Repository: duduribeiro/terraform_ecs_fargate_example Branch: master Commit: caf4a07a1358 Files: 43 Total size: 278.9 KB Directory structure: gitextract_g0rp1zjv/ ├── .gitignore ├── LICENSE ├── README.md ├── modules/ │ ├── code_pipeline/ │ │ ├── buildspec.yml │ │ ├── main.tf │ │ ├── policies/ │ │ │ ├── codebuild_policy.json │ │ │ ├── codebuild_role.json │ │ │ ├── codepipeline.json │ │ │ └── codepipeline_role.json │ │ └── variables.tf │ ├── ecs/ │ │ ├── code_pipeline/ │ │ │ ├── buildspec.yml │ │ │ ├── main.tf │ │ │ ├── policies/ │ │ │ │ ├── codebuild_policy.json │ │ │ │ ├── codebuild_role.json │ │ │ │ ├── codepipeline.json │ │ │ │ └── codepipeline_role.json │ │ │ └── variables.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── policies/ │ │ │ ├── ecs-autoscale-role-policy.json │ │ │ ├── ecs-autoscale-role.json │ │ │ ├── ecs-execution-role-policy.json │ │ │ ├── ecs-role.json │ │ │ ├── ecs-service-role.json │ │ │ └── ecs-task-execution-role.json │ │ ├── tasks/ │ │ │ ├── db_migrate_task_definition.json │ │ │ └── web_task_definition.json │ │ └── variables.tf │ ├── networking/ │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ └── rds/ │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── outputs.tf ├── pipeline.tf ├── production.tf ├── production_key.pub ├── route53.tf ├── terraform.tfstate ├── terraform.tfstate.backup ├── terraform.tfvars └── variables.tf ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ **/.terraform ================================================ FILE: LICENSE ================================================ Copyright [2018] Carlos Ribeiro Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ================================================ FILE: README.md ================================================ # terraform_ecs_fargate_example ================================================ FILE: modules/code_pipeline/buildspec.yml ================================================ version: 0.2 phases: pre_build: commands: - pip install awscli --upgrade --user - echo `aws --version` - echo Logging in to Amazon ECR... - $(aws ecr get-login --region ${region} --no-include-email) - REPOSITORY_URI=${repository_url} - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) - echo Entered the pre_build phase... build: commands: - echo Build started on `date` - echo Building the Docker image... - docker build --build-arg build_without="development test" --build-arg rails_env="production" -t $REPOSITORY_URI:latest . - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG post_build: commands: - echo Build completed on `date` - echo Pushing the Docker images... - docker push $REPOSITORY_URI:latest - docker push $REPOSITORY_URI:$IMAGE_TAG - echo Writing image definitions file... - printf '[{"name":"web","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json - echo upgrading db-migrate task definitions - aws ecs run-task --launch-type FARGATE --cluster ${cluster_name} --task-definition production_db_migrate --network-configuration "awsvpcConfiguration={subnets=[${subnet_id}],securityGroups=[${security_group_ids}]}" artifacts: files: imagedefinitions.json ================================================ FILE: modules/code_pipeline/main.tf ================================================ resource "aws_s3_bucket" "source" { bucket = "openjobs-experiment-source" acl = "private" force_destroy = true } resource "aws_iam_role" "codepipeline_role" { name = "codepipeline-role" assume_role_policy = "${file("${path.module}/policies/codepipeline_role.json")}" } /* policies */ data "template_file" "codepipeline_policy" { template = "${file("${path.module}/policies/codepipeline.json")}" vars { aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" } } resource "aws_iam_role_policy" "codepipeline_policy" { name = "codepipeline_policy" role = "${aws_iam_role.codepipeline_role.id}" policy = "${data.template_file.codepipeline_policy.rendered}" } /* /* CodeBuild */ resource "aws_iam_role" "codebuild_role" { name = "codebuild-role" assume_role_policy = "${file("${path.module}/policies/codebuild_role.json")}" } data "template_file" "codebuild_policy" { template = "${file("${path.module}/policies/codebuild_policy.json")}" vars { aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" } } resource "aws_iam_role_policy" "codebuild_policy" { name = "codebuild-policy" role = "${aws_iam_role.codebuild_role.id}" policy = "${data.template_file.codebuild_policy.rendered}" } data "template_file" "buildspec" { template = "${file("${path.module}/buildspec.yml")}" vars { repository_url = "${var.repository_url}" region = "${var.region}" cluster_name = "${var.ecs_cluster_name}" subnet_id = "${var.run_task_subnet_id}" security_group_ids = "${join(",", var.run_task_security_group_ids)}" } } resource "aws_codebuild_project" "openjobs_build" { name = "openjobs-codebuild" build_timeout = "10" service_role = "${aws_iam_role.codebuild_role.arn}" artifacts { type = "CODEPIPELINE" } environment { compute_type = "BUILD_GENERAL1_SMALL" // https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html image = "aws/codebuild/docker:1.12.1" type = "LINUX_CONTAINER" privileged_mode = true } source { type = "CODEPIPELINE" buildspec = "${data.template_file.buildspec.rendered}" } } /* CodePipeline */ resource "aws_codepipeline" "pipeline" { name = "openjobs-pipeline" role_arn = "${aws_iam_role.codepipeline_role.arn}" artifact_store { location = "${aws_s3_bucket.source.bucket}" type = "S3" } stage { name = "Source" action { name = "Source" category = "Source" owner = "ThirdParty" provider = "GitHub" version = "1" output_artifacts = ["source"] configuration { Owner = "duduribeiro" Repo = "openjobs_experiment" Branch = "master" } } } stage { name = "Build" action { name = "Build" category = "Build" owner = "AWS" provider = "CodeBuild" version = "1" input_artifacts = ["source"] output_artifacts = ["imagedefinitions"] configuration { ProjectName = "openjobs-codebuild" } } } stage { name = "Production" action { name = "Deploy" category = "Deploy" owner = "AWS" provider = "ECS" input_artifacts = ["imagedefinitions"] version = "1" configuration { ClusterName = "${var.ecs_cluster_name}" ServiceName = "${var.ecs_service_name}" FileName = "imagedefinitions.json" } } } } ================================================ FILE: modules/code_pipeline/policies/codebuild_policy.