-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
129 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,31 +1,12 @@ | ||
data "aws_iam_policy_document" "cloudwatch_events_assume_role" { | ||
statement { | ||
effect = "Allow" | ||
actions = ["sts:AssumeRole"] | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["events.amazonaws.com"] | ||
} | ||
data "aws_iam_policy_document" "events_assume_role" { | ||
count = var.target_type != "" ? 1 : 0 | ||
statement { | ||
effect = "Allow" | ||
actions = ["sts:AssumeRole"] | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["events.amazonaws.com"] | ||
} | ||
} | ||
|
||
data "aws_iam_policy_document" "cloudwatch_events_target" { | ||
statement { | ||
effect = "Allow" | ||
actions = ["sts:AssumeRole"] | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["events.amazonaws.com"] | ||
} | ||
} | ||
} | ||
|
||
data "aws_ecs_cluster" "existing_cluster" { | ||
name = var.ecs_cluster_name | ||
} | ||
|
||
data "aws_ecs_task_definition" "existing_task" { | ||
task_definition = var.ecs_task_definition | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
resource "aws_iam_role" "events_role" { | ||
count = var.target_type != "" ? 1 : 0 | ||
name = "${var.resource_prefix}-cloudwatch-events-role" | ||
|
||
assume_role_policy = data.aws_iam_policy_document.events_assume_role[0].json | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "events_attachment" { | ||
count = var.target_type != "" ? 1 : 0 | ||
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | ||
role = aws_iam_role.events_role[0].name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
locals { | ||
cloudwatch_event_rule_name = "${var.resource_prefix}-cloudwatch-event-rule" | ||
sns_topic_name = "${var.resource_prefix}-sns-topic" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,49 +1,30 @@ | ||
resource "aws_cloudwatch_event_rule" "ecs_scheduled_event" { | ||
name = local.cloudwatch_event_rule_name | ||
description = "Scheduled event rule to run ECS task" | ||
resource "aws_cloudwatch_event_rule" "scheduled_event" { | ||
name = local.cloudwatch_event_rule_name | ||
description = "Scheduled event rule" | ||
schedule_expression = var.cron_expression | ||
} | ||
|
||
resource "aws_cloudwatch_event_target" "ecs_event_target" { | ||
rule = aws_cloudwatch_event_rule.ecs_scheduled_event.name | ||
target_id = "run-ecs-task" | ||
|
||
arn = data.aws_ecs_cluster.existing_cluster.arn | ||
|
||
ecs_target { | ||
task_count = 1 | ||
launch_type = var.launch_type | ||
platform_version = "LATEST" | ||
task_definition_arn = data.aws_ecs_task_definition.existing_task.arn | ||
resource "aws_cloudwatch_event_target" "event_target" { | ||
count = var.target_type != "" ? 1 : 0 | ||
rule = aws_cloudwatch_event_rule.scheduled_event.name | ||
target_id = "custom-target" | ||
|
||
// The ARN and other parameters will be customize based on the target type | ||
dynamic "custom_target" { | ||
for_each = var.target_type == "custom" ? [1] : [] | ||
content { | ||
arn = var.custom_target_arn | ||
} | ||
} | ||
} | ||
|
||
resource "aws_sns_topic" "slack_notifications" { | ||
name = local.sns_topic_name | ||
} | ||
|
||
resource "aws_sns_topic_subscription" "slack_subscription" { | ||
topic_arn = aws_sns_topic.slack_notifications.arn | ||
protocol = "https" | ||
endpoint = var.slack_notification_endpoint | ||
} | ||
|
||
resource "aws_iam_role" "cloudwatch_events_role" { | ||
name = "${var.resource_prefix}-cloudwatch-events-role" | ||
|
||
assume_role_policy = data.aws_iam_policy_document.cloudwatch_events_assume_role.json | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "cloudwatch_events_attachment" { | ||
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | ||
role = aws_iam_role.cloudwatch_events_role.name | ||
} | ||
|
||
resource "aws_cloudwatch_event_permission" "cloudwatch_events_permission" { | ||
resource "aws_cloudwatch_event_permission" "events_permission" { | ||
count = var.target_type != "" ? 1 : 0 | ||
action = "lambda:InvokeFunction" | ||
principal = "events.amazonaws.com" | ||
source_arn = aws_cloudwatch_event_rule.ecs_scheduled_event.arn | ||
source_arn = aws_cloudwatch_event_rule.scheduled_event.arn | ||
