From 9777ed45a0c6f15d14dfe52aa39e6900fcba4c72 Mon Sep 17 00:00:00 2001 From: Allan Denot Date: Fri, 19 Jul 2024 19:05:20 +1000 Subject: [PATCH] Removing code-deploy and enabling circuit-breaker --- _variables.tf | 35 ------------- alb-target-group.tf | 111 +++-------------------------------------- cloudwatch-alarms.tf | 84 ++++++++----------------------- codedeploy.tf | 76 ---------------------------- ecs-service.tf | 24 ++++----- ecs-task-definition.tf | 12 ++--- iam-codedeploy.tf | 36 ------------- iam-ecs-task-attach.tf | 11 +--- iam-ecs-task.tf | 7 +-- null-deployment.tf | 22 -------- 10 files changed, 42 insertions(+), 376 deletions(-) delete mode 100644 codedeploy.tf delete mode 100644 iam-codedeploy.tf delete mode 100644 null-deployment.tf diff --git a/_variables.tf b/_variables.tf index 09b1488..bc07636 100644 --- a/_variables.tf +++ b/_variables.tf @@ -92,11 +92,6 @@ variable "service_role_arn" { default = null } -variable "codedeploy_role_arn" { - default = null - description = "Existing IAM CodeDeploy role ARN created by ECS cluster module" -} - variable "task_role_arn" { description = "Existing task role ARN created by ECS cluster module" default = null @@ -140,10 +135,6 @@ variable "alb_listener_https_arn" { description = "ALB HTTPS Listener created by ECS cluster module" } -variable "test_traffic_route_listener_arn" { - description = "ALB HTTPS Listener for Test Traffic created by ECS cluster module" -} - variable "alb_dns_name" { description = "ALB DNS Name" default = "" @@ -244,21 +235,6 @@ variable "alb_only" { description = "Whether to deploy only an alb and no cloudFront or not with the cluster" } -variable "codedeploy_wait_time_for_cutover" { - default = 0 - description = "Time in minutes to route the traffic to the new application deployment" -} - -variable "codedeploy_wait_time_for_termination" { - default = 0 - description = "Time in minutes to terminate the new deployment" -} - -variable "codedeploy_deployment_config_name" { - default = "CodeDeployDefault.ECSAllAtOnce" - description = "Specifies the deployment configuration for CodeDeploy" -} - variable "cloudwatch_logs_create" { default = true description = "Whether to create cloudwatch log resources or not" @@ -356,12 +332,6 @@ variable "placement_constraints" { default = [] } -variable "create_iam_codedeployrole" { - type = bool - default = true - description = "Create Codedeploy IAM Role for ECS or not." -} - variable "alarm_prefix" { type = string description = "String prefix for cloudwatch alarms. (Optional)" @@ -481,11 +451,6 @@ variable "redirects" { default = {} } -variable "deployment_controller" { - default = "CODE_DEPLOY" - description = "Type of deployment controller. Valid values: CODE_DEPLOY, ECS, EXTERNAL." -} - variable "ecs_service_capacity_provider_strategy" { description = "(Optional) The capacity provider strategy to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if set to [] and not changing from 0 capacity_provider_strategy blocks to greater than 0, or vice versa." default = [{}] diff --git a/alb-target-group.tf b/alb-target-group.tf index 57cebce..bfabf6f 100644 --- a/alb-target-group.tf +++ b/alb-target-group.tf @@ -9,27 +9,21 @@ resource "aws_lb_listener_rule" "green" { dynamic "condition" { for_each = length(var.paths) > 0 ? [var.paths] : [] content { - path_pattern { - values = toset(condition.value) - } + path_pattern { values = toset(condition.value) } } } dynamic "condition" { for_each = length(var.hostnames) > 0 ? [var.hostnames] : [] content { - host_header { - values = toset(condition.value) - } + host_header { values = toset(condition.value) } } } dynamic "condition" { for_each = length(var.source_ips) > 0 ? [var.source_ips] : [] content { - source_ip { - values = toset(condition.value) - } + source_ip { values = toset(condition.value) } } } @@ -44,9 +38,8 @@ resource "aws_lb_listener_rule" "green" { } lifecycle { - ignore_changes = [ - action[0].target_group_arn - ] + ignore_changes = [action[0].target_group_arn] + replace_triggered_by = [aws_lb_target_group.green] } priority = try( @@ -56,55 +49,7 @@ resource "aws_lb_listener_rule" "green" { ) ) - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) -} - -resource "aws_lb_listener_rule" "blue" { - listener_arn = var.test_traffic_route_listener_arn - - action { - type = "forward" - target_group_arn = aws_lb_target_group.blue.arn - } - - dynamic "condition" { - for_each = length(var.paths) > 0 ? [var.paths] : [] - content { - path_pattern { - values = toset(condition.value) - } - } - } - - dynamic "condition" { - for_each = length(var.hostnames) > 0 ? [var.hostnames] : [] - content { - host_header { - values = toset(condition.value) - } - } - } - - lifecycle { - ignore_changes = [ - action[0].target_group_arn - ] - } - - priority = var.alb_priority != 0 ? var.alb_priority + 1 : null - - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) - + tags = merge(var.tags, { "Terraform" = true }, ) } resource "aws_lb_listener_rule" "redirects" { @@ -200,47 +145,5 @@ resource "aws_lb_target_group" "green" { } } - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) + tags = merge(var.tags, { "Terraform" = true }, ) } - -resource "aws_lb_target_group" "blue" { - name = var.compat_keep_target_group_naming ? "${var.cluster_name}-${var.name}-bl" : format("%s-bl-%s", substr("${var.cluster_name}-${replace(var.name, "_", "-")}", 0, 24), random_string.alb_prefix.result) - port = var.port - protocol = var.protocol - vpc_id = var.vpc_id - deregistration_delay = 10 - target_type = var.launch_type == "FARGATE" ? "ip" : "instance" - - health_check { - path = var.healthcheck_path - interval = var.healthcheck_interval - healthy_threshold = var.healthy_threshold - unhealthy_threshold = var.unhealthy_threshold - timeout = var.healthcheck_timeout - matcher = var.healthcheck_matcher - protocol = var.protocol - } - - dynamic "stickiness" { - for_each = var.dynamic_stickiness - iterator = stickiness - - content { - cookie_duration = stickiness.value.cookie_duration - cookie_name = stickiness.value.cookie_name - type = stickiness.value.type - } - } - - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) -} \ No newline at end of file diff --git a/cloudwatch-alarms.tf b/cloudwatch-alarms.tf index 7b6fa74..6b2c536 100644 --- a/cloudwatch-alarms.tf +++ b/cloudwatch-alarms.tf @@ -11,55 +11,18 @@ resource "aws_cloudwatch_metric_alarm" "min_healthy_tasks" { insufficient_data_actions = [] treat_missing_data = "ignore" - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) - - metric_query { - id = "e1" - expression = "MAX(REMOVE_EMPTY([m1, m2]))" - label = "HealthyHostCountCombined" - return_data = "true" - } - - metric_query { - id = "m1" - - metric { - metric_name = "HealthyHostCount" - namespace = "AWS/ApplicationELB" - period = "60" - stat = "Maximum" - unit = "Count" - - dimensions = { - LoadBalancer = join("/", slice(split("/", data.aws_lb_listener.ecs.load_balancer_arn), 1, 4)) - TargetGroup = aws_lb_target_group.blue.arn_suffix - } - } - + metric_name = "HealthyHostCount" + namespace = "AWS/ApplicationELB" + period = "60" + statistic = "Maximum" + unit = "Count" + dimensions = { + LoadBalancer = join("/", slice(split("/", data.aws_lb_listener.ecs.load_balancer_arn), 1, 