- Added ecs, ecr, vpc, elb code

- Minor refactoring for naming convention and code formatting

infrastructure/cloud/environments/sandbox/providers.tf

@@ -15,14 +15,12 @@ terraform {
   backend "s3" {
     bucket         = "terraform-remote-state-sandbox-12345"
     key            = "terraform.tfstate"
-    region         = "ca-central-1"
+    region         = var.region
     dynamodb_table = "terraform-remote-state-lock-12345"
   }
 
 }
 
-
-
 provider "aws" {
-  region = "ca-central-1"
-}
+  region = var.region
+}

infrastructure/cloud/environments/sandbox/variables.tf

@@ -1,6 +1,28 @@
-
-
 variable "test_s3_bucket_name" {
   type        = string
   description = "The name of the S3 bucket to create for testing"
 }
+
+variable "region" {
+  description = "The AWS region"
+  type        = string
+  default     = "ca-central-1"
+}
+
+variable "kms_key_name" {
+  description = "Name of KMS key"
+  type        = string
+  default     = "jasper-kms-key"
+}
+
+variable "app_name" {
+  description = "The name of the application"
+  type        = string
+  default     = "jasper-aws"
+}
+
+variable "environment" {
+  description = "The AWS environment to deploy to"
+  type        = string
+  default     = "snd"
+}

infrastructure/cloud/environments/sandbox/webapp.tf

@@ -1,28 +1,24 @@
 
 
-locals {
-  environment      = "snd"
-  application_name = "jasper-aws"
-}
-
 module "security" {
-  source           = "../../modules/security"
-  environment      = local.environment
-  application_name = local.application_name
-  kms_key_name     = "jasper-kms-key"
+  source       = "../../modules/security"
+  environment  = var.environment
+  app_name     = var.app_name
+  kms_key_name = var.kms_key_name
 
 }
 
 module "storage" {
   source              = "../../modules/storage"
-  environment         = local.environment
-  application_name    = local.application_name
+  environment         = var.environment
+  app_name            = var.app_name
   kms_key_name        = module.security.kms_key_alias
   test_s3_bucket_name = var.test_s3_bucket_name
   depends_on          = [module.security]
 }
 
 module "container" {
   source      = "../../modules/container"
-  environment = local.environment
+  environment = var.environment
+  app_name    = var.app_name
 }

infrastructure/cloud/modules/container/ecr.tf

@@ -1,13 +1,12 @@
-resource "aws_ecr_repository" "aws_ecr_repository" {
-  name                 = "${var.ecr_repository_name}-${var.environment}"
+resource "aws_ecr_repository" "ecr_repository" {
+  name                 = "${var.app_name}-repo-${var.environment}"
   image_tag_mutability = "MUTABLE"
 
   image_scanning_configuration {
     scan_on_push = true
   }
 
   tags = {
-    env  = var.environment
-    name = "${var.ecr_repository_name}-${var.environment}"
+    name = "${var.app_name}-repo-${var.environment}"
   }
 }

infrastructure/cloud/modules/container/ecs.tf

@@ -0,0 +1,54 @@
+resource "aws_ecs_cluster" "ecs_cluster" {
+  name = "${var.app_name}-cluster-${var.environment}"
+
+  tags = {
+    name = "${var.app_name}-cluster-${var.environment}"
+  }
+}
+
+resource "aws_ecs_task_definition" "ecs_task_definition" {
+  family                   = "${var.app_name}-task-${var.environment}"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 256
+  memory                   = 512
+
+  container_definitions = jsonencode([
+    {
+      name      = "${var.app_name}-container-${var.environment}"
+      image     = "${aws_ecr_repository.ecr_repository.repository_url}:latest"
+      essential = true
+      portMappings = [
+        {
+          containerPort = 80
+          hostPort      = 80
+        }
+      ]
+    }
+  ])
+
+  execution_role_arn = module.security.ecs_task_execution_iam_role_arn
+  task_role_arn      = module.security.ecs_task_execution_iam_role_arn
+}
+
+resource "aws_ecs_service" "ecs_service" {
+  name            = "${var.app_name}-service-${var.environment}"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.ecs_task_definition.arn
+  launch_type     = "FARGATE"
+  desired_count   = 1
+
+  network_configuration {
+    subnets          = module.networking.subnet_private_id
+    security_groups  = [module.networking.ecs_sg_id]
+    assign_public_ip = false
+  }
+
+  load_balancer {
+    target_group_arn = module.networking.lb_tg_arn
+    container_name   = "${var.app_name}-container-${var.environment}"
+    container_port   = 80
+  }
+
+  depends_on = [module.networking.lb_listener]
+}

infrastructure/cloud/modules/container/variables.tf

@@ -3,8 +3,7 @@ variable "environment" {
   description = "The environment to deploy the application to"
 }
 