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ecr:GetAuthorizationToken", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:PutImage", "ecs:RunTask", "iam:PassRole" ] }, { "Effect":"Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:List*", "s3:PutObject" ], "Resource": [ "${aws_s3_bucket_arn}", "${aws_s3_bucket_arn}/*" ] } ] } ================================================ FILE: modules/code_pipeline/policies/codebuild_role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/code_pipeline/policies/codepipeline.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect":"Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:List*", "s3:PutObject" ], "Resource": [ "${aws_s3_bucket_arn}", "${aws_s3_bucket_arn}/*" ] }, { "Effect": "Allow", "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": "*" }, { "Action": [ "ecs:*", "events:DescribeRule", "events:DeleteRule", "events:ListRuleNamesByTarget", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:FilterLogEvents" ], "Resource": "*", "Effect": "Allow" }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": "ecs-tasks.amazonaws.com" } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsInstanceRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsAutoscaleRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "ecs.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } } ] } ================================================ FILE: modules/code_pipeline/policies/codepipeline_role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codepipeline.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/code_pipeline/variables.tf ================================================ variable "repository_url" { description = "The url of the ECR repository" } variable "region" { description = "The region to use" } variable "ecs_cluster_name" { description = "The cluster that we will deploy" } variable "ecs_service_name" { description = "The ECS service that will be deployed" } variable "run_task_subnet_id" { description = "The subnet Id where single run task will be executed" } variable "run_task_security_group_ids" { type = "list" description = "The security group Ids attached where the single run task will be executed" } ================================================ FILE: modules/ecs/code_pipeline/buildspec.yml ================================================ version: 0.2 phases: pre_build: commands: - echo Logging in to Amazon ECR... - $(aws ecr get-login --region ${region} --no-include-email) - REPOSITORY_URI=${repository_url} - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) - echo Entered the pre_build phase... build: commands: - echo Build started on `date` - echo Building the Docker image... - docker build --build-arg build_without="development test" --build-arg rails_env="production" -t $REPOSITORY_URI:latest . - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG post_build: commands: - echo Build completed on `date` - echo Pushing the Docker images... - docker push $REPOSITORY_URI:latest - docker push $REPOSITORY_URI:$IMAGE_TAG - echo Writing image definitions file... - printf '[{"name":"web","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json artifacts: files: imagedefinitions.json ================================================ FILE: modules/ecs/code_pipeline/main.tf ================================================ resource "aws_s3_bucket" "source" { bucket = "openjobs-experiment-source" acl = "private" force_destroy = true } resource "aws_iam_role" "codepipeline_role" { name = "codepipeline-role" assume_role_policy = "${file("${path.module}/policies/codepipeline_role.json")}" } /* policies */ data "template_file" "codepipeline_policy" { template = "${file("${path.module}/policies/codepipeline.json")}" vars { aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" } } resource "aws_iam_role_policy" "codepipeline_policy" { name = "codepipeline_policy" role = "${aws_iam_role.codepipeline_role.id}" policy = "${data.template_file.codepipeline_policy.rendered}" } /* /* CodeBuild */ resource "aws_iam_role" "codebuild_role" { name = "codebuild-role" assume_role_policy = "${file("${path.module}/policies/codebuild_role.json")}" } data "template_file" "codebuild_policy" { template = "${file("${path.module}/policies/codebuild_policy.json")}" vars { aws_s3_bucket_arn = "${aws_s3_bucket.source.arn}" } } resource "aws_iam_role_policy" "codebuild_policy" { name = "codebuild-policy" role = "${aws_iam_role.codebuild_role.id}" policy = "${data.template_file.codebuild_policy.rendered}" } data "template_file" "buildspec" { template = "${file("${path.module}/buildspec.yml")}" vars { repository_url = "${var.repository_url}" region = "${var.region}" } } resource "aws_codebuild_project" "openjobs_build" { name = "openjobs-codebuild" build_timeout = "10" service_role = "${aws_iam_role.codebuild_role.arn}" artifacts { type = "CODEPIPELINE" } environment { compute_type = "BUILD_GENERAL1_SMALL" // https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html image = "aws/codebuild/docker:1.12.1" type = "LINUX_CONTAINER" privileged_mode = true } source { type = "CODEPIPELINE" buildspec = "${data.template_file.buildspec.rendered}" } } /* CodePipeline */ resource "aws_codepipeline" "pipeline" { name = "openjobs-pipeline" role_arn = "${aws_iam_role.codepipeline_role.arn}" artifact_store { location = "${aws_s3_bucket.source.bucket}" type = "S3" } stage { name = "Source" action { name = "Source" category = "Source" owner = "ThirdParty" provider = "GitHub" version = "1" output_artifacts = ["source"] configuration { Owner = "duduribeiro" Repo = "openjobs_experiment" Branch = "master" } } } stage { name = "Build" action { name = "Build" category = "Build" owner = "AWS" provider = "CodeBuild" version = "1" input_artifacts = ["source"] output_artifacts = ["imagedefinitions"] configuration { ProjectName = "openjobs-codebuild" } } } stage { name = "Production" action { name = "Deploy" category = "Deploy" owner = "AWS" provider = "ECS" input_artifacts = ["imagedefinitions"] version = "1" configuration { ClusterName = "${var.ecs_cluster_name}" ServiceName = "${var.ecs_service_name}" FileName = "imagedefinitions.json" } } } } ================================================ FILE: modules/ecs/code_pipeline/policies/codebuild_policy.