Remove default tags and add matcher option for healthcheck in ECS ser…

…vice
Selleo · Oct 14, 2021 · a0466f5 · a0466f5
1 parent 1d2db6c
commit a0466f5
Show file tree

Hide file tree

Showing 9 changed files with 32 additions and 33 deletions.
diff --git a/modules/ecs-background-job/main.tf b/modules/ecs-background-job/main.tf
@@ -39,7 +39,7 @@ resource "aws_ecs_task_definition" "this" {
       }
   ])
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 data "aws_ecs_task_definition" "this" {
@@ -76,7 +76,7 @@ resource "aws_ecs_service" "this" {
     field = "cpu"
   }
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 # logs
@@ -85,7 +85,7 @@ resource "aws_cloudwatch_log_group" "this" {
   name              = var.name
   retention_in_days = var.log_retention_in_days
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_iam_role_policy" "cloudwatch" {

diff --git a/modules/ecs-cluster/README.md b/modules/ecs-cluster/README.md
@@ -9,7 +9,7 @@ Define cluster:
 ```tf
 module "ecs_cluster" {
   source  = "Selleo/backend/aws//modules/ecs-cluster"
-  version = "0.4.0"
+  version = "0.5.0"
 
   name_prefix        = "my-cluster"
   region             = "eu-central-1" 
@@ -117,7 +117,6 @@ No modules.
 | <a name="input_ami"></a> [ami](#input\_ami) | Image ID for Autoscaling group. If left blank, latest ECS-optimized version will be used. | `string` | `""` | no |
 | <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Associate a public ip address with an instance in a VPC. | `bool` | `false` | no |
 | <a name="input_autoscaling_group"></a> [autoscaling\_group](#input\_autoscaling\_group) | Autoscaling group configuration. | <pre>object({<br>    min_size         = number<br>    max_size         = number<br>    desired_capacity = number<br>  })</pre> | n/a | yes |
-| <a name="input_backward_compatibility_single_instance_sg_per_vpc"></a> [backward\_compatibility\_single\_instance\_sg\_per\_vpc](#input\_backward\_compatibility\_single\_instance\_sg\_per\_vpc) | Use backward compatibility mode for security group name. If set to `True` default SG will be named `instance_sg`, otherwsie random prefix is added. | `bool` | `false` | no |
 | <a name="input_cloudinit_parts"></a> [cloudinit\_parts](#input\_cloudinit\_parts) | Parts for cloud-init config that are added to the final MIME document. | <pre>list(object({<br>    content      = string<br>    filename     = string<br>    content_type = string<br>  }))</pre> | `[]` | no |
 | <a name="input_ecs_loglevel"></a> [ecs\_loglevel](#input\_ecs\_loglevel) | ECS Cluster log level. | `string` | `"info"` | no |
 | <a name="input_enable_container_insights"></a> [enable\_container\_insights](#input\_enable\_container\_insights) | Enable container insights for the cluster. | `bool` | `false` | no |

diff --git a/modules/ecs-cluster/iam.tf b/modules/ecs-cluster/iam.tf
@@ -2,7 +2,7 @@ resource "aws_iam_role" "instance_role" {
   name               = "${random_id.prefix.hex}-ec2"
   assume_role_policy = data.aws_iam_policy_document.instance_role.json
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 data "aws_iam_policy_document" "instance_role" {

diff --git a/modules/ecs-cluster/main.tf b/modules/ecs-cluster/main.tf
@@ -36,14 +36,14 @@ resource "aws_ecs_cluster" "this" {
     value = var.enable_container_insights ? "enabled" : "disabled"
   }
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_placement_group" "this" {
   name     = random_id.prefix.hex
   strategy = "spread" # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_autoscaling_group" "portal_autoscaling_group" {
@@ -64,7 +64,7 @@ resource "aws_autoscaling_group" "portal_autoscaling_group" {
   health_check_type         = "EC2"
 
   tags = [
-    for k, v in merge({ owner = "self" }, var.tags) : {
+    for k, v in var.tags : {
       key                 = k
       value               = v
       propagate_at_launch = true
@@ -79,11 +79,11 @@ resource "aws_autoscaling_group" "portal_autoscaling_group" {
 }
 
 resource "aws_security_group" "instance_sg" {
-  description = "controls direct access to application instances"
+  description = "Controls direct access to application instances"
   vpc_id      = var.vpc_id
-  name        = var.backward_compatibility_single_instance_sg_per_vpc ? "instance_sg" : "${random_id.prefix.hex}-instance"
+  name        = "${random_id.prefix.hex}-instance"
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_security_group_rule" "ephemeral_port_range" {

diff --git a/modules/ecs-cluster/variables.tf b/modules/ecs-cluster/variables.tf
@@ -92,12 +92,6 @@ variable "ecs_loglevel" {
   }
 }
 
-variable "backward_compatibility_single_instance_sg_per_vpc" {
-  type        = bool
