Skip to content

Latest commit

 

History

History
 
 

Environment Dev Terraform

Creates the dev environment's infrastructure. These templates are designed to be customized.
The optional components can be removed by simply deleting the .tf file.

Components

Name Description Optional
main.tf Terrform remote state, AWS provider, output
api-gateway.tf Regional API Gateway proxy
api-usage-plans.tf API Gateway Usage Plan Yes
autoscale-perf.tf Performance-based auto scaling Yes
autoscale-time.tf Time-based auto scaling Yes
cert.tf ACM Certificate to enable HTTPS (with auto-validation)
cicd.tf IAM user that can be used by CI/CD systems Yes
dns.tf Registers a custom domain name for use with AWS API Gateway
dashboard.tf CloudWatch dashboard: CPU, memory, and HTTP-related metrics Yes
ecs.tf ECS Cluster, Service, Task Definition, ecsTaskExecutionRole, CloudWatch Log Group
ecs-event-stream.tf Cloudwatch dashboard for ECS events yes
logs-logzio.tf Ship container logs to logz.io Yes
nlb.tf NLB, Target Group, Listener
nsg.tf NSG for NLB and Task
role.tf Application Role for container
secretsmanager.tf Add a Secrets Manager secret with a CMK KMS key. Also gives app role and ECS task definition role access to read secrets from Secrets Manager Yes
ssm-parameters.tf Add a CMK KMS key for use with SSM Parameter Store. Also gives ECS task definition role access to read secrets from parameter store. Yes
waf.tf WAF Regional Web ACL Yes

Usage

# Sets up Terraform to run
$ terraform init

# Executes the Terraform run
$ terraform apply

Inputs

Name Description Type Default Required
app The application's name string - yes
aws_profile The AWS Profile to use string - yes
container_name The name of the container to run string app no
container_port The port the container will listen on, used for load balancer health check Best practice is that this value is higher than 1024 so the container processes isn't running at root. string - yes
default_backend_image The default docker image to deploy with the infrastructure. Note that you can use the fargate CLI for application concerns like deploying actual application images and environment variables on top of the infrastructure provisioned by this template https://github.com/turnerlabs/fargate note that the source for the turner default backend image is here: https://github.com/turnerlabs/turner-defaultbackend string quay.io/turner/turner-defaultbackend:0.2.0 no
deregistration_delay The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused string 30 no
ecs_as_cpu_high_threshold_per If the average CPU utilization over a minute rises to this threshold, the number of containers will be increased (but not above ecs_autoscale_max_instances). string 80 no
ecs_as_cpu_low_threshold_per If the average CPU utilization over a minute drops to this threshold, the number of containers will be reduced (but not below ecs_autoscale_min_instances). string 20 no
ecs_autoscale_max_instances The maximum number of containers that should be running. used by both autoscale-perf.tf and autoscale.time.tf string 8 no
ecs_autoscale_min_instances The minimum number of containers that should be running. Must be at least 1. used by both autoscale-perf.tf and autoscale.time.tf For production, consider using at least "2". string 1 no
environment The environment that is being built string - yes
health_check_interval How often to check the liveliness of the container string 30 no
lb_port The port the load balancer will listen on string 80 no
lb_protocol The load balancer protocol string TCP no
logs_retention_in_days Specifies the number of days you want to retain log events int 90 no
logz_token The auth token to use for sending logs to Logz.io string - yes
logz_url The endpoint to use for sending logs to Logz.io string https://listener.logz.io:8071 no
private_subnets The private subnets, minimum of 2, that are a part of the VPC(s) string - yes
region The AWS region to use for the dev environment's infrastructure Currently, Fargate is only available in us-east-1. string us-east-1 no
replicas How many containers to run string 1 no
saml_role The SAML role to use for adding users to the ECR policy string - yes
scale_down_cron Default scale down at 7 pm every day string cron(0 23 * * ? *) no
scale_down_max_capacity The maximum number of containers to scale down to. string 0 no
scale_down_min_capacity The mimimum number of containers to scale down to. Set this and scale_down_max_capacity to 0 to turn off service on the scale_down_cron schedule. string 0 no
scale_up_cron Default scale up at 7 am weekdays, this is UTC so it doesn't adjust to daylight savings https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html string cron(0 11 ? * MON-FRI *) no
secrets_saml_users The users (email addresses) from the saml role to give access list - yes
tags Tags for the infrastructure map - yes
vpc The VPC to use for the Fargate cluster string - yes

Outputs

Name Description
aws_profile Command to set the AWS_PROFILE
cicd_keys The AWS keys for the CICD user to use in a build system
deploy Command to deploy a new task definition to the service using Docker Compose
docker_registry The URL for the docker image repo in ECR
scale_out Command to scale out the number of tasks (container replicas)
scale_up Command to scale up cpu and memory
status Command to view the status of the Fargate service
api_gateway_endpoint The API Gateway endpoint

*Note: You may get the following terraform error when applying:

Error: Error creating API Gateway Integration Response: NotFoundException: Invalid Integration identifier specified

It appears that this error is related to this issue. If you run terraform apply the second time it should work.