-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathecs.tf
323 lines (292 loc) · 12.3 KB
/
ecs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
resource "aws_ecs_cluster" "this" {
name = "${var.name}-cluster"
tags = var.tags
}
resource "aws_ecs_service" "webserver" {
name = "${var.name}-webserver"
cluster = aws_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.webserver.arn
launch_type = var.ecs_launch_type
desired_count = 1
scheduling_strategy = "REPLICA"
platform_version = var.ecs_launch_type == "FARGATE" ? "1.4.0" : null
load_balancer {
target_group_arn = element(module.aws_alb.target_group_arns, 0)
container_name = var.lb_target_container_name
container_port = var.lb_target_container_port
}
# TODO(ilya_isakov): add placement constraint to a variable
# placement_constraints {
# type = "memberOf"
# expression = "attribute:ecs.availability-zone in [eu-central-1a, eu-central-1b]"
# }
network_configuration {
subnets = var.private_subnet_ids
security_groups = [aws_security_group.sg_airflow_internal.id]
}
}
resource "aws_ecs_service" "scheduler" {
name = "${var.name}-scheduler"
cluster = aws_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.scheduler.arn
launch_type = var.ecs_launch_type
desired_count = 1
scheduling_strategy = "REPLICA"
platform_version = var.ecs_launch_type == "FARGATE" ? "1.4.0" : null
# TODO(ilya_isakov): add placement constraint to a variable
# placement_constraints {
# type = "memberOf"
# expression = "attribute:ecs.availability-zone in [eu-central-1a, eu-central-1b]"
# }
network_configuration {
subnets = var.private_subnet_ids
security_groups = [aws_security_group.sg_airflow_internal.id]
}
}
resource "aws_ecs_service" "worker" {
name = "${var.name}-worker"
cluster = aws_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.worker.arn
launch_type = var.ecs_launch_type
desired_count = 1
scheduling_strategy = "REPLICA"
platform_version = var.ecs_launch_type == "FARGATE" ? "1.4.0" : null
# TODO(ilya_isakov): add placement constraint to a variable
# placement_constraints {
# type = "memberOf"
# expression = "attribute:ecs.availability-zone in [eu-central-1a, eu-central-1b]"
# }
network_configuration {
subnets = var.private_subnet_ids
security_groups = [aws_security_group.sg_airflow_internal.id]
}
}
resource "aws_ecs_task_definition" "webserver" {
family = "${var.name}-webserver"
container_definitions = data.template_file.webserver.rendered
memory = var.webserver_task_definition_memory
cpu = var.webserver_task_definition_cpu
network_mode = var.webserver_task_definition_network_mode
execution_role_arn = var.ecs_launch_type == "FARGATE" ? aws_iam_role.ecs_fargate_task_execution_role.arn : null
requires_compatibilities = [var.ecs_launch_type]
task_role_arn = aws_iam_role.ecs_task_role.arn
volume {
name = "requirements_on_ec2"
host_path = "/home/ec2-user/airflow/docker/requirements.txt"
}
volume {
name = "requirements"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2997
authorization_config {
access_point_id = module.efs.access_point_ids["requirements"]
iam = "ENABLED"
}
}
}
volume {
name = "dags"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2998
authorization_config {
access_point_id = module.efs.access_point_ids["usr/local/airflow/dags"]
iam = "ENABLED"
}
}
}
volume {
name = "worker_logs"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2999
authorization_config {
access_point_id = module.efs.access_point_ids["var/log/worker"]
iam = "ENABLED"
}
}
}
tags = var.tags
}
resource "aws_ecs_task_definition" "scheduler" {
family = "${var.name}-scheduler"
container_definitions = data.template_file.scheduler.rendered
memory = var.scheduler_task_definition_memory
cpu = var.scheduler_task_definition_cpu
network_mode = var.scheduler_task_definition_network_mode
execution_role_arn = var.ecs_launch_type == "FARGATE" ? aws_iam_role.ecs_fargate_task_execution_role.arn : null
requires_compatibilities = [var.ecs_launch_type]
task_role_arn = aws_iam_role.ecs_task_role.arn
volume {
name = "requirements_on_ec2"
host_path = "/home/ec2-user/airflow/docker/requirements.txt"
}
volume {
name = "requirements"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2997
authorization_config {
access_point_id = module.efs.access_point_ids["requirements"]
iam = "ENABLED"
}
}
}
volume {
name = "dags"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2998
authorization_config {
access_point_id = module.efs.access_point_ids["usr/local/airflow/dags"]
iam = "ENABLED"
}
}
}
volume {
name = "scheduler_logs"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2999
authorization_config {
access_point_id = module.efs.access_point_ids["var/log/scheduler"]
iam = "ENABLED"
}
}
}
tags = var.tags
}
resource "aws_ecs_task_definition" "worker" {
