diff --git a/src/tf/aws-dagster/architectures/ec2.tf b/src/tf/aws-dagster/architectures/ec2.tf new file mode 100644 index 0000000..25ca141 --- /dev/null +++ b/src/tf/aws-dagster/architectures/ec2.tf @@ -0,0 +1,75 @@ +data "aws_ami" "amazon_linux_2" { + most_recent = true + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + filter { + name = "owner-alias" + values = ["amazon"] + } + + filter { + name = "name" + values = ["amzn2-ami-ecs-hvm-*-x86_64-ebs"] + } + + owners = ["amazon"] +} +# ami-00877cb58e935baf9 + +# data "templatefile" "user_data" { +# template = file("${path.module}/user_data.sh") + +# vars = { +# ecs_cluster_name = aws_ecs_cluster.this.name +# } +# } + +resource "aws_iam_role" "this_ecs_ec2" { + name = "${var.prefix}-hotload-etl2" + assume_role_policy = file("${path.module}/iam/ec2_ecs_assume_policy.json") +} + +resource "aws_iam_role_policy_attachment" "this_ecs_ec2" { + role = aws_iam_role.this_ecs_ec2.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" +} + +resource "aws_iam_instance_profile" "this" { + role = aws_iam_role.this_ecs_ec2.name + name = "${var.prefix}-profile-hotload" +} + +resource "aws_key_pair" "this" { + key_name = "${var.prefix}-hotload-key" + public_key = tls_private_key.this.public_key_openssh +} + +resource "aws_launch_template" "this" { + name = "${var.prefix}-launch-template-hotload" + image_id = data.aws_ami.amazon_linux_2.id + instance_type = "t3.medium" + key_name = aws_key_pair.this.key_name + user_data = templatefile("${path.module}/user_data.sh", { + ecs_cluster_name = aws_ecs_cluster.this.name + }) + vpc_security_group_ids = [module.security_groups.sg_ids["everything"].id] + + iam_instance_profile { + arn = aws_iam_instance_profile.this.arn + } + + monitoring { + enabled = true + } +} + +# resource "aws_ecs_service" "this" { +# name = "${var.prefix}-ecs-hotload" +# iam_role = aws_iam_role.this_ecs_ec2.arn +# cluster = aws_ecs_cluster.this.id + +# } diff --git a/src/tf/aws-dagster/architectures/ecs-task.tf b/src/tf/aws-dagster/architectures/ecs-task.tf new file mode 100644 index 0000000..690d13a --- /dev/null +++ b/src/tf/aws-dagster/architectures/ecs-task.tf @@ -0,0 +1,4 @@ +resource "aws_iam_role" "this_task" { + name = "${var.prefix}-hotload-task" + assume_role_policy = file("${path.module}/iam/ec2_assume_policy.json") +} diff --git a/src/tf/aws-dagster/architectures/iam/ec2_ecs_assume_policy.json b/src/tf/aws-dagster/architectures/iam/ec2_ecs_assume_policy.json new file mode 100644 index 0000000..77f139f --- /dev/null +++ b/src/tf/aws-dagster/architectures/iam/ec2_ecs_assume_policy.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "", + "Effect": "Allow", + "Principal": { + "Service": ["ec2.amazonaws.com", "ecs.amazonaws.com"] + }, + "Action": "sts:AssumeRole" + } + ] +} diff --git a/src/tf/aws-dagster/architectures/iam/ecs_assume_policy.json b/src/tf/aws-dagster/architectures/iam/ecs_assume_policy.json new file mode 100644 index 0000000..a3d2a8c --- /dev/null +++ b/src/tf/aws-dagster/architectures/iam/ecs_assume_policy.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "", + "Effect": "Allow", + "Principal": { + "Service": "ecs.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} diff --git a/src/tf/aws-dagster/architectures/user_data.sh b/src/tf/aws-dagster/architectures/user_data.sh new file mode 100755 index 0000000..472b7c1 --- /dev/null +++ b/src/tf/aws-dagster/architectures/user_data.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +## Configure cluster name using the template variable ${ecs_cluster_name} + +echo ECS_CLUSTER='${ecs_cluster_name}' >> /etc/ecs/ecs.config diff --git a/src/tf/aws-dagster/workspace-prod.yaml b/src/tf/aws-dagster/workspace-prod.yaml index a832860..be82c90 100644 --- a/src/tf/aws-dagster/workspace-prod.yaml +++ b/src/tf/aws-dagster/workspace-prod.yaml @@ -10,6 +10,6 @@ load_from: location_name: { "env": "ETL2_CODE_LOC_NAME" } - grpc_server: - host: { "env": "ETL2_CODE_SERVER_HOST" } - port: { "env": "ETL2_CODE_SERVER_PORT" } + host: etl2hotload.dagster.internal + port: 4002 location_name: etl2_code_server_hotload