ecs.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
module "ndr-ecs-fargate" {
module "ndr-ecs-fargate-app" {
source = "./modules/ecs"
ecs_cluster_name = "app-cluster"
is_lb_needed = true
is_autoscaling_needed = true
AndyFlintNHS marked this conversation as resolved.
Show resolved Hide resolved
is_service_needed = true
vpc_id = module.ndr-vpc-ui.vpc_id
public_subnets = module.ndr-vpc-ui.public_subnets
private_subnets = module.ndr-vpc-ui.private_subnets
Expand All @@ -22,9 +25,71 @@ module "ndr-ecs-container-port-ssm-parameter" {
source = "./modules/ssm_parameter"
name = "container_port"
description = "Docker container port number for ${var.environment}"
resource_depends_on = module.ndr-ecs-fargate
value = module.ndr-ecs-fargate.container_port
resource_depends_on = module.ndr-ecs-fargate-app
value = module.ndr-ecs-fargate-app.container_port
type = "SecureString"
owner = var.owner
environment = var.environment
}

module "ndr-ecs-fargate-ods-update" {
count = local.is_sandbox ? 0 : 1
source = "./modules/ecs"
ecs_cluster_name = "ods-weekly-update"
NogaNHS marked this conversation as resolved.
Show resolved Hide resolved
vpc_id = module.ndr-vpc-ui.vpc_id
public_subnets = module.ndr-vpc-ui.public_subnets
private_subnets = module.ndr-vpc-ui.private_subnets
sg_name = "${terraform.workspace}-ods-weekly-update-sg"
ecs_launch_type = "FARGATE"
ecs_cluster_service_name = "${terraform.workspace}-ods-weekly-update"
ecr_repository_url = module.ndr-docker-ecr-weekly-ods-update[0].ecr_repository_url
environment = var.environment
owner = var.owner
container_port = 80
is_autoscaling_needed = false
is_lb_needed = false
is_service_needed = false
alarm_actions_arn_list = []
logs_bucket = aws_s3_bucket.logs_bucket.bucket
task_role = aws_iam_role.ods_weekly_update_task_role[0].arn
environment_vars = [
{
"name" : "table_name",
"value" : module.lloyd_george_reference_dynamodb_table.table_name
},
{
"name" : "PDS_FHIR_IS_STUBBED",
"value" : tostring(local.is_sandbox)
}
]
ecs_container_definition_memory = 512
ecs_container_definition_cpu = 256
ecs_task_definition_memory = 512
ecs_task_definition_cpu = 256
}

resource "aws_iam_role" "ods_weekly_update_task_role" {
count = local.is_sandbox ? 0 : 1
name = "${terraform.workspace}_ods_weekly_update_task_role"
managed_policy_arns = [
module.lloyd_george_reference_dynamodb_table.dynamodb_policy,
aws_iam_policy.ssm_access_policy.arn,
]
assume_role_policy = jsonencode(
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "",
"Effect" : "Allow",
"Principal" : {
"Service" : [
"ecs-tasks.amazonaws.com"
]
},
"Action" : "sts:AssumeRole"
}
]
}
)
}
4 changes: 2 additions & 2 deletions infrastructure/firewall.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ module "firewall_waf_v2" {
}

resource "aws_wafv2_web_acl_association" "web_acl_association" {
resource_arn = module.ndr-ecs-fargate.load_balancer_arn
resource_arn = module.ndr-ecs-fargate-app.load_balancer_arn
web_acl_arn = module.firewall_waf_v2[0].arn

