Merge pull request #5 from dxw/feature/awsvpc-networking-mode

(Feature) AWS VPC networking mode
dxw · Mar 26, 2019 · ea6b1df · ea6b1df
2 parents c0365ac + 33eccae
commit ea6b1df
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -2,14 +2,37 @@ resource "aws_ecs_task_definition" "main" {
   family                   = "${var.environment}-${var.service_name}"
   container_definitions    = "${var.task_definition}"
   task_role_arn            = "${var.task_role_arn}"
-  network_mode             = "bridge"
+  network_mode             = "${var.task_network_mode}"
   cpu                      = "${var.task_cpu}"
   memory                   = "${var.task_memory}"
   requires_compatibilities = ["EC2"]
   execution_role_arn       = "${var.task_execution_role_arn}"
 }
 
+# Service with bridge networking mode
 resource "aws_ecs_service" "main" {
+  count = "${var.task_network_mode == "bridge" ? 1 : 0 }"
+
+  name            = "${var.environment}-${var.service_name}"
+  iam_role        = "${var.ecs_service_role}"
+  cluster         = "${var.ecs_cluster_id}"
+  task_definition = "${aws_ecs_task_definition.main.arn}"
+
+  health_check_grace_period_seconds = 30
+
+  load_balancer {
+    target_group_arn = "${var.lb_target_group_arn}"
+    container_name   = "${var.container_name}"
+    container_port   = "${var.container_port}"
+  }
+
+  scheduling_strategy = "DAEMON"
+}
+
+# Service with awsvpc networking mode
+resource "aws_ecs_service" "main_awsvpc" {
+  count = "${var.task_network_mode == "awsvpc" ? 1 : 0 }"
+
   name            = "${var.environment}-${var.service_name}"
   iam_role        = "${var.ecs_service_role}"
   cluster         = "${var.ecs_cluster_id}"
@@ -23,5 +46,10 @@ resource "aws_ecs_service" "main" {
     container_port   = "${var.container_port}"
   }
 
+  network_configuration {
+    security_groups = ["${var.awsvpc_service_security_groups}"]
+    subnets         = ["${var.awsvpc_service_subnetids}"]
+  }
+
   scheduling_strategy = "DAEMON"
 }
diff --git a/variables.tf b/variables.tf
@@ -34,6 +34,24 @@ variable "task_definition" {
   type        = "string"
 }
 
+variable "task_network_mode" {
+  description = "The network mode to be used in the task definiton. Supported modes are awsvpc and bridge."
+  type        = "string"
+  default     = "bridge"
+}
+
+variable "awsvpc_service_security_groups" {
+  description = "List of security groups to be attached to service running in awsvpc network mode."
+  type        = "list"
+  default     = []
+}
+
+variable "awsvpc_service_subnetids" {
+  description = "List of subnet ids to which a service is deployed in awsvpc mode."
+  type        = "list"
+  default     = []
+}
+
 variable "ecs_service_role" {
   default = ""
 }