added terraform plan

Author: omerh

terraform/.terraform.lock.hcl

@@ -0,0 +1,65 @@
+resource "aws_apprunner_vpc_connector" "this" {
+  vpc_connector_name = var.name
+  subnets            = var.subnet_list
+  security_groups    = [aws_security_group.allow_elasicache.id]
+}
+
+resource "aws_apprunner_auto_scaling_configuration_version" "this" {
+  auto_scaling_configuration_name = var.name
+
+  max_concurrency = var.max_concurrency
+  max_size        = var.max_size
+  min_size        = var.min_size
+
+  tags = {
+    Name = var.name
+  }
+}
+
+resource "aws_apprunner_service" "this" {
+  service_name = var.name
+
+  source_configuration {
+    auto_deployments_enabled = var.auto_deployments_enabled
+    authentication_configuration {
+      access_role_arn = aws_iam_role.this.arn
+    }
+    image_repository {
+      image_configuration {
+        port = var.app_port
+        runtime_environment_variables = {
+          "REDIS_HOST" : aws_elasticache_replication_group.this.primary_endpoint_address
+          "REDIS_PORT" : var.elasticache_port
+        }
+      }
+      image_identifier      = "${aws_ecr_repository.this.repository_url}:${var.app_docker_tag}"
+      image_repository_type = var.image_repository_type
+    }
+  }
+
+  instance_configuration {
+    cpu    = var.cpu
+    memory = var.memory
+  }
+
+  health_check_configuration {
+    healthy_threshold   = var.healthy_threshold
+    interval            = var.healthcheck_interval
+    path                = var.healthcheck_path
+    protocol            = var.healthcheck_protocol
+    timeout             = var.healthcheck_timeout
+    unhealthy_threshold = var.unhealthy_threshold
+  }
+
+  network_configuration {
+    egress_configuration {
+      egress_type       = "VPC"
+      vpc_connector_arn = aws_apprunner_vpc_connector.this.arn
+    }
+  }
+
+  depends_on = [
+    aws_elasticache_replication_group.this,
+    null_resource.this
+  ]
+}

terraform/apprunner.tf

@@ -0,0 +1,25 @@
+resource "aws_security_group" "allow_elasicache" {
+  name        = "${var.name}-allow-elasticache"
+  description = "Allow access to Elasticache from VPC Connector"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    description = "Access to Elasticache from VPC Connector"
+    from_port   = var.elasticache_port
+    to_port     = var.elasticache_port
+    protocol    = "tcp"
+    self        = true
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  tags = {
+    Name = "${var.name}-allow-elasticache"
+  }
+}

terraform/asg.tf

@@ -0,0 +1,10 @@
+resource "aws_ecr_repository" "this" {
+  name                 = var.name
+  image_tag_mutability = var.image_tag_mutability
+  image_scanning_configuration {
+    scan_on_push = var.scan_on_push
+  }
+  encryption_configuration {
+    encryption_type = var.encryption_type
+  }
+}

terraform/ecr.tf

@@ -0,0 +1,25 @@
+resource "aws_elasticache_subnet_group" "this" {
+  name       = var.name
+  subnet_ids = var.subnet_list
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                     = var.engine
+  engine_version             = var.engine_version
+  node_type                  = var.node_type
+  num_cache_clusters         = var.num_cache_nodes
+  parameter_group_name       = var.parameter_group_name
+  port                       = var.elasticache_port
+  automatic_failover_enabled = var.automatic_failover_enabled
+  replication_group_id       = var.name
+  description                = var.name
+  security_group_ids         = [aws_security_group.allow_elasicache.id]
+  subnet_group_name          = aws_elasticache_subnet_group.this.name
+  user_group_ids             = []
+
+  apply_immediately = var.apply_immediately
+
+  tags = {
+    Name = var.name
+  }
+}

terraform/elasticache.tf

@@ -0,0 +1,21 @@
+resource "aws_iam_role" "this" {
+  name               = var.name
+  path               = "/"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["build.apprunner.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess"
+}

terraform/iam.tf

@@ -0,0 +1,15 @@
+data "aws_caller_identity" "current" {}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command     = <<EOT
+        cd ..
+        docker build -t ${aws_ecr_repository.this.repository_url}:${var.app_docker_tag} . 
+        aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.aws_region}.amazonaws.com
+        docker push ${aws_ecr_repository.this.repository_url}:${var.app_docker_tag}
+    EOT
+    interpreter = ["/bin/bash", "-c"]
+    working_dir = path.module
+  }
+  depends_on = [aws_ecr_repository.this]
+}

terraform/localBuild.tf

@@ -0,0 +1,11 @@
+output "ecr" {
+  value = aws_ecr_repository.this.repository_url
+}
+
+output "apprunner" {
+  value = aws_apprunner_service.this.service_url
+}
+
+output "elasticache" {
+  value = aws_elasticache_replication_group.this.primary_endpoint_address
+}

terraform/outputs.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region                   = var.provider_region
+  shared_credentials_files = ["~/.aws/credentials"]
+  profile                  = var.aws_profile
+}
+
+# For pressistant S3 backend for terraform state
+# terraform {
+#   backend "s3" {
+#     bucket  = "app-runner-sample"
+#     key     = "app-runner"
+#     region  = "us-east-1"
+#     encrypt = true
+#     profile = var.aws_profile
+#   }
+# }

terraform/provider.tf

@@ -0,0 +1,12 @@
+# General configuration
+name            = "impression-counter-api"
+
+# Provider configuration
+provider_region = "us-east-1" # Update the region
+aws_profile     = "default" # Update the profile
+
+# VPC Configurations
+vpc_id      = "vpc-xxxxxxxxxx" # Update your VPC ID
+subnet_list = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"] # Update your subnets
+
+# Review all the default variables in variables.tfvars in