mirror of
https://github.com/sigmasternchen/terraform-aws-eventbridge
synced 2025-03-15 07:58:57 +00:00
fix: property lookup in ecs_target block (#8)
This commit is contained in:
parent
9131d3437f
commit
af29da39f8
5 changed files with 70 additions and 14 deletions
13
.github/workflows/pre-commit.yml
vendored
13
.github/workflows/pre-commit.yml
vendored
|
@ -38,7 +38,7 @@ jobs:
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
- name: Terraform min/max versions
|
- name: Terraform min/max versions
|
||||||
id: minMax
|
id: minMax
|
||||||
uses: clowdhaus/terraform-min-max@v1.0.1
|
uses: clowdhaus/terraform-min-max@v1.0.2
|
||||||
with:
|
with:
|
||||||
directory: ${{ matrix.directory }}
|
directory: ${{ matrix.directory }}
|
||||||
- name: Install Terraform v${{ steps.minMax.outputs.minVersion }}
|
- name: Install Terraform v${{ steps.minMax.outputs.minVersion }}
|
||||||
|
@ -50,14 +50,11 @@ jobs:
|
||||||
- name: Execute pre-commit
|
- name: Execute pre-commit
|
||||||
# Run only validate pre-commit check on min version supported
|
# Run only validate pre-commit check on min version supported
|
||||||
if: ${{ matrix.directory != '.' }}
|
if: ${{ matrix.directory != '.' }}
|
||||||
run:
|
run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*
|
||||||
pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*
|
|
||||||
- name: Execute pre-commit
|
- name: Execute pre-commit
|
||||||
# Run only validate pre-commit check on min version supported
|
# Run only validate pre-commit check on min version supported
|
||||||
if: ${{ matrix.directory == '.' }}
|
if: ${{ matrix.directory == '.' }}
|
||||||
run:
|
run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)
|
||||||
pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)
|
|
||||||
|
|
||||||
|
|
||||||
# Max Terraform version
|
# Max Terraform version
|
||||||
getBaseVersion:
|
getBaseVersion:
|
||||||
|
@ -68,7 +65,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
- name: Terraform min/max versions
|
- name: Terraform min/max versions
|
||||||
id: minMax
|
id: minMax
|
||||||
uses: clowdhaus/terraform-min-max@v1.0.1
|
uses: clowdhaus/terraform-min-max@v1.0.2
|
||||||
outputs:
|
outputs:
|
||||||
minVersion: ${{ steps.minMax.outputs.minVersion }}
|
minVersion: ${{ steps.minMax.outputs.minVersion }}
|
||||||
maxVersion: ${{ steps.minMax.outputs.maxVersion }}
|
maxVersion: ${{ steps.minMax.outputs.maxVersion }}
|
||||||
|
@ -94,7 +91,7 @@ jobs:
|
||||||
- name: Install pre-commit dependencies
|
- name: Install pre-commit dependencies
|
||||||
run: |
|
run: |
|
||||||
pip install pre-commit
|
pip install pre-commit
|
||||||
curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
|
curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
|
||||||
curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
|
curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
|
||||||
- name: Execute pre-commit
|
- name: Execute pre-commit
|
||||||
# Run all pre-commit checks on max version supported
|
# Run all pre-commit checks on max version supported
|
||||||
|
|
|
@ -34,6 +34,7 @@ Note that this example may create resources which cost money. Run `terraform des
|
||||||
|
|
||||||
| Name | Source | Version |
|
| Name | Source | Version |
|
||||||
|------|--------|---------|
|
|------|--------|---------|
|
||||||
|
| <a name="module_ecs"></a> [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | ~> 3.0 |
|
||||||
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
|
||||||
| <a name="module_step_function"></a> [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | ~> 2.0 |
|
| <a name="module_step_function"></a> [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | ~> 2.0 |
|
||||||
|
|
||||||
|
@ -42,6 +43,8 @@ Note that this example may create resources which cost money. Run `terraform des
|
||||||
| Name | Type |
|
| Name | Type |
|
||||||
|------|------|
|
|------|------|
|
||||||
| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
|
| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
|
||||||
|
| [aws_ecs_service.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
|
||||||
|
| [aws_ecs_task_definition.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
|
||||||
| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource |
|
| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource |
|
||||||
| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
|
| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
|
||||||
| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
|
| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
|
||||||
|
|
|
@ -32,6 +32,9 @@ module "eventbridge" {
|
||||||
attach_cloudwatch_policy = true
|
attach_cloudwatch_policy = true
|
||||||
cloudwatch_target_arns = [aws_cloudwatch_log_group.this.arn]
|
cloudwatch_target_arns = [aws_cloudwatch_log_group.this.arn]
|
||||||
|
|
||||||