4)) + TargetGroup = aws_lb_target_group.green.arn_suffix } - metric_query { - id = "m2" - - metric { - metric_name = "HealthyHostCount" - namespace = "AWS/ApplicationELB" - period = "60" - stat = "Maximum" - unit = "Count" - - dimensions = { - LoadBalancer = join("/", slice(split("/", data.aws_lb_listener.ecs.load_balancer_arn), 1, 4)) - TargetGroup = aws_lb_target_group.green.arn_suffix - } - } - } + tags = merge(var.tags, { "Terraform" = true }, ) } resource "aws_cloudwatch_metric_alarm" "high_cpu_usage" { @@ -81,43 +44,36 @@ resource "aws_cloudwatch_metric_alarm" "high_cpu_usage" { statistic = "Average" unit = "Percent" - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) dimensions = { ClusterName = var.cluster_name ServiceName = aws_ecs_service.default.name } + tags = merge(var.tags, { "Terraform" = true }, ) } resource "aws_cloudwatch_metric_alarm" "ecs_running_tasks" { count = length(var.alarm_sns_topics) > 0 && var.alarm_ecs_running_tasks_threshold > 0 ? 1 : 0 alarm_name = "${try(data.aws_iam_account_alias.current[0].account_alias, var.alarm_prefix)}-ecs-${var.name}-running-tasks" + alarm_description = "Ecs service running tasks is lower than the threshold" comparison_operator = "LessThanThreshold" evaluation_periods = "1" - metric_name = "RunningTaskCount" - namespace = "ECS/ContainerInsights" - period = "30" - statistic = "Average" threshold = var.alarm_ecs_running_tasks_threshold - alarm_description = "Ecs service running tasks is lower than the threshold" alarm_actions = var.alarm_sns_topics ok_actions = var.alarm_sns_topics insufficient_data_actions = [] treat_missing_data = "ignore" - tags = merge( - var.tags, - { - "Terraform" = true - }, - ) + + metric_name = "RunningTaskCount" + namespace = "ECS/ContainerInsights" + period = "30" + statistic = "Average" + dimensions = { ClusterName = var.cluster_name ServiceName = aws_ecs_service.default.name } -} \ No newline at end of file + + tags = merge(var.tags, { "Terraform" = true }, ) +} diff --git a/codedeploy.tf b/codedeploy.tf deleted file mode 100644 index 82fddd7..0000000 --- a/codedeploy.tf +++ /dev/null @@ -1,76 +0,0 @@ -resource "aws_codedeploy_app" "ecs" { - count = var.deployment_controller == "CODE_DEPLOY" ? 1 : 0 - compute_platform = "ECS" - name = "${var.cluster_name}-${var.name}" - tags = merge( - var.tags, - { - "terraform" = "true" - }, - ) - -} - -resource "aws_codedeploy_deployment_group" "ecs" { - count = var.deployment_controller == "CODE_DEPLOY" ? 1 : 0 - app_name = aws_codedeploy_app.ecs[0].name - deployment_config_name = var.codedeploy_deployment_config_name - deployment_group_name = "${var.cluster_name}-${var.name}" - service_role_arn = var.create_iam_codedeployrole == true ? aws_iam_role.codedeploy_service[0].arn : var.codedeploy_role_arn - - auto_rollback_configuration { - enabled = true - events = ["DEPLOYMENT_FAILURE"] - } - - blue_green_deployment_config { - deployment_ready_option { - action_on_timeout = var.codedeploy_wait_time_for_cutover == 0 ? "CONTINUE_DEPLOYMENT" : "STOP_DEPLOYMENT" - wait_time_in_minutes = var.codedeploy_wait_time_for_cutover - } - - terminate_blue_instances_on_deployment_success { - action = "TERMINATE" - termination_wait_time_in_minutes = var.codedeploy_wait_time_for_termination - } - - } - - deployment_style { - deployment_option = "WITH_TRAFFIC_CONTROL" - deployment_type = "BLUE_GREEN" - } - - ecs_service { - cluster_name = var.cluster_name - service_name = aws_ecs_service.default.name - } - - load_balancer_info { - target_group_pair_info { - prod_traffic_route { - listener_arns = [var.alb_listener_https_arn] - } - - test_traffic_route { - listener_arns = [var.test_traffic_route_listener_arn] - } - - target_group { - name = aws_lb_target_group.blue.name - } - - target_group { - name = aws_lb_target_group.green.name - } - } - } - - tags = merge( - var.tags, - { - "terraform" = "true" - }, - ) - -} \ No newline at end of file diff --git a/ecs-service.tf b/ecs-service.tf index 4cc5839..6e06d27 100644 --- a/ecs-service.tf +++ b/ecs-service.tf @@ -9,6 +9,11 @@ resource "aws_ecs_service" "default" { deployment_minimum_healthy_percent = var.service_deployment_minimum_healthy_percent enable_execute_command = true + deployment_circuit_breaker { + enable = true + rollback = true + } + dynamic "network_configuration" { for_each = var.launch_type == "FARGATE" ? [var.subnets] : [] content { @@ -39,10 +44,6 @@ resource "aws_ecs_service" "default" { container_port = var.container_port } - deployment_controller { - type = var.deployment_controller # default "CODE_DEPLOY" - } - dynamic "capacity_provider_strategy" { iterator = capacity_provider_strategy @@ -55,19 +56,12 @@ resource "aws_ecs_service" "default" { } lifecycle { - ignore_changes = [load_balancer, task_definition, desired_count, capacity_provider_strategy] + ignore_changes = [load_balancer, task_definition, desired_count, capacity_provider_strategy] + replace_triggered_by = [aws_lb_target_group.green] # This is to ensure that the service is replaced when the target group is replaced } - depends_on = [ - aws_lb_listener_rule.green, - aws_lb_listener_rule.blue - ] + depends_on = [aws_lb_listener_rule.green] - tags = merge( - var.tags, - { - "terraform" = "true" - }, - ) + tags = merge(var.tags, { "terraform" = "true" }, ) } diff --git a/ecs-task-definition.tf b/ecs-task-definition.tf index 29e3efa..b3797c0 100644 --- a/ecs-task-definition.tf +++ b/ecs-task-definition.tf @@ -60,16 +60,10 @@ resource "aws_ecs_task_definition" "default" { } lifecycle { - ignore_changes = [ - container_definitions - ] + ignore_changes = [container_definitions] + replace_triggered_by = [aws_lb_target_group.green] } - tags = merge( - var.tags, - { - "terraform" = "true" - }, - ) + tags = merge(var.tags, { "terraform" = "true" }, ) } diff --git a/iam-codedeploy.tf b/iam-codedeploy.tf deleted file mode 100644 index 95a3502..0000000 --- a/iam-codedeploy.tf +++ /dev/null @@ -1,36 +0,0 @@ -resource "aws_iam_role" "codedeploy_service" { - - count = var.create_iam_codedeployrole == true ? 1 : 0 - - name = "codedeploy-service-${var.cluster_name}-${var.name}-${data.aws_region.current.name}" - - assume_role_policy = < policy } role = aws_iam_role.ecs_task[0].name policy_arn = aws_iam_policy.task_role_policy_custom[each.value.name].arn - -} \ No newline at end of file +} diff --git a/iam-ecs-task.tf b/iam-ecs-task.tf index bf3b6b1..a895450 100644 --- a/iam-ecs-task.tf +++ b/iam-ecs-task.tf @@ -18,12 +18,7 @@ resource "aws_iam_role" "ecs_task" { } EOF - tags = merge( - var.tags, - { - "terraform" = "true" - }, - ) + tags = merge(var.tags, { "terraform" = "true" }, ) } resource "aws_iam_role_policy_attachment" "ecs_task" { diff --git a/null-deployment.tf b/null-deployment.tf deleted file mode 100644 index 2d6bf0a..0000000 --- a/null-deployment.tf +++ /dev/null @@ -1,22 +0,0 @@ -# resource "null_resource" "deployment" { -# triggers { -# image = var.image -# } -# provisioner "local-exec" { -# command = < ${path.module}/deploy-id.json -# EOF -# } -# } -# data "template_file" "app_spec" { -# template = file("${path.module}/app-spec.tpl.json") -# vars = { -# task_definition_arn = aws_ecs_task_definition.default.arn -# container_name = var.name -# container_port = var.container_port -# } -# } -