pranay/VAN 4162

tfs/aws-ecs-ec2-crossaccount/ecs.tf

@@ -0,0 +1,130 @@
+
+# Reference an existing VPC by its ID
+data "aws_vpc" "existing_vpc" {
+  id = "vpc-04f2d3c201e9a2de2" # Update with your VPC ID
+}
+
+# Reference an existing subnet by its ID
+data "aws_subnet" "existing_subnet" {
+  id = "subnet-0d347ca43bd641372" # Update with your subnet ID
+}
+
+# Create an ECS cluster
+resource "aws_ecs_cluster" "ecs_cluster" {
+  name = "my-ecs-cluster" # Update with your desired cluster name
+}
+
+# Create a security group for EC2 instances
+resource "aws_security_group" "ecs_instance_sg" {
+  name        = "ecs-instance-sg"
+  description = "Security group for ECS instances"
+  vpc_id      = data.aws_vpc.existing_vpc.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"] # Update with your desired source IP range for SSH access
+  }
+
+  # Add any additional ingress rules as needed
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# Launch configuration for EC2 instances
+resource "aws_launch_configuration" "ecs_launch_configuration" {
+  name_prefix     = "ecs-launch-"
+  image_id        = var.aws_ami_id
+  instance_type   = var.aws_instance_type
+  security_groups = [aws_security_group.ecs_instance_sg.id]
+  user_data       = <<-EOF
+                          #!/bin/bash
+                          echo ECS_CLUSTER=${aws_ecs_cluster.ecs_cluster.name} >> /etc/ecs/ecs.config
+                          EOF
+}
+
+# Autoscaling group for EC2 instances
+resource "aws_autoscaling_group" "ecs_autoscaling_group" {
+  name                 = "ecs-autoscaling-group"
+  min_size             = 1 # Update with your desired minimum number of instances
+  max_size             = 5 # Update with your desired maximum number of instances
+  desired_capacity     = 2 # Update with your desired initial number of instances
+  launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
+  vpc_zone_identifier  = [data.aws_subnet.existing_subnet.id]
+  target_group_arns    = [] # Update with your desired target group ARNs if using ALB/NLB
+  health_check_type    = "EC2"
+  termination_policies = ["Default"]
+  tag {
+    key                 = "AmazonECSManaged"
+    value               = true
+    propagate_at_launch = true
+  }
+}
+
+
+
+resource "aws_ecs_capacity_provider" "ecs" {
+  name = "ecs-capacity"
+
+  auto_scaling_group_provider {
+    auto_scaling_group_arn         = aws_autoscaling_group.ecs_autoscaling_group.arn
+    managed_termination_protection = "DISABLED"
+
+    managed_scaling {
+      maximum_scaling_step_size = 1000
+      minimum_scaling_step_size = 1
+      status                    = "ENABLED"
+      target_capacity           = 10
+    }
+  }
+}
+
+
+# Define your ECS task definition
+resource "aws_ecs_task_definition" "ngnix_task_definition" {
+  family                = "ngnix-task"
+  cpu                   = 256
+  memory                = 512
+  container_definitions = <<DEFINITION
+[
+  {
+    "name": "nginx",
+    "image": "nginx:latest",
+    "essential": true,
+    "portMappings": [
+      {
+        "containerPort": 80,
+        "hostPort": 80
+      }
+    ]
+  }
+]
+DEFINITION
+}
+
+# Define your ECS service
+resource "aws_ecs_service" "ngnix_service" {
+  name            = "ngnix-service"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.ngnix_task_definition.arn
+  desired_count   = 1
+  launch_type     = "EC2"
+
+  deployment_controller {
+    type = "ECS"
+  }
+  capacity_provider_strategy {
+    capacity_provider = aws_ecs_capacity_provider.ecs.name
+    weight            = 100
+  }
+  network_configuration {
+    subnets         = [data.aws_subnet.existing_subnet.id]
+    security_groups = [aws_security_group.ecs_instance_sg.id]
+  }
+}

tfs/aws-ecs-ec2-crossaccount/main.tf

@@ -0,0 +1,8 @@
+provider "aws" {
+  region = var.region
+  assume_role {
+    role_arn     = var.role_arn
+    session_name = "cross_account_session"
+    external_id  = var.external_id
+  }
+}

tfs/aws-ecs-ec2-crossaccount/output.tf

@@ -0,0 +1,4 @@
+# Output the ECS cluster name
+output "ecs_cluster_name" {
+  value = aws_ecs_cluster.ecs_cluster.name
+}

tfs/aws-ecs-ec2-crossaccount/variable.tf

@@ -0,0 +1,26 @@
+variable "region" {
+  description = "region"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "role_arn" {
+  description = "ARN of the IAM role in the target account"
+  type        = string
+}
+
+variable "external_id" {
+  description = "Optional external ID, if required by the role"
+  type        = string
+}
+
+# ECS
+variable "aws_ami_id" {
+  type = string
+  default = "ami-0715c1897453cabd1"
+}
+
+variable "aws_instance_type" {
+  type = string
+  default = "t2.micro"
+}