|
attach_ecs_policy = true
|
||||||
|
ecs_target_arns = [aws_ecs_task_definition.hello_world.arn]
|
||||||
|
|
||||||
rules = {
|
rules = {
|
||||||
orders = {
|
orders = {
|
||||||
description = "Capture all order data"
|
description = "Capture all order data"
|
||||||
|
@ -90,6 +93,15 @@ module "eventbridge" {
|
||||||
dead_letter_arn = aws_sqs_queue.dlq.arn
|
dead_letter_arn = aws_sqs_queue.dlq.arn
|
||||||
input_transformer = local.order_input_transformer
|
input_transformer = local.order_input_transformer
|
||||||
attach_role_arn = true
|
attach_role_arn = true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "process-email-with-ecs-task",
|
||||||
|
arn = module.ecs.ecs_cluster_arn,
|
||||||
|
attach_role_arn = true
|
||||||
|
ecs_target = {
|
||||||
|
task_count = 1
|
||||||
|
task_definition_arn = aws_ecs_task_definition.hello_world.arn
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -248,3 +260,43 @@ module "step_function" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
######
|
||||||
|
# ECS
|
||||||
|
######
|
||||||
|
|
||||||
|
module "ecs" {
|
||||||
|
source = "terraform-aws-modules/ecs/aws"
|
||||||
|
version = "~> 3.0"
|
||||||
|
|
||||||
|
name = random_pet.this.id
|
||||||
|
|
||||||
|
capacity_providers = ["FARGATE", "FARGATE_SPOT"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_ecs_service" "hello_world" {
|
||||||
|
name = "hello_world-${random_pet.this.id}"
|
||||||
|
cluster = module.ecs.ecs_cluster_id
|
||||||
|
task_definition = aws_ecs_task_definition.hello_world.arn
|
||||||
|
launch_type = "FARGATE"
|
||||||
|
|
||||||
|
desired_count = 1
|
||||||
|
|
||||||
|
deployment_maximum_percent = 100
|
||||||
|
deployment_minimum_healthy_percent = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_ecs_task_definition" "hello_world" {
|
||||||
|
family = "hello_world-${random_pet.this.id}"
|
||||||
|
|
||||||
|
container_definitions = <<EOF
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "hello_world-${random_pet.this.id}",
|
||||||
|
"image": "hello-world",
|
||||||
|
"cpu": 0,
|
||||||
|
"memory": 128
|
||||||
|
}
|
||||||
|
]
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
4
iam.tf
4
iam.tf
|
@ -171,14 +171,14 @@ data "aws_iam_policy_document" "ecs" {
|
||||||
sid = "ECSAccess"
|
sid = "ECSAccess"
|
||||||
effect = "Allow"
|
effect = "Allow"
|
||||||
actions = ["ecs:RunTask"]
|
actions = ["ecs:RunTask"]
|
||||||
resources = var.ecs_target_arns
|
resources = [for arn in var.ecs_target_arns : replace(arn, "/:\\d+$/", ":*")]
|
||||||
}
|
}
|
||||||
|
|
||||||
statement {
|
statement {
|
||||||
sid = "PassRole"
|
sid = "PassRole"
|
||||||
effect = "Allow"
|
effect = "Allow"
|
||||||
actions = ["iam:PassRole"]
|
actions = ["iam:PassRole"]
|
||||||
resources = [aws_iam_role.eventbridge[0].arn]
|
resources = ["*"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
12
main.tf
12
main.tf
|
@ -70,20 +70,24 @@ resource "aws_cloudwatch_event_target" "this" {
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic "ecs_target" {
|
dynamic "ecs_target" {
|
||||||
for_each = lookup(each.value, "ecs_target", null) != null ? [true] : []
|
for_each = lookup(each.value, "ecs_target", null) != null ? [
|
||||||
|
each.value.ecs_target
|
||||||
|
] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
group = lookup(ecs_target.value, "group", null)
|
group = lookup(ecs_target.value, "group", null)
|
||||||
launch_type = lookup(ecs_target.value, "launch_type", null)
|
launch_type = lookup(ecs_target.value, "launch_type", null)
|
||||||
platform_version = lookup(ecs_target.value, "platform_version", null)
|
platform_version = lookup(ecs_target.value, "platform_version", null)
|
||||||
task_count = lookup(ecs_target.value, "task_count", null)
|
task_count = lookup(ecs_target.value, "task_count", null)
|
||||||
task_definition_arn = ecs_target.value.task_definition_arn
|
task_definition_arn = lookup(ecs_target.value, "task_definition_arn", null)
|
||||||
|
|
||||||
dynamic "network_configuration" {
|
dynamic "network_configuration" {
|
||||||
for_each = lookup(ecs_target.value, "network_configuration", null) != null ? [true] : []
|
for_each = lookup(each.value.ecs_target, "network_configuration", null) != null ? [
|
||||||
|
each.value.ecs_target.network_configuration
|
||||||
|
] : []
|
||||||
|
|
||||||
content {
|
content {
|
||||||
subnets = network_configuration.value.subnets
|
subnets = lookup(network_configuration.value, "subnets", null)
|
||||||
security_groups = lookup(network_configuration.value, "security_groups", null)
|
security_groups = lookup(network_configuration.value, "security_groups", null)
|
||||||
assign_public_ip = lookup(network_configuration.value, "assign_public_ip", null)
|
assign_public_ip = lookup(network_configuration.value, "assign_public_ip", null)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue