-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
68 lines (59 loc) · 1.94 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
data "aws_region" "current" {}
locals {
secret_names = concat(var.secret_names, [
"PASSWORD"
])
environment = merge(var.environment,
{
ECS_FARGATE = var.ecs_launch_type == "FARGATE" ? "true" : "false"
}
)
container_definition = {
name = var.name
image = "${var.docker_image_name}:${var.docker_image_tag}",
memoryReservation = var.docker_memory_reservation,
essential = true,
resourceRequirements = var.resource_requirements
environment = [for k, v in local.environment : { name = k, value = v }]
secrets = module.ssm.secrets
portMappings = [{
containerPort = var.docker_container_port,
// In case of bridge an host use a dynamic port (0)
hostPort = var.ecs_network_mode == "awsvpc" ? var.docker_container_port : 0
}]
// This is used to make sure the app container has started before starting proxy (for nginx config to be copied to a volume and for port reachibility)
dependsOn = [{
containerName = var.app_name,
condition = "START"
}],
// This is used to map nginx config template from a volume (which can be created by the original app container)
mountPoints = var.enabled ? [
{
sourceVolume = "nginx-templates",
containerPath = "/etc/nginx/templates/"
},
{
sourceVolume = "nginx-app",
containerPath = "/app/"
}
] : []
logConfiguration = var.cloudwatch_log_group == "" ? {
logDriver = "json-file"
options = {}
} : {
logDriver = "awslogs",
options = {
awslogs-group = var.cloudwatch_log_group
awslogs-region = data.aws_region.current.name
awslogs-stream-prefix = var.name
}
}
}
}
module "ssm" {
source = "hazelops/ssm-secrets/aws"
version = "~> 1.0"
env = var.env
app_name = var.app_name
names = var.enabled ? local.secret_names : []
}