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ecr:GetAuthorizationToken", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:PutImage" ] }, { "Effect":"Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:List*", "s3:PutObject" ], "Resource": [ "${aws_s3_bucket_arn}", "${aws_s3_bucket_arn}/*" ] } ] } ================================================ FILE: modules/ecs/code_pipeline/policies/codebuild_role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/ecs/code_pipeline/policies/codepipeline.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect":"Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:List*", "s3:PutObject" ], "Resource": [ "${aws_s3_bucket_arn}", "${aws_s3_bucket_arn}/*" ] }, { "Effect": "Allow", "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": "*" }, { "Action": [ "ecs:*", "events:DescribeRule", "events:DeleteRule", "events:ListRuleNamesByTarget", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:FilterLogEvents" ], "Resource": "*", "Effect": "Allow" }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": "ecs-tasks.amazonaws.com" } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsInstanceRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsAutoscaleRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "ecs.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } } ] } ================================================ FILE: modules/ecs/code_pipeline/policies/codepipeline_role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codepipeline.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/ecs/code_pipeline/variables.tf ================================================ variable "repository_url" { description = "The url of the ECR repository" } variable "region" { description = "The region to use" } variable "ecs_cluster_name" { description = "The cluster that we will deploy" } variable "ecs_service_name" { description = "The ECS service that will be deployed" } ================================================ FILE: modules/ecs/main.tf ================================================ /*==== Cloudwatch Log Group ======*/ resource "aws_cloudwatch_log_group" "openjobs" { name = "openjobs" tags { Environment = "${var.environment}" Application = "OpenJobs" } } /*==== ECR repository to store our Docker images ======*/ resource "aws_ecr_repository" "openjobs_app" { name = "${var.repository_name}" } /*==== ECS cluster ======*/ resource "aws_ecs_cluster" "cluster" { name = "${var.environment}-ecs-cluster" } /*==== ECS task definitions ======*/ /* the task definition for the web service */ data "template_file" "web_task" { template = "${file("${path.module}/tasks/web_task_definition.json")}" vars { image = "${aws_ecr_repository.openjobs_app.repository_url}" secret_key_base = "${var.secret_key_base}" database_url = "postgresql://${var.database_username}:${var.database_password}@${var.database_endpoint}:5432/${var.database_name}?encoding=utf8&pool=40" log_group = "${aws_cloudwatch_log_group.openjobs.name}" } } resource "aws_ecs_task_definition" "web" { family = "${var.environment}_web" container_definitions = "${data.template_file.web_task.rendered}" requires_compatibilities = ["FARGATE"] network_mode = "awsvpc" cpu = "256" memory = "512" execution_role_arn = "${aws_iam_role.ecs_execution_role.arn}" task_role_arn = "${aws_iam_role.ecs_execution_role.arn}" } /* the task definition for the db migration */ data "template_file" "db_migrate_task" { template = "${file("${path.module}/tasks/db_migrate_task_definition.json")}" vars { image = "${aws_ecr_repository.openjobs_app.repository_url}" secret_key_base = "${var.secret_key_base}" database_url = "postgresql://${var.database_username}:${var.database_password}@${var.database_endpoint}:5432/${var.database_name}?encoding=utf8&pool=40" log_group = "openjobs" } } resource "aws_ecs_task_definition" "db_migrate" { family = "${var.environment}_db_migrate" container_definitions = "${data.template_file.db_migrate_task.rendered}" requires_compatibilities = ["FARGATE"] network_mode = "awsvpc" cpu = "256" memory = "512" execution_role_arn = "${aws_iam_role.ecs_execution_role.arn}" task_role_arn = "${aws_iam_role.ecs_execution_role.arn}" } /*==== App Load Balancer ======*/ resource "random_id" "target_group_sufix" { byte_length = 2 } resource "aws_alb_target_group" "alb_target_group" { name = "${var.environment}-alb-target-group-${random_id.target_group_sufix.hex}" port = 80 protocol = "HTTP" vpc_id = "${var.vpc_id}" target_type = "ip" lifecycle { create_before_destroy = true } } /* security group for ALB */ resource "aws_security_group" "web_inbound_sg" { name = "${var.environment}-web-inbound-sg" description = "Allow HTTP from Anywhere into ALB" vpc_id = "${var.vpc_id}" ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 8 to_port = 0 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "${var.environment}-web-inbound-sg" } } resource "aws_alb" "alb_openjobs" { name = "${var.environment}-alb-openjobs" subnets = ["${var.public_subnet_ids}"] security_groups = ["${var.security_groups_ids}", "${aws_security_group.web_inbound_sg.id}"] tags { Name = "${var.environment}-alb-openjobs" Environment = "${var.environment}" } } resource "aws_alb_listener" "openjobs" { load_balancer_arn = "${aws_alb.alb_openjobs.arn}" port = "80" protocol = "HTTP" depends_on = ["aws_alb_target_group.alb_target_group"] default_action { target_group_arn = "${aws_alb_target_group.alb_target_group.arn}" type = "forward" } } /* * IAM service role */ data "aws_iam_policy_document" "ecs_service_role" { statement { effect = "Allow" actions = ["sts:AssumeRole"] principals { type = "Service" identifiers = ["ecs.amazonaws.com"] } } } resource "aws_iam_role" "ecs_role" { name = "ecs_role" assume_role_policy = "${data.aws_iam_policy_document.ecs_service_role.json}" } data "aws_iam_policy_document" "ecs_service_policy" { statement { effect = "Allow" resources = ["*"] actions = [ "elasticloadbalancing:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "ec2:Describe*", "ec2:AuthorizeSecurityGroupIngress" ] } } /* ecs service scheduler role */ resource "aws_iam_role_policy" "ecs_service_role_policy" { name = "ecs_service_role_policy" #policy = "${file("${path.module}/policies/ecs-service-role.json")}" policy = "${data.aws_iam_policy_document.ecs_service_policy.json}" role = "${aws_iam_role.ecs_role.id}" } /* role that the Amazon ECS container agent and the Docker daemon can assume */ resource "aws_iam_role" "ecs_execution_role" { name = "ecs_task_execution_role" assume_role_policy = "${file("${path.module}/policies/ecs-task-execution-role.json")}" } resource "aws_iam_role_policy" "ecs_execution_role_policy" { name = "ecs_execution_role_policy" policy = "${file("${path.module}/policies/ecs-execution-role-policy.json")}" role = "${aws_iam_role.ecs_execution_role.id}" } /*==== ECS service ======*/ /* Security Group for ECS */ resource "aws_security_group" "ecs_service" { vpc_id = "${var.vpc_id}" name = "${var.environment}-ecs-service-sg" description = "Allow egress from container" egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 8 to_port = 0 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "${var.environment}-ecs-service-sg" Environment = "${var.environment}" } } /* Simply specify the family to find the latest ACTIVE revision in that family */ data "aws_ecs_task_definition" "web" { task_definition = "${aws_ecs_task_definition.web.family}" depends_on = [ "aws_ecs_task_definition.web" ] } resource "aws_ecs_service" "web" { name = "${var.environment}-web" task_definition = "${aws_ecs_task_definition.web.family}:${max("${aws_ecs_task_definition.web.revision}", "${data.aws_ecs_task_definition.web.revision}")}" desired_count = 2 launch_type = "FARGATE" cluster = "${aws_ecs_cluster.cluster.id}" depends_on = ["aws_iam_role_policy.ecs_service_role_policy"] network_configuration { security_groups = ["${var.security_groups_ids}", "${aws_security_group.ecs_service.id}"] subnets = ["${var.subnets_ids}"] } load_balancer { target_group_arn = "${aws_alb_target_group.alb_target_group.arn}" container_name = "web" container_port = "80" } depends_on = ["aws_alb_target_group.alb_target_group"] } /*==== Auto Scaling for ECS ======*/ resource "aws_iam_role" "ecs_autoscale_role" { name = "${var.environment}_ecs_autoscale_role" assume_role_policy = "${file("${path.module}/policies/ecs-autoscale-role.json")}" } resource "aws_iam_role_policy" "ecs_autoscale_role_policy" { name = "ecs_autoscale_role_policy" policy = "${file("${path.module}/policies/ecs-autoscale-role-policy.json")}" role = "${aws_iam_role.ecs_autoscale_role.id}" } resource "aws_appautoscaling_target" "target" { service_namespace = "ecs" resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" scalable_dimension = "ecs:service:DesiredCount" role_arn = "${aws_iam_role.ecs_autoscale_role.arn}" min_capacity = 2 max_capacity = 4 } resource "aws_appautoscaling_policy" "up" { name = "${var.environment}_scale_up" service_namespace = "ecs" resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" scalable_dimension = "ecs:service:DesiredCount" step_scaling_policy_configuration { adjustment_type = "ChangeInCapacity" cooldown = 60 metric_aggregation_type = "Maximum" step_adjustment { metric_interval_lower_bound = 0 scaling_adjustment = 1 } } depends_on = ["aws_appautoscaling_target.target"] } resource "aws_appautoscaling_policy" "down" { name = "${var.environment}_scale_down" service_namespace = "ecs" resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}" scalable_dimension = "ecs:service:DesiredCount" step_scaling_policy_configuration { adjustment_type = "ChangeInCapacity" cooldown = 60 metric_aggregation_type = "Maximum" step_adjustment { metric_interval_lower_bound = 0 scaling_adjustment = -1 } } depends_on = ["aws_appautoscaling_target.target"] } /* metric used for auto scale */ resource "aws_cloudwatch_metric_alarm" "service_cpu_high" { alarm_name = "${var.environment}_openjobs_web_cpu_utilization_high" comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = "2" metric_name = "CPUUtilization" namespace = "AWS/ECS" period = "60" statistic = "Maximum" threshold = "85" dimensions { ClusterName = "${aws_ecs_cluster.cluster.name}" ServiceName = "${aws_ecs_service.web.name}" } alarm_actions = ["${aws_appautoscaling_policy.up.arn}"] ok_actions = ["${aws_appautoscaling_policy.down.arn}"] } ================================================ FILE: modules/ecs/outputs.tf ================================================ output "repository_url" { value = "${aws_ecr_repository.openjobs_app.repository_url}" } output "cluster_name" { value = "${aws_ecs_cluster.cluster.name}" } output "service_name" { value = "${aws_ecs_service.web.name}" } output "alb_dns_name" { value = "${aws_alb.alb_openjobs.dns_name}" } output "alb_zone_id" { value = "${aws_alb.alb_openjobs.zone_id}" } output "security_group_id" { value = "${aws_security_group.ecs_service.id}" } ================================================ FILE: modules/ecs/policies/ecs-autoscale-role-policy.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:DescribeServices", "ecs:UpdateService" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms" ], "Resource": [ "*" ] } ] } ================================================ FILE: modules/ecs/policies/ecs-autoscale-role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "application-autoscaling.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/ecs/policies/ecs-execution-role-policy.