feat: temp dir and mount point (#27)

* feat: temp dir and mount point

Author: bemillenium

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change Log
 
+## [v1.1.7] - 2022-10-10
+
+### Added
+
+- Add variable `var.is_application_scratch_volume_enabled` to support enabled temporary storage on ecs
+
+### Changed
+
+- On variable `var.service_info` to support additional mount point
+
 ## [v1.1.6] - 2022-09-22
 
 ### Added

README.md

@@ -20,4 +20,4 @@ Your can also report the vulnerabilities by emailing to Oozou DevOps team at:
 devops@oozou.com
 ```
 
-We will acknowledge your email within 72 hours on workday, and will send a more details response within 5 days. After the initial email start, we will investigate the security issue snd fix it as soon as possible.
+We will acknowledge your email within 72 hours on workday, and will send a more details response within 5 days. After the initial email start, we will investigate the security issue snd fix it as soon as possible.

SECURITY.md

@@ -17,4 +17,4 @@ variable "custom_tags" {
   description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys."
   type        = map(string)
   default     = {}
-}
+}

examples/ecs_ec2_capacity_provider/variables.tf

@@ -1,5 +1,39 @@
 # Please see how to use fargate cluster at ooozou/terraform-aws-fargate-cluster
 
+module "fargate_cluster" {
+
+  source = "git@github.com:oozou/terraform-aws-ecs-fargate-cluster?ref=v1.0.6"
+
+  # Generics
+  prefix      = var.prefix
+  environment = var.environment
+  name        = var.name
+
+  # IAM Role
+  ## If is_create_role is false, all of folowing argument is ignored
+  is_create_role                 = true
+  allow_access_from_principals   = ["arn:aws:iam::557291035693:root"]
+  additional_managed_policy_arns = []
+
+  # VPC Information
+  vpc_id = module.vpc.vpc_id
+
+  additional_security_group_ingress_rules = {}
+
+  # ALB
+  is_create_alb              = true
+  is_public_alb              = true
+  enable_deletion_protection = false
+  alb_listener_port          = 8080
+  # alb_certificate_arn        = var.alb_certificate_arn
+  public_subnet_ids = module.vpc.public_subnet_ids # If is_public_alb is true, public_subnet_ids is required
+
+  # ALB's DNS Record
+  is_create_alb_dns_record = false
+
+  tags = var.custom_tags
+}
+
 module "service_api" {
   source = "../.."
 
@@ -15,12 +49,12 @@ module "service_api" {
   ]
 
   # ALB
-  is_attach_service_with_lb = true
+  is_attach_service_with_lb = false
   alb_listener_arn          = module.fargate_cluster.alb_listener_http_arn
   alb_host_header           = null
   alb_paths                 = ["/*"]
   alb_priority              = "100"
-  vpc_id                    = "vpc-xxxxxxx"
+  vpc_id                    = module.vpc.vpc_id
   health_check = {
     interval            = 20,
     path                = "/",
@@ -40,13 +74,15 @@ module "service_api" {
     mem_allocation = 512,
     port           = 80,
     image          = "nginx"
+    mount_points   = []
   }
+  is_application_scratch_volume_enabled = true
 
   # ECS service
   ecs_cluster_name            = module.fargate_cluster.ecs_cluster_name
   service_discovery_namespace = module.fargate_cluster.service_discovery_namespace
   is_enable_execute_command   = true
-  application_subnet_ids      = ["subnet-xxxxxxxxx", "subnet-xxxxxx"]
+  application_subnet_ids      = module.vpc.private_subnet_ids
   security_groups = [
     module.fargate_cluster.ecs_task_security_group_id
   ]

examples/simple/main.tf

@@ -0,0 +1,16 @@
+module "vpc" {
+  source                       = "git@github.com:oozou/terraform-aws-vpc.git?ref=v1.1.6"
+  prefix                       = var.prefix
+  environment                  = var.environment
+  cidr                         = "10.105.0.0/16"
+  private_subnets              = ["10.105.60.0/22", "10.105.64.0/22", "10.105.68.0/22"]
+  public_subnets               = ["10.105.0.0/24", "10.105.1.0/24", "10.105.2.0/24"]
+  database_subnets             = ["10.105.20.0/23", "10.105.22.0/23", "10.105.24.0/23"]
+  availability_zone            = ["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]
+  is_enable_dns_hostnames      = true
+  is_enable_dns_support        = true
+  is_create_nat_gateway        = true
+  is_enable_single_nat_gateway = true
+  account_mode                 = "hub"
+  tags                         = var.custom_tags
+}

examples/simple/vpc.tf

@@ -66,6 +66,14 @@ locals {
 /*                               Task Definition                              */
 /* -------------------------------------------------------------------------- */
 locals {
+  mount_points_application_scratch = var.is_application_scratch_volume_enabled ? [
+    {
+      "containerPath" : "/var/scratch",
+      "sourceVolume" : "application_scratch"
+    }
+  ] : []
+  mount_points = concat(local.mount_points_application_scratch, try(var.service_info.mount_points, []))
+
   # TODO make it better later
   container_definitions = local.is_apm_enabled ? templatefile("${path.module}/task-definitions/service-with-sidecar-container.json", {
     cpu                     = var.service_info.cpu_allocation
@@ -84,6 +92,7 @@ locals {
     apm_service_port        = var.apm_config.service_port
     entry_point             = jsonencode(var.entry_point)
     command                 = jsonencode(var.command)
+    mount_points            = jsonencode(local.mount_points)
     }) : templatefile("${path.module}/task-definitions/service-main-container.json", {
     cpu                     = var.service_info.cpu_allocation
     service_image           = var.service_info.image
@@ -96,6 +105,7 @@ locals {
     secrets_task_definition = jsonencode(local.secrets_task_definition)
     entry_point             = jsonencode(var.entry_point)
     command                 = jsonencode(var.command)
+    mount_points            = jsonencode(local.mount_points)
   })
   container_definitions_ec2 = templatefile("${path.module}/task-definitions/service-main-container-ec2.json", {
     cpu                     = var.service_info.cpu_allocation
@@ -110,6 +120,7 @@ locals {
     entry_point             = jsonencode(var.entry_point)
     command                 = jsonencode(var.command)
     unix_max_connection     = tostring(var.unix_max_connection)
+    mount_points            = jsonencode(local.mount_points)
   })
 }
 

locals.tf

@@ -285,6 +285,13 @@ resource "aws_ecs_task_definition" "this" {
     }
   }
 
+  dynamic "volume" {
+    for_each = var.is_application_scratch_volume_enabled ? [true] : []
+    content {
+      name = "application_scratch"
+    }
+  }
+
   tags = merge(local.tags, { "Name" = local.service_name })
 }
 

main.tf

@@ -2,6 +2,7 @@
   {
      "cpu":${cpu},
      "image":"${service_image}",
+     "mountPoints": ${mount_points},
      "memory":${memory},
      "name":"${service_name}",
      "networkMode":"awsvpc",

task-definitions/service-main-container-ec2.json

@@ -2,6 +2,7 @@
   {
      "cpu":${cpu},
      "image":"${service_image}",
+     "mountPoints": ${mount_points},
      "memory":${memory},
      "name":"${service_name}",
      "networkMode":"awsvpc",
@@ -22,7 +23,7 @@
      ],
      "environment" : ${envvars},
      "secrets" : ${secrets_task_definition},
-     "entryPoint": ${entry_point},
+     "entryPoint": ${entry_point},     
      "command": ${command}
   }
 ]