From 039c522b6f417f76bbe9738f0ca21ae2c9e4f487 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Thu, 1 Jun 2023 00:15:19 +0530 Subject: [PATCH 01/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-cross-account/bucket.tf | 13 +++++++++++++ tfs/aws-cross-account/main.tf | 8 ++++++++ tfs/aws-cross-account/variable.tf | 15 +++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 tfs/aws-cross-account/bucket.tf create mode 100644 tfs/aws-cross-account/main.tf create mode 100644 tfs/aws-cross-account/variable.tf diff --git a/tfs/aws-cross-account/bucket.tf b/tfs/aws-cross-account/bucket.tf new file mode 100644 index 00000000..41506534 --- /dev/null +++ b/tfs/aws-cross-account/bucket.tf @@ -0,0 +1,13 @@ +resource "random_pet" "bucket_suffix" { + length = 2 # Adjust the length of the random suffix if desired +} + +resource "aws_s3_bucket" "my_bucket" { + bucket = "my-unique-bucket-${random_pet.bucket_suffix.id}" +} + + +resource "aws_s3_bucket_acl" "my_bucket_acl" { + bucket = aws_s3_bucket.my_bucket.id + acl = "private" # Adjust the ACL if desired +} \ No newline at end of file diff --git a/tfs/aws-cross-account/main.tf b/tfs/aws-cross-account/main.tf new file mode 100644 index 00000000..45f30139 --- /dev/null +++ b/tfs/aws-cross-account/main.tf @@ -0,0 +1,8 @@ +provider "aws" { + region = var.region + assume_role { + role_arn = var.role_arn + session_name = "cross_account_session" + external_id = var.external_id + } +} \ No newline at end of file diff --git a/tfs/aws-cross-account/variable.tf b/tfs/aws-cross-account/variable.tf new file mode 100644 index 00000000..8ad4dd28 --- /dev/null +++ b/tfs/aws-cross-account/variable.tf @@ -0,0 +1,15 @@ +variable "region" { + description = "region" + type = string + default = "us-east-1" +} + +variable "role_arn" { + description = "ARN of the IAM role in the target account" + type = string +} + +variable "external_id" { + description = "Optional external ID, if required by the role" + type = string +} From 6f12be8141a19dd7d2907b7928ae715210c9dc0e Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Mon, 5 Jun 2023 14:02:42 +0530 Subject: [PATCH 02/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-cross-account/bucket.tf | 13 ---- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 69 +++++++++++++++++++ .../main.tf | 6 +- .../variable.tf | 11 +++ tfs/aws-ecs-fargate-crossaccount/main.tf | 14 ++++ tfs/aws-ecs-fargate-crossaccount/output.tf | 7 ++ tfs/aws-ecs-fargate-crossaccount/variables.tf | 5 ++ 7 files changed, 109 insertions(+), 16 deletions(-) delete mode 100644 tfs/aws-cross-account/bucket.tf create mode 100644 tfs/aws-ecs-ec2-crossaccount/ecs.tf rename tfs/{aws-cross-account => aws-ecs-ec2-crossaccount}/main.tf (75%) rename tfs/{aws-cross-account => aws-ecs-ec2-crossaccount}/variable.tf (67%) create mode 100644 tfs/aws-ecs-fargate-crossaccount/main.tf create mode 100644 tfs/aws-ecs-fargate-crossaccount/output.tf create mode 100644 tfs/aws-ecs-fargate-crossaccount/variables.tf diff --git a/tfs/aws-cross-account/bucket.tf b/tfs/aws-cross-account/bucket.tf deleted file mode 100644 index 41506534..00000000 --- a/tfs/aws-cross-account/bucket.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "random_pet" "bucket_suffix" { - length = 2 # Adjust the length of the random suffix if desired -} - -resource "aws_s3_bucket" "my_bucket" { - bucket = "my-unique-bucket-${random_pet.bucket_suffix.id}" -} - - -resource "aws_s3_bucket_acl" "my_bucket_acl" { - bucket = aws_s3_bucket.my_bucket.id - acl = "private" # Adjust the ACL if desired -} \ No newline at end of file diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf new file mode 100644 index 00000000..fd9302b1 --- /dev/null +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -0,0 +1,69 @@ + +# Reference an existing VPC by its ID +data "aws_vpc" "existing_vpc" { + id = "vpc-0789949926e072698" # Update with your VPC ID +} + +# Reference an existing subnet by its ID +data "aws_subnet" "existing_subnet" { + id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID +} + +# Create an ECS cluster +resource "aws_ecs_cluster" "ecs_cluster" { + name = "my-ecs-cluster" # Update with your desired cluster name +} + +# Create a security group for EC2 instances +resource "aws_security_group" "ecs_instance_sg" { + name = "ecs-instance-sg" + description = "Security group for ECS instances" + vpc_id = data.aws_vpc.existing_vpc.