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] } ================================================ FILE: modules/ecs/policies/ecs-role.json ================================================ { "Version": "2008-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"] }, "Effect": "Allow" } ] } ================================================ FILE: modules/ecs/policies/ecs-service-role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "ec2:Describe*", "ec2:AuthorizeSecurityGroupIngress" ], "Resource": [ "*" ] } ] } ================================================ FILE: modules/ecs/policies/ecs-task-execution-role.json ================================================ { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ================================================ FILE: modules/ecs/tasks/db_migrate_task_definition.json ================================================ [ { "name": "db-migrate", "image": "${image}", "command": ["bundle", "exec", "rake", "db:migrate"], "memory": 300, "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "${log_group}", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "db_migrate" } }, "environment": [ { "name": "RAILS_ENV", "value": "production" }, { "name": "DATABASE_URL", "value": "${database_url}" }, { "name": "SECRET_KEY_BASE", "value": "${secret_key_base}" }, { "name": "RAILS_LOG_TO_STDOUT", "value": "true" } ] } ] ================================================ FILE: modules/ecs/tasks/web_task_definition.json ================================================ [ { "name": "web", "image": "${image}", "portMappings": [ { "containerPort": 80, "hostPort": 80 } ], "memory": 300, "networkMode": "awsvpc", "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "${log_group}", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "web" } }, "environment": [ { "name": "RAILS_ENV", "value": "production" }, { "name": "DATABASE_URL", "value": "${database_url}" }, { "name": "SECRET_KEY_BASE", "value": "${secret_key_base}" }, { "name": "PORT", "value": "80" }, { "name": "RAILS_LOG_TO_STDOUT", "value": "true" }, { "name": "RAILS_SERVE_STATIC_FILES", "value": "true" } ] } ] ================================================ FILE: modules/ecs/variables.tf ================================================ variable "environment" { description = "The environment" } variable "vpc_id" { description = "The VPC id" } variable "availability_zones" { type = "list" description = "The azs to use" } variable "security_groups_ids" { type = "list" description = "The SGs to use" } variable "subnets_ids" { type = "list" description = "The private subnets to use" } variable "public_subnet_ids" { type = "list" description = "The private subnets to use" } variable "database_endpoint" { description = "The database endpoint" } variable "database_username" { description = "The database username" } variable "database_password" { description = "The database password" } variable "database_name" { description = "The database that the app will use" } variable "repository_name" { description = "The name of the repisitory" } variable "secret_key_base" { description = "The secret key base to use in the app" } ================================================ FILE: modules/networking/main.tf ================================================ /*==== The VPC ======*/ resource "aws_vpc" "vpc" { cidr_block = "${var.vpc_cidr}" enable_dns_hostnames = true enable_dns_support = true tags { Name = "${var.environment}-vpc" Environment = "${var.environment}" } } /*==== Subnets ======*/ /* Internet gateway for the public subnet */ resource "aws_internet_gateway" "ig" { vpc_id = "${aws_vpc.vpc.id}" tags { Name = "${var.environment}-igw" Environment = "${var.environment}" } } /* Elastic IP for NAT */ resource "aws_eip" "nat_eip" { vpc = true depends_on = ["aws_internet_gateway.ig"] } /* NAT */ resource "aws_nat_gateway" "nat" { allocation_id = "${aws_eip.nat_eip.id}" subnet_id = "${element(aws_subnet.public_subnet.*.id, 0)}" depends_on = ["aws_internet_gateway.ig"] tags { Name = "${var.environment}-${element(var.availability_zones, count.index)}-nat" Environment = "${var.environment}" } } /* Public subnet */ resource "aws_subnet" "public_subnet" { vpc_id = "${aws_vpc.vpc.id}" count = "${length(var.public_subnets_cidr)}" cidr_block = "${element(var.public_subnets_cidr, count.index)}" availability_zone = "${element(var.availability_zones, count.index)}" map_public_ip_on_launch = true tags { Name = "${var.environment}-${element(var.availability_zones, count.index)}-public-subnet" Environment = "${var.environment}" } } /* Private subnet */ resource "aws_subnet" "private_subnet" { vpc_id = "${aws_vpc.vpc.id}" count = "${length(var.private_subnets_cidr)}" cidr_block = "${element(var.private_subnets_cidr, count.index)}" availability_zone = "${element(var.availability_zones, count.index)}" map_public_ip_on_launch = false tags { Name = "${var.environment}-${element(var.availability_zones, count.index)}-private-subnet" Environment = "${var.environment}" } } /* Routing table for private subnet */ resource "aws_route_table" "private" { vpc_id = "${aws_vpc.vpc.id}" tags { Name = "${var.environment}-private-route-table" Environment = "${var.environment}" } } /* Routing table for public subnet */ resource "aws_route_table" "public" { vpc_id = "${aws_vpc.vpc.id}" tags { Name = "${var.environment}-public-route-table" Environment = "${var.environment}" } } resource "aws_route" "public_internet_gateway" { route_table_id = "${aws_route_table.public.id}" destination_cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.ig.id}" } resource "aws_route" "private_nat_gateway" { route_table_id = "${aws_route_table.private.id}" destination_cidr_block = "0.0.0.0/0" nat_gateway_id = "${aws_nat_gateway.nat.id}" } /* Route table associations */ resource "aws_route_table_association" "public" { count = "${length(var.public_subnets_cidr)}" subnet_id = "${element(aws_subnet.public_subnet.*.id, count.index)}" route_table_id = "${aws_route_table.public.id}" } resource "aws_route_table_association" "private" { count = "${length(var.private_subnets_cidr)}" subnet_id = "${element(aws_subnet.private_subnet.