Skip to content

Commit 05fb427

Browse files
jonassvalinjonassvalin
committed
* Replace remaining "yes|no" string vars with bools
* Replace cluster_instance_amis with singular cluster_instance_ami var * Replace allowed_cidrs with default_ingress_cidrs * Replace egress_cidrs with default_egress_cidrs
1 parent 9b8e40f commit 05fb427

17 files changed

+110
-124
lines changed

CHANGELOG.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,14 @@
33
BACKWARDS INCOMPATIBILITIES / NOTES:
44

55
* This module is now compatible with Terraform 1.1 and higher.
6-
* This module now uses ebs volume encryption by default. This can be disabled
6+
* This module now uses EBS volume encryption by default. This can be disabled
77
using `cluster_instance_enable_ebs_volume_encryption = false`.
88
* In line with Amazon's update of the default root block storage device, the
99
default in this module is now `/dev/xvda`.
1010
* All variables previously using `"yes|no"` have been replaced with
1111
`true|false`.
12+
* The `allowed_cidrs` variable has been renamed to `default_ingress_cidrs`.
13+
* The `egress_cidrs` variable has been renamed to `default_egress_cidrs`.
1214

1315
IMPROVEMENTS:
1416

README.md

Lines changed: 41 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -75,43 +75,53 @@ for more details.
7575

7676
### Inputs
7777

78-
| Name | Description | Default | Required |
79-
|--------------------------------------------|------------------------------------------------------------------------------------------------------------------|:------------------:|:----------------------------------------:|
80-
| region | The region into which to deploy the cluster | - | yes |
81-
| vpc_id | The ID of the VPC into which to deploy the cluster | - | yes |
82-
| subnet_ids | The IDs of the subnets for container instances | - | yes |
83-
| component | The component this cluster will contain | - | yes |
84-
| deployment_identifier | An identifier for this instantiation | - | yes |
85-
| tags | A map of additional tags to add to all resources | - | no |
86-
| cluster_name | The name of the cluster to create | default | yes |
87-
| cluster_instance_ssh_public_key_path | The path to the public key to use for the container instances | - | yes |
88-
| cluster_instance_type | The instance type of the container instances | t2.medium | yes |
89-
| cluster_instance_root_block_device_size | The size in GB of the root block device on cluster instances | 30 | yes |
90-
| cluster_instance_root_block_device_path | Path of the instance root block storage volume | /dev/xvda | yes |
91-
| cluster_instance_root_block_device_type | The type of the root block device on cluster instances ('standard', 'gp2', or 'io1') | standard | yes |
92-
| cluster_instance_user_data_template | The contents of a template for container instance user data | see user-data | no |
93-
| cluster_instance_amis | A map of regions to AMIs for the container instances | ECS optimised AMIs | yes |
94-
| cluster_instance_iam_policy_contents | The contents of the cluster instance IAM policy | see policies | no |
95-
| cluster_service_iam_policy_contents | The contents of the cluster service IAM policy | see policies | no |
96-
| cluster_minimum_size | The minimum size of the ECS cluster | 1 | yes |
97-
| cluster_maximum_size | The maximum size of the ECS cluster | 10 | yes |
98-
| cluster_desired_capacity | The desired capacity of the ECS cluster | 3 | yes |
99-
| associate_public_ip_addresses | Whether or not to associate public IP addresses with ECS container instances ("yes" or "no") | false | no |
100-
| include_default_ingress_rule | Whether or not to include the default ingress rule on the ECS container instances security group ("yes" or "no") | true | no |
101-
| include_default_egress_rule | Whether or not to include the default egress rule on the ECS container instances security group ("yes" or "no") | true | no |
102-
| allowed_cidrs | The CIDRs allowed access to containers | ["10.0.0.0/8"] | if include_default_ingress_rule is "yes" |
103-
| egress_cidrs | The CIDRs accessible from containers | ["0.0.0.0/0"] | if include_default_egress_rule is "yes" |
104-
| security_groups | The list of security group IDs to associate with the cluster in addition to the default security group | [] | no |
105-
| cluster_log_group_retention | The number of days logs will be retained in the CloudWatch log group of the cluster (0 = unlimited) | 0 | no |
106-
| enable_detailed_monitoring | Enable detailed monitoring of EC2 instance(s) | true | no
78+
| Name | Description | Default | Required |
79+
|-----------------------------------------------------|--------------------------------------------------------------------------------------------------------|:-----------------:|:-------------------------------:|
80+
| region | The region into which to deploy the cluster | - | yes |
81+
| vpc_id | The ID of the VPC into which to deploy the cluster | - | yes |
82+
| subnet_ids | The IDs of the subnets for container instances | - | yes |
83+
| component | The component this cluster will contain | - | yes |
84+
| deployment_identifier | An identifier for this instantiation | - | yes |
85+
| tags | A map of additional tags to add to all resources | - | no |
86+
| cluster_name | The name of the cluster to create | default | yes |
87+
| cluster_instance_ssh_public_key_path | The path to the public key to use for the container instances | - | yes |
88+
| cluster_instance_type | The instance type of the container instances | t2.medium | yes |
89+
| cluster_instance_root_block_device_size | The size in GB of the root block device on cluster instances | 30 | yes |
90+
| cluster_instance_root_block_device_path | Path of the instance root block storage volume | /dev/xvda | yes |
91+
| cluster_instance_root_block_device_type | The type of the root block device on cluster instances ('standard', 'gp2', or 'io1') | standard | yes |
92+
| cluster_instance_user_data_template | The contents of a template for container instance user data | see user-data | no |
93+
| cluster_instance_ami | AMI for the container instances. | ECS optimised AMI | yes |
94+
| cluster_instance_iam_policy_contents | The contents of the cluster instance IAM policy | see policies | no |
95+
| cluster_service_iam_policy_contents | The contents of the cluster service IAM policy | see policies | no |
96+
| cluster_minimum_size | The minimum size of the ECS cluster | 1 | yes |
97+
| cluster_maximum_size | The maximum size of the ECS cluster | 10 | yes |
98+
| cluster_desired_capacity | The desired capacity of the ECS cluster | 3 | yes |
99+
| associate_public_ip_addresses | Whether or not to associate public IP addresses with ECS container instances | false | no |
100+
| include_default_ingress_rule | Whether or not to include the default ingress rule on the ECS container instances security group | true | no |
101+
| include_default_egress_rule | Whether or not to include the default egress rule on the ECS container instances security group | true | no |
102+
| default_ingress_cidrs | The CIDRs allowed access to containers | ["10.0.0.0/8"] | if include_default_ingress_rule |
103+
| default_egress_cidrs | The CIDRs accessible from containers | ["0.0.0.0/0"] | if include_default_egress_rule |
104+
| security_groups | The list of security group IDs to associate with the cluster in addition to the default security group | [] | no |
105+
| cluster_log_group_retention | The number of days logs will be retained in the CloudWatch log group of the cluster (0 = unlimited) | 0 | no |
106+
| enable_detailed_monitoring | Enable detailed monitoring of EC2 instance(s) | true | no |
107+
| enable_container_insights | Whether or not to enable container insights on the ECS cluster. | false | no |
108+
| protect_cluster_instances_from_scale_in | Whether or not to protect cluster instances in the autoscaling group from scale in. | false | no |
109+
| include_asg_capacity_provider | Whether or not to add the created ASG as a capacity provider for the ECS cluster. | false | no |
110+
| asg_capacity_provider_manage_termination_protection | Whether or not to allow ECS to manage termination protection for the ASG capacity provider. | true | no |
111+
| asg_capacity_provider_manage_scaling | Whether or not to allow ECS to manage scaling for the ASG capacity provider. | true | no |
112+
| asg_capacity_provider_minimum_scaling_step_size | The minimum scaling step size for ECS managed scaling of the ASG capacity provider. | 1 | no |
113+
| asg_capacity_provider_maximum_scaling_step_size | The maximum scaling step size for ECS managed scaling of the ASG capacity provider. | 1000 | no |
114+
| asg_capacity_provider_target_capacity | The target capacity, as a percentage from 1 to 100, for the ASG capacity provider. | 100 | no |
115+
| cluster_instance_enable_ebs_volume_encryption | Determines whether encryption is enabled on the EBS volume. | true | no |
116+
| cluster_instance_ebs_volume_kms_key_id | KMS key to use for encryption of the EBS volume when enabled. | alias/aws/ebs | no |
107117

