From ef8c8fc931263b6c15984174a8f77694b3dea354 Mon Sep 17 00:00:00 2001 From: Andrew Jarombek Date: Sat, 13 Jan 2024 12:47:15 -0500 Subject: [PATCH] ECS Cluster (#9) * ecs cluster * ecs test code * version --- README.md | 53 +++++++++++++++++++++++------------------ ecs/.terraform.lock.hcl | 25 +++++++++++++++++++ ecs/README.md | 25 +++++++++++++++++++ ecs/main.tf | 44 ++++++++++++++++++++++++++++++++++ eks-v2/README.md | 7 +++--- test/suites/README.md | 35 ++++++++++++++------------- test/suites/testECS.py | 38 +++++++++++++++++++++++++++++ 7 files changed, 184 insertions(+), 43 deletions(-) create mode 100644 ecs/.terraform.lock.hcl create mode 100644 ecs/README.md create mode 100644 ecs/main.tf create mode 100644 test/suites/testECS.py diff --git a/README.md b/README.md index 025c094..236f1ab 100755 --- a/README.md +++ b/README.md @@ -96,32 +96,39 @@ repositories are referenced in separate directories and README.md files. ### Directories -| Directory Name | Description | -|----------------------|-----------------------------------------------------------------------------| -| `.github` | GitHub Actions for CI/CD pipelines. | -| `acm` | HTTPS certificates for the `jarombek.io` applications. | -| `api-gateway` | Global API Gateway configuration. | -| `apps` | Infrastructure for individual applications. | -| `backend` | The Terraform backend, consisting of an S3 bucket. | -| `budgets` | Terraform scripts for setting AWS account budgets. | -| `cloud-trail` | Terraform scripts for AWS account auditing with CloudTrail. | -| `config` | Terraform scripts for AWS Config. | -| `dockerfiles` | Reusable dockerfiles used throughout my infrastructure. | -| `eks-v2` | Terraform and Kubernetes configuration for an EKS v2 cluster. | -| `file-vault` | Terraform scripts for an S3 bucket that serves as a vault for secure files. | -| `lambda` | Terraform scripts for AWS Lambda functions. | -| `lambda-layers` | AWS Lambda Layer source code and Terraform scripts. | -| `parameter-store` | Terraform scripts for System Manager Parameter Store secrets. | -| `root` | Root Terraform scripts for creating the accounts VPCs. | -| `route53` | Terraform scripts for creating DNS records for the account. | -| `s3` | Terraform scripts for global S3 assets. | -| `secrets-manager` | Terraform scripts for global secrets stored in Secrets Manager. | -| `sns` | Terraform scripts for AWS SNS notifications. | -| `test` | Python AWS infrastructure test suite. | -| `test-k8s` | Go Kubernetes infrastructure test suite. | +| Directory Name | Description | +|-------------------|-----------------------------------------------------------------------------| +| `.github` | GitHub Actions for CI/CD pipelines. | +| `acm` | HTTPS certificates for the `jarombek.io` applications. | +| `api-gateway` | Global API Gateway configuration. | +| `apps` | Infrastructure for individual applications. | +| `backend` | The Terraform backend, consisting of an S3 bucket. | +| `budgets` | Terraform scripts for setting AWS account budgets. | +| `cloud-trail` | Terraform scripts for AWS account auditing with CloudTrail. | +| `config` | Terraform scripts for AWS Config. | +| `dockerfiles` | Reusable dockerfiles used throughout my infrastructure. | +| `ecs` | Terraform configuration for an ECS cluster. | +| `eks-v2` | Terraform and Kubernetes configuration for an EKS v2 cluster. | +| `file-vault` | Terraform scripts for an S3 bucket that serves as a vault for secure files. | +| `lambda` | Terraform scripts for AWS Lambda functions. | +| `lambda-layers` | AWS Lambda Layer source code and Terraform scripts. | +| `parameter-store` | Terraform scripts for System Manager Parameter Store secrets. | +| `root` | Root Terraform scripts for creating the accounts VPCs. | +| `route53` | Terraform scripts for creating DNS records for the account. | +| `s3` | Terraform scripts for global S3 assets. | +| `secrets-manager` | Terraform scripts for global secrets