From d9f1bdcae3471e6d99707cad05a19a803176d3c8 Mon Sep 17 00:00:00 2001 From: Monica Hart Date: Thu, 5 Dec 2024 10:18:24 -0600 Subject: [PATCH] Devops/updating ecs lb validation (#15) * updating validation to account for Traefik * removing ecs lb validation for now * adding dummy info for rifts * updating to add rift check in locals * removing unused variable * making the role and the policy unique to container_name --------- Co-authored-by: Monica Hart --- eventbridge.tf | 24 +++++++++++++----------- variables.tf | 13 +------------ 2 files changed, 14 insertions(+), 23 deletions(-) diff --git a/eventbridge.tf b/eventbridge.tf index 86b426ea..194183a5 100644 --- a/eventbridge.tf +++ b/eventbridge.tf @@ -2,14 +2,16 @@ data "aws_region" "current" {} data "aws_caller_identity" "current" {} locals { - appspec_content = "{\"version\": 1,\"Resources\": [{\"TargetService\": {\"Type\": \"AWS::ECS::Service\",\"Properties\": {\"TaskDefinition\": \"${aws_ecs_task_definition.default[0].arn}\",\"LoadBalancerInfo\": {\"ContainerName\": \"${var.ecs_load_balancers[0].container_name}\",\"ContainerPort\": ${var.ecs_load_balancers[0].container_port}}}}]}" - appspec_sha256 = sha256(local.appspec_content) + container_name = length(var.ecs_load_balancers) > 0 ? var.ecs_load_balancers[0].container_name : "rift" + container_port = length(var.ecs_load_balancers) > 0 ? var.ecs_load_balancers[0].container_port : "80" + appspec_content = "{\"version\": 1,\"Resources\": [{\"TargetService\": {\"Type\": \"AWS::ECS::Service\",\"Properties\": {\"TaskDefinition\": \"${aws_ecs_task_definition.default[0].arn}\",\"LoadBalancerInfo\": {\"ContainerName\": \"${local.container_name}\",\"ContainerPort\": ${local.container_port}}}}]}" + appspec_sha256 = sha256(local.appspec_content) } ## IAM resource "aws_iam_role" "event_bridge_codedeploy" { - count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 + count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 name = "EventBridgeCodeDeploy-${var.ecs_load_balancers[0].container_name}" assume_role_policy = jsonencode({ @@ -27,7 +29,7 @@ resource "aws_iam_role" "event_bridge_codedeploy" { } resource "aws_iam_role_policy" "event_bridge_codedeploy" { - count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 + count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 name = "EventBridgeCodeDeployAccess-${var.ecs_load_balancers[0].container_name}" role = aws_iam_role.event_bridge_codedeploy[0].id @@ -38,7 +40,7 @@ resource "aws_iam_role_policy" "event_bridge_codedeploy" { { Action = "codedeploy:CreateDeployment" Effect = "Allow" - Resource = "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentgroup:${var.ecs_load_balancers[0].container_name}/${var.ecs_load_balancers[0].container_name}" + Resource = "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentgroup:${local.container_name}/${local.container_name}" } ] }) @@ -49,9 +51,9 @@ resource "aws_iam_role_policy" "event_bridge_codedeploy" { ## Event Rule resource "aws_cloudwatch_event_rule" "ecs_task_state_change" { - count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 + count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 - name = "ecs-task-state-change" + name = "ecs-task-state-change-${local.container_name}" description = "Capture ECS task state changes to trigger CodeDeploy" event_pattern = jsonencode({ @@ -60,7 +62,7 @@ resource "aws_cloudwatch_event_rule" "ecs_task_state_change" { detail = { lastStatus = ["PENDING", "RUNNING"] clusterArn = var.ecs_cluster_arn - taskDefinitionArn = ["arn:aws:ecs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:task-definition/${var.ecs_load_balancers[0].container_name}:*"] + taskDefinitionArn = ["arn:aws:ecs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:task-definition/${local.container_name}:*"] } }) } @@ -68,11 +70,11 @@ resource "aws_cloudwatch_event_rule" "ecs_task_state_change" { ## Event Target resource "aws_cloudwatch_event_target" "trigger_codedeploy_deployment" { - count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 + count = var.deployment_controller_type == "CODE_DEPLOY" ? 1 : 0 rule = aws_cloudwatch_event_rule.ecs_task_state_change[0].name target_id = "TriggerCodeDeploy" - arn = "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentgroup:${var.ecs_load_balancers[0].container_name}/${var.ecs_load_balancers[0].container_name}" + arn = "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentgroup:${local.container_name}/${local.container_port}" role_arn = aws_iam_role.event_bridge_codedeploy[0].arn input_transformer { @@ -86,7 +88,7 @@ resource "aws_cloudwatch_event_target" "trigger_codedeploy_deployment" { "content": "${local.appspec_content}", "sha256": "${local.appspec_sha256}" }, - "deploymentGroupName": "${var.ecs_load_balancers[0].container_name}" + "deploymentGroupName": "${local.container_name}" } EOF } diff --git a/variables.tf b/variables.tf index c9ada858..c1c5a8a8 100644 --- a/variables.tf +++ b/variables.tf @@ -19,18 +19,7 @@ variable "ecs_load_balancers" { elb_name = string target_group_arn = string })) - validation { - condition = length(var.ecs_load_balancers) > 0 && alltrue(flatten([ - for lb in var.ecs_load_balancers : - [ - length(lb.container_name) > 0, - lb.container_port != null, - (lb.elb_name != null ? length(lb.elb_name) > 0 : true), - (lb.target_group_arn != null ? length(lb.target_group_arn) > 0 : true) - ] - ])) - error_message = "All entries in ecs_load_balancers must be defined with non-empty values, and the list must not be empty." - } + default = [] description = "A list of load balancer config objects for the ECS service; see [ecs_service#load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#load_balancer) docs" }