Added IAC for setting up ECS using terraform

Signed-off-by: Akash Singh <[email protected]>

.gitignore

@@ -0,0 +1,3 @@
+terraform.tfvars
+.terraform/
+.terraform.lock.hcl

README.md

@@ -1,3 +1,8 @@
 ## HaalSamachar Infrastructure Repository : Contains Terraform scripts, Kubernetes manifests, and GitOps configurations for Haalsamachar App.
 
 ## [HaalSamachar Application Repository](https://github.com/Akash-Singh04/haalsamachar-app) : Consists of Backend Microservices built with GoLang including a GraphQL API built using gqlgen and four REST APIs built using Gin and frontend built with NextJs+TypeScript with PostgreSQL powered database, containerized using Docker using Dockerfiles and CI/CD pipeline configurations.
+
+write about kubernetes folder
+write about terraform folder
+write about gitops folder
+write about ecr ecs folder

kubernetes/deployments/Auth.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: auth-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-auth
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-auth
+    spec:
+      containers:
+        - name: haalsamachar-auth
+          image: akashsingh04/haalsamachar-auth:5e386bb1438e58cb923f10276e419f64fc46ff74latest
+          ports:
+            - containerPort: 8084

kubernetes/deployments/Blogs.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: blogs-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-blogs
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-blogs
+    spec:
+      containers:
+        - name: haalsamachar-blogs
+          image: akashsingh04/haalsamachar-blogs:5e386bb1438e58cb923f10276e419f64fc46ff74
+          ports:
+            - containerPort: 8082

kubernetes/deployments/Comments.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: comments-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-comments
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-comments
+    spec:
+      containers:
+        - name: haalsamachar-comments
+          image: akashsingh04/haalsamachar-graph:5e386bb1438e58cb923f10276e419f64fc46ff74
+          ports:
+            - containerPort: 8083

kubernetes/deployments/Frontend.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-frontend
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-frontend
+    spec:
+      containers:
+        - name: haalsamachar-frontend
+          image: akashsingh04/haalsamachar-frontend:518ae8b975bca98b5fe8c0c834c3a85df7f52928
+          ports:
+            - containerPort: 3000

kubernetes/deployments/Graph.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: graph-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-graph
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-graph
+    spec:
+      containers:
+        - name: haalsamachar-graph
+          image: akashsingh04/haalsamachar-graph:5e386bb1438e58cb923f10276e419f64fc46ff74
+          ports:
+            - containerPort: 4000

kubernetes/deployments/Users.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: users-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haalsamachar-users
+  template:
+    metadata:
+      labels:
+        app: haalsamachar-users
+    spec:
+      containers:
+        - name: haalsamachar-users
+          image: akashsingh04/haalsamachar-users:5e386bb1438e58cb923f10276e419f64fc46ff74
+          ports:
+            - containerPort: 8081

terraform/ecs/ec2.tf

@@ -0,0 +1,86 @@
+#This file holds the configuration for the EC2 instances that will be launched in the ECS cluster.
+
+#EC2 launch template
+resource "aws_launch_template" "ecs_lt" {
+ name_prefix   = "ecs-template"
+ image_id      = "ami-062c116e449466e7f"
+ instance_type = "t3.micro"
+
+ key_name               = "ec2ecsglog" #name of the key to ssh into the instance
+ vpc_security_group_ids = [aws_security_group.security_group.id] #same security group as the vcp has
+ iam_instance_profile {
+   name = "ecsInstanceRole" #predefined name of the IAM role to be attached to the instance
+ }
+
+ block_device_mappings {
+   device_name = "/dev/xvda"
+   ebs {
+     volume_size = 30
+     volume_type = "gp2"
+   }
+ }
+
+ tag_specifications {
+   resource_type = "instance"
+   tags = {
+     Name = "ecs-instance"
+   }
+ }
+
+ user_data = filebase64("${path.module}/ecs.sh") #important to run the script to init the instance
+}
+
+#Setup autoscaling group and associate it with the launch template
+resource "aws_autoscaling_group" "ecs_asg" {
+ vpc_zone_identifier = [aws_subnet.subnet.id, aws_subnet.subnet2.id]  # ye daale h to limit the instances to these subnets only
+ desired_capacity    = 2
+ max_size            = 3
+ min_size            = 1
+
+ launch_template {
+   id      = aws_launch_template.ecs_lt.id
+   version = "$Latest"
+ }
+
+ tag {
+   key                 = "AmazonECSManaged"
+   value               = true
+   propagate_at_launch = true
+ }
+}
+
+#Setup application load balancer
+resource "aws_lb" "ecs_alb" {
+ name               = "ecs-alb"
+ internal           = false
+ load_balancer_type = "application"
+ security_groups    = [aws_security_group.security_group.id]
+ subnets            = [aws_subnet.subnet.id, aws_subnet.subnet2.id]
+
+ tags = {
+   Name = "ecs-alb"
+ }
+}
+
+resource "aws_lb_listener" "ecs_alb_listener" {
+ load_balancer_arn = aws_lb.ecs_alb.arn
+ port              = 80
+ protocol          = "HTTP"
+
+ default_action {
+   type             = "forward"
+   target_group_arn = aws_lb_target_group.ecs_tg.arn
+ }
+}
+
+resource "aws_lb_target_group" "ecs_tg" {
+ name        = "ecs-target-group"
+ port        = 80
+ protocol    = "HTTP"
+ target_type = "ip"
+ vpc_id      = aws_vpc.main.id
+
+ health_check {
+   path = "/"
+ }
+}