count = (terraform.workspace == "ndra" ||
terraform.workspace == "ndrb" ||
terraform.workspace == "ndrc" ||
terraform.workspace == "ndrd") ? 0 : 1
depends_on = [
module.ndr-ecs-fargate,
module.ndr-ecs-fargate-app,
module.firewall_waf_v2[0]
]
}
18 changes: 16 additions & 2 deletions infrastructure/modules/ecs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,20 +47,32 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_alarm_actions_arn_list"></a> [alarm\_actions\_arn\_list](#input\_alarm\_actions\_arn\_list) | n/a | `list(string)` | n/a | yes |
| <a name="input_autoscaling_max_capacity"></a> [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | n/a | `number` | `6` | no |
| <a name="input_autoscaling_min_capacity"></a> [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | n/a | `number` | `3` | no |
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | n/a | `string` | `"eu-west-2"` | no |
| <a name="input_certificate_domain"></a> [certificate\_domain](#input\_certificate\_domain) | n/a | `string` | n/a | yes |
| <a name="input_certificate_domain"></a> [certificate\_domain](#input\_certificate\_domain) | n/a | `string` | `""` | no |
| <a name="input_container_port"></a> [container\_port](#input\_container\_port) | n/a | `number` | `8080` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
| <a name="input_desired_count"></a> [desired\_count](#input\_desired\_count) | n/a | `number` | `3` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | `""` | no |
| <a name="input_ecr_repository_url"></a> [ecr\_repository\_url](#input\_ecr\_repository\_url) | n/a | `any` | n/a | yes |
| <a name="input_ecs_cluster_name"></a> [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | n/a | `string` | n/a | yes |
| <a name="input_ecs_cluster_service_name"></a> [ecs\_cluster\_service\_name](#input\_ecs\_cluster\_service\_name) | n/a | `string` | n/a | yes |
| <a name="input_ecs_container_definition_cpu"></a> [ecs\_container\_definition\_cpu](#input\_ecs\_container\_definition\_cpu) | n/a | `number` | `512` | no |
| <a name="input_ecs_container_definition_memory"></a> [ecs\_container\_definition\_memory](#input\_ecs\_container\_definition\_memory) | n/a | `number` | `1024` | no |
| <a name="input_ecs_launch_type"></a> [ecs\_launch\_type](#input\_ecs\_launch\_type) | n/a | `string` | `"FARGATE"` | no |
| <a name="input_ecs_task_definition_cpu"></a> [ecs\_task\_definition\_cpu](#input\_ecs\_task\_definition\_cpu) | n/a | `number` | `1024` | no |
| <a name="input_ecs_task_definition_memory"></a> [ecs\_task\_definition\_memory](#input\_ecs\_task\_definition\_memory) | n/a | `number` | `2048` | no |
| <a name="input_environment"></a> [environment](#input\_environment) | n/a | `string` | n/a | yes |
| <a name="input_environment_vars"></a> [environment\_vars](#input\_environment\_vars) | n/a | `list` | <pre>[<br> null<br>]</pre> | no |
| <a name="input_is_autoscaling_needed"></a> [is\_autoscaling\_needed](#input\_is\_autoscaling\_needed) | n/a | `bool` | `true` | no |
| <a name="input_is_lb_needed"></a> [is\_lb\_needed](#input\_is\_lb\_needed) | n/a | `bool` | `false` | no |
| <a name="input_is_service_needed"></a> [is\_service\_needed](#input\_is\_service\_needed) | n/a | `bool` | `true` | no |
| <a name="input_logs_bucket"></a> [logs\_bucket](#input\_logs\_bucket) | n/a | `any` | n/a | yes |
| <a name="input_owner"></a> [owner](#input\_owner) | n/a | `string` | n/a | yes |
| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | n/a | `any` | n/a | yes |
| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | n/a | `any` | n/a | yes |
| <a name="input_sg_name"></a> [sg\_name](#input\_sg\_name) | n/a | `string` | n/a | yes |
| <a name="input_task_role"></a> [task\_role](#input\_task\_role) | n/a | `any` | `null` | no |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes |

## Outputs
Expand All @@ -70,5 +82,7 @@ No modules.
| <a name="output_certificate_arn"></a> [certificate\_arn](#output\_certificate\_arn) | The arn of certificate that load balancer is using |
| <a name="output_container_port"></a> [container\_port](#output\_container\_port) | The container port number of docker image, which was provided as input variable of this module |
| <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | n/a |
| <a name="output_ecs_cluster_arn"></a> [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | n/a |
| <a name="output_load_balancer_arn"></a> [load\_balancer\_arn](#output\_load\_balancer\_arn) | The arn of the load balancer |
| <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | n/a |
| <a name="output_task_definition_arn"></a> [task\_definition\_arn](#output\_task\_definition\_arn) | n/a |
28 changes: 14 additions & 14 deletions infrastructure/modules/ecs/alarms.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
resource "aws_cloudwatch_metric_alarm" "alb_alarm_4XX" {
alarm_name = "4XX-status-${aws_lb.ecs_lb.name}"
count = !local.is_sandbox && var.is_lb_needed ? 1 : 0
alarm_name = "4XX-status-${aws_lb.ecs_lb[0].name}"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
namespace = "AWS/ApplicationELB"
Expand All @@ -9,22 +10,21 @@ resource "aws_cloudwatch_metric_alarm" "alb_alarm_4XX" {
threshold = 20
treat_missing_data = "notBreaching"
dimensions = {
LoadBalancer = aws_lb.ecs_lb.arn_suffix
LoadBalancer = aws_lb.ecs_lb[0].arn_suffix
}
alarm_description = "This alarm indicates that at least 20 4XX statuses have occurred on ${aws_lb.ecs_lb.name} in a minute."
alarm_description = "This alarm indicates that at least 20 4XX statuses have occurred on ${aws_lb.ecs_lb[0].name} in a minute."
alarm_actions = var.alarm_actions_arn_list

tags = {
Name = "4XX-status-${aws_lb.ecs_lb.name}"
Name = "4XX-status-${aws_lb.ecs_lb[0].name}"
Owner = var.owner
Environment = var.environment
Workspace = terraform.workspace
}
count = local.is_sandbox ? 0 : 1
}

