From 33eccae397786571d83f2541b2263868f837ae85 Mon Sep 17 00:00:00 2001
From: Chris Wright <chris@dxw.com>
Date: Wed, 16 Jan 2019 02:06:17 +0000
Subject: [PATCH] (Feature) AWS VPC networking mode

---
 main.tf      | 30 +++++++++++++++++++++++++++++-
 variables.tf | 18 ++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 6840de9..abfc57c 100644
--- a/main.tf
+++ b/main.tf
@@ -2,14 +2,37 @@ resource "aws_ecs_task_definition" "main" {
   family                   = "${var.environment}-${var.service_name}"
   container_definitions    = "${var.task_definition}"
   task_role_arn            = "${var.task_role_arn}"
-  network_mode             = "bridge"
+  network_mode             = "${var.task_network_mode}"
   cpu                      = "${var.task_cpu}"
   memory                   = "${var.task_memory}"
   requires_compatibilities = ["EC2"]
   execution_role_arn       = "${var.task_execution_role_arn}"
 }
 
+# Service with bridge networking mode
 resource "aws_ecs_service" "main" {
+  count = "${var.task_network_mode == "bridge" ? 1 : 0 }"
+
+  name            = "${var.environment}-${var.service_name}"
+  iam_role        = "${var.ecs_service_role}"
+  cluster         = "${var.ecs_cluster_id}"
+  task_definition = "${aws_ecs_task_definition.main.arn}"
+
+  health_check_grace_period_seconds = 30
+
+  load_balancer {
+    target_group_arn = "${var.lb_target_group_arn}"
+    container_name   = "${var.container_name}"
+    container_port   = "${var.container_port}"
+  }
+
+  scheduling_strategy = "DAEMON"
+}
+
+# Service with awsvpc networking mode
+resource "aws_ecs_service" "main_awsvpc" {
+  count = "${var.task_network_mode == "awsvpc" ? 1 : 0 }"
+
   name            = "${var.environment}-${var.service_name}"
   iam_role        = "${var.ecs_service_role}"
   cluster         = "${var.ecs_cluster_id}"
@@ -23,5 +46,10 @@ resource "aws_ecs_service" "main" {
     container_port   = "${var.container_port}"
   }
 
+  network_configuration {
+    security_groups = ["${var.awsvpc_service_security_groups}"]
+    subnets         = ["${var.awsvpc_service_subnetids}"]
+  }
+
   scheduling_strategy = "DAEMON"
 }
diff --git a/variables.tf b/variables.tf
index 1db230c..1c47401 100644
--- a/variables.tf
+++ b/variables.tf
@@ -34,6 +34,24 @@ variable "task_definition" {
   type        = "string"
 }
 
+variable "task_network_mode" {
+  description = "The network mode to be used in the task definiton. Supported modes are awsvpc and bridge."
+  type        = "string"
+  default     = "bridge"
+}
+
+variable "awsvpc_service_security_groups" {
+  description = "List of security groups to be attached to service running in awsvpc network mode."
+  type        = "list"
+  default     = []
+}
+
+variable "awsvpc_service_subnetids" {
+  description = "List of subnet ids to which a service is deployed in awsvpc mode."
+  type        = "list"
+  default     = []
+}
+
 variable "ecs_service_role" {
   default = ""
 }