family = "${var.name}-worker" # var.task_definition_family
container_definitions = data.template_file.worker.rendered
memory = var.worker_task_definition_memory
cpu = var.worker_task_definition_cpu
network_mode = var.worker_task_definition_network_mode
execution_role_arn = var.ecs_launch_type == "FARGATE" ? aws_iam_role.ecs_fargate_task_execution_role.arn : null
requires_compatibilities = [var.ecs_launch_type]
task_role_arn = aws_iam_role.ecs_task_role.arn
volume {
name = "requirements_on_ec2"
host_path = "/home/ec2-user/airflow/docker/requirements.txt"
}
volume {
name = "requirements"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2997
authorization_config {
access_point_id = module.efs.access_point_ids["requirements"]
iam = "ENABLED"
}
}
}
volume {
name = "dags"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2998
authorization_config {
access_point_id = module.efs.access_point_ids["usr/local/airflow/dags"]
iam = "ENABLED"
}
}
}
volume {
name = "worker_logs"
efs_volume_configuration {
file_system_id = module.efs.id
transit_encryption = "ENABLED"
transit_encryption_port = 2999
authorization_config {
access_point_id = module.efs.access_point_ids["var/log/worker"]
iam = "ENABLED"
}
}
}
tags = var.tags
}
data "template_file" "webserver" {
template = file("${path.module}/templates/webserver.json")
vars = {
name = var.name
region = var.region
fernet_key = var.airflow_fernet_key
load_example_dags = var.airflow_core_load_example_dags
airflow_docker_elasticache_cache_host = aws_elasticache_cluster.this.cache_nodes[0].address
airflow_webserver_rbac = var.airflow_webserver_rbac
airflow_core_dag_concurrency = var.airflow_core_dag_concurrency
airflow_core_worker_concurrency = var.airflow_core_worker_concurrency
airflow_core_load_default_connections = var.airflow_core_load_default_connections
rds_instance_endpoint = aws_db_instance.this.endpoint
rds_instance_endpoint = aws_db_instance.this.endpoint
rds_username = var.rds_username
rds_username = var.rds_username
rds_password = var.rds_password
rds_password = var.rds_password
rds_db_name = local.rds_name
rds_db_name = local.rds_name
airflow_core_logging_level = var.airflow_core_logging_level
airflow_webserver_dag_orientation = var.airflow_webserver_dag_orientation
airflow_docker_image = var.airflow_image
}
}
data "template_file" "scheduler" {
template = file("${path.module}/templates/scheduler.json")
vars = {
name = var.name
region = var.region
fernet_key = var.airflow_fernet_key
load_example_dags = var.airflow_core_load_example_dags
airflow_docker_elasticache_cache_host = aws_elasticache_cluster.this.cache_nodes[0].address
airflow_core_dag_concurrency = var.airflow_core_dag_concurrency
airflow_core_worker_concurrency = var.airflow_core_worker_concurrency
airflow_core_load_default_connections = var.airflow_core_load_default_connections
rds_instance_endpoint = aws_db_instance.this.endpoint
rds_username = var.rds_username
rds_password = var.rds_password
rds_db_name = local.rds_name
airflow_core_logging_level = var.airflow_core_logging_level
airflow_docker_image = var.airflow_image
airflow_scheduler_dag_dir_list_interval = var.airflow_scheduler_dag_dir_list_interval
airflow_scheduler_statsd_on = var.airflow_scheduler_statsd_on
airflow_scheduler_statsd_host = var.airflow_scheduler_statsd_host
airflow_scheduler_statsd_port = var.airflow_scheduler_statsd_port
airflow_scheduler_statsd_prefix = var.airflow_scheduler_statsd_prefix
airflow_scheduler_statsd_allow_list = var.airflow_scheduler_statsd_allow_list
}
}
data "template_file" "worker" {
template = file("${path.module}/templates/worker.json")
vars = {
name = var.name
region = var.region
fernet_key = var.airflow_fernet_key
load_example_dags = var.airflow_core_load_example_dags
airflow_docker_elasticache_cache_host = aws_elasticache_cluster.this.cache_nodes[0].address
airflow_core_dag_concurrency = var.airflow_core_dag_concurrency
airflow_core_worker_concurrency = var.airflow_core_worker_concurrency
airflow_core_load_default_connections = var.airflow_core_load_default_connections
rds_instance_endpoint = aws_db_instance.this.endpoint
rds_username = var.rds_username
rds_password = var.rds_password
rds_db_name = local.rds_name
airflow_core_logging_level = var.airflow_core_logging_level
airflow_smtp_smtp_host = var.airflow_smtp_smtp_host
airflow_smtp_smtp_starttls = var.airflow_smtp_smtp_starttls
airflow_smtp_smtp_ssl = var.airflow_smtp_smtp_smtp_ssl
airflow_smtp_smtp_port = var.airflow_smtp_smtp_port
airflow_smtp_smtp_user = var.airflow_smtp_smtp_user
airflow_smtp_smtp_password = var.airflow_smtp_smtp_password
airflow_smtp_smtp_mail_from = var.airflow_smtp_smtp_mail_from
airflow_docker_image = var.airflow_image
}
}