Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Module and Example for ECS cluster monitoring with ecs_observer #211

Merged
merged 38 commits into from
Nov 2, 2023
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
727674c
Adding Module and Example for ECS cluster monitoring with ecs_observer
ruchimo Aug 9, 2023
1900fc8
Adding Module and Example for ECS cluster monitoring with ecs_observer
ruchimo Aug 9, 2023
930721a
Merge branch 'main' into main
bonclay7 Aug 9, 2023
c1ac8b8
Incorporating PR comments
ruchimo Aug 10, 2023
52c14f4
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Aug 10, 2023
5968b45
Merge branch 'main' into main
ruchimo Aug 10, 2023
e2e7af7
Restructuring Examples and modules folder for ECS, Added content in m…
ruchimo Aug 10, 2023
3be9980
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Aug 10, 2023
0ef4294
Fixing path as per PR comments
ruchimo Aug 14, 2023
6071dbd
Parameterzing the config files, incorporated PR review comments
ruchimo Aug 14, 2023
63b1db9
Merge branch 'main' into main
bonclay7 Aug 17, 2023
3ca49bd
Adding condition for AMP WS and fixing AMP endpoint
ruchimo Aug 24, 2023
54a2a28
Merge branch 'main' into main
bonclay7 Aug 25, 2023
ac1058d
Adding Document for ECS Monitoring and parameterized some variables
ruchimo Sep 1, 2023
23c073a
Added sample dashboard
ruchimo Sep 1, 2023
c1d8303
Adding Document for ECS Monitoring and parameterized some variables
ruchimo Sep 1, 2023
47be776
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Sep 1, 2023
c272480
Merge branch 'main' into main
ruchimo Sep 1, 2023
b2ae876
Fixing failures detected by pre-commit
ruchimo Sep 4, 2023
298c7d5
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Sep 4, 2023
a94d212
Merge branch 'main' into main
ruchimo Sep 4, 2023
6170820
Fixing failures detected by pre-commit
ruchimo Sep 4, 2023
f591aff
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Sep 4, 2023
2343c10
Merge branch 'main' into main
ruchimo Sep 5, 2023
47364af
Merge branch 'main' into main
bonclay7 Sep 21, 2023
bf318db
Merge branch 'main' into main
bonclay7 Oct 25, 2023
86ebf4e
Fixing failures detected by pre-commit
ruchimo Oct 27, 2023
70f7e44
Pre-commit fixes
bonclay7 Oct 29, 2023
bdcdc0d
Fixing failures detected by pre-commit
ruchimo Oct 30, 2023
289a01d
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Oct 30, 2023
90ffa83
Fixing failures detected by pre-commit
ruchimo Oct 30, 2023
4440d0c
Pre-commit
bonclay7 Oct 30, 2023
0f126e7
Fixing HIGH security alerts detected by pre-commit
ruchimo Oct 30, 2023
d4d7c8e
Merge branch 'main' of github.com:ruchimo/terraform-aws-observability…
ruchimo Oct 30, 2023
a1c1821
Fixing HIGH security alerts detected by pre-commit
ruchimo Oct 31, 2023
59355d6
Fixing HIGH security alerts detected by pre-commit, 31stOct
ruchimo Oct 31, 2023
8919e6c
Add links after merge
bonclay7 Nov 2, 2023
382987b
2ndNov - Added condiotnal creation for Grafana WS and module versions…
ruchimo Nov 2, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,18 @@ module "eks_monitoring" {
}
```

#### Amazon ECS monitoring
ECS cluster with VPC and EC2 can be created using the example [here](./examples/ecs_cluster_with_vpc)

```hcl
module "ecs_monitoring" {
source = "github.com/aws-observability/terraform-aws-observability-accelerator//modules/ecs-monitoring"

aws_ecs_cluster_name = module.ecs_cluster.cluster_name
taskRoleArn = module.ecs_cluster.task_exec_iam_role_arn
executionRoleArn = module.ecs_cluster.task_exec_iam_role_arn
}
```
Grafana Dashboards

<img width="2056" alt="image" src="https://user-images.githubusercontent.com/10175027/199110753-9bc7a9b7-1b45-4598-89d3-32980154080e.png">
Expand Down
94 changes: 94 additions & 0 deletions examples/ecs-cluster-with-vpc/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# ECS Cluster w/ EC2 Autoscaling

Configuration in this directory creates:

- ECS cluster using EC2 autoscaling groups
- Autoscaling groups with IAM instance profile to be used by ECS cluster
- Example ECS service that utilizes
- Mounts a host volume into the container definition
- Load balancer target group attachment
- Security group for access to the example service

## Usage

To run this example you need to execute:

```bash
$ terraform init
$ terraform plan
$ terraform apply
```

Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.55 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.55 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 8.0 |
| <a name="module_alb_sg"></a> [alb\_sg](#module\_alb\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
| <a name="module_autoscaling"></a> [autoscaling](#module\_autoscaling) | terraform-aws-modules/autoscaling/aws | ~> 6.5 |
| <a name="module_autoscaling_sg"></a> [autoscaling\_sg](#module\_autoscaling\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | ./modules/cluster | n/a |
| <a name="module_ecs_service"></a> [ecs\_service](#module\_ecs\_service) | ./modules/service | n/a |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |

## Resources

| Name | Type |
|------|------|
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_ssm_parameter.ecs_optimized_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |

## Inputs

No inputs.

