Skip to content

Commit

Permalink
feat: support auto create ecs ec2 instance
Browse files Browse the repository at this point in the history
appleboy committed Jul 11, 2018
1 parent 67fcd01 commit 930ab27
Showing 10 changed files with 164 additions and 18 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
# drone-terraform

drone infrastructure
5 changes: 5 additions & 0 deletions cloud-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#cloud-config

bootcmd:
- mkdir -p /etc/ecs
- echo 'ECS_CLUSTER=${ecs_cluster_name}' >> /etc/ecs/ecs.config
6 changes: 2 additions & 4 deletions ecs-drone-agent.tf
Original file line number Diff line number Diff line change
@@ -11,18 +11,16 @@ data "template_file" "drone_agent_task_definition" {
resource "aws_ecs_task_definition" "drone_agent" {
family = "drone-agent"
container_definitions = "${data.template_file.drone_agent_task_definition.rendered}"
task_role_arn = "${aws_iam_role.ecs_task.arn}"
execution_role_arn = "${aws_iam_role.ecs_task.arn}"

volume {
name = "dockersock"
host_path = "/var/run/docker.sock"
}
}

resource "aws_ecs_service" "droneci_agent" {
resource "aws_ecs_service" "drone_agent" {
name = "drone-agent"
cluster = "${aws_ecs_cluster.drone.id}"
desired_count = "3"
desired_count = 2
task_definition = "${aws_ecs_task_definition.drone_agent.arn}"
}
41 changes: 41 additions & 0 deletions ecs-ec2.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
resource "aws_autoscaling_group" "drone_agent" {
name = "drone-agent"
vpc_zone_identifier = ["${aws_subnet.drone_a.id}", "${aws_subnet.drone_c.id}"]
min_size = "1"
max_size = "3"
desired_capacity = "2"
launch_configuration = "${aws_launch_configuration.app.name}"
}

data "template_file" "cloud_config" {
template = "${file("${path.module}/cloud-config.yml")}"

vars {
ecs_cluster_name = "${aws_ecs_cluster.drone.name}"
}
}

data "aws_ami" "stable_coreos" {
# see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html
filter {
name = "image-id"
values = ["ami-f3f8098c"]
}
}

resource "aws_launch_configuration" "app" {
security_groups = [
"${aws_security_group.ec2_sg.id}",
]

key_name = "${var.key_name}"
image_id = "${data.aws_ami.stable_coreos.id}"
instance_type = "${var.instance_type}"
iam_instance_profile = "${aws_iam_instance_profile.drone.name}"
user_data = "${data.template_file.cloud_config.rendered}"
associate_public_ip_address = true

lifecycle {
create_before_destroy = true
}
}
1 change: 1 addition & 0 deletions aws-policy.json → iam-policy/drone-ec2.json
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@
"Sid": "ecsInstanceRole",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
17 changes: 17 additions & 0 deletions iam-policy/drone-ecs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "allowLoggingToCloudWatch",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"${server_log_group_arn}",
"${agent_log_group_arn}"
]
}
]
}
54 changes: 51 additions & 3 deletions iam.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
#
# ec2 instance iam rule
# drone server and agent
#
resource "aws_iam_role" "ecs_service" {
name = "drone_ecs_role"

@@ -44,7 +48,7 @@ EOF
}

data "template_file" "ecs_profile" {
template = "${file("${path.module}/aws-policy.json")}"
template = "${file("${path.module}/iam-policy/drone-ecs.json")}"

vars {
server_log_group_arn = "${aws_cloudwatch_log_group.drone_agent.arn}"
@@ -72,8 +76,52 @@ resource "aws_iam_role" "ecs_task" {
EOF
}

resource "aws_iam_role_policy" "instance" {
name = "TfEcsExampleInstanceRole"
resource "aws_iam_role_policy" "ecs" {
name = "drone-ecs-policy"
role = "${aws_iam_role.ecs_task.name}"
policy = "${data.template_file.ecs_profile.rendered}"
}

#
# ec2 instance iam rule
# drone agent
#
resource "aws_iam_instance_profile" "drone" {
name = "ecs-ec2-instprofile"
role = "${aws_iam_role.drone_agent.name}"
}

resource "aws_iam_role" "drone_agent" {
name = "ecs-ec2-role"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}

data "template_file" "ec2_profile" {
template = "${file("${path.module}/iam-policy/drone-ec2.json")}"

vars {
server_log_group_arn = "${aws_cloudwatch_log_group.drone_agent.arn}"
agent_log_group_arn = "${aws_cloudwatch_log_group.drone_server.arn}"
}
}

resource "aws_iam_role_policy" "ec2" {
name = "drone-ec2-role"
role = "${aws_iam_role.drone_agent.name}"
policy = "${data.template_file.ec2_profile.rendered}"
}
25 changes: 14 additions & 11 deletions rds.tf
Original file line number Diff line number Diff line change
@@ -8,15 +8,18 @@ resource "aws_db_subnet_group" "db" {
}

resource "aws_db_instance" "drone" {
depends_on = ["aws_security_group.db"]
identifier = "${var.identifier}"
allocated_storage = "${var.storage}"
engine = "${var.engine}"
engine_version = "${lookup(var.engine_version, var.engine)}"
instance_class = "${var.instance_class}"
name = "${var.db_name}"
username = "${var.username}"
password = "${var.password}"
vpc_security_group_ids = ["${aws_security_group.db.id}"]
db_subnet_group_name = "${aws_db_subnet_group.db.id}"
depends_on = ["aws_security_group.db"]
identifier = "${var.identifier}"
allocated_storage = "${var.storage}"
engine = "${var.engine}"
engine_version = "${lookup(var.engine_version, var.engine)}"
instance_class = "${var.instance_class}"
name = "${var.db_name}"
username = "${var.username}"
password = "${var.password}"
vpc_security_group_ids = ["${aws_security_group.db.id}"]
db_subnet_group_name = "${aws_db_subnet_group.db.id}"
skip_final_snapshot = true
final_snapshot_identifier = "drone-${md5(timestamp())}"
identifier = "drone-${var.environment}"
}
23 changes: 23 additions & 0 deletions security_group.tf
Original file line number Diff line number Diff line change
@@ -70,3 +70,26 @@ resource "aws_security_group" "db" {
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_security_group" "ec2_sg" {
description = "controls direct access to application instances"
vpc_id = "${aws_vpc.drone.id}"
name = "ecs-instsg"

ingress {
protocol = "tcp"
from_port = 22
to_port = 22

cidr_blocks = [
"0.0.0.0/0",
]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
9 changes: 9 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -48,6 +48,15 @@ variable "instance_class" {
description = "Instance class"
}

variable "instance_type" {
description = "EC2 Instance Type."
default = "t2.micro"
}

variable "key_name" {
description = "Name of the SSH keypair to use in AWS."
}

variable "db_name" {
default = "drone"
description = "db name"

0 comments on commit 930ab27

Please sign in to comment.