feat(examples): grafana complete example

examples/complete/.header.md

@@ -0,0 +1,164 @@
+# Grafana Complete
+
+Configuration in this directory creates:
+
+- ECS Service in a pre-configured ECS Cluster to deploy Grafana tasks
+- ECS Task Definition to run Grafana container
+- Application Load Balancer to provide endpoint for accessing the Grafana dashboard, and
+- ACM certificate for a domain name to use with the Grafana ALB endpoint
+
+## Example `tfvars` Configuration
+
+```tf
+vpc_id       = "vpc-06c3718eeee7ce034"
+cluster_name = "default-cluster"
+
+# ECS Service
+service_name          = "grafana"
+service_subnet_ids             = ["subnet-08a47aaf2e2328e38", "subnet-04017c6ce4c1adaa4"]
+service_desired_count = 3
+service_tags          = {}
+
+# ECS Task Definition
+task_definition_family                = "grafana"
+task_definition_grafana_image_version = "11.1.2"
+task_definition_tags                  = {}
+
+# ALB
+alb_name              = "grafana-alb"
+alb_subnet_ids                 = ["subnet-00e0e78571726e5c1", "subnet-00ec7b7882cfb78b1"]
+alb_tags              = {}
+alb_target_group_name = "grafana-services"
+alb_target_group_tags = {}
+alb_listener_tags     = {}
+
+# S3 Bucket
+s3_bucket_name = "grafana-services-alb-logs"
+s3_bucket_tags = {}
+
+# ACM
+acm_grafana_domain_name        = "grafana.gaussb.io"
+acm_record_zone_id             = "Z0105802SJKE46BQ70GU"
+acm_certificate_tags = {}
+
+# Grafana Task IAM Role
+grafana_task_role_name        = "grafana-task-iam-role"
+grafana_task_role_description = "Managed By Terraform"
+grafana_task_role_policies = {
+  rds = {
+    name        = "grafana-task-iam-role-rds"
+    description = "Allow access to RDS"
+    policy = {
+      Statement = [
+        {
+          Sid      = "AllowRDSFullAccess"
+          Effect   = "Allow"
+          Resource = "*"
+          Action   = ["rds:*"]
+        }
+      ]
+    }
+  }
+  athena = {
+    name        = "grafana-task-iam-role-athena"
+    description = "Allow access to Athena"
+    policy = {
+      Statement = [
+        {
+          Sid      = "AllowAthenaFullAccess"
+          Effect   = "Allow"
+          Resource = "*"
+          Action   = ["athena:*"]
+        },
+        {
+          Sid    = "AllowGlueFullAccess"
+          Effect = "Allow"
+          Action = [
+            "glue:CreateDatabase",
+            "glue:DeleteDatabase",
+            "glue:GetDatabase",
+            "glue:GetDatabases",
+            "glue:UpdateDatabase",
+            "glue:CreateTable",
+            "glue:DeleteTable",
+            "glue:BatchDeleteTable",
+            "glue:UpdateTable",
+            "glue:GetTable",
+            "glue:GetTables",
+            "glue:BatchCreatePartition",
+            "glue:CreatePartition",
+            "glue:DeletePartition",
+            "glue:BatchDeletePartition",
+            "glue:UpdatePartition",
+            "glue:GetPartition",
+            "glue:GetPartitions",
+            "glue:BatchGetPartition",
+            "glue:StartColumnStatisticsTaskRun",
+            "glue:GetColumnStatisticsTaskRun",
+            "glue:GetColumnStatisticsTaskRuns",
+            "glue:GetCatalogImportStatus"
+          ]
+          Resource = "*"
+        }
+      ]
+    }
+  }
+}
+grafana_task_role_tags = {}
+
+# Grafana Task Execution IAM Role
+grafana_execution_role_name        = "grafana-task-execution-iam-role"
+grafana_execution_role_description = "Managed By Terraform"
+grafana_execution_role_policies = {
+  secrets-manager = {
+    name        = "grafana-execution-role-secrets-manager"
+    description = "Allow access to Secrets Manager"
+    policy = {
+      Statement = [
+        {
+          Sid      = "AllowSecretsManagerFullAccess"
+          Effect   = "Allow"
+          Resource = "*"
+          Action   = ["secretsmanager:*"]
+        }
+      ]
+    }
+  }
+}
+grafana_execution_role_tags = {}
+
+# RDS
+rds_identifier                     = "grafana-backend"
+rds_instance_class                 = "db.t3.micro"
+rds_allocated_storage              = 10
+rds_postgres_engine_version        = "16.3"
+rds_username                       = "grafana_admin"
+rds_tags                           = {}
+rds_db_subnet_group_name           = "grafana-rds-subnet-group"
+rds_db_subnet_group_description    = "Managed By Terraform"
+rds_db_subnet_group_subnet_ids = ["subnet-08a47aaf2e2328e38", "subnet-04017c6ce4c1adaa4"]
+rds_db_subnet_group_tags           = {}
+rds_db_parameter_group_name        = "grafana-rds-parameter-group"
+rds_db_parameter_group_description = "Managed By Terraform"
+rds_db_parameter_group_family      = "postgres16"
+rds_db_parameter_group_parameters = [
+  {
+    name         = "rds.force_ssl"
+    value        = "0"
+    apply_method = "immediate"
+  }
+]
+rds_db_parameter_group_tags = {}
+```
+
+## Usage
+
+To run this example, you will need to execute the commands:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Please note that this example may create resources that can incur monetary charges on your AWS bill. You can run `terraform destroy` when you no longer need the resources.