-  default     = false
-  description = "Use backward compatibility mode for security group name. If set to `True` default SG will be named `instance_sg`, otherwsie random prefix is added."
-}
-
 variable "associate_public_ip_address" {
   type        = bool
   default     = false

diff --git a/modules/ecs-service/README.md b/modules/ecs-service/README.md
@@ -44,7 +44,7 @@ Module creates a log group that is used by ECS service task.
 ### ECS service with task definition
 
 Module configures ECS service with task that runs docker image.
-Task is connected to load balancer using target group with default HTTP healthcheck at `/healthcheck`.
+Task is connected to load balancer using target group with default HTTP healthcheck at `/`.
 Task definition uses dynamic port mapping - you define container port and AWS will assign host port from ephemeral range.
 
 Currently placement strategy is configured as follows:
@@ -100,7 +100,7 @@ No modules.
 | <a name="input_container_definition"></a> [container\_definition](#input\_container\_definition) | Service container configuration. | <pre>object({<br>    cpu_units      = number<br>    mem_units      = number<br>    command        = list(string)<br>    image          = string<br>    container_port = number<br>    envs           = map(string)<br>  })</pre> | n/a | yes |
 | <a name="input_desired_count"></a> [desired\_count](#input\_desired\_count) | Desired task count. | `number` | n/a | yes |
 | <a name="input_ecs_cluster_id"></a> [ecs\_cluster\_id](#input\_ecs\_cluster\_id) | ECS Cluster id. | `string` | n/a | yes |
-| <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | Healt check path for ALB target group. | `string` | `"/healthcheck"` | no |
+| <a name="input_health_check"></a> [health\_check](#input\_health\_check) | Healt check config for ALB target group. | <pre>object({<br>    path    = string<br>    matcher = string<br>  })</pre> | <pre>{<br>  "matcher": "200",<br>  "path": "/"<br>}</pre> | no |
 | <a name="input_instance_role"></a> [instance\_role](#input\_instance\_role) | EC2 instance role. | `string` | n/a | yes |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | Log retention in days for Cloudwatch. | `string` | `365` | no |
 | <a name="input_name"></a> [name](#input\_name) | ECS Service name. | `string` | n/a | yes |

diff --git a/modules/ecs-service/main.tf b/modules/ecs-service/main.tf
@@ -11,7 +11,7 @@ resource "aws_cloudwatch_log_group" "this" {
   name              = var.name
   retention_in_days = var.log_retention_in_days
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_ecs_task_definition" "this" {
@@ -52,7 +52,7 @@ resource "aws_ecs_task_definition" "this" {
       }
   ])
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 data "aws_ecs_task_definition" "this" {
@@ -97,14 +97,14 @@ resource "aws_ecs_service" "this" {
     field = "memory"
   }
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_iam_role" "ecs" {
   name               = "${var.name}-ecs-role"
   assume_role_policy = data.aws_iam_policy_document.ecs.json
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 data "aws_iam_policy_document" "ecs" {
@@ -169,14 +169,14 @@ resource "aws_alb_target_group" "this" {
   deregistration_delay = 30 # draining time
 
   health_check {
-    path                = var.health_check_path
+    path                = var.health_check.path
     protocol            = "HTTP"
     timeout             = 10
     interval            = 15
     healthy_threshold   = 3
     unhealthy_threshold = 3
-    matcher             = "200"
+    matcher             = var.health_check.matcher
   }
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
diff --git a/modules/ecs-service/variables.tf b/modules/ecs-service/variables.tf
@@ -45,10 +45,16 @@ variable "tags" {
   default     = {}
 }
 
-variable "health_check_path" {
-  type        = string
-  description = "Healt check path for ALB target group."
-  default     = "/healthcheck"
+variable "health_check" {
+  type = object({
+    path    = string
+    matcher = string
+  })
+  description = "Healt check config for ALB target group."
+  default = {
+    path    = "/"
+    matcher = "200"
+  }
 }
 
 variable "log_retention_in_days" {

diff --git a/modules/load-balancer/main.tf b/modules/load-balancer/main.tf
@@ -10,15 +10,15 @@ resource "aws_alb" "this" {
     enabled = var.access_logs.enabled
   }
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_security_group" "lb_sg" {
   description = "controls access to the application ELB"
   vpc_id      = var.vpc_id
   name        = "lb-${var.name}"
 
-  tags = merge({ owner = "self" }, var.tags)
+  tags = var.tags
 }
 
 resource "aws_security_group_rule" "http" {