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # Update with your desired source IP range for SSH access + } + + # Add any additional ingress rules as needed + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +# Launch configuration for EC2 instances +resource "aws_launch_configuration" "ecs_launch_configuration" { + name_prefix = "ecs-launch-" + image_id = "ami-0123456789abcdef" # Update with your desired AMI ID + instance_type = "t2.micro" # Update with your desired instance type + security_groups = [aws_security_group.ecs_instance_sg.id] + iam_instance_profile = "ecs-instance-profile" # Update with your desired IAM instance profile name + user_data = <<-EOF + #!/bin/bash + echo ECS_CLUSTER=${aws_ecs_cluster.ecs_cluster.name} >> /etc/ecs/ecs.config + EOF +} + +# Autoscaling group for EC2 instances +resource "aws_autoscaling_group" "ecs_autoscaling_group" { + name = "ecs-autoscaling-group" + min_size = 2 # Update with your desired minimum number of instances + max_size = 5 # Update with your desired maximum number of instances + desired_capacity = 2 # Update with your desired initial number of instances + launch_configuration = aws_launch_configuration.ecs_launch_configuration.name + vpc_zone_identifier = [data.aws_subnet.existing_subnet.id] + target_group_arns = [] # Update with your desired target group ARNs if using ALB/NLB + health_check_type = "EC2" + termination_policies = ["Default"] +} + +# Output the ECS cluster name +output "ecs_cluster_name" { + value = aws_ecs_cluster.ecs_cluster.name +} diff --git a/tfs/aws-cross-account/main.tf b/tfs/aws-ecs-ec2-crossaccount/main.tf similarity index 75% rename from tfs/aws-cross-account/main.tf rename to tfs/aws-ecs-ec2-crossaccount/main.tf index 45f30139..c965b448 100644 --- a/tfs/aws-cross-account/main.tf +++ b/tfs/aws-ecs-ec2-crossaccount/main.tf @@ -3,6 +3,6 @@ provider "aws" { assume_role { role_arn = var.role_arn session_name = "cross_account_session" - external_id = var.external_id - } -} \ No newline at end of file + external_id = var.external_id + } +} diff --git a/tfs/aws-cross-account/variable.tf b/tfs/aws-ecs-ec2-crossaccount/variable.tf similarity index 67% rename from tfs/aws-cross-account/variable.tf rename to tfs/aws-ecs-ec2-crossaccount/variable.tf index 8ad4dd28..2a780392 100644 --- a/tfs/aws-cross-account/variable.tf +++ b/tfs/aws-ecs-ec2-crossaccount/variable.tf @@ -13,3 +13,14 @@ variable "external_id" { description = "Optional external ID, if required by the role" type = string } + +# ECS +variable "aws_ami_id" { + type = string + default = "ami-0715c1897453cabd1" +} + +variable "aws_instance_type" { + type = string + default = "t2.micro" +} diff --git a/tfs/aws-ecs-fargate-crossaccount/main.tf b/tfs/aws-ecs-fargate-crossaccount/main.tf new file mode 100644 index 00000000..40a78b2b --- /dev/null +++ b/tfs/aws-ecs-fargate-crossaccount/main.tf @@ -0,0 +1,14 @@ +locals { + extract_resource_name = "test-fargate" +} + +resource "aws_ecs_cluster" "cluster" { + name = "${local.extract_resource_name}-ecs" + +} + +resource "aws_ecs_cluster_capacity_providers" "cluster-capacity-provider" { + cluster_name = aws_ecs_cluster.cluster.name + + capacity_providers = ["FARGATE"] +} diff --git a/tfs/aws-ecs-fargate-crossaccount/output.tf b/tfs/aws-ecs-fargate-crossaccount/output.tf new file mode 100644 index 00000000..c22d5767 --- /dev/null +++ b/tfs/aws-ecs-fargate-crossaccount/output.tf @@ -0,0 +1,7 @@ +output "ecs-cluster" { + value = aws_ecs_cluster.cluster +} + +output "ecs-cluster-name" { + value = aws_ecs_cluster.cluster.name +} diff --git a/tfs/aws-ecs-fargate-crossaccount/variables.tf b/tfs/aws-ecs-fargate-crossaccount/variables.tf new file mode 100644 index 00000000..e373c0cb --- /dev/null +++ b/tfs/aws-ecs-fargate-crossaccount/variables.tf @@ -0,0 +1,5 @@ +# General variables +variable "environment" { + description = "The name for identifying the type of environment" + type = string +} From adb7f64010772efd83af6cb6da5b2b3939838256 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Mon, 5 Jun 2023 14:27:23 +0530 Subject: [PATCH 03/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index fd9302b1..912bccc9 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -40,8 +40,8 @@ resource "aws_security_group" "ecs_instance_sg" { # Launch configuration for EC2 instances resource "aws_launch_configuration" "ecs_launch_configuration" { name_prefix = "ecs-launch-" - image_id = "ami-0123456789abcdef" # Update with your desired AMI ID - instance_type = "t2.micro" # Update with your desired instance type + image_id = var.aws_ami_id + instance_type = var.aws_instance_type security_groups = [aws_security_group.ecs_instance_sg.id] iam_instance_profile = "ecs-instance-profile" # Update with your desired IAM instance profile name user_data = <<-EOF From ec32aa83f67247a3c8e184115e4481e520d77861 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Mon, 5 Jun 2023 14:41:04 +0530 Subject: [PATCH 04/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index 912bccc9..a17895bb 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -43,7 +43,6 @@ resource "aws_launch_configuration" "ecs_launch_configuration" { image_id = var.aws_ami_id instance_type = var.aws_instance_type security_groups = [aws_security_group.ecs_instance_sg.id] - iam_instance_profile = "ecs-instance-profile" # Update with your desired IAM instance profile name user_data = <<-EOF #!