This folder contains the Terraform code to deploy the core infratructure for an ECS Fargate workload. The AWS resources created by the script are:
- Networking
- VPC
- 3 public subnets, 1 per AZ. If a region has less than 3 AZs it will create same number of public subnets as AZs.
- 3 private subnets, 1 per AZ. If a region has less than 3 AZs it will create same number of private subnets as AZs.
- 1 NAT Gateway
- 1 Internet Gateway
- Associated Route Tables
- VPC
- 1 ECS Cluster with AWS CloudWatch Container Insights enabled.
- Task execution IAM role
- CloudWatch log groups
- CloudMap service discovery namespace
default
Make sure you have all the prerequisites for your laptop.
Fork this repository and create the GitHub token granting access to this new repository in your account. Store this secret in AWS secrets manager using the aws cli.
aws secretsmanager create-secret --name ecs-github-token --secret-string "<github-token-created-above>"Note you should create the secret in an AWS region where you plan to deploy the various examples. You can set the default region by exporting the environment variable export AWS_DEFAULT_REGION=<default-region> or in ~/.aws/config.
- Clone the forked repository from your account (not the one from the aws-ia organization) and change the directory to the appropriate one as shown below:
cd examples/core-infra/- Run Terraform init to download the providers and install the modules
terraform init- Copy the
terraform.tfvars.exampletoterraform.tfvarsand change as needed especially note the region.
cp terraform.tfvars.example terraform.tfvars- Review the terraform plan output, take a look at the changes that terraform will execute, and then apply them:
terraform plan
terraform apply --auto-approveAfter the execution of the Terraform code you will get an output with needed IDs and values needed as input for the nexts Terraform applies. You can use this infrastructure to run other example blueprints, all you need is the cluster_name.
Run the following command if you want to delete all the resources created before. If you have created other blueprints and they use these infrastructure then destroy those blueprint resources first.
terraform destroy| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 3.72.0 |
| Name | Version |
|---|---|
| aws | >= 3.72.0 |
| Name | Source | Version |
|---|---|---|
| ecs | terraform-aws-modules/ecs/aws | ~> 4.0 |
| vpc | terraform-aws-modules/vpc/aws | ~> 3.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_iam_policy_attachment.execution | resource |
| aws_iam_role.execution | resource |
| aws_service_discovery_private_dns_namespace.sd_namespaces | resource |
| aws_availability_zones.available | data source |
| aws_iam_policy_document.execution | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_region | AWS region | string |
n/a | yes |
| core_stack_name | The name of Core Infrastructure stack, feel free to rename it. Used for cluster and VPC names. | string |
"ecs-blueprint-infra" |
no |
| enable_nat_gw | Provision a NAT Gateway in the VPC | bool |
true |
no |
| namespaces | List of service discovery namespaces for ECS services. Creates a default namespace | list(string) |
[ |
no |
| vpc_cidr | CIDR block for VPC | string |
"10.0.0.0/16" |
no |
| Name | Description |
|---|---|
| ecs_cluster_id | The ID of the ECS cluster |
| ecs_cluster_name | The name of the ECS cluster and the name of the core stack |
| ecs_task_execution_role_arn | The ARN of the task execution role |
| ecs_task_execution_role_name | The ARN of the task execution role |
| private_subnets | A list of private subnets for the client app |
| private_subnets_cidr_blocks | A list of private subnets CIDRs |
| public_subnets | A list of public subnets |
| sd_namespaces | Service discovery namespaces already available |
| vpc_id | The ID of the VPC |