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_cluster_arn"></a> [cluster\_arn](#output\_cluster\_arn) | ARN that identifies the cluster |
| <a name="output_cluster_autoscaling_capacity_providers"></a> [cluster\_autoscaling\_capacity\_providers](#output\_cluster\_autoscaling\_capacity\_providers) | Map of capacity providers created and their attributes |
| <a name="output_cluster_capacity_providers"></a> [cluster\_capacity\_providers](#output\_cluster\_capacity\_providers) | Map of cluster capacity providers attributes |
| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | ID that identifies the cluster |
| <a name="output_cluster_name"></a> [cluster\_name](#output\_cluster\_name) | Name that identifies the cluster |
| <a name="output_service_autoscaling_policies"></a> [service\_autoscaling\_policies](#output\_service\_autoscaling\_policies) | Map of autoscaling policies and their attributes |
| <a name="output_service_autoscaling_scheduled_actions"></a> [service\_autoscaling\_scheduled\_actions](#output\_service\_autoscaling\_scheduled\_actions) | Map of autoscaling scheduled actions and their attributes |
| <a name="output_service_container_definitions"></a> [service\_container\_definitions](#output\_service\_container\_definitions) | Container definitions |
| <a name="output_service_iam_role_arn"></a> [service\_iam\_role\_arn](#output\_service\_iam\_role\_arn) | Service IAM role ARN |
| <a name="output_service_iam_role_name"></a> [service\_iam\_role\_name](#output\_service\_iam\_role\_name) | Service IAM role name |
| <a name="output_service_iam_role_unique_id"></a> [service\_iam\_role\_unique\_id](#output\_service\_iam\_role\_unique\_id) | Stable and unique string identifying the service IAM role |
| <a name="output_service_id"></a> [service\_id](#output\_service\_id) | ARN that identifies the service |
| <a name="output_service_name"></a> [service\_name](#output\_service\_name) | Name of the service |
| <a name="output_service_task_definition_arn"></a> [service\_task\_definition\_arn](#output\_service\_task\_definition\_arn) | Full ARN of the Task Definition (including both `family` and `revision`) |
| <a name="output_service_task_definition_revision"></a> [service\_task\_definition\_revision](#output\_service\_task\_definition\_revision) | Revision of the task in a particular family |
| <a name="output_service_task_exec_iam_role_arn"></a> [service\_task\_exec\_iam\_role\_arn](#output\_service\_task\_exec\_iam\_role\_arn) | Task execution IAM role ARN |
| <a name="output_service_task_exec_iam_role_name"></a> [service\_task\_exec\_iam\_role\_name](#output\_service\_task\_exec\_iam\_role\_name) | Task execution IAM role name |
| <a name="output_service_task_exec_iam_role_unique_id"></a> [service\_task\_exec\_iam\_role\_unique\_id](#output\_service\_task\_exec\_iam\_role\_unique\_id) | Stable and unique string identifying the task execution IAM role |
| <a name="output_service_task_set_arn"></a> [service\_task\_set\_arn](#output\_service\_task\_set\_arn) | The Amazon Resource Name (ARN) that identifies the task set |
| <a name="output_service_task_set_id"></a> [service\_task\_set\_id](#output\_service\_task\_set\_id) | The ID of the task set |
| <a name="output_service_task_set_stability_status"></a> [service\_task\_set\_stability\_status](#output\_service\_task\_set\_stability\_status) | The stability status. This indicates whether the task set has reached a steady state |
| <a name="output_service_task_set_status"></a> [service\_task\_set\_status](#output\_service\_task\_set\_status) | The status of the task set |
| <a name="output_service_tasks_iam_role_arn"></a> [service\_tasks\_iam\_role\_arn](#output\_service\_tasks\_iam\_role\_arn) | Tasks IAM role ARN |
| <a name="output_service_tasks_iam_role_name"></a> [service\_tasks\_iam\_role\_name](#output\_service\_tasks\_iam\_role\_name) | Tasks IAM role name |
| <a name="output_service_tasks_iam_role_unique_id"></a> [service\_tasks\_iam\_role\_unique\_id](#output\_service\_tasks\_iam\_role\_unique\_id) | Stable and unique string identifying the tasks IAM role |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

## License

Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-ecs/blob/master/LICENSE).