statement_id = "AllowInvoke" | ||
function_name = aws_cloudwatch_event_target.ecs_event_target.arn | ||
source_profile = aws_iam_role.cloudwatch_events_role.arn | ||
function_name = aws_cloudwatch_event_target.event_target[0].arn | ||
source_profile = aws_iam_role.events_role.arn | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,7 @@ | ||
output "cloudwatch_event_rule_arn" { | ||
value = aws_cloudwatch_event_rule.ecs_scheduled_event.arn | ||
value = aws_cloudwatch_event_rule.scheduled_event.arn | ||
} | ||
|
||
output "sns_topic_arn" { | ||
value = aws_sns_topic.slack_notifications.arn | ||
} | ||
|
||
output "cloudwatch_events_role_arn" { | ||
value = aws_iam_role.cloudwatch_events_role.arn | ||
output "events_role_arn" { | ||
value = aws_iam_role.events_role[0].arn | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,21 @@ | ||
variable "resource_prefix" { | ||
description = "Prefix for all resources" | ||
type = string | ||
} | ||
|
||
variable "ecs_cluster_name" { | ||
description = "Name of the existing ECS cluster" | ||
type = string | ||
} | ||
|
||
variable "ecs_task_definition" { | ||
description = "ARN of the existing ECS task definition" | ||
variable "cron_expression" { | ||
description = "Cron expression for the CloudWatch event rule" | ||
type = string | ||
} | ||
|
||
variable "slack_notification_endpoint" { | ||
description = "Slack notification endpoint" | ||
variable "target_type" { | ||
description = "Select a target type for the CloudWatch event" | ||
type = string | ||
default = "" // No default target type | ||
} | ||
|
||
variable "cron_expression" { | ||
description = "Cron expression for the CloudWatch event rule" | ||
type = string | ||
} | ||
|
||
variable "launch_type" { | ||
description = "ecs launch type - FARGATE or EC2" | ||
variable "custom_target_arn" { | ||
description = "ARN for the custom target" | ||
type = string | ||
default = "FARGATE" | ||
default = "" | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
resource "aws_iam_role" "sns_publish_role" { | ||
name = "${var.resource_prefix}-${var.sns_topic_name}-publish-role" | ||
|
||
assume_role_policy = jsonencode({ | ||
Version = "2012-10-17", | ||
Statement = [ | ||
{ | ||
Action = "sts:AssumeRole", | ||
Effect = "Allow", | ||
Principal = { | ||
Service = "sns.amazonaws.com", | ||
}, | ||
}, | ||
], | ||
}) | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "sns_publish_attachment" { | ||
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" | ||
role = aws_iam_role.sns_publish_role.name | ||
} | ||
|
||
resource "aws_sns_topic_policy" "sns_publish_policy" { | ||
name = "${var.resource_prefix}-${var.sns_topic_name}-publish-policy" | ||
|
||
policy = jsonencode({ | ||
Version = "2012-10-17", | ||
Statement = [ | ||
{ | ||
Effect = "Allow", | ||
Action = "sns:Publish", | ||
Resource = aws_sns_topic.main.arn, | ||
Principal = { | ||
Service = "lambda.amazonaws.com" | ||
} | ||
} | ||
] | ||
}) | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
locals { | ||
sns_topic_arn = "arn:aws:sns:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.resource_prefix}-${var.sns_topic_name}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
resource "aws_sns_topic" "main" { | ||
name = "${var.resource_prefix}-${var.sns_topic_name}" | ||
display_name = var.sns_display_name | ||
} | ||
|
||
resource "aws_sns_topic_subscription" "slack" { | ||
topic_arn = aws_sns_topic.main.arn | ||
protocol = "https" | ||
endpoint = var.slack_webhook_url | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "sns_topic_arn" { | ||
description = "ARN of the created SNS topic" | ||
value = aws_sns_topic.main.arn | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
variable "sns_topic_name" { | ||
description = "The name of the SNS topic" | ||
type = string | ||
} | ||
|
||
variable "slack_webhook_url" { | ||
description = "Slack webhook URL for notifications" | ||
type = string | ||
} | ||
|
||
variable "resource_prefix" { | ||
description = "A prefix for naming resources" | ||
type = string | ||
} | ||
|
||
variable "sns_display_name" { | ||
description = "Display name for SNS topic" | ||
type = string | ||
default = "DefaultDisplayName" | ||
} |