fargate spot capacity provider fix

nagagovindarajan · nagagovindarajan · commit fed583c76eb5 · 2024-02-01T21:24:13.000+08:00
diff --git a/examples/fargate/container.tf b/examples/fargate/container.tf
@@ -3,11 +3,12 @@ module "container_httpd" {
   version         = "0.58.1"
   container_name  = "container-httpd"
   container_image = "httpd:latest"
+  essential                    = "true"
 
   log_configuration = {
     logDriver = "awslogs"
     options = {
-      "awslogs-group" : "/aws/ecs/ecs-${var.name}/contaner-httpd",
+      "awslogs-group" : "/aws/ecs/${var.name}/contaner-httpd",
       "awslogs-region" : "ap-southeast-1",
       "awslogs-stream-prefix" : "aws",
       "awslogs-create-group" : "true"
diff --git a/examples/fargate/data.tf b/examples/fargate/data.tf
@@ -5,7 +5,7 @@ data "aws_caller_identity" "current" {}
 data "aws_vpc" "default" {
   filter {
     name   = "tag:Name"
-    values = ["*Main*"]
+    values = ["*aft-vpc*"]
   }
 }
 
@@ -27,7 +27,7 @@ data "aws_subnets" "private" {
 data "aws_iam_policy_document" "execution_custom_policy" {
   statement {
     actions   = ["logs:CreateLogGroup"]
-    resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/ecs/ecs-${var.name}/*"]
+    resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:*"]
   }
 }
 
@@ -37,9 +37,7 @@ data "aws_iam_policy_document" "task_ecs_exec_policy" {
       "kms:Decrypt",
     ]
 
-    resources = [
-      module.fargate_cluster.ecs_cluster_kms_arn
-    ]
+    resources = ["*"]
   }
   statement {
     actions = [
diff --git a/examples/fargate/locals.tf b/examples/fargate/locals.tf
@@ -18,7 +18,9 @@ locals {
       ])
       service_task_cpu      = 256
       service_task_memory   = 512
-      service_desired_count = 1
+      service_desired_count = 4
+      service_deployment_maximum_percent = 600
+      service_deployment_minimum_healthy_percent = 100
       ecs_load_balancers = [
         {
           target_group_arn = element(module.alb.target_group_arns, 0),
diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
@@ -10,6 +10,12 @@ module "fargate_cluster" {
   service_map                     = local.service_map
   service_subnets                 = data.aws_subnets.private.ids
   service_security_groups         = [aws_security_group.ecs_sg.id]
+
+  capacity_providers                         = ["FARGATE", "FARGATE_SPOT"]
+  default_capacity_provider_strategy         = [
+    { "capacity_provider" : "FARGATE_SPOT", "weight" : 2, "base" : 0 },
+    { "capacity_provider" : "FARGATE", "weight" : 1, "base" : 1 }
+  ]
 }
 
 module "ecs_task_execution_role" {
@@ -20,6 +26,8 @@ module "ecs_task_execution_role" {
   custom_role_policy_arns = [
     "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
   ]
+  policy                  = data.aws_iam_policy_document.execution_custom_policy.json
+  policy_name             = "ecs-task-execution-policy-${var.name}"
 }
 
 module "ecs_task_role" {
diff --git a/modules/service/main.tf b/modules/service/main.tf
@@ -83,7 +83,7 @@ resource "aws_ecs_service" "this" {
     data.aws_ecs_task_definition.this.revision,
   )}"
 
-  launch_type             = var.launch_type
+  launch_type             = length(var.capacity_provider_strategy) > 0 ? null : var.launch_type
   platform_version        = var.launch_type == "FARGATE" ? var.platform_version : null
   desired_count           = var.desired_count
   enable_ecs_managed_tags = var.enable_ecs_managed_tags

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ data "aws_caller_identity" "current" {}`
`5`	`5`	`data "aws_vpc" "default" {`
`6`	`6`	`filter {`
`7`	`7`	`name = "tag:Name"`
`8`		`- values = ["Main"]`
	`8`	`+ values = ["aft-vpc"]`
`9`	`9`	`}`
`10`	`10`	`}`
`11`	`11`
`@@ -27,7 +27,7 @@ data "aws_subnets" "private" {`
`27`	`27`	`data "aws_iam_policy_document" "execution_custom_policy" {`
`28`	`28`	`statement {`
`29`	`29`	`actions = ["logs:CreateLogGroup"]`
`30`		`- resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/ecs/ecs-${var.name}/*"]`
	`30`	`+ resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:*"]`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
`@@ -37,9 +37,7 @@ data "aws_iam_policy_document" "task_ecs_exec_policy" {`
`37`	`37`	`"kms:Decrypt",`
`38`	`38`	`]`
`39`	`39`
`40`		`- resources = [`
`41`		`- module.fargate_cluster.ecs_cluster_kms_arn`
`42`		`- ]`
	`40`	`+ resources = ["*"]`
`43`	`41`	`}`
`44`	`42`	`statement {`
`45`	`43`	`actions = [`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,12 @@ module "fargate_cluster" {`
`10`	`10`	`service_map = local.service_map`
`11`	`11`	`service_subnets = data.aws_subnets.private.ids`
`12`	`12`	`service_security_groups = [aws_security_group.ecs_sg.id]`
	`13`	`+`
	`14`	`+ capacity_providers = ["FARGATE", "FARGATE_SPOT"]`
	`15`	`+ default_capacity_provider_strategy = [`
	`16`	`+ { "capacity_provider" : "FARGATE_SPOT", "weight" : 2, "base" : 0 },`
	`17`	`+ { "capacity_provider" : "FARGATE", "weight" : 1, "base" : 1 }`
	`18`	`+ ]`
`13`	`19`	`}`
`14`	`20`
`15`	`21`	`module "ecs_task_execution_role" {`
`@@ -20,6 +26,8 @@ module "ecs_task_execution_role" {`
`20`	`26`	`custom_role_policy_arns = [`
`21`	`27`	`"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"`
`22`	`28`	`]`
	`29`	`+ policy = data.aws_iam_policy_document.execution_custom_policy.json`
	`30`	`+ policy_name = "ecs-task-execution-policy-${var.name}"`
`23`	`31`	`}`
`24`	`32`
`25`	`33`	`module "ecs_task_role" {`