Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TCP mode Updates #40

Merged
merged 1 commit into from
Oct 29, 2022
Merged

TCP mode Updates #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 65 additions & 57 deletions locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
locals {
name = var.app_type == "tcp-app" ? "${var.env}-${var.name}-tcp" : "${var.env}-${var.name}"
name = "${var.env}-${var.name}"
ecs_service_name = var.ecs_service_name != "" ? var.ecs_service_name : "${var.env}-${var.name}"
ecs_cluster_name = var.ecs_cluster_name != "" ? var.ecs_cluster_name : "${var.env}-${var.namespace}"
ecs_cluster_arn = length(var.ecs_cluster_arn) != "" ? var.ecs_cluster_arn : "arn:aws:ecs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:cluster/${local.ecs_cluster_name}"
ecr_repo_name = var.ecr_repo_name != "" ? var.ecr_repo_name : "${var.namespace}-${var.name}"
name_prefix = "${substr(var.name, 0, 5)}-"
domain_names = var.root_domain_name != "example.com" ? concat(["${var.name}.${var.env}.${var.root_domain_name}"], var.domain_names) : []
domain_names = var.root_domain_name != "example.com" ? concat([
"${var.name}.${var.env}.${var.root_domain_name}"
], var.domain_names) : []

# Datadog Environment Variables: https://docs.datadoghq.com/agent/guide/environment-variables/
# https://docs.datadoghq.com/agent/docker/apm/?tab=linux#docker-apm-agent-environment-variables
Expand All @@ -31,12 +33,12 @@ locals {

fluentbit_container_definition = [
{
essential = true
image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:latest"
name = "log_router"
memoryReservation = 75
essential = true
image = "public.ecr.aws/aws-observability/aws-for-fluent-bit:latest"
name = "log_router"
memoryReservation = 75
firelensConfiguration = {
"type" = "fluentbit"
"type" = "fluentbit"
"options" = {
"enable-ecs-log-metadata" = "true"
}
Expand All @@ -46,43 +48,45 @@ locals {

volumes = concat(var.web_proxy_enabled ? [
{
name = "nginx-templates",
name = "nginx-templates",
mount_point = {
"sourceVolume" = "nginx-templates"
"containerPath" = "/etc/nginx/templates/"
"readOnly" = null
}

docker_volume_configuration = [{
"scope" : "task",
"driver" : "local",
"labels" : {
"scratch" : "space"
docker_volume_configuration = [
{
"scope" : "task",
"driver" : "local",
"labels" : {
"scratch" : "space"
}
}
}]
]
},
{
name = "nginx-app",
name = "nginx-app",
mount_point = {
"sourceVolume" = "nginx-app"
"containerPath" = "/etc/nginx/app/"
"readOnly" = null
}

docker_volume_configuration = [{
"scope" : "task",
"driver" : "local",
"labels" : {
"scratch" : "space"
docker_volume_configuration = [
{
"scope" : "task",
"driver" : "local",
"labels" : {
"scratch" : "space"
}
}
}]
]
},
]
: [],

] : [],
var.efs_enabled ? [
{
name = "efs",
name = "efs",
mount_point = {
"sourceVolume" = "efs"
"containerPath" = var.efs_mount_point,
Expand All @@ -103,45 +107,48 @@ locals {
(var.datadog_enabled && var.ecs_launch_type == "EC2") ? module.datadog.volumes : []
)

http_tcp_listeners = var.app_type == "tcp-app" ? [
alb_http_tcp_listeners = var.app_type == "tcp-app" ? [
for index, port_mapping in var.port_mappings :
{
port = port_mapping.host_port
protocol = "TCP"
target_group_index = index
} if port_mapping.https_listener == false
{
port = port_mapping["host_port"]
protocol = "TCP"
target_group_index = index
} if ! lookup(port_mapping, "tls", false)
] : [
{
port = var.http_port
protocol = "HTTP"
target_group_index = 0
},]
}
]

https_tls_listeners = var.app_type == "tcp-app" ? [
# In case app type is "tcp-app" and port_mapping has "tls" config and is true we use tcp over tls.
alb_https_listeners = var.app_type == "tcp-app" ? [
for index, port_mapping in var.port_mappings :
{
port = port_mapping.host_port
protocol = "TLS"
certificate_arn = var.tls_cert_arn
target_group_index = index
} if port_mapping.https_listener == true
] : [
{
port = 443
protocol = "HTTPS"
certificate_arn = var.tls_cert_arn
target_group_index = 0
},]
{
port = port_mapping["host_port"]
protocol = "TLS"
certificate_arn = var.tls_cert_arn
target_group_index = index
} if lookup(port_mapping, "tls", false)
] : [
{
port = 443
protocol = "HTTPS"
certificate_arn = var.tls_cert_arn
target_group_index = 0
}
]

ecs_service_tcp_port_mappings = [
for index, port_mapping in var.port_mappings :
{
container_name = var.name
container_port = port_mapping.container_port
host_port = port_mapping.host_port
target_group_arn = length(module.alb[*].target_group_arns) >= 1 ? module.alb[0].target_group_arns[index] : ""
}
]
{
container_name = var.name
container_port = port_mapping["container_port"]
host_port = port_mapping["host_port"]
target_group_arn = length(module.alb[*].target_group_arns) >= 1 ? module.alb[0].target_group_arns[index] : ""
}
]

target_groups_web = [
{
Expand All @@ -150,6 +157,8 @@ locals {
backend_port = var.web_proxy_enabled ? var.web_proxy_docker_container_port : var.docker_container_port
target_type = var.ecs_launch_type == "EC2" ? "instance" : "ip"
deregistration_delay = var.alb_deregistration_delay
preserve_client_ip = true
# This is specified for compatibility with the tcp target groups. It's not actually used in a lookup.

health_check = {
enabled = true
Expand All @@ -170,9 +179,10 @@ locals {
{
name_prefix = local.name_prefix
backend_protocol = "TCP"
backend_port = port_mapping.container_port
backend_port = port_mapping["container_port"]
target_type = var.ecs_launch_type == "EC2" ? "instance" : "ip"
deregistration_delay = var.alb_deregistration_delay
preserve_client_ip = true

health_check = {
enabled = true
Expand All @@ -182,11 +192,9 @@ locals {
unhealthy_threshold = var.alb_health_check_unhealthy_threshold
timeout = null
matcher = null
port = port_mapping.host_port
port = port_mapping["host_port"]
protocol = "TCP"
}

}
]

}
10 changes: 6 additions & 4 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,19 @@ module "alb" {
version = "~> 7.0"

name = var.public ? local.name : "${local.name}-private"
load_balancer_type = var.app_type == "web" ? "application" : "network"
load_balancer_type = var.app_type == "web" ? "application" : "network"
internal = var.public ? false : true
vpc_id = var.vpc_id
security_groups = var.alb_security_groups
subnets = var.public ? var.public_subnets : var.private_subnets
idle_timeout = var.alb_idle_timeout

http_tcp_listeners = local.http_tcp_listeners
https_listeners = var.https_enabled ? concat(local.https_tls_listeners) : []

target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp)

http_tcp_listeners = local.alb_http_tcp_listeners
https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : []

target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp)

access_logs = var.alb_access_logs_enabled && var.alb_access_logs_s3bucket_name != "" ? {
bucket = var.alb_access_logs_s3bucket_name
Expand Down
2 changes: 1 addition & 1 deletion variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ variable "docker_host_port" {

variable "port_mappings" {
description = "List of ports to open from a service"
type = list(any)
type = any
default = []
}

Expand Down