stored in Secrets Manager. | +| `sns` | Terraform scripts for AWS SNS notifications. | +| `test` | Python AWS infrastructure test suite. | +| `test-k8s` | Go Kubernetes infrastructure test suite. | ### Versions +**[v2.1.4](https://github.com/AJarombek/global-aws-infrastructure/tree/v2.1.4) - ECS Cluster** + +> Release Date: January 13th, 2024 + ++ Added an ECS Cluster and corresponding tests. + **[v2.1.3](https://github.com/AJarombek/global-aws-infrastructure/tree/v2.1.3) - Remove Jenkins Infrastructure** > Release Date: December 23rd, 2023 diff --git a/ecs/.terraform.lock.hcl b/ecs/.terraform.lock.hcl new file mode 100644 index 0000000..25e6b36 --- /dev/null +++ b/ecs/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.32.1" + constraints = "~> 5.32.1" + hashes = [ + "h1:QABqkHM6/fMi9RGbAzTx0/gy+6tDl2RYsVn5YGtKa90=", + "zh:0c603e0ea9ec481f1588ca44d3464fe43ed936a8452e0c70d347c8e71a1b19a4", + "zh:0d43c845330ea4aaa152caf35819069215fcf17e4468b9d94c631f7d4178b1ac", + "zh:1211275208e8142bfa27987fdeb3eae40075ff569bf198330975f470bc4f5137", + "zh:1d8e7e4a2ff45a8b56037d030e2978fc04007941f62f1e265e251801a1d0c3cc", + "zh:4f6a8a6c9413b8b9267673cb7fb9dee7dc81946f7cc17d23e2104304f4ec4472", + "zh:6d769c74f8157260a37a32a1036b77f9795e21df2df7cadf4c7acc85b2dfd96e", + "zh:778fd9bf80424a62ebf5f059dcabfc4a588b0791ba18c1cf727bbdc1aed40351", + "zh:7bf1b063065bbe39b71e2a5895915fcbcc0cf7f553f84388e81888506d292fce", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b57506c3f46e850543fc1ee9522f231311e8540730db76bbf7a3f4d81777a4bd", + "zh:d37c8655b2a31435a116a1af7031f2bcdecf4c7e7e74903b88203798fb39043e", + "zh:db369802896eb10bbfed00bf3bd568b35fb5d903d3624d555b6574c5c4e2d94e", + "zh:e9992bfccf8205c495aebb7da917404496f96b5d3ea4a915a8884994ca8d860c", + "zh:ed1e0ef83cde313f1ccb3e18fc9dc63bf6ca473ec07554df5e24c706708a6866", + "zh:f0d19ed41352da9be308dff72899ecf5af7a42b592cf37fb98e9064e7622d35e", + ] +} diff --git a/ecs/README.md b/ecs/README.md new file mode 100644 index 0000000..4051d12 --- /dev/null +++ b/ecs/README.md @@ -0,0 +1,25 @@ +### Overview + +Terraform infrastructure for building an ECS cluster. + +### Commands + +**Build the Infrastructure** + +```bash +# Create the infrastructure. +terraform init +terraform validate +terraform plan -detailed-exitcode -out=terraform-prod.tfplan +terraform apply -auto-approve terraform-prod.tfplan + +# Destroy the infrastructure. +terraform plan -destroy +terraform destroy -auto-approve +``` + +### Files + +| Filename | Description | +|------------|----------------------------------------------| +| `main.tf` | Terraform configuration for the ECS cluster. | diff --git a/ecs/main.tf b/ecs/main.tf new file mode 100644 index 0000000..f5f76f8 --- /dev/null +++ b/ecs/main.tf @@ -0,0 +1,44 @@ +/** + * Infrastructure for creating an ECS cluster for my small applications. + * Author: Andrew Jarombek + * Date: 1/13/2024 + */ + +provider "aws" { + region = "us-east-1" +} + +terraform { + required_version = "~> 1.6.6" + + required_providers { + aws = "~> 5.32.1" + } + + backend "s3" { + bucket = "andrew-jarombek-terraform-state" + encrypt = true + key = "global-aws-infrastructure/ecs" + region = "us-east-1" + } +} + +locals { + terraform_tag = "global-aws-infrastructure/ecs" +} + +resource "aws_ecs_cluster" "andrew-jarombek" { + name = "andrew-jarombek-cluster" + + setting { + name = "containerInsights" + value = "enabled" + } + + tags = { + Name = "andrew-jarombek-cluster" + Application = "all" + Environment = "all" + Terraform = local.terraform_tag + } +} diff --git a/eks-v2/README.md b/eks-v2/README.md index 3ed0670..a0d0a5a 100644 --- a/eks-v2/README.md +++ b/eks-v2/README.md @@ -37,9 +37,10 @@ kubectl logs -f my-pod-name -n my-namespace ### Files -| Filename | Description | -|------------|------------------------------------------------| -| `main.tf` | Terraform configuration for the EKS cluster. | +| Filename | Description | +|----------------------------|----------------------------------------------| +| `main.tf` | Terraform configuration for the EKS cluster. | +| `external-dns-policy.json` | AWS IAM Policy for External DNS. | ### Resources diff --git a/test/suites/README.md b/test/suites/README.md index f06de16..6138c66 100644 --- a/test/suites/README.md +++ b/test/suites/README.md @@ -5,20 +5,21 @@ repository. ### Files -| Filename | Description | -|----------------------------|--------------------------------------------------------------------------------------| -| `testApplicationVPC.py` | Test suite for the Application VPC. | -| `testBackend.py` | Test suite for the Terraform S3 Backend. | -| `testBudgets.py` | Test suite for AWS cost management budgets. | -| `testCloudTrail.py` | Test suite for AWS CloudTrail configuration. | -| `testConfig.py` | Test suite for AWS Config infrastructure. | -| `testEKS.py` | Test suite for the EKS cluster. | -| `testFileVault.py` | Test suite for a file vault S3 bucket. | -| `testJarombekComApp.py` | Test suite for the Amazon HTTPS certificates. | -| `testLambda.py` | Test suite for AWS Lambda functions. | -| `testLambdaLayers.py` | Test suite for reusable AWS Lambda layers. | -| `testRoot.py` | Test suite for the Root infrastructure for my AWS cloud. | -| `testRoute53.py` | Test suite for Route53 records used globally. | -| `testS3.py` | Test suite for a global S3 bucket. | -| `testSecretsManager.py` | Test suite for credentials stored in Secrets Manager. | -| `testSNS.py` | Test suite for SNS topics and subscriptions. | \ No newline at end of file +| Filename | Description | +|-------------------------|----------------------------------------------------------| +| `testApplicationVPC.py` | Test suite for the Application VPC. | +| `testBackend.py` | Test suite for the Terraform S3 Backend. | +| `testBudgets.py` | Test suite for AWS cost management budgets. | +| `testCloudTrail.py` | Test suite for AWS CloudTrail configuration. | +| `testConfig.py` | Test suite for AWS Config infrastructure. | +| `testECS.py` | Test suite for the ECS cluster. | +| `testEKS.py` | Test suite for the EKS cluster. | +| `testFileVault.py` | Test suite for a file vault S3 bucket. | +| `testJarombekComApp.py` | Test suite for the Amazon HTTPS certificates. | +| `testLambda.py` | Test suite for AWS Lambda functions. | +| `testLambdaLayers.py` | Test suite for reusable AWS Lambda layers. | +| `testRoot.py` | Test suite for the Root infrastructure for my AWS cloud. | +| `testRoute53.py` | Test suite for Route53 records used globally. | +| `testS3.py` | Test suite for a global S3 bucket. | +| `testSecretsManager.py` | Test suite for credentials stored in Secrets Manager. | +| `testSNS.py` | Test suite for SNS topics and subscriptions. | \ No newline at end of file diff --git a/test/suites/testECS.py b/test/suites/testECS.py new file mode 100644 index 0000000..2a8b93f --- /dev/null +++ b/test/suites/testECS.py @@ -0,0 +1,38 @@ +""" +Unit tests for the ECS cluster. +Author: Andrew Jarombek +Date: 1/13/2024 +""" + +import unittest + +import boto3 +from boto3_type_annotations.ecs import Client as ECSClient +from boto3_type_annotations.sts import Client as STSClient + + +class TestECS(unittest.TestCase): + def setUp(self) -> None: + """ + Perform set-up logic before executing any unit tests + """ + self.ecs: ECSClient = boto3.client("ecs") + self.sts: STSClient = boto3.client("sts") + + def test_eks_cluster_exists(self) -> None: + """ + Determine if the EKS cluster exists as expected. + """ + cluster_name = "andrew-jarombek-ecs-cluster" + account_id = self.sts.get_caller_identity().get("Account") + clusters = self.ecs.describe_clusters(clusters=[cluster_name]) + + self.assertEqual(1, len(clusters.get("clusters"))) + + cluster = clusters.get("clusters")[0] + + self.assertEqual( + f"arn:aws:ecs:us-east-1:{account_id}:cluster/{cluster_name}", + cluster.get("clusterArn"), + ) + self.assertEqual(cluster_name, cluster.get("clusterName"))