Added api ecs related resources

bcgov · Aug 28, 2024 · dcfe229 · dcfe229
1 parent e9e6f71
commit dcfe229
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 2 deletions.
diff --git a/infrastructure/cloud/environments/dev/webapp.tf b/infrastructure/cloud/environments/dev/webapp.tf
@@ -4,6 +4,7 @@ module "security" {
   app_name                 = var.app_name
   kms_key_name             = var.kms_key_name
   ecs_web_td_log_group_arn = module.monitoring.ecs_web_td_log_group_arn
+  ecs_api_td_log_group_arn = module.monitoring.ecs_api_td_log_group_arn
   ecr_repository_arn       = module.container.ecr_repository_arn
 }
 
@@ -37,6 +38,7 @@ module "container" {
   sg_id                     = module.networking.ecs_sg_id
   lb_tg_arn                 = module.networking.lb_tg_arn
   ecs_web_td_log_group_name = module.monitoring.ecs_web_td_log_group_name
+  ecs_api_td_log_group_name = module.monitoring.ecs_api_td_log_group_name
   kms_key_id                = module.security.kms_key_id
   depends_on                = [module.monitoring]
 }

diff --git a/infrastructure/cloud/modules/container/ecs.tf b/infrastructure/cloud/modules/container/ecs.tf
@@ -23,7 +23,7 @@ resource "aws_ecs_task_definition" "ecs_web_task_definition" {
   container_definitions = jsonencode([
     {
       name      = "${var.app_name}-web-container-${var.environment}"
-      image     = "${aws_ecr_repository.ecr_repository.repository_url}:${var.app_name}-web"
+      image     = "${aws_ecr_repository.ecr_repository.repository_url}:web"
       essential = true
       portMappings = [
         {
@@ -61,3 +61,54 @@ resource "aws_ecs_service" "ecs_web_service" {
     container_port   = 8080
   }
 }
+
+# API
+resource "aws_ecs_task_definition" "ecs_api_task_definition" {
+  family                   = "${var.app_name}-api-task-definition-${var.environment}"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 256
+  memory                   = 512
+  execution_role_arn       = var.ecs_execution_role_arn
+
+  container_definitions = jsonencode([
+    {
+      name      = "${var.app_name}-api-container-${var.environment}"
+      image     = "${aws_ecr_repository.ecr_repository.repository_url}:api"
+      essential = true
+      portMappings = [
+        {
+          containerPort = 5000
+        }
+      ]
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          "awslogs-group"         = var.ecs_web_td_log_group_name
+          "awslogs-region"        = var.region
+          "awslogs-stream-prefix" = "ecs"
+        }
+      }
+    }
+  ])
+}
+
+resource "aws_ecs_service" "ecs_api_service" {
+  name            = "${var.app_name}-ecs-api-service-${var.environment}"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.ecs_api_task_definition.arn
+  launch_type     = "FARGATE"
+  desired_count   = 1
+
+  network_configuration {
+    subnets          = var.subnet_ids
+    security_groups  = [var.sg_id]
+    assign_public_ip = true
+  }
+
+  load_balancer {
+    target_group_arn = var.lb_tg_arn
+    container_name   = "${var.app_name}-api-container-${var.environment}"
+    container_port   = 5000
+  }
+}
diff --git a/infrastructure/cloud/modules/container/variables.tf b/infrastructure/cloud/modules/container/variables.tf
@@ -38,6 +38,11 @@ variable "ecs_web_td_log_group_name" {
   type        = string
 }
 
+variable "ecs_api_td_log_group_name" {
+  description = "ECS API Task Definition Log Group Name in CloudWatch"
+  type        = string
+}
+
 variable "kms_key_id" {
   description = "The KMS Key ID"
   type        = string

diff --git a/infrastructure/cloud/modules/monitoring/logs.tf b/infrastructure/cloud/modules/monitoring/logs.tf
@@ -4,3 +4,8 @@ resource "aws_cloudwatch_log_group" "ecs_web_td_log_group" {
 
   kms_key_id = var.kms_key_arn
 }
+
+resource "aws_cloudwatch_log_group" "ecs_api_td_log_group" {
+  name       = "/aws/ecs/${var.app_name}-ecs-api-td-log-group-${var.environment}"
+  kms_key_id = var.kms_key_arn
+}
diff --git a/infrastructure/cloud/modules/monitoring/outputs.tf b/infrastructure/cloud/modules/monitoring/outputs.tf
@@ -5,3 +5,11 @@ output "ecs_web_td_log_group_name" {
 output "ecs_web_td_log_group_arn" {
   value = aws_cloudwatch_log_group.ecs_web_td_log_group.arn
 }
+
+output "ecs_api_td_log_group_name" {
+  value = aws_cloudwatch_log_group.ecs_api_td_log_group.name
+}
+
+output "ecs_api_td_log_group_arn" {
+  value = aws_cloudwatch_log_group.ecs_api_td_log_group.arn
+}
diff --git a/infrastructure/cloud/modules/security/iam.tf b/infrastructure/cloud/modules/security/iam.tf
@@ -56,7 +56,8 @@ resource "aws_iam_role_policy" "ecs_execution_policy" {
         ],
         Effect = "Allow",
         Resource = [
-          var.ecs_web_td_log_group_arn
+          var.ecs_web_td_log_group_arn,
+          var.ecs_api_td_log_group_arn
         ]
       }
     ]

diff --git a/infrastructure/cloud/modules/security/variables.tf b/infrastructure/cloud/modules/security/variables.tf
@@ -18,6 +18,11 @@ variable "ecs_web_td_log_group_arn" {
   type        = string
 }
 
+variable "ecs_api_td_log_group_arn" {
+  description = "The ECS API Task Definition Log Group ARN"
+  type        = string
+}
+
 variable "ecr_repository_arn" {
   description = "The ECR Repository ARN"
   type        = string