Adding IAC

.gitignore

@@ -0,0 +1,4 @@
+.vscode/
+terraform.tfstate
+terraform.tfstate.backup
+.terraform*

Dockerfile

@@ -0,0 +1,8 @@
+FROM node:10
+WORKDIR /usr/src/app
+COPY quest/package.json ./package.json
+RUN npm install
+ADD /quest/ .
+EXPOSE 3000
+ENV SECRET_WORD bsd_value
+CMD ["node", "src/000.js"]

IAC/README.md

@@ -0,0 +1,28 @@
+# quest
+
+## Table of Contents
+
+- [About](#about)
+- [Getting Started](#getting_started)
+- [Usage](#usage)
+
+## About <a name = "about"></a>
+
+ quest IAC
+
+## Getting Started <a name = "getting_started"></a>
+
+These instructions deploy the quest project into ECS and put it behind a network load balancer. 
+
+See [deployment](#deployment) for notes. 
+
+### Prerequisites
+
+An AWS account, initalized to run via the command line. You will also need your account number.  
+Terraform.  
+### Initalizing 
+
+From this directory, run `terraform init` to initalize the state file. Then run `terraform plan -var="aws_account_number=#"` to observe what will be created. 
+## Usage <a name = "usage"></a>
+
+Once happy with the plan, utilize terraform to deply `terraform apply -var="aws_account_number=#""` 

IAC/aws.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+    region = "us-east-2"
+}

IAC/codebuild.tf

@@ -0,0 +1,67 @@
+# Create Pipeline. 
+resource "aws_codebuild_project" "quest-build-pipeline" {
+  name          = "quest-build-pipeline"
+  description   = "quest_build_pipeline"
+  build_timeout = "5"
+  service_role  = aws_iam_role.quest-codebuild-role.arn
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+  cache {
+    type  = "LOCAL"
+    modes = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_SOURCE_CACHE"]
+  }
+  environment {
+    compute_type                = "BUILD_GENERAL1_SMALL"
+    image                       = "aws/codebuild/standard:1.0"
+    type                        = "LINUX_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
+    environment_variable {
+    name = "AWS_ACCOUNT_ID"
+    value = var.aws_account_number 
+    }
+    environment_variable {
+      name = "IMAGE_REPO_NAME"
+      value = aws_ecr_repository.quest.name
+    }
+    environment_variable {
+      name = "IMAGE_TAG"
+      value = local.image_version
+    }
+    environment_variable {
+      name = "AWS_DEFAULT_REGION"
+      value = var.default_region
+    }
+
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      group_name  = "log-group"
+      stream_name = "log-stream"
+    }
+
+    s3_logs {
+      status   = "ENABLED"
+      location = "${aws_s3_bucket.quest-bucket.id}/build-log"
+    }
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/notobsd2/quest"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  source_version = "master"
+
+  tags = {
+    Environment = "Test"
+  }
+}
+## END PIPELINE ##
+

IAC/ecr.tf

@@ -0,0 +1,44 @@
+## START ECR ###
+
+resource "aws_ecr_repository" "quest" {
+    name ="quest"
+    image_scanning_configuration {
+      scan_on_push = true
+    }
+
+}
+#Create policy for ECR repostiry for quest image. 
+resource "aws_ecr_repository_policy" "quest-policy" {
+  repository = aws_ecr_repository.quest.name
+  policy = <<EOF
+{
+    "Version": "2008-10-17",
+    "Statement": [
+        {
+            "Sid": "new policy",
+            "Effect": "Allow",
+            "Principal": "*",
+            "Action": [
+                "ecr:GetDownloadUrlForLayer",
+                "ecr:BatchGetImage",
+                "ecr:BatchCheckLayerAvailability",
+                "ecr:PutImage",
+                "ecr:InitiateLayerUpload",
+                "ecr:UploadLayerPart",
+                "ecr:CompleteLayerUpload",
+                "ecr:DescribeRepositories",
+                "ecr:GetRepositoryPolicy",
+                "ecr:ListImages",
+                "ecr:DeleteRepository",
+                "ecr:BatchDeleteImage",
+                "ecr:SetRepositoryPolicy",
+                "ecr:DeleteRepositoryPolicy",
+                "ecr:GetAuthorizationToken"
+            ]
+        }
+    ]
+}
+EOF
+}
+
+## END ECR ##

IAC/ecs.tf

@@ -0,0 +1,60 @@
+resource "aws_ecs_service" "quest-ecs-service" {
+ name = "quest-task"
+ launch_type = "FARGATE"
+ cluster = aws_ecs_cluster.quest-cluster.arn
+ enable_ecs_managed_tags = true
+ propagate_tags = "TASK_DEFINITION" 
+ wait_for_steady_state = true
+ task_definition = aws_ecs_task_definition.quest-task-definition.arn
+ desired_count = 1
+network_configuration {
+  subnets = [aws_subnet.quest2a.id , aws_subnet.quest2b.id ]
+  security_groups = [ aws_security_group.quest-security-group.id ]
+  assign_public_ip = true 
+  }
+tags = { Name = "quest" }
+depends_on = [
+  aws_lb_target_group.quest,
+  aws_ecs_task_definition.quest-task-definition,
+]
+}
+resource "aws_ecs_task_definition" "quest-task-definition" {
+  family = "quest"
+  requires_compatibilities = ["FARGATE"]
+  network_mode = "awsvpc"
+  execution_role_arn = aws_iam_role.quest-task-role.arn
+  cpu       = 512
+  memory    = 1024
+  container_definitions = jsonencode([
+    {
+      name      = "quest-container" #TODO: move to variable name container 
+      image     = "${aws_ecr_repository.quest.repository_url}:${local.image_version}" 
+      requires_compatibilities = ["FARGATE"]
+      cpu       = 512
+      memory    = 1024
+      logConfiguration = {
+        logDriver = "awslogs"
+        "options" = {
+          awslogs-group = "/ecs/quest-test"
+          awslogs-region = "us-east-2"
+          awslogs-stream-prefix = "ecs"
+          }
+         }
+      portMappings = [
+        {
+          containerPort = 3000
+          hostPort      = 3000 
+        }
+      ]
+  }
+  ])
+  tags = { Name = "quest" }
+  depends_on = [
+    aws_iam_role.quest-task-role
+  ]
+}
+resource "aws_ecs_cluster" "quest-cluster" {
+  name = "quest-cluster"
+}
+
+