/bin/bash echo ECS_CLUSTER=${aws_ecs_cluster.ecs_cluster.name} >> /etc/ecs/ecs.config From 068f00364faf68235d346bb516d812f5ffb2ec7e Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Mon, 5 Jun 2023 15:15:20 +0530 Subject: [PATCH 05/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 51 +++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index a17895bb..79298bd0 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -21,8 +21,8 @@ resource "aws_security_group" "ecs_instance_sg" { vpc_id = data.aws_vpc.existing_vpc.id ingress { - from_port = 22 - to_port = 22 + from_port = 80 + to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] # Update with your desired source IP range for SSH access } @@ -66,3 +66,50 @@ resource "aws_autoscaling_group" "ecs_autoscaling_group" { output "ecs_cluster_name" { value = aws_ecs_cluster.ecs_cluster.name } + +# Define your ECS cluster capacity providers +resource "aws_ecs_cluster_capacity_providers" "cluster_capacity_provider" { + cluster_name = aws_ecs_cluster.ecs_cluster.name + capacity_providers = [aws_autoscaling_group.ecs_autoscaling_group.name] + default_capacity_provider_strategy { + capacity_provider = aws_autoscaling_group.ecs_autoscaling_group.name + } +} + +# Define your ECS task definition +resource "aws_ecs_task_definition" "ngnix_task_definition" { + family = "ngnix-task" + container_definitions = < Date: Mon, 5 Jun 2023 15:40:33 +0530 Subject: [PATCH 06/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 73 ++++++++++++++++---------- tfs/aws-ecs-ec2-crossaccount/output.tf | 4 ++ 2 files changed, 48 insertions(+), 29 deletions(-) create mode 100644 tfs/aws-ecs-ec2-crossaccount/output.tf diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index 79298bd0..62fdc3e7 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -1,17 +1,17 @@ # Reference an existing VPC by its ID data "aws_vpc" "existing_vpc" { - id = "vpc-0789949926e072698" # Update with your VPC ID + id = "vpc-0789949926e072698" # Update with your VPC ID } # Reference an existing subnet by its ID data "aws_subnet" "existing_subnet" { - id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID + id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID } # Create an ECS cluster resource "aws_ecs_cluster" "ecs_cluster" { - name = "my-ecs-cluster" # Update with your desired cluster name + name = "my-ecs-cluster" # Update with your desired cluster name } # Create a security group for EC2 instances @@ -24,7 +24,7 @@ resource "aws_security_group" "ecs_instance_sg" { from_port = 80 to_port = 80 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] # Update with your desired source IP range for SSH access + cidr_blocks = ["0.0.0.0/0"] # Update with your desired source IP range for SSH access } # Add any additional ingress rules as needed @@ -39,11 +39,11 @@ resource "aws_security_group" "ecs_instance_sg" { # Launch configuration for EC2 instances resource "aws_launch_configuration" "ecs_launch_configuration" { - name_prefix = "ecs-launch-" - image_id = var.aws_ami_id - instance_type = var.aws_instance_type - security_groups = [aws_security_group.ecs_instance_sg.id] - user_data = <<-EOF + name_prefix = "ecs-launch-" + image_id = var.aws_ami_id + instance_type = var.aws_instance_type + security_groups = [aws_security_group.ecs_instance_sg.id] + user_data = <<-EOF #!/bin/bash echo ECS_CLUSTER=${aws_ecs_cluster.ecs_cluster.name} >> /etc/ecs/ecs.config EOF @@ -51,34 +51,46 @@ resource "aws_launch_configuration" "ecs_launch_configuration" { # Autoscaling group for EC2 instances resource "aws_autoscaling_group" "ecs_autoscaling_group" { - name = "ecs-autoscaling-group" - min_size = 2 # Update with your desired minimum number of instances - max_size = 5 # Update with your desired maximum number of instances - desired_capacity = 2 # Update with your desired initial number of instances - launch_configuration = aws_launch_configuration.ecs_launch_configuration.name - vpc_zone_identifier = [data.aws_subnet.existing_subnet.id] - target_group_arns = [] # Update with your desired target group ARNs if using ALB/NLB - health_check_type = "EC2" - termination_policies = ["Default"] + name = "ecs-autoscaling-group" + min_size = 1 # Update with your desired minimum number of instances + max_size = 5 # Update with your desired maximum number of instances + desired_capacity = 2 # Update with your desired initial number of instances + launch_configuration = aws_launch_configuration.ecs_launch_configuration.name + vpc_zone_identifier = [data.aws_subnet.existing_subnet.id] + target_group_arns = [] # Update with your desired target group ARNs if using ALB/NLB + health_check_type = "EC2" + termination_policies = ["Default"] + tag { + key = "AmazonECSManaged" + value = true + propagate_at_launch = true + } } -# Output the ECS cluster name -output "ecs_cluster_name" { - value = aws_ecs_cluster.ecs_cluster.name -} -# Define your ECS cluster capacity providers -resource "aws_ecs_cluster_capacity_providers" "cluster_capacity_provider" { - cluster_name = aws_ecs_cluster.ecs_cluster.name - capacity_providers = [aws_autoscaling_group.ecs_autoscaling_group.name] - default_capacity_provider_strategy { - capacity_provider = aws_autoscaling_group.ecs_autoscaling_group.name + +resource "aws_ecs_capacity_provider" "ecs" { + name = "ecs-capacity" + + auto_scaling_group_provider { + auto_scaling_group_arn = aws_autoscaling_group.ecs_autoscaling_group.arn + managed_termination_protection = "DISABLED" + + managed_scaling { + maximum_scaling_step_size = 1000 + minimum_scaling_step_size = 1 + status = "ENABLED" + target_capacity = 10 + } } } + # Define your ECS task definition resource "aws_ecs_task_definition" "ngnix_task_definition" { family = "ngnix-task" + cpu = 256 + memory = 512 container_definitions = < Date: Mon, 5 Jun 2023 17:20:30 +0530 Subject: [PATCH 07/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 2 +- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 149 +++++++++++++++++++++ tfs/aws-ecs-fargate-crossaccount/output.tf | 19 ++- 3 files changed, 166 insertions(+), 4 deletions(-) create mode 100644 tfs/aws-ecs-fargate-crossaccount/ecs.tf diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index 62fdc3e7..61a6f3ab 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -121,7 +121,7 @@ resource "aws_ecs_service" "ngnix_service" { } capacity_provider_strategy { capacity_provider = aws_ecs_capacity_provider.ecs.name - weight = 100 + weight = 100 } network_configuration { subnets = [data.aws_subnet.existing_subnet.id] diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf new file mode 100644 index 00000000..029c6e43 --- /dev/null +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -0,0 +1,149 @@ +data "aws_vpc" "existing_vpc" { + id = "vpc-0789949926e072698" # Update with your VPC ID +} + +data "aws_subnet" "existing_subnet" { + id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID +} + +resource "aws_ecs_cluster" "ecs_cluster" { + name = "my-ecs-cluster-fargate" # Update with your desired ECS cluster name +} + +resource "aws_ecs_task_definition" "nginx_task" { + family = "nginx-task" + execution_role_arn = aws_iam_role.task_execution_role.arn + task_role_arn = aws_iam_role.task_role.arn + network_mode = "awsvpc" + requires_compatibilities = ["FARGATE"] + + container_definitions = < Date: Mon, 5 Jun 2023 17:25:38 +0530 Subject: [PATCH 08/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 37 +++++++++++----------- tfs/aws-ecs-fargate-crossaccount/output.tf | 4 --- 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf index 029c6e43..cf3eb8e4 100644 --- a/tfs/aws-ecs-fargate-crossaccount/ecs.tf +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -1,13 +1,13 @@ data "aws_vpc" "existing_vpc" { - id = "vpc-0789949926e072698" # Update with your VPC ID + id = "vpc-0789949926e072698" } data "aws_subnet" "existing_subnet" { - id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID + id = "subnet-0df3f6810ecfcf4fc" } resource "aws_ecs_cluster" "ecs_cluster" { - name = "my-ecs-cluster-fargate" # Update with your desired ECS cluster name + name = "my-ecs-cluster-fargate" } resource "aws_ecs_task_definition" "nginx_task" { @@ -35,7 +35,7 @@ resource "aws_ecs_task_definition" "nginx_task" { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/nginx-task", - "awslogs-region": "us-west-2", # Update with your desired AWS region + "awslogs-region": "us-east-1", "awslogs-stream-prefix": "nginx" } } @@ -52,7 +52,7 @@ resource "aws_ecs_service" "nginx_service" { launch_type = "FARGATE" network_configuration { - subnets = [data.aws_subnet.existing_subnet.id] + subnets = [data.aws_subnet.existing_subnet.id] assign_public_ip = true security_groups = [aws_security_group.nginx_sg.id] } @@ -97,7 +97,6 @@ resource "aws_lb_target_group" "nginx_tg" { unhealthy_threshold = 2 timeout = 3 interval = 30 - success_codes = "200,301,302" } } @@ -133,17 +132,17 @@ EOF resource "aws_iam_role" "task_role" { name = "ecsTaskRole" assume_role_policy = < Date: Mon, 5 Jun 2023 18:59:11 +0530 Subject: [PATCH 09/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 135 +---------------- tfs/aws-ecs-fargate-crossaccount/main.tf | 19 +-- tfs/aws-ecs-fargate-crossaccount/output.tf | 2 +- .../task_defination.tf | 136 ++++++++++++++++++ tfs/aws-ecs-fargate-crossaccount/variable.tf | 15 ++ tfs/aws-ecs-fargate-crossaccount/variables.tf | 5 - 6 files changed, 162 insertions(+), 150 deletions(-) create mode 100644 tfs/aws-ecs-fargate-crossaccount/task_defination.tf create mode 100644 tfs/aws-ecs-fargate-crossaccount/variable.tf delete mode 100644 tfs/aws-ecs-fargate-crossaccount/variables.tf diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf index cf3eb8e4..8f90416e 100644 --- a/tfs/aws-ecs-fargate-crossaccount/ecs.tf +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -10,139 +10,10 @@ resource "aws_ecs_cluster" "ecs_cluster" { name = "my-ecs-cluster-fargate" } -resource "aws_ecs_task_definition" "nginx_task" { - family = "nginx-task" - execution_role_arn = aws_iam_role.task_execution_role.arn - task_role_arn = aws_iam_role.task_role.arn - network_mode = "awsvpc" - requires_compatibilities = ["FARGATE"] - container_definitions = < Date: Tue, 6 Jun 2023 00:20:03 +0530 Subject: [PATCH 10/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 1 + .../task_defination.tf | 77 ++++++++++--------- 2 files changed, 41 insertions(+), 37 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf index 8f90416e..78e6096b 100644 --- a/tfs/aws-ecs-fargate-crossaccount/ecs.tf +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -6,6 +6,7 @@ data "aws_subnet" "existing_subnet" { id = "subnet-0df3f6810ecfcf4fc" } + resource "aws_ecs_cluster" "ecs_cluster" { name = "my-ecs-cluster-fargate" } diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index b323bd37..b3e129a7 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -1,7 +1,7 @@ resource "aws_ecs_task_definition" "nginx_task" { family = "nginx-task" - execution_role_arn = aws_iam_role.task_execution_role.arn - task_role_arn = aws_iam_role.task_role.arn + # execution_role_arn = aws_iam_role.task_execution_role.arn + # task_role_arn = aws_iam_role.task_role.arn network_mode = "awsvpc" requires_compatibilities = ["FARGATE"] @@ -69,7 +69,10 @@ resource "aws_lb" "nginx_lb" { name = "nginx-lb" internal = false load_balancer_type = "application" - subnets = [data.aws_subnet.existing_subnet.id] + subnets = [ + "subnet-0df3f6810ecfcf4fc", + "subnet-039bf408e3d6f1325" + ] } resource "aws_lb_target_group" "nginx_tg" { @@ -99,38 +102,38 @@ resource "aws_lb_listener" "nginx_listener" { } } -resource "aws_iam_role" "task_execution_role" { - name = "ecsTaskExecutionRole" - assume_role_policy = < Date: Wed, 7 Jun 2023 09:57:51 +0530 Subject: [PATCH 11/31] VAN-4162 Added a sample tf for cross account access in AWS --- .../task_defination.tf | 51 ++++++++++--------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index b3e129a7..b541056b 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -1,35 +1,35 @@ resource "aws_ecs_task_definition" "nginx_task" { - family = "nginx-task" + family = "nginx-task" # execution_role_arn = aws_iam_role.task_execution_role.arn # task_role_arn = aws_iam_role.task_role.arn network_mode = "awsvpc" requires_compatibilities = ["FARGATE"] container_definitions = < Date: Wed, 7 Jun 2023 12:17:13 +0530 Subject: [PATCH 12/31] VAN-4162 Added a sample tf for cross account access in AWS --- .../task_defination.tf | 63 ++++++++----------- 1 file changed, 26 insertions(+), 37 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index b541056b..74b54a56 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -1,7 +1,7 @@ resource "aws_ecs_task_definition" "nginx_task" { family = "nginx-task" - # execution_role_arn = aws_iam_role.task_execution_role.arn - # task_role_arn = aws_iam_role.task_role.arn + execution_role_arn = aws_iam_role.ecs-iam-role.arn + task_role_arn = aws_iam_role.ecs-iam-role.arn network_mode = "awsvpc" requires_compatibilities = ["FARGATE"] @@ -105,38 +105,27 @@ resource "aws_lb_listener" "nginx_listener" { resource "aws_internet_gateway" "gw" { vpc_id = data.aws_vpc.existing_vpc.id } -# resource "aws_iam_role" "task_execution_role" { -# name = "ecsTaskExecutionRole" -# assume_role_policy = < Date: Wed, 7 Jun 2023 12:22:17 +0530 Subject: [PATCH 13/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 74b54a56..e76aaaa4 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -4,7 +4,8 @@ resource "aws_ecs_task_definition" "nginx_task" { task_role_arn = aws_iam_role.ecs-iam-role.arn network_mode = "awsvpc" requires_compatibilities = ["FARGATE"] - + cpu = 256 + memory = 512 