automated terminal push
This commit is contained in:
lenape
@@ -164,6 +164,56 @@ resource "aws_iam_role_policy_attachment" "ecs_instance_ssm_policy" {
|
||||
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
|
||||
}
|
||||
|
||||
# ECS Task Execution Role
|
||||
resource "aws_iam_role" "ecs_task_execution_role" {
|
||||
name = "${var.cluster_name}-task-execution-role"
|
||||
|
||||
assume_role_policy = jsonencode({
|
||||
Version = "2012-10-17"
|
||||
Statement = [
|
||||
{
|
||||
Action = "sts:AssumeRole"
|
||||
Effect = "Allow"
|
||||
Principal = {
|
||||
Service = "ecs-tasks.amazonaws.com"
|
||||
}
|
||||
}
|
||||
]
|
||||
})
|
||||
|
||||
tags = {
|
||||
Name = "${var.cluster_name}-task-execution-role"
|
||||
}
|
||||
}
|
||||
|
||||
# Attach AWS managed policy for ECS task execution
|
||||
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
|
||||
role = aws_iam_role.ecs_task_execution_role.name
|
||||
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
|
||||
}
|
||||
|
||||
# Additional policy for ECR access
|
||||
resource "aws_iam_role_policy" "ecs_task_execution_ecr_policy" {
|
||||
name = "${var.cluster_name}-task-execution-ecr-policy"
|
||||
role = aws_iam_role.ecs_task_execution_role.id
|
||||
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17"
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow"
|
||||
Action = [
|
||||
"ecr:GetAuthorizationToken",
|
||||
"ecr:BatchCheckLayerAvailability",
|
||||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:BatchGetImage"
|
||||
]
|
||||
Resource = "*"
|
||||
}
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
# IAM Instance Profile
|
||||
resource "aws_iam_instance_profile" "ecs_instance_profile" {
|
||||
name = "${var.cluster_name}-ecs-instance-profile"
|
||||
@@ -216,26 +266,25 @@ resource "aws_instance" "ecs_instance" {
|
||||
}
|
||||
}
|
||||
|
||||
# ECS Service
|
||||
resource "aws_ecs_service" "main" {
|
||||
name = "${var.cluster_name}-service"
|
||||
cluster = aws_ecs_cluster.main.id
|
||||
desired_count = 1
|
||||
launch_type = "EC2"
|
||||
|
||||
# This will be updated by your Jenkins pipeline
|
||||
task_definition = "${var.cluster_name}:1"
|
||||
|
||||
depends_on = [aws_instance.ecs_instance]
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [task_definition]
|
||||
}
|
||||
|
||||
tags = {
|
||||
Name = "${var.cluster_name}-service"
|
||||
}
|
||||
}
|
||||
# ECS Service (will be created by Jenkins pipeline)
|
||||
# Commented out because Jenkins will create the service
|
||||
# resource "aws_ecs_service" "main" {
|
||||
# name = "${var.cluster_name}-service"
|
||||
# cluster = aws_ecs_cluster.main.id
|
||||
# desired_count = 1
|
||||
# launch_type = "EC2"
|
||||
# task_definition = "${var.cluster_name}-task:1"
|
||||
#
|
||||
# depends_on = [aws_instance.ecs_instance]
|
||||
#
|
||||
# lifecycle {
|
||||
# ignore_changes = [task_definition]
|
||||
# }
|
||||
#
|
||||
# tags = {
|
||||
# Name = "${var.cluster_name}-service"
|
||||
# }
|
||||
# }
|
||||
|
||||
# CloudWatch Log Group for ECS
|
||||
resource "aws_cloudwatch_log_group" "ecs_logs" {
|
||||
@@ -271,4 +320,9 @@ output "vpc_id" {
|
||||
output "public_subnet_ids" {
|
||||
description = "IDs of the public subnets"
|
||||
value = aws_subnet.public[*].id
|
||||
}
|
||||
|
||||
output "ecs_task_execution_role_arn" {
|
||||
description = "ARN of the ECS task execution role"
|
||||
value = aws_iam_role.ecs_task_execution_role.arn
|
||||
}
|
||||
Reference in New Issue
Block a user