From ce31cbe4d840c92c76eca2492e2a34112289a344 Mon Sep 17 00:00:00 2001
From: Saef Taher <saefty@users.noreply.github.com>
Date: Wed, 14 Feb 2024 15:16:28 +0100
Subject: [PATCH] feat: support cw alarms as deployment circuit breakers (#110)

* Support cw alarms as deployment circuit breakers

* refactor: use dynamic block for alarms config

---------

Co-authored-by: Moritz Zimmer <moritz.zmmr@gmail.com>
---
 README.md    |  1 +
 main.tf      | 10 ++++++++++
 variables.tf | 16 ++++++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/README.md b/README.md
index 44a25cd..a2f4857 100644
--- a/README.md
+++ b/README.md
@@ -245,6 +245,7 @@ for example.
 | <a name="input_create_ecr_repository"></a> [create\_ecr\_repository](#input\_create\_ecr\_repository) | Create an ECR repository for this service. | `bool` | `true` | no |
 | <a name="input_create_ingress_security_group"></a> [create\_ingress\_security\_group](#input\_create\_ingress\_security\_group) | Create a security group allowing ingress from target groups to the application ports. Disable this for target groups attached to a Network Loadbalancer. | `bool` | `true` | no |
 | <a name="input_deployment_circuit_breaker"></a> [deployment\_circuit\_breaker](#input\_deployment\_circuit\_breaker) | Deployment circuit breaker configuration. | <pre>object({<br>    enable   = bool<br>    rollback = bool<br>  })</pre> | <pre>{<br>  "enable": false,<br>  "rollback": false<br>}</pre> | no |
+| <a name="input_deployment_failure_detection_alarms"></a> [deployment\_failure\_detection\_alarms](#input\_deployment\_failure\_detection\_alarms) | CloudWatch alarms used to detect deployment failures. | <pre>object({<br>    enable      = bool<br>    rollback    = bool<br>    alarm_names = list(string)<br>  })</pre> | <pre>{<br>  "alarm_names": [],<br>  "enable": false,<br>  "rollback": false<br>}</pre> | no |
 | <a name="input_deployment_maximum_percent"></a> [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy. | `number` | `200` | no |
 | <a name="input_deployment_minimum_healthy_percent"></a> [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no |
 | <a name="input_desired_count"></a> [desired\_count](#input\_desired\_count) | Desired count of services to be started/running. | `number` | `0` | no |
diff --git a/main.tf b/main.tf
index 99e73c6..68db84a 100644
--- a/main.tf
+++ b/main.tf
@@ -108,6 +108,16 @@ resource "aws_ecs_service" "this" {
     }
   }
 
+  dynamic "alarms" {
+    for_each = var.deployment_failure_detection_alarms.enable ? [true] : []
+
+    content {
+      enable      = var.deployment_failure_detection_alarms.enable
+      rollback    = var.deployment_failure_detection_alarms.rollback
+      alarm_names = var.deployment_failure_detection_alarms.alarm_names
+    }
+  }
+
   dynamic "load_balancer" {
     for_each = aws_alb_target_group.main
 
diff --git a/variables.tf b/variables.tf
index 4cdb66f..0affc8f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -91,6 +91,22 @@ variable "deployment_circuit_breaker" {
   })
 }
 
+variable "deployment_failure_detection_alarms" {
+  default = {
+    enable      = false
+    rollback    = false
+    alarm_names = []
+  }
+
+  description = "CloudWatch alarms used to detect deployment failures."
+  type = object({
+    enable      = bool
+    rollback    = bool
+    alarm_names = list(string)
+  })
+}
+
+
 variable "cloudwatch_logs" {
   description = "CloudWatch logs configuration for the containers of this service. CloudWatch logs will be used as the default log configuration if Firelens is disabled and for the fluentbit and otel containers."
   default     = {}