container_definitions = < Date: Wed, 7 Jun 2023 12:43:48 +0530 Subject: [PATCH 14/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/bastion.tf | 71 +++++++++++++++++++ .../task_defination.tf | 14 ++-- 2 files changed, 77 insertions(+), 8 deletions(-) create mode 100644 tfs/aws-ecs-fargate-crossaccount/bastion.tf diff --git a/tfs/aws-ecs-fargate-crossaccount/bastion.tf b/tfs/aws-ecs-fargate-crossaccount/bastion.tf new file mode 100644 index 00000000..03e5060b --- /dev/null +++ b/tfs/aws-ecs-fargate-crossaccount/bastion.tf @@ -0,0 +1,71 @@ +locals { + extract_resource_name = "codepipes" +} + +#Get Latest Amazon Linux AMI +data "aws_ami" "amazon-2" { + most_recent = true + + filter { + name = "name" + values = ["amzn2-ami-hvm-*-x86_64-ebs"] + } + owners = ["amazon"] +} + +resource "aws_iam_role" "bastion-iam-role" { + name = "${local.extract_resource_name}-bastion-iam-role" + + managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3FullAccess"] + + assume_role_policy = < Date: Wed, 7 Jun 2023 12:46:34 +0530 Subject: [PATCH 15/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/bastion.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/bastion.tf b/tfs/aws-ecs-fargate-crossaccount/bastion.tf index 03e5060b..74c8718c 100644 --- a/tfs/aws-ecs-fargate-crossaccount/bastion.tf +++ b/tfs/aws-ecs-fargate-crossaccount/bastion.tf @@ -65,7 +65,6 @@ resource "aws_instance" "bastion" { user_data = <<-EOL #!/bin/bash -xe - sudo amazon-linux-extras install postgresql10 -y sudo yum install socat -y EOL } \ No newline at end of file From 6f8c0ebdc6bdc64d88ac2c980d74822563e38e03 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 12:56:42 +0530 Subject: [PATCH 16/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 01249273..466afd21 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -80,6 +80,7 @@ resource "aws_lb" "nginx_lb" { resource "aws_lb_target_group" "nginx_tg" { name = "nginx-tg" + target_type = "ip" port = 80 protocol = "HTTP" vpc_id = data.aws_vpc.existing_vpc.id From af31cee8109bc8cda1a1ce2da174452d375c40f2 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 17:49:34 +0530 Subject: [PATCH 17/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 466afd21..8195d50e 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "nginx:latest", + "image": "569700770868.dkr.ecr.us-east-1.amazonaws.com/ngnix", "cpu": 256, "memory": 512, "portMappings": [ From ed03bc62ffc7852b13f54277bde49d1ff5657325 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 18:03:03 +0530 Subject: [PATCH 18/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 8195d50e..36b911a9 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "569700770868.dkr.ecr.us-east-1.amazonaws.com/ngnix", + "image": "569700770868.dkr.ecr.us-east-1.amazonaws.com/ngnix:latest", "cpu": 256, "memory": 512, "portMappings": [ From 344eae4d204e77fa92f1aeb376ebfb521ee45194 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 18:10:03 +0530 Subject: [PATCH 19/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 36b911a9..8f67f4e8 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "569700770868.dkr.ecr.us-east-1.amazonaws.com/ngnix:latest", + "image": "public.ecr.aws/w4o2l8x1/ngnix:latest", "cpu": 256, "memory": 512, "portMappings": [ From e4e68849e1f6b6527e7be3ebd12b547e6037cff3 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 18:46:20 +0530 Subject: [PATCH 20/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 8f67f4e8..54de4f92 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "public.ecr.aws/w4o2l8x1/ngnix:latest", + "image": "ngnix:latest", "cpu": 256, "memory": 512, "portMappings": [ @@ -64,6 +64,12 @@ resource "aws_security_group" "nginx_sg" { protocol = "tcp" cidr_blocks = ["10.0.0.0/16"] } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } } resource "aws_lb" "nginx_lb" { From a4386d39b67331201b8da6765eace66a39b2c439 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 7 Jun 2023 19:14:33 +0530 Subject: [PATCH 21/31] VAN-4162 Added a sample tf for cross account access in AWS --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 54de4f92..191f9828 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "ngnix:latest", + "image": "nginx:latest", "cpu": 256, "memory": 512, "portMappings": [ From 745de8d9cdb8419928c06462d92ea39cca4b1693 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 5 Jul 2023 14:40:27 +0530 Subject: [PATCH 22/31] VAN-4162 Updated fargate platform version --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 191f9828..0af4b1f3 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -39,7 +39,7 @@ resource "aws_ecs_service" "nginx_service" { task_definition = aws_ecs_task_definition.nginx_task.arn desired_count = 1 launch_type = "FARGATE" - + platform_version = "1.3.0" network_configuration { subnets = [data.aws_subnet.existing_subnet.id] assign_public_ip = false From dadf09a3204b23671d4f3682cc6080679942a1b5 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 5 Jul 2023 20:10:33 +0530 Subject: [PATCH 23/31] VAN-4162 Updated fargate platform version variable --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- tfs/aws-ecs-fargate-crossaccount/variable.