108118
Notes:
109119

110120
* By default, the latest available Amazon Linux 2 AMI is used.
111121
* For Amazon Linux 1 AMIs use version <= 0.6.0 of this module for terraform 0.11
112122
or version = 1.0.0 for terraform 0.12.
113-
* When a specific AMI is provided via `cluster_instance_amis` (a map of region
114-
to AMI ID), only the root block device can be customised, using the
123+
* When a specific AMI is provided via `cluster_instance_ami`, only the root
124+
block device can be customised, using the
115125
`cluster_instance_root_block_device_size` and
116126
`cluster_instance_root_block_device_type` variables.
117127
* The user data template will get the cluster name as `cluster_name`. If

asg.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
locals {
22
ami_id = coalesce(
3-
lookup(var.cluster_instance_amis, var.region),
3+
var.cluster_instance_ami,
44
data.aws_ami.amazon_linux_2.image_id)
55
cluster_user_data_template = coalesce(
66
var.cluster_instance_user_data_template,
@@ -24,7 +24,7 @@ resource "aws_launch_template" "cluster" {
2424
name_prefix = "cluster-${var.component}-${var.deployment_identifier}-${var.cluster_name}-"
2525
image_id = local.ami_id
2626
instance_type = var.cluster_instance_type
27-
key_name = var.cluster_instance_ssh_public_key_path == "" ? "" : element(concat(aws_key_pair.cluster.*.key_name, [""]), 0)
27+
key_name = var.cluster_instance_ssh_public_key_path == null ? "" : element(concat(aws_key_pair.cluster.*.key_name, [""]), 0)
2828

2929
iam_instance_profile {
3030
name = aws_iam_instance_profile.cluster.name
@@ -72,7 +72,7 @@ resource "aws_autoscaling_group" "cluster" {
7272
max_size = var.cluster_maximum_size
7373
desired_capacity = var.cluster_desired_capacity
7474

75-
protect_from_scale_in = ((var.include_asg_capacity_provider == "yes" && var.asg_capacity_provider_manage_termination_protection == "yes") || var.protect_cluster_instances_from_scale_in == "yes")
75+
protect_from_scale_in = ((var.include_asg_capacity_provider && var.asg_capacity_provider_manage_termination_protection) || var.protect_cluster_instances_from_scale_in)
7676

7777
tag {
7878
key = "Name"
@@ -87,7 +87,7 @@ resource "aws_autoscaling_group" "cluster" {
8787
}
8888

8989
dynamic "tag" {
90-
for_each = var.include_asg_capacity_provider == "yes" ? merge({
90+
for_each = var.include_asg_capacity_provider ? merge({
9191
AmazonECSManaged : ""
9292
}, local.tags) : local.tags
9393
content {

capacity_provider.tf

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
resource "aws_ecs_capacity_provider" "autoscaling_group" {
2-
count = var.include_asg_capacity_provider == "yes" ? 1 : 0
2+
count = var.include_asg_capacity_provider ? 1 : 0
33

44
name = "cp-${var.component}-${var.deployment_identifier}-${var.cluster_name}"
55

66
auto_scaling_group_provider {
77
auto_scaling_group_arn = aws_autoscaling_group.cluster.arn
88

9-
managed_termination_protection = var.asg_capacity_provider_manage_termination_protection == "yes" ? "ENABLED" : "DISABLED"
9+
managed_termination_protection = var.asg_capacity_provider_manage_termination_protection ? "ENABLED" : "DISABLED"
1010

1111
managed_scaling {
12-
status = var.asg_capacity_provider_manage_scaling == "yes" ? "ENABLED" : "DISABLED"
12+
status = var.asg_capacity_provider_manage_scaling ? "ENABLED" : "DISABLED"
1313
target_capacity = var.asg_capacity_provider_target_capacity
1414
minimum_scaling_step_size = var.asg_capacity_provider_minimum_scaling_step_size
1515
maximum_scaling_step_size = var.asg_capacity_provider_maximum_scaling_step_size
@@ -18,9 +18,9 @@ resource "aws_ecs_capacity_provider" "autoscaling_group" {
1818
}
1919

2020
resource "aws_ecs_cluster_capacity_providers" "cluster_capacity_providers" {
21-
count = var.include_asg_capacity_provider == "yes" ? 1 : 0
21+
count = var.include_asg_capacity_provider ? 1 : 0
2222

2323
cluster_name = aws_ecs_cluster.cluster.name
2424

25-
capacity_providers = var.include_asg_capacity_provider == "yes" ? [aws_ecs_capacity_provider.autoscaling_group[0].name] : []
25+
capacity_providers = var.include_asg_capacity_provider ? [aws_ecs_capacity_provider.autoscaling_group[0].name] : []
2626
}

cluster.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ resource "aws_ecs_cluster" "cluster" {
99

1010
setting {
1111
name = "containerInsights"
12-
value = var.enable_container_insights == "yes" ? "enabled" : "disabled"
12+
value = var.enable_container_insights ? "enabled" : "disabled"
1313
}
1414

1515
depends_on = [

0 commit comments

Comments
 (0)