examples/complete/main.tf

@@ -0,0 +1,67 @@
+module "grafana" {
+  source = "../../"
+
+  vpc_id       = var.vpc_id
+  cluster_name = var.cluster_name
+
+  # ECS Service
+  service_name          = var.service_name
+  service_subnet_ids    = var.service_subnet_ids
+  service_desired_count = var.service_desired_count
+  service_tags          = var.service_tags
+
+  # ECS Task Definition
+  task_definition_family                = var.task_definition_family
+  task_definition_grafana_image_version = var.task_definition_grafana_image_version
+  task_definition_tags                  = var.task_definition_tags
+
+  # ALB
+  alb_name       = var.alb_name
+  alb_subnet_ids = var.alb_subnet_ids
+  alb_tags       = var.alb_tags
+  # # Target Group
+  alb_target_group_name = var.alb_target_group_name
+  alb_target_group_tags = var.alb_target_group_tags
+  # # Listener
+  alb_listener_tags = var.alb_listener_tags
+
+  # S3 Bucket
+  s3_bucket_name = var.s3_bucket_name
+  s3_bucket_tags = var.s3_bucket_tags
+
+  # ACM
+  acm_grafana_domain_name = var.acm_grafana_domain_name
+  acm_record_zone_id      = var.acm_record_zone_id
+  acm_certificate_tags    = var.acm_certificate_tags
+
+  # Task IAM Role
+  grafana_task_role_name        = var.grafana_task_role_name
+  grafana_task_role_description = var.grafana_task_role_description
+  grafana_task_role_policies    = var.grafana_task_role_policies
+  grafana_task_role_tags        = var.grafana_task_role_tags
+
+  # Task Execution IAM Role
+  grafana_execution_role_name        = var.grafana_execution_role_name
+  grafana_execution_role_description = var.grafana_execution_role_description
+  grafana_execution_role_policies    = var.grafana_execution_role_policies
+  grafana_execution_role_tags        = var.grafana_execution_role_tags
+
+  # RDS
+  rds_identifier              = var.rds_identifier
+  rds_instance_class          = var.rds_instance_class
+  rds_allocated_storage       = var.rds_allocated_storage
+  rds_postgres_engine_version = var.rds_postgres_engine_version
+  rds_username                = var.rds_username
+  rds_tags                    = var.rds_tags
+  # # DB Subnet Group
+  rds_db_subnet_group_name        = var.rds_db_subnet_group_name
+  rds_db_subnet_group_description = var.rds_db_subnet_group_description
+  rds_db_subnet_group_subnet_ids  = var.rds_db_subnet_group_subnet_ids
+  rds_db_subnet_group_tags        = var.rds_db_subnet_group_tags
+  # # DB Parameter Group
+  rds_db_parameter_group_name        = var.rds_db_parameter_group_name
+  rds_db_parameter_group_description = var.rds_db_parameter_group_description
+  rds_db_parameter_group_family      = var.rds_db_parameter_group_family
+  rds_db_parameter_group_parameters  = var.rds_db_parameter_group_parameters
+  rds_db_parameter_group_tags        = var.rds_db_parameter_group_tags
+}