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 0af4b1f3..125ca4d5 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -39,7 +39,7 @@ resource "aws_ecs_service" "nginx_service" { task_definition = aws_ecs_task_definition.nginx_task.arn desired_count = 1 launch_type = "FARGATE" - platform_version = "1.3.0" + platform_version = var.fargate_platform_version network_configuration { subnets = [data.aws_subnet.existing_subnet.id] assign_public_ip = false diff --git a/tfs/aws-ecs-fargate-crossaccount/variable.tf b/tfs/aws-ecs-fargate-crossaccount/variable.tf index 8ad4dd28..466c4d53 100644 --- a/tfs/aws-ecs-fargate-crossaccount/variable.tf +++ b/tfs/aws-ecs-fargate-crossaccount/variable.tf @@ -9,6 +9,12 @@ variable "role_arn" { type = string } +variable "fargate_platform_version" { + description = "Fargate platform version" + type = string + default = "1.4.0" +} + variable "external_id" { description = "Optional external ID, if required by the role" type = string From 8d553f051eda4abdfc7eab02ca5e87a6b7b98d19 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 5 Jul 2023 22:54:34 +0530 Subject: [PATCH 24/31] VAN-4162 Updated fargate platform version variable --- tfs/aws-ecs-fargate-crossaccount/bastion.tf | 70 -------------------- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 2 +- tfs/aws-ecs-fargate-crossaccount/variable.tf | 5 ++ 3 files changed, 6 insertions(+), 71 deletions(-) delete mode 100644 tfs/aws-ecs-fargate-crossaccount/bastion.tf diff --git a/tfs/aws-ecs-fargate-crossaccount/bastion.tf b/tfs/aws-ecs-fargate-crossaccount/bastion.tf deleted file mode 100644 index 74c8718c..00000000 --- a/tfs/aws-ecs-fargate-crossaccount/bastion.tf +++ /dev/null @@ -1,70 +0,0 @@ -locals { - extract_resource_name = "codepipes" -} - -#Get Latest Amazon Linux AMI -data "aws_ami" "amazon-2" { - most_recent = true - - filter { - name = "name" - values = ["amzn2-ami-hvm-*-x86_64-ebs"] - } - owners = ["amazon"] -} - -resource "aws_iam_role" "bastion-iam-role" { - name = "${local.extract_resource_name}-bastion-iam-role" - - managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3FullAccess"] - - assume_role_policy = < Date: Wed, 5 Jul 2023 23:38:19 +0530 Subject: [PATCH 25/31] VAN-4162 Updated fargate platform version variable --- tfs/aws-ecs-fargate-crossaccount/main.tf | 7 +++++++ tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 8 ++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/main.tf b/tfs/aws-ecs-fargate-crossaccount/main.tf index 09eb98db..a172681b 100644 --- a/tfs/aws-ecs-fargate-crossaccount/main.tf +++ b/tfs/aws-ecs-fargate-crossaccount/main.tf @@ -7,3 +7,10 @@ provider "aws" { } } +provider "random" {} + +resource "random_string" "random" { + length = 8 + special = false + min_lower = 8 +} diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 125ca4d5..2b94764d 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -54,7 +54,7 @@ resource "aws_ecs_service" "nginx_service" { } resource "aws_security_group" "nginx_sg" { - name = "nginx-sg" + name = "${var.ecs_cluster_name}-nginx-sg" description = "Security group for NGINX" vpc_id = data.aws_vpc.existing_vpc.id @@ -73,7 +73,7 @@ resource "aws_security_group" "nginx_sg" { } resource "aws_lb" "nginx_lb" { - name = "nginx-lb" + name = "${random_string.random.id}-nginx-lb" internal = true load_balancer_type = "application" security_groups = [aws_security_group.nginx_sg.id] @@ -85,7 +85,7 @@ resource "aws_lb" "nginx_lb" { } resource "aws_lb_target_group" "nginx_tg" { - name = "nginx-tg" + name = "${random_string.random.id}-nginx-tg" target_type = "ip" port = 80 protocol = "HTTP" @@ -114,7 +114,7 @@ resource "aws_lb_listener" "nginx_listener" { resource "aws_iam_role" "ecs-iam-role" { - name = "ecs-iam-role-v2" + name = "${random_string.random.id}-ecs-iam-role" managed_policy_arns = ["arn:aws:iam::aws:policy/SecretsManagerReadWrite", "arn:aws:iam::aws:policy/AmazonS3FullAccess", "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess","arn:aws:iam::aws:policy/CloudWatchFullAccess"] From 7f4e1e95220692446555cce9b172af9d0af3d5dd Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Thu, 6 Jul 2023 12:38:15 +0530 Subject: [PATCH 26/31] VAN-4162 Updated fargate platform version variable --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- tfs/aws-ecs-fargate-crossaccount/variable.tf | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 2b94764d..eb5dbf42 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": "nginx:latest", + "image": var.container_image, "cpu": 256, "memory": 512, "portMappings": [ diff --git a/tfs/aws-ecs-fargate-crossaccount/variable.tf b/tfs/aws-ecs-fargate-crossaccount/variable.tf index dc22d990..8e7bf7b7 100644 --- a/tfs/aws-ecs-fargate-crossaccount/variable.tf +++ b/tfs/aws-ecs-fargate-crossaccount/variable.tf @@ -9,6 +9,11 @@ variable "ecs_cluster_name" { default = "my-cluster-default" } +variable "container_image" { + description = "container image reference" + type = string + default = "nginx:latest" +} variable "role_arn" { description = "ARN of the IAM role in the target account" type = string From 46c7bdf8478686c75c53d7dd3907321daa0eacf3 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Thu, 6 Jul 2023 12:52:21 +0530 Subject: [PATCH 27/31] VAN-4162 Updated fargate platform version --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index eb5dbf42..1ec60da6 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": var.container_image, + "image": ${var.container_image}, "cpu": 256, "memory": 512, "portMappings": [ From 9c5fede886c9272367dc389932b073fe1fd52185 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Thu, 6 Jul 2023 13:02:06 +0530 Subject: [PATCH 28/31] VAN-4162 Updated fargate platform version --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index 1ec60da6..ecd3a5e3 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "nginx_task" { [ { "name": "nginx", - "image": ${var.container_image}, + "image": "${var.container_image}", "cpu": 256, "memory": 512, "portMappings": [ From f3584afef79c57a32af29bfbdf72da587824f916 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 8 Nov 2023 13:23:31 +0530 Subject: [PATCH 29/31] VPC update --- tfs/aws-ecs-ec2-crossaccount/ecs.tf | 4 ++-- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tfs/aws-ecs-ec2-crossaccount/ecs.tf b/tfs/aws-ecs-ec2-crossaccount/ecs.tf index 61a6f3ab..ae2a59b1 100644 --- a/tfs/aws-ecs-ec2-crossaccount/ecs.tf +++ b/tfs/aws-ecs-ec2-crossaccount/ecs.tf @@ -1,12 +1,12 @@ # Reference an existing VPC by its ID data "aws_vpc" "existing_vpc" { - id = "vpc-0789949926e072698" # Update with your VPC ID + id = "vpc-04f2d3c201e9a2de2" # Update with your VPC ID } # Reference an existing subnet by its ID data "aws_subnet" "existing_subnet" { - id = "subnet-0df3f6810ecfcf4fc" # Update with your subnet ID + id = "subnet-0d347ca43bd641372" # Update with your subnet ID } # Create an ECS cluster diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf index a609f331..61afa2ce 100644 --- a/tfs/aws-ecs-fargate-crossaccount/ecs.tf +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -1,12 +1,12 @@ data "aws_vpc" "existing_vpc" { - id = "vpc-0789949926e072698" + id = "vpc-04f2d3c201e9a2de2" # Update with your VPC ID } +# Reference an existing subnet by its ID data "aws_subnet" "existing_subnet" { - id = "subnet-0df3f6810ecfcf4fc" + id = "subnet-0d347ca43bd641372" # Update with your subnet ID } - resource "aws_ecs_cluster" "ecs_cluster" { name = var.ecs_cluster_name } From ab5528b7071899327b4f569e3846a88e9b04fc24 Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 8 Nov 2023 16:05:32 +0530 Subject: [PATCH 30/31] VPC update --- tfs/aws-ecs-fargate-crossaccount/ecs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/ecs.tf b/tfs/aws-ecs-fargate-crossaccount/ecs.tf index 61afa2ce..648dfe16 100644 --- a/tfs/aws-ecs-fargate-crossaccount/ecs.tf +++ b/tfs/aws-ecs-fargate-crossaccount/ecs.tf @@ -4,7 +4,7 @@ data "aws_vpc" "existing_vpc" { # Reference an existing subnet by its ID data "aws_subnet" "existing_subnet" { - id = "subnet-0d347ca43bd641372" # Update with your subnet ID + id = "subnet-0d98827f3581fa7de" # Update with your subnet ID } resource "aws_ecs_cluster" "ecs_cluster" { From 0300bb028df0c7a4e4f068d42c35de5f9889061f Mon Sep 17 00:00:00 2001 From: Pranay Singh Date: Wed, 8 Nov 2023 16:18:22 +0530 Subject: [PATCH 31/31] VPC update --- tfs/aws-ecs-fargate-crossaccount/task_defination.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf index ecd3a5e3..0a327660 100644 --- a/tfs/aws-ecs-fargate-crossaccount/task_defination.tf +++ b/tfs/aws-ecs-fargate-crossaccount/task_defination.tf @@ -78,8 +78,8 @@ resource "aws_lb" "nginx_lb" { load_balancer_type = "application" security_groups = [aws_security_group.nginx_sg.id] subnets = [ - "subnet-0df3f6810ecfcf4fc", - "subnet-039bf408e3d6f1325" + "subnet-0d98827f3581fa7de", + "subnet-0d347ca43bd641372" ] enable_cross_zone_load_balancing = true }