190 changes: 190 additions & 0 deletions examples/ecs-cluster-with-vpc/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
provider "aws" {
region = local.region
}

data "aws_availability_zones" "available" {}

locals {
region = "us-east-1"
name = "ex-${basename(path.cwd)}"

vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)

container_name = "ecs-sample"
container_port = 80

tags = {
Name = local.name
Example = local.name
Repository = "https://github.com/terraform-aws-modules/terraform-aws-ecs"
}
}

################################################################################
# Cluster
################################################################################

module "ecs_cluster" {
source = "terraform-aws-modules/ecs/aws"

cluster_name = local.name

# Capacity provider - autoscaling groups
default_capacity_provider_use_fargate = false
create_task_exec_iam_role = true
task_exec_iam_role_name = "ecs_monitor_task_exec_role"
task_exec_iam_role_policies = {"module.ecs_cluster.module.cluster.aws_iam_policy.task_exec[0]" : "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess" }
autoscaling_capacity_providers = {
# On-demand instances
ex-1 = {
auto_scaling_group_arn = module.autoscaling["ex-1"].autoscaling_group_arn
managed_termination_protection = "ENABLED"

managed_scaling = {
maximum_scaling_step_size = 5
minimum_scaling_step_size = 1
status = "ENABLED"
target_capacity = 60
}

default_capacity_provider_strategy = {
weight = 60
base = 20
}
}
}

tags = local.tags
}


module "autoscaling" {
source = "terraform-aws-modules/autoscaling/aws"
version = "~> 6.5"

for_each = {
# On-demand instances
ex-1 = {
instance_type = "t3.large"
use_mixed_instances_policy = false
mixed_instances_policy = {}
user_data = <<-EOT
#!/bin/bash
cat <<'EOF' >> /etc/ecs/ecs.config
ECS_CLUSTER=${local.name}
ECS_LOGLEVEL=debug
ECS_CONTAINER_INSTANCE_TAGS=${jsonencode(local.tags)}
ECS_ENABLE_TASK_IAM_ROLE=true
EOF
EOT
}
}

name = "${local.name}-${each.key}"

image_id = jsondecode(data.aws_ssm_parameter.ecs_optimized_ami.value)["image_id"]
instance_type = each.value.instance_type

security_groups = [module.autoscaling_sg.security_group_id]
user_data = base64encode(each.value.user_data)
ignore_desired_capacity_changes = true

create_iam_instance_profile = true
iam_role_name = local.name
iam_role_description = "ECS role for ${local.name}"
iam_role_policies = {
AmazonEC2ContainerServiceforEC2Role = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}

vpc_zone_identifier = module.vpc.private_subnets
health_check_type = "EC2"
min_size = 1
max_size = 5
desired_capacity = 2

# https://github.com/hashicorp/terraform-provider-aws/issues/12582
autoscaling_group_tags = {
AmazonECSManaged = true
}

# Required for managed_termination_protection = "ENABLED"
protect_from_scale_in = true

# Spot instances
use_mixed_instances_policy = each.value.use_mixed_instances_policy
mixed_instances_policy = each.value.mixed_instances_policy

tags = local.tags
}

module "autoscaling_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 5.0"

name = local.name
description = "Autoscaling group security group"
vpc_id = module.vpc.vpc_id

computed_ingress_with_source_security_group_id = [
{
rule = "http-80-tcp"
source_security_group_id = module.alb_sg.security_group_id
}
]
number_of_computed_ingress_with_source_security_group_id = 1

egress_rules = ["all-all"]

tags = local.tags
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"

name = local.name
cidr = local.vpc_cidr

azs = local.azs
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]

enable_nat_gateway = true
single_nat_gateway = true

tags = local.tags
}

data "aws_ssm_parameter" "ecs_optimized_ami" {
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended"
}

module "alb_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 5.0"

name = "${local.name}-service"
description = "Service security group"
vpc_id = module.vpc.vpc_id

ingress_rules = ["http-80-tcp"]
ingress_cidr_blocks = ["0.0.0.0/0"]

egress_rules = ["all-all"]
egress_cidr_blocks = module.vpc.private_subnets_cidr_blocks

tags = local.tags
}

module "ecs_monitoring" {
source = "../../modules/ecs-monitoring"
aws_ecs_cluster_name = module.ecs_cluster.cluster_name
taskRoleArn = module.ecs_cluster.task_exec_iam_role_arn
executionRoleArn = module.ecs_cluster.task_exec_iam_role_arn

depends_on = [
module.ecs_service
]
}
Loading