terraform/ecs/ecs.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+echo ECS_CLUSTER=my-ecs-cluster >> /etc/ecs/ecs.config

terraform/ecs/main.tf

@@ -0,0 +1,96 @@
+# This file holds the config for the ec2 cluster
+resource "aws_ecs_cluster" "ecs_cluster" {
+ name = "my-ecs-cluster"
+}
+
+
+#Create a capacity provider for the ECS cluster
+resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
+ name = "test1"
+
+ auto_scaling_group_provider {
+   auto_scaling_group_arn = aws_autoscaling_group.ecs_asg.arn
+
+   managed_scaling {
+     maximum_scaling_step_size = 1000
+     minimum_scaling_step_size = 1
+     status                    = "ENABLED"
+     target_capacity           = 3
+   }
+ }
+}
+
+resource "aws_ecs_cluster_capacity_providers" "example" {
+ cluster_name = aws_ecs_cluster.ecs_cluster.name
+
+ capacity_providers = [aws_ecs_capacity_provider.ecs_capacity_provider.name]
+
+ default_capacity_provider_strategy {
+   base              = 1
+   weight            = 100
+   capacity_provider = aws_ecs_capacity_provider.ecs_capacity_provider.name
+ }
+}
+
+#Create a task definition for the ECS service
+resource "aws_ecs_task_definition" "ecs_task_definition" {
+ family             = "my-ecs-task"
+ network_mode       = "awsvpc"
+ execution_role_arn = "arn:aws:iam::532199187081:role/ecsTaskExecutionRole"
+ cpu                = 256
+ runtime_platform {
+   operating_system_family = "LINUX"
+   cpu_architecture        = "X86_64"
+ }
+ container_definitions = jsonencode([
+   {
+     name      = "haalsamachar"
+     image     = var.container_image
+     cpu       = 256
+     memory    = 512
+     essential = true
+     portMappings = [
+       {
+         containerPort = 80
+         hostPort      = 80
+         protocol      = "tcp"
+       }
+     ]
+   }
+ ])
+}
+
+#Create the final ECS service
+resource "aws_ecs_service" "ecs_service" {
+ name            = "my-ecs-service"
+ cluster         = aws_ecs_cluster.ecs_cluster.id
+ task_definition = aws_ecs_task_definition.ecs_task_definition.arn
+ desired_count   = 2
+
+ network_configuration {
+   subnets         = [aws_subnet.subnet.id, aws_subnet.subnet2.id]
+   security_groups = [aws_security_group.security_group.id]
+ }
+
+ force_new_deployment = true
+ placement_constraints {
+   type = "distinctInstance"
+ }
+
+ triggers = {
+   redeployment = timestamp()
+ }
+
+ capacity_provider_strategy {
+   capacity_provider = aws_ecs_capacity_provider.ecs_capacity_provider.name
+   weight            = 100
+ }
+
+ load_balancer {
+   target_group_arn = aws_lb_target_group.ecs_tg.arn
+   container_name   = "haalsamachar"
+   container_port   = 80
+ }
+
+ depends_on = [aws_autoscaling_group.ecs_asg]
+}

terraform/ecs/variables.tf

@@ -0,0 +1,41 @@
+variable "region" {
+  description = "The AWS region to deploy into"
+  type        = string
+  default     = "ap-south-1"
+}
+
+variable "aws_access_key" {
+  description = "AWS access key"
+  type        = string
+  sensitive   = true
+}
+
+variable "aws_secret_key" {
+  description = "AWS secret key"
+  type        = string
+  sensitive   = true
+}
+
+variable "availability_zones" {
+  description = "List of availability zones"
+  type        = list(string)
+  default     = ["ap-south-1a", "ap-south-1b", "ap-south-1c"]
+}
+
+variable "vpc_cidr" {
+  description = "CIDR block for the VPC"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "subnet_cidrs" {
+  description = "List of CIDR blocks for the subnets"
+  type        = list(string)
+  default     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+}
+
+variable "container_image" {
+  description = "The container image to use"
+  type        = string
+  default     = "public.ecr.aws/f9n5f1l7/dgs:latest" # TTo be taken from ECR
+}