Add support for tasks and services without load balancer

rearc · Jun 17, 2020 · a49f0c7 · a49f0c7
1 parent cf3b1d4
commit a49f0c7
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 43 deletions.
diff --git a/alb.tf b/alb.tf
@@ -1,5 +1,11 @@
+data "aws_subnet" "private_subnet" {
+  count = length(var.private_subnets) == 0 ? 0 : 1
+
+  id = var.private_subnets[0]
+}
+
 resource "aws_lb" "alb" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.public_subnets) == 0 ? 0 : 1
 
   name               = replace("${local.stack}_${var.name}", "_", "")
   subnets            = var.public_subnets
@@ -8,31 +14,23 @@ resource "aws_lb" "alb" {
   load_balancer_type = "application"
 }
 
-data "aws_subnet" "public_subnet" {
-  count = var.public_subnets != [] ? 1 : 0
-
-  id = var.public_subnets[0]
-}
-
 resource "aws_lb_target_group" "alb_target_group_blue" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.public_subnets) == 0 ? 0 : 1
 
   name        = replace("${local.stack}_${var.name}_blue", "_", "")
   protocol    = "HTTP"
   target_type = "ip"
-  vpc_id      = data.aws_subnet.public_subnet[0].vpc_id
+  vpc_id      = length(var.public_subnets) == 0 ? "" : data.aws_subnet.private_subnet[0].vpc_id
   port        = var.container_port
-
-  depends_on = [ "aws_lb.alb" ]
 }
 
 resource "aws_lb_target_group" "alb_target_group_green" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.public_subnets) == 0 ? 0 : 1
 
   name        = replace("${local.stack}_${var.name}_green", "_", "")
   protocol    = "HTTP"
   target_type = "ip"
-  vpc_id      = data.aws_subnet.public_subnet[0].vpc_id
+  vpc_id      = length(var.public_subnets) == 0 ? "" : data.aws_subnet.private_subnet[0].vpc_id
   port        = var.container_port
 
   depends_on = [ "aws_lb.alb" ]
@@ -45,7 +43,7 @@ data "aws_acm_certificate" "app_cert" {
 }
 
 resource "aws_lb_listener" "alb_listener" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.public_subnets) == 0 ? 0 : 1
 
   load_balancer_arn = "${aws_lb.alb[0].arn}"
   port              = "443"
@@ -61,11 +59,11 @@ resource "aws_lb_listener" "alb_listener" {
 }
 
 resource "aws_security_group" "alb_sg" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.public_subnets) == 0 ? 0 : 1
 
   name        = "${local.stack}-${var.name}-alb-sg"
   description = "Allow HTTP from Anywhere into ALB"
-  vpc_id      = data.aws_subnet.public_subnet[0].vpc_id
+  vpc_id      = length(var.public_subnets) == 0 ? "" : data.aws_subnet.private_subnet[0].vpc_id
 
   ingress {
     from_port   = 443
@@ -85,7 +83,7 @@ resource "aws_security_group" "alb_sg" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    security_groups = ["${aws_security_group.app_sg[0].id}"]
+    security_groups = length(var.security_groups) == 0 ? ["${aws_security_group.app_sg[0].id}"] : var.security_groups
   }
 
   tags = {
@@ -95,11 +93,11 @@ resource "aws_security_group" "alb_sg" {
 
 //allow inbound traffic only from load balancer
 resource "aws_security_group" "app_sg" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.security_groups) == 0 ? length(var.private_subnets) == 0 ? 0 : 1 : 0
 
   name        = "${local.stack}-${var.name}-app-sg"
   description = "Allow HTTP from from LB into instances"
-  vpc_id      = data.aws_subnet.public_subnet[0].vpc_id
+  vpc_id      = length(var.public_subnets) == 0 ? "" : data.aws_subnet.private_subnet[0].vpc_id
 
   egress {
     from_port   = 0
@@ -114,18 +112,18 @@ resource "aws_security_group" "app_sg" {
 }
 
 resource "aws_security_group_rule" "alb_sg_rule" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.security_groups) == 0 ? length(var.private_subnets) == 0 ? 0 : 1 : 0
 
   security_group_id = aws_security_group.app_sg[0].id
   type = "ingress"
   from_port       = 0
   to_port         = 0
   protocol        = "-1"
-  source_security_group_id = aws_security_group.alb_sg[0].id
+  source_security_group_id = length(aws_security_group.alb_sg) > 0 ? aws_security_group.alb_sg[0].id : ""
 }
 
 resource "aws_security_group_rule" "app_sg_rule" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.security_groups) == 0 ? length(var.private_subnets) == 0 ? 0 : 1 : 0
 
   security_group_id = aws_security_group.app_sg[0].id
   type = "ingress"

diff --git a/main.tf b/main.tf
@@ -28,7 +28,7 @@ JSON
 }
 
 resource "aws_ecs_service" "app_service" {
-  count = var.public_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   name            = "${local.stack}_${var.name}"
   cluster         = "${var.ecs_cluster_name}"
@@ -40,31 +40,36 @@ resource "aws_ecs_service" "app_service" {
     field = "instanceId"
   }
 
-  load_balancer {
-    target_group_arn = "${aws_lb_target_group.alb_target_group_blue[0].arn}"
-    container_name   = "${local.stack}_${var.name}"
-    container_port   = "${var.container_port}"
-  }
-
   lifecycle {
-    ignore_changes = ["desired_count"]
+    ignore_changes = ["desired_count","task_definition","load_balancer"]
   }
 
   network_configuration {
     subnets = var.private_subnets
-    security_groups = ["${aws_security_group.app_sg[0].id}"]
+    security_groups = length(var.security_groups) == 0 ? ["${aws_security_group.app_sg[0].id}"] : var.security_groups
   }
 
-  deployment_controller {
-    type = "CODE_DEPLOY"
+  dynamic "deployment_controller" {
+    for_each = length(var.public_subnets) == 0 ? [] : [1]
+
+    content {
+      type = "CODE_DEPLOY"
+    }
   }
 
-  depends_on = ["aws_lb_target_group.alb_target_group_blue", "aws_lb_target_group.alb_target_group_green"]
+  dynamic "load_balancer" {
+    for_each = length(var.public_subnets) == 0 ? [] : [1]
 
+    content {
+      target_group_arn = "${aws_lb_target_group.alb_target_group_blue[0].arn}"
+      container_name   = "${local.stack}_${var.name}"
+      container_port   = "${var.container_port}"
+    }
+  }
 }
 
 resource "aws_appautoscaling_target" "ecs_target" {
-  count = var.private_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   max_capacity       = "${var.maximum_capacity}"
   min_capacity       = "${var.minimum_capacity}"
@@ -74,7 +79,7 @@ resource "aws_appautoscaling_target" "ecs_target" {
 }
 
 resource "aws_appautoscaling_policy" "ecs_policy_scale_up" {
-  count = var.private_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   name               = "${local.stack}-${var.name}-scale-up"
   policy_type        = "StepScaling"
@@ -96,7 +101,7 @@ resource "aws_appautoscaling_policy" "ecs_policy_scale_up" {
 }
 
 resource "aws_appautoscaling_policy" "ecs_policy_scale_down" {
-  count = var.private_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   name               = "${local.stack}-${var.name}-scale-down"
   policy_type        = "StepScaling"
@@ -118,7 +123,7 @@ resource "aws_appautoscaling_policy" "ecs_policy_scale_down" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "ecs_cluster_autoscaling_up" {
-  count = var.private_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   alarm_name          = "${local.stack}_${var.name}_autoscale_up"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -138,7 +143,7 @@ resource "aws_cloudwatch_metric_alarm" "ecs_cluster_autoscaling_up" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "ecs_cluster_autoscaling_down" {
-  count = var.private_subnets != [] ? 1 : 0
+  count = length(var.private_subnets) == 0 ? 0 : 1
 
   alarm_name          = "${local.stack}_${var.name}_autoscale_down"
   comparison_operator = "LessThanOrEqualToThreshold"

diff --git a/outputs.tf b/outputs.tf
@@ -1,15 +1,15 @@
 output "listener_arn" {
-    value=aws_lb_listener.alb_listener[0].arn
+  value = (length(var.public_subnets) == 0) ? "" : length(aws_lb_listener.alb_listener) == 0 ? "" : aws_lb_listener.alb_listener[0].arn
 }
 
 output "blue_target_group_arn" {
-    value=aws_lb_target_group.alb_target_group_blue[0].name
+  value = (length(var.public_subnets) == 0) ? "" : length(aws_lb_target_group.alb_target_group_blue) == 0 ? "" : aws_lb_target_group.alb_target_group_blue[0].name
 }
 
 output "green_target_group_arn" {
-    value=aws_lb_target_group.alb_target_group_green[0].name
+  value = (length(var.public_subnets) == 0) ? "" : length(aws_lb_target_group.alb_target_group_green) == 0 ? "" : aws_lb_target_group.alb_target_group_green[0].name
 }
 
 output "app_sg_id" {
-    value=aws_security_group.app_sg[0].id
+  value = (length(var.security_groups) == 0) ? length(var.private_subnets) == 0 ? "" : aws_security_group.app_sg[0].id : var.security_groups[0]
 }