-variable "ecr_repository_name" {
+variable "app_name" {
+  description = "The name of the application"
   type        = string
-  description = "Name of AWS ECR Repository"
-  default     = "aws_ecr_repository"
 }

infrastructure/cloud/modules/networking/elb.tf

@@ -0,0 +1,26 @@
+resource "aws_lb" "lb" {
+  name               = "${var.app_name}-lb-${var.environment}"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.ecs_security_group]
+  subnets            = aws_subnet.private[*].id
+}
+
+
+resource "aws_lb_target_group" "lb_target_group" {
+  name     = "${var.app_name}-tg-${var.environment}"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.vpc.id
+}
+
+resource "aws_lb_listener" "lb_listener" {
+  load_balancer_arn = aws_lb.lb
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+  }
+}

infrastructure/cloud/modules/networking/outputs.tf

@@ -0,0 +1,19 @@
+output "subnet_private_id" {
+  description = "Private Subnet ID"
+  value       = aws_subnet.private[*].id
+}
+
+output "ecs_sg_id" {
+  description = "ECS Security Group ID"
+  value       = aws_security_group.ecs_security_group.id
+}
+
+output "lb_tg_arn" {
+  description = "Load Balancer Target Group ARN"
+  value       = aws_lb_target_group.lb_target_group.arn
+}
+
+output "lb_listener" {
+  description = "Load Balancer Listener"
+  value       = aws_lb_listener.lb_listener
+}

infrastructure/cloud/modules/networking/variables.tf

@@ -0,0 +1,18 @@
+variable "app_name" {
+  type = string
+}
+
+variable "environment" {
+  type = string
+}
+
+variable "vpc_cidr" {
+  description = "The CIDR block for the VPC"
+  default     = "10.0.0.0/16"
+}
+
+variable "private_subnets" {
+  description = "The CIDR blocks for the private subnets"
+  type        = list(string)
+  default     = ["10.0.1.0/24", "10.0.2.0/24"]
+}

infrastructure/cloud/modules/networking/vpc.tf

@@ -0,0 +1,29 @@
+resource "aws_vpc" "vpc" {
+  cidr_block = var.vpc_cidr
+}
+
+resource "aws_subnet" "private" {
+  count                   = length(var.private_subnets)
+  vpc_id                  = aws_vpc.vpc.id
+  cidr_block              = element(var.private_subnets, count.index)
+  map_public_ip_on_launch = false
+}
+
+resource "aws_security_group" "ecs_security_group" {
+  name   = "${var.app_name}-sg-${var.environment}"
+  vpc_id = aws_vpc.vpc.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

infrastructure/cloud/modules/security/iam.tf

@@ -0,0 +1,21 @@
+resource "aws_iam_role" "ecs_task_execution_role" {
+  name = "${var.app_name}-ecs-task-execution-role-${var.environment}"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "ecs-tasks.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}

infrastructure/cloud/modules/security/kms.tf

@@ -5,12 +5,12 @@ resource "aws_kms_key" "kms_key" {
   description             = "KMS key for encryption"
   deletion_window_in_days = 10
   enable_key_rotation     = true
-    is_enabled              = true
+  is_enabled              = true
   #   policy                  = data.aws_iam_policy_document.kms_policy.json
   tags = {
-    Application="${var.application_name}-${var.environment}"
-    Name="${var.kms_key_name}-${var.environment}"
-    Environment="${var.environment}"
+    Application = "${var.app_name}-${var.environment}"
+    Name        = "${var.kms_key_name}-${var.environment}"
+    Environment = "${var.environment}"
   }
 }
 

infrastructure/cloud/modules/security/outputs.tf

@@ -1,4 +1,8 @@
 
-output kms_key_alias {
+output "kms_key_alias" {
   value = aws_kms_alias.kms_alias.name
-}
+}
+
+output "ecs_task_execution_iam_role_arn" {
+  value = aws_iam_role.ecs_task_execution_role.arn
+}

infrastructure/cloud/modules/security/variables.tf

@@ -1,19 +1,17 @@
-
-
-variable application_name {
-  type = string
+variable "app_name" {
+  type        = string
   description = "The name of the application"
-  default = "bcgov-jasper-aws-bootstrap"
+  default     = "bcgov-jasper-aws-bootstrap"
 }
 
-variable environment {
-  type = string
+variable "environment" {
+  type        = string
   description = "The environment to deploy the application to"
-  default = "dev"
+  default     = "dev"
 }
 
-variable kms_key_name {
-  type = string
+variable "kms_key_name" {
+  type        = string
   description = "The name of the KMS key to create"
-  default = "jasper-kms-key"
-}
+  default     = "jasper-kms-key"
+}

infrastructure/cloud/modules/storage/s3buckets.tf

@@ -10,9 +10,9 @@ resource "aws_s3_bucket" "test_s3_bucket" {
   bucket = "${var.test_s3_bucket_name}-${var.environment}"
 
   tags = {
-    Application="${var.application_name}-${var.environment}"
-    Name="${var.test_s3_bucket_name}-${var.environment}"
-    Environment="${var.environment}"
+    Application = "${var.app_name}-${var.environment}"
+    Name        = "${var.test_s3_bucket_name}-${var.environment}"
+    Environment = "${var.environment}"
   }
 }
 

infrastructure/cloud/modules/storage/variables.tf

@@ -1,23 +1,23 @@
 
-variable test_s3_bucket_name {
-  type = string
+variable "test_s3_bucket_name" {
+  type        = string
   description = "The name of the S3 bucket to create for testing"
 }
 
-variable application_name {
-  type = string
+variable "app_name" {
+  type        = string
   description = "The name of the application"
-  default = "bcgov-jasper-aws-bootstrap"
+  default     = "bcgov-jasper-aws-bootstrap"
 }
 
-variable environment {
-  type = string
+variable "environment" {
+  type        = string
   description = "The environment to deploy the application to"
-  default = "dev"
+  default     = "dev"
 }
 
-variable kms_key_name {
-  type = string
+variable "kms_key_name" {
+  type        = string
   description = "The name of the KMS key"
-  default = "jasper-kms-key"
-}
+  default     = "jasper-kms-key"
+}