*.id, count.index)}" route_table_id = "${aws_route_table.private.id}" } /*==== VPC's Default Security Group ======*/ resource "aws_security_group" "default" { name = "${var.environment}-default-sg" description = "Default security group to allow inbound/outbound from the VPC" vpc_id = "${aws_vpc.vpc.id}" depends_on = ["aws_vpc.vpc"] ingress { from_port = "0" to_port = "0" protocol = "-1" self = true } egress { from_port = "0" to_port = "0" protocol = "-1" self = "true" } tags { Environment = "${var.environment}" } } ================================================ FILE: modules/networking/output.tf ================================================ output "vpc_id" { value = "${aws_vpc.vpc.id}" } output "public_subnets_id" { value = ["${aws_subnet.public_subnet.*.id}"] } output "private_subnets_id" { value = ["${aws_subnet.private_subnet.*.id}"] } output "default_sg_id" { value = "${aws_security_group.default.id}" } output "security_groups_ids" { value = ["${aws_security_group.default.id}"] } ================================================ FILE: modules/networking/variables.tf ================================================ variable "vpc_cidr" { description = "The CIDR block of the vpc" } variable "public_subnets_cidr" { type = "list" description = "The CIDR block for the public subnet" } variable "private_subnets_cidr" { type = "list" description = "The CIDR block for the private subnet" } variable "environment" { description = "The environment" } variable "region" { description = "The region to launch the bastion host" } variable "availability_zones" { type = "list" description = "The az that the resources will be launched" } variable "key_name" { description = "The public key for the bastion host" } ================================================ FILE: modules/rds/main.tf ================================================ /*==== RDS ======*/ /* subnet used by rds */ resource "aws_db_subnet_group" "rds_subnet_group" { name = "${var.environment}-rds-subnet-group" description = "RDS subnet group" subnet_ids = ["${var.subnet_ids}"] tags { Environment = "${var.environment}" } } /* Security Group for resources that want to access the Database */ resource "aws_security_group" "db_access_sg" { vpc_id = "${var.vpc_id}" name = "${var.environment}-db-access-sg" description = "Allow access to RDS" tags { Name = "${var.environment}-db-access-sg" Environment = "${var.environment}" } } resource "aws_security_group" "rds_sg" { name = "${var.environment}-rds-sg" description = "${var.environment} Security Group" vpc_id = "${var.vpc_id}" tags { Name = "${var.environment}-rds-sg" Environment = "${var.environment}" } // allows traffic from the SG itself ingress { from_port = 0 to_port = 0 protocol = "-1" self = true } //allow traffic for TCP 5432 ingress { from_port = 5432 to_port = 5432 protocol = "tcp" security_groups = ["${aws_security_group.db_access_sg.id}"] } // outbound internet access egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_db_instance" "rds" { identifier = "${var.environment}-database" allocated_storage = "${var.allocated_storage}" engine = "postgres" engine_version = "9.6.6" instance_class = "${var.instance_class}" multi_az = "${var.multi_az}" name = "${var.database_name}" username = "${var.database_username}" password = "${var.database_password}" db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.id}" vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"] skip_final_snapshot = true #snapshot_identifier = "rds-${var.environment}-snapshot" tags { Environment = "${var.environment}" } } ================================================ FILE: modules/rds/output.tf ================================================ output "rds_address" { value = "${aws_db_instance.rds.address}" } output "db_access_sg_id" { value = "${aws_security_group.db_access_sg.id}" } ================================================ FILE: modules/rds/variables.tf ================================================ variable "environment" { description = "The environment" } variable "subnet_ids" { type = "list" description = "Subnet ids" } variable "vpc_id" { description = "The VPC id" } //variable "allowed_security_group_id" { // description = "The allowed security group id to connect on RDS" //} variable "allocated_storage" { default = "20" description = "The storage size in GB" } variable "instance_class" { description = "The instance type" } variable "multi_az" { default = false description = "Muti-az allowed?" } variable "database_name" { description = "The database name" } variable "database_username" { description = "The username of the database" } variable "database_password" { description = "The password of the database" } ================================================ FILE: outputs.tf ================================================ output "alb_dns_name" { value = "${module.ecs.alb_dns_name}" } ================================================ FILE: pipeline.tf ================================================ module "code_pipeline" { source = "./modules/code_pipeline" repository_url = "${module.ecs.repository_url}" region = "${var.region}" ecs_service_name = "${module.ecs.service_name}" ecs_cluster_name = "${module.ecs.cluster_name}" run_task_subnet_id = "${module.networking.private_subnets_id[0]}" run_task_security_group_ids = ["${module.rds.db_access_sg_id}", "${module.networking.security_groups_ids}", "${module.ecs.security_group_id}"] } ================================================ FILE: production.tf ================================================ /*==== Variables used across all modules ======*/ locals { production_availability_zones = ["us-east-1a", "us-east-1b"] } provider "aws" { region = "${var.region}" #profile = "duduribeiro" } resource "aws_key_pair" "key" { key_name = "production_key" public_key = "${file("production_key.pub")}" } module "networking" { source = "./modules/networking" environment = "production" vpc_cidr = "10.0.0.0/16" public_subnets_cidr = ["10.0.1.0/24", "10.0.2.0/24"] private_subnets_cidr = ["10.0.10.0/24", "10.0.20.0/24"] region = "${var.region}" availability_zones = "${local.production_availability_zones}" key_name = "production_key" } module "rds" { source = "./modules/rds" environment = "production" allocated_storage = "20" database_name = "${var.production_database_name}" database_username = "${var.production_database_username}" database_password = "${var.production_database_password}" subnet_ids = ["${module.networking.private_subnets_id}"] vpc_id = "${module.networking.vpc_id}" instance_class = "db.t2.micro" } module "ecs" { source = "./modules/ecs" environment = "production" vpc_id = "${module.networking.vpc_id}" availability_zones = "${local.production_availability_zones}" repository_name = "openjobs/production" subnets_ids = ["${module.networking.private_subnets_id}"] public_subnet_ids = ["${module.networking.public_subnets_id}"] security_groups_ids = [ "${module.networking.security_groups_ids}", "${module.rds.db_access_sg_id}" ] database_endpoint = "${module.rds.rds_address}" database_name = "${var.production_database_name}" database_username = "${var.production_database_username}" database_password = "${var.production_database_password}" secret_key_base = "${var.production_secret_key_base}" } ================================================ FILE: production_key.pub ================================================ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDySaHA85axXRL25SMnHV8+DXnsGZMcy+zuQoJURDKZRkpsbo90iZgbugGtIal/6pw8voF/z/7FBJrNaZeo05kTCbqmftnDaKnqj24OlE8p5eIiiht02rXYSKQugDP7eyVK6s8iYOE9z8FhxjsfafgXBOJedhXwZj78WaRZ17P6/vp0+BgRupCWmM9otH4maN6jTHS8A4eYgketfYVk9WDo3Yvq3i+/6KYbFp6nx0kgjpwuR2zz7kRLV/IBSxFEf5TKnrhbj+DV4WFuMQjG2VjGjtnpEw6Lfz4aQ8FsAaHac2k0sbZwuG5NYEL7p+Sgx8uKp/K2CQRoGV7pgkVfj5af production_key ================================================ FILE: route53.tf ================================================ resource "aws_route53_delegation_set" "main" { reference_name = "DynDNS" } resource "aws_route53_zone" "primary_route" { name = "${var.domain}" delegation_set_id = "${aws_route53_delegation_set.main.id}" } resource "aws_route53_record" "www-prod" { zone_id = "${aws_route53_zone.primary_route.id}" name = "www.${var.domain}" type = "A" alias { name = "${module.ecs.alb_dns_name}" zone_id = "${module.ecs.alb_zone_id}" evaluate_target_health = true } } ================================================ FILE: terraform.tfstate ================================================ { "version": 3, "terraform_version": "0.11.2", "serial": 21, "lineage": "5c7c0514-ccd7-4ff8-acfa-da519b567c34", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "aws_key_pair.key": { "type": "aws_key_pair", "depends_on": [], "primary": { "id": "production_key", "attributes": { "fingerprint": "1c:e1:6e:32:51:dc:48:e0:14:5f:b3:fe:73:c6:ff:ef", "id": "production_key", "key_name": "production_key", "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDySaHA85axXRL25SMnHV8+DXnsGZMcy+zuQoJURDKZRkpsbo90iZgbugGtIal/6pw8voF/z/7FBJrNaZeo05kTCbqmftnDaKnqj24OlE8p5eIiiht02rXYSKQugDP7eyVK6s8iYOE9z8FhxjsfafgXBOJedhXwZj78WaRZ17P6/vp0+BgRupCWmM9otH4maN6jTHS8A4eYgketfYVk9WDo3Yvq3i+/6KYbFp6nx0kgjpwuR2zz7kRLV/IBSxFEf5TKnrhbj+DV4WFuMQjG2VjGjtnpEw6Lfz4aQ8FsAaHac2k0sbZwuG5NYEL7p+Sgx8uKp/K2CQRoGV7pgkVfj5af production_key" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_delegation_set.main": { "type": "aws_route53_delegation_set", "depends_on": [], "primary": { "id": "N1RI8P0VVZSY5D", "attributes": { "id": "N1RI8P0VVZSY5D", "name_servers.#": "4", "name_servers.0": "ns-1524.awsdns-62.org", "name_servers.1": "ns-2002.awsdns-58.co.uk", "name_servers.2": "ns-500.awsdns-62.com", "name_servers.3": "ns-563.awsdns-06.net", "reference_name": "DynDNS" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_record.www-prod": { "type": "aws_route53_record", "depends_on": [ "aws_route53_zone.primary_route", "module.ecs" ], "primary": { "id": "Z2DB0BHE7U5H9Y_www.ecsfargateexample.tk_A", "attributes": { "alias.#": "1", "alias.2656789336.evaluate_target_health": "true", "alias.2656789336.name": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com", "alias.2656789336.zone_id": "Z35SXDOTRQ7X7K", "fqdn": "www.ecsfargateexample.tk", "health_check_id": "", "id": "Z2DB0BHE7U5H9Y_www.ecsfargateexample.tk_A", "name": "www.ecsfargateexample.tk", "records.#": "0", "set_identifier": "", "ttl": "0", "type": "A", "zone_id": "Z2DB0BHE7U5H9Y" }, "meta": { "schema_version": "2" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_zone.primary_route": { "type": "aws_route53_zone", "depends_on": [ "aws_route53_delegation_set.main" ], "primary": { "id": "Z2DB0BHE7U5H9Y", "attributes": { "comment": "Managed by Terraform", "delegation_set_id": "N1RI8P0VVZSY5D", "force_destroy": "false", "id": "Z2DB0BHE7U5H9Y", "name": "ecsfargateexample.tk", "name_servers.#": "4", "name_servers.0": "ns-1524.awsdns-62.org", "name_servers.1": "ns-2002.awsdns-58.co.uk", "name_servers.2": "ns-500.awsdns-62.com", "name_servers.3": "ns-563.awsdns-06.net", "tags.%": "0", "zone_id": "Z2DB0BHE7U5H9Y" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] }, { "path": [ "root", "code_pipeline" ], "outputs": {}, "resources": { "aws_codebuild_project.openjobs_build": { "type": "aws_codebuild_project", "depends_on": [ "aws_iam_role.codebuild_role", "data.template_file.buildspec" ], "primary": { "id": "arn:aws:codebuild:us-east-1:757895497645:project/openjobs-codebuild", "attributes": { "artifacts.#": "1", "artifacts.2731293239.location": "", "artifacts.2731293239.name": "openjobs-codebuild", "artifacts.2731293239.namespace_type": "", "artifacts.2731293239.packaging": "NONE", "artifacts.2731293239.path": "", "artifacts.2731293239.type": "CODEPIPELINE", "build_timeout": "10", "description": "", "encryption_key": "arn:aws:kms:us-east-1:757895497645:alias/aws/s3", "environment.#": "1", "environment.2882962266.compute_type": "BUILD_GENERAL1_SMALL", "environment.2882962266.environment_variable.#": "0", "environment.2882962266.image": "aws/codebuild/docker:1.12.1", "environment.2882962266.privileged_mode": "true", "environment.2882962266.type": "LINUX_CONTAINER", "id": "arn:aws:codebuild:us-east-1:757895497645:project/openjobs-codebuild", "name": "openjobs-codebuild", "service_role": "arn:aws:iam::757895497645:role/codebuild-role", "source.#": "1", "source.3557349668.auth.