tfs/aws-ecs-fargate-crossaccount/ecs.tf

@@ -0,0 +1,20 @@
+data "aws_vpc" "existing_vpc" {
+  id = "vpc-04f2d3c201e9a2de2" # Update with your VPC ID
+}
+
+# Reference an existing subnet by its ID
+data "aws_subnet" "existing_subnet" {
+  id = "subnet-0d98827f3581fa7de" # Update with your subnet ID
+}
+
+resource "aws_ecs_cluster" "ecs_cluster" {
+  name = var.ecs_cluster_name
+}
+
+
+resource "aws_ecs_cluster_capacity_providers" "cluster-capacity-provider" {
+  cluster_name = aws_ecs_cluster.ecs_cluster.name
+
+  capacity_providers = ["FARGATE"]
+}
+

tfs/aws-ecs-fargate-crossaccount/main.tf

@@ -0,0 +1,16 @@
+provider "aws" {
+  region = var.region
+  assume_role {
+    role_arn     = var.role_arn
+    session_name = "cross_account_session"
+    external_id  = var.external_id
+  }
+}
+
+provider "random" {}
+
+resource "random_string" "random" {
+  length    = 8
+  special   = false
+  min_lower = 8
+}

tfs/aws-ecs-fargate-crossaccount/output.tf

@@ -0,0 +1,16 @@
+
+output "ecs-cluster-name" {
+  value = aws_ecs_cluster.ecs_cluster.name
+}
+
+output "ecs_cluster_arn" {
+  value = aws_ecs_cluster.ecs_cluster.arn
+}
+
+output "ecs_task_definition_arn" {
+  value = aws_ecs_task_definition.nginx_task.arn
+}
+
+output "load_balancer_dns_name" {
+  value = aws_lb.nginx_lb.dns_name
+}

tfs/aws-ecs-fargate-crossaccount/task_defination.tf

@@ -0,0 +1,137 @@
+resource "aws_ecs_task_definition" "nginx_task" {
+  family = "nginx-task"
+  execution_role_arn       = aws_iam_role.ecs-iam-role.arn
+  task_role_arn            = aws_iam_role.ecs-iam-role.arn
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 256
+  memory                   = 512
+  container_definitions = <<DEFINITION
+  [
+    {
+      "name": "nginx",
+      "image": "${var.container_image}",
+      "cpu": 256,
+      "memory": 512,
+      "portMappings": [
+        {
+          "containerPort": 80,
+          "hostPort": 80,
+          "protocol": "tcp"
+        }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "/ecs/nginx-task",
+          "awslogs-region": "us-east-1",
+          "awslogs-stream-prefix": "nginx"
+        }
+      }
+    }
+  ]
+  DEFINITION
+}
+
+resource "aws_ecs_service" "nginx_service" {
+  name            = "nginx-service"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.nginx_task.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+  platform_version = var.fargate_platform_version
+  network_configuration {
+    subnets          = [data.aws_subnet.existing_subnet.id]
+    assign_public_ip = false
+    security_groups  = [aws_security_group.nginx_sg.id]
+  }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.nginx_tg.arn
+    container_name   = "nginx"
+    container_port   = 80
+  }
+}
+
+resource "aws_security_group" "nginx_sg" {
+  name        = "${var.ecs_cluster_name}-nginx-sg"
+  description = "Security group for NGINX"
+  vpc_id      = data.aws_vpc.existing_vpc.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_lb" "nginx_lb" {
+  name               = "${random_string.random.id}-nginx-lb"
+  internal           = true
+  load_balancer_type = "application"
+  security_groups  = [aws_security_group.nginx_sg.id]
+  subnets = [
+    "subnet-0d98827f3581fa7de",
+    "subnet-0d347ca43bd641372"
+  ]
+  enable_cross_zone_load_balancing = true
+}
+
+resource "aws_lb_target_group" "nginx_tg" {
+  name     = "${random_string.random.id}-nginx-tg"
+  target_type = "ip"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = data.aws_vpc.existing_vpc.id
+
+  health_check {
+    path                = "/"
+    protocol            = "HTTP"
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 3
+    interval            = 30
+  }
+}
+
+resource "aws_lb_listener" "nginx_listener" {
+  load_balancer_arn = aws_lb.nginx_lb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.nginx_tg.arn
+  }
+}
+
+
+resource "aws_iam_role" "ecs-iam-role" {
+  name = "${random_string.random.id}-ecs-iam-role"
+
+  managed_policy_arns = ["arn:aws:iam::aws:policy/SecretsManagerReadWrite", "arn:aws:iam::aws:policy/AmazonS3FullAccess", "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess","arn:aws:iam::aws:policy/CloudWatchFullAccess"]
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+      {
+          "Sid": "",
+          "Effect": "Allow",
+          "Principal": {
+              "Service": "ecs-tasks.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+      }
+  ]
+}
+EOF
+
+}

tfs/aws-ecs-fargate-crossaccount/variable.tf

@@ -0,0 +1,31 @@
+variable "region" {
+  description = "region"
+  type        = string
+  default     = "us-east-1"
+}
+variable "ecs_cluster_name" {
+  description = "Name of the ecs cluster"
+  type        = string
+  default = "my-cluster-default"
+}
+
+variable "container_image" {
+  description = "container image reference"
+  type = string
+  default = "nginx:latest"
+}
+variable "role_arn" {
+  description = "ARN of the IAM role in the target account"
+  type        = string
+}
+
+variable "fargate_platform_version" {
+  description = "Fargate platform version"
+  type        = string
+  default     = "1.4.0"
+}
+
+variable "external_id" {
+  description = "Optional external ID, if required by the role"
+  type        = string
+}