resource "aws_cloudwatch_metric_alarm" "alb_alarm_5XX" {
alarm_name = "5XX-status-${aws_lb.ecs_lb.name}"
alarm_name = "5XX-status-${aws_lb.ecs_lb[0].name}"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
namespace = "AWS/ApplicationELB"
Expand All @@ -34,18 +34,18 @@ resource "aws_cloudwatch_metric_alarm" "alb_alarm_5XX" {
threshold = 5
treat_missing_data = "notBreaching"
dimensions = {
LoadBalancer = aws_lb.ecs_lb.arn_suffix
LoadBalancer = aws_lb.ecs_lb[0].arn_suffix
}
alarm_description = "This alarm indicates that at least 5 5XX statuses have occurred on ${aws_lb.ecs_lb.name} within 5 minutes."
alarm_description = "This alarm indicates that at least 5 5XX statuses have occurred on ${aws_lb.ecs_lb[0].name} within 5 minutes."
alarm_actions = var.alarm_actions_arn_list

tags = {
Name = "5XX-status-${aws_lb.ecs_lb.name}"
Name = "5XX-status-${aws_lb.ecs_lb[0].name}"
Owner = var.owner
Environment = var.environment
Workspace = terraform.workspace
}
count = local.is_sandbox ? 0 : 1
count = !local.is_sandbox && var.is_lb_needed ? 1 : 0
}

resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_high_alarm" {
Expand All @@ -60,7 +60,7 @@ resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_high_alarm" {

dimensions = {
ClusterName = aws_ecs_cluster.ndr_ecs_cluster.name
ServiceName = aws_ecs_service.ndr_ecs_service.name
ServiceName = aws_ecs_service.ndr_ecs_service[0].name
}

alarm_description = "The CPU usage for ${var.ecs_cluster_service_name} is currently above 85%, the autoscaling will begin scaling up."
Expand All @@ -72,7 +72,7 @@ resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_high_alarm" {
Environment = var.environment
Workspace = terraform.workspace
}
count = local.is_sandbox ? 0 : 1
count = local.is_sandbox || !var.is_service_needed ? 0 : 1
}

resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_low_alarm" {
Expand All @@ -87,7 +87,7 @@ resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_low_alarm" {

dimensions = {
ClusterName = aws_ecs_cluster.ndr_ecs_cluster.name
ServiceName = aws_ecs_service.ndr_ecs_service.name
ServiceName = aws_ecs_service.ndr_ecs_service[0].name
}

alarm_description = "The CPU usage for ${var.ecs_cluster_service_name} is currently belowe 15%, the autoscaling will begin scaling down."
Expand All @@ -99,5 +99,5 @@ resource "aws_cloudwatch_metric_alarm" "ndr_ecs_service_cpu_low_alarm" {
Environment = var.environment
Workspace = terraform.workspace
}
count = local.is_sandbox ? 0 : 1
count = local.is_sandbox || !var.is_service_needed ? 0 : 1
}
18 changes: 13 additions & 5 deletions infrastructure/modules/ecs/lb.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
resource "aws_lb" "ecs_lb" {
count = var.is_lb_needed ? 1 : 0
name = "${terraform.workspace}-lb"
internal = false
load_balancer_type = "application"
Expand All @@ -21,6 +22,8 @@ resource "aws_lb" "ecs_lb" {
}

resource "aws_lb_target_group" "ecs_lb_tg" {
count = var.is_lb_needed ? 1 : 0

name = "${terraform.workspace}-ecs"
port = 80
protocol = "HTTP"
Expand All @@ -46,32 +49,37 @@ resource "aws_lb_target_group" "ecs_lb_tg" {
}

resource "aws_lb_listener" "https" {
load_balancer_arn = aws_lb.ecs_lb.arn
count = var.is_lb_needed ? 1 : 0
load_balancer_arn = aws_lb.ecs_lb[0].arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = data.aws_acm_certificate.amazon_issued.arn
certificate_arn = data.aws_acm_certificate.amazon_issued[0].arn

default_action {
type = "forward"
target_group_arn = aws_lb_target_group.ecs_lb_tg.arn
target_group_arn = aws_lb_target_group.ecs_lb_tg[0].arn
}
}

data "aws_acm_certificate" "amazon_issued" {
count = var.is_lb_needed ? 1 : 0

domain = var.certificate_domain
types = ["AMAZON_ISSUED"]
most_recent = true
}

resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.ecs_lb.arn
count = var.is_lb_needed ? 1 : 0

load_balancer_arn = aws_lb.ecs_lb[0].arn
port = "80"
protocol = "HTTP"

default_action {
type = "redirect"
target_group_arn = aws_lb_target_group.ecs_lb_tg.arn
target_group_arn = aws_lb_target_group.ecs_lb_tg[0].arn
redirect {
port = "443"
protocol = "HTTPS"
Expand Down
Loading
Loading