#": "0", "source.3557349668.buildspec": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region us-east-1 --no-include-email)\n - REPOSITORY_URI=757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster production-ecs-cluster --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[subnet-de3444f1],securityGroups=[sg-2b37fd5c,sg-34438943,sg-ab4983dc]}\"\nartifacts:\n files: imagedefinitions.json\n", "source.3557349668.location": "", "source.3557349668.type": "CODEPIPELINE", "tags.%": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_codepipeline.pipeline": { "type": "aws_codepipeline", "depends_on": [ "aws_iam_role.codepipeline_role", "aws_s3_bucket.source" ], "primary": { "id": "openjobs-pipeline", "attributes": { "arn": "arn:aws:codepipeline:us-east-1:757895497645:openjobs-pipeline", "artifact_store.#": "1", "artifact_store.0.encryption_key.#": "0", "artifact_store.0.location": "openjobs-experiment-source", "artifact_store.0.type": "S3", "id": "openjobs-pipeline", "name": "openjobs-pipeline", "role_arn": "arn:aws:iam::757895497645:role/codepipeline-role", "stage.#": "3", "stage.0.action.#": "1", "stage.0.action.0.category": "Source", "stage.0.action.0.configuration.%": "3", "stage.0.action.0.configuration.Branch": "master", "stage.0.action.0.configuration.Owner": "duduribeiro", "stage.0.action.0.configuration.Repo": "openjobs_experiment", "stage.0.action.0.input_artifacts.#": "0", "stage.0.action.0.name": "Source", "stage.0.action.0.output_artifacts.#": "1", "stage.0.action.0.output_artifacts.0": "source", "stage.0.action.0.owner": "ThirdParty", "stage.0.action.0.provider": "GitHub", "stage.0.action.0.role_arn": "", "stage.0.action.0.run_order": "1", "stage.0.action.0.version": "1", "stage.0.name": "Source", "stage.1.action.#": "1", "stage.1.action.0.category": "Build", "stage.1.action.0.configuration.%": "1", "stage.1.action.0.configuration.ProjectName": "openjobs-codebuild", "stage.1.action.0.input_artifacts.#": "1", "stage.1.action.0.input_artifacts.0": "source", "stage.1.action.0.name": "Build", "stage.1.action.0.output_artifacts.#": "1", "stage.1.action.0.output_artifacts.0": "imagedefinitions", "stage.1.action.0.owner": "AWS", "stage.1.action.0.provider": "CodeBuild", "stage.1.action.0.role_arn": "", "stage.1.action.0.run_order": "1", "stage.1.action.0.version": "1", "stage.1.name": "Build", "stage.2.action.#": "1", "stage.2.action.0.category": "Deploy", "stage.2.action.0.configuration.%": "3", "stage.2.action.0.configuration.ClusterName": "production-ecs-cluster", "stage.2.action.0.configuration.FileName": "imagedefinitions.json", "stage.2.action.0.configuration.ServiceName": "production-web", "stage.2.action.0.input_artifacts.#": "1", "stage.2.action.0.input_artifacts.0": "imagedefinitions", "stage.2.action.0.name": "Deploy", "stage.2.action.0.output_artifacts.#": "0", "stage.2.action.0.owner": "AWS", "stage.2.action.0.provider": "ECS", "stage.2.action.0.role_arn": "", "stage.2.action.0.run_order": "1", "stage.2.action.0.version": "1", "stage.2.name": "Production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.codebuild_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "codebuild-role", "attributes": { "arn": "arn:aws:iam::757895497645:role/codebuild-role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "codebuild-role", "name": "codebuild-role", "path": "/", "unique_id": "AROAICHAQ5FCSUYX4VXQK" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.codepipeline_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "codepipeline-role", "attributes": { "arn": "arn:aws:iam::757895497645:role/codepipeline-role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codepipeline.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "codepipeline-role", "name": "codepipeline-role", "path": "/", "unique_id": "AROAJHWRJMZIPIHK55V3Y" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.codebuild_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.codebuild_role", "data.template_file.codebuild_policy" ], "primary": { "id": "codebuild-role:codebuild-policy", "attributes": { "id": "codebuild-role:codebuild-policy", "name": "codebuild-policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n }\n ]\n}\n", "role": "codebuild-role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.codepipeline_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.codepipeline_role", "data.template_file.codepipeline_policy" ], "primary": { "id": "codepipeline-role:codepipeline_policy", "attributes": { "id": "codepipeline-role:codepipeline_policy", "name": "codepipeline_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "role": "codepipeline-role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_s3_bucket.source": { "type": "aws_s3_bucket", "depends_on": [], "primary": { "id": "openjobs-experiment-source", "attributes": { "acceleration_status": "", "acl": "private", "arn": "arn:aws:s3:::openjobs-experiment-source", "bucket": "openjobs-experiment-source", "bucket_domain_name": "openjobs-experiment-source.s3.amazonaws.com", "force_destroy": "true", "hosted_zone_id": "Z3AQBSTGFYJSTF", "id": "openjobs-experiment-source", "logging.#": "0", "region": "us-east-1", "request_payer": "BucketOwner", "server_side_encryption_configuration.#": "0", "tags.%": "0", "versioning.#": "1", "versioning.0.enabled": "false", "versioning.0.mfa_delete": "false", "website.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.template_file.buildspec": { "type": "template_file", "depends_on": [], "primary": { "id": "d42f4c5493b812443f2200de49114c35d2cd547ba38c7d33c885e7b0debfa518", "attributes": { "id": "d42f4c5493b812443f2200de49114c35d2cd547ba38c7d33c885e7b0debfa518", "rendered": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region us-east-1 --no-include-email)\n - REPOSITORY_URI=757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster production-ecs-cluster --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[subnet-de3444f1],securityGroups=[sg-2b37fd5c,sg-34438943,sg-ab4983dc]}\"\nartifacts:\n files: imagedefinitions.json\n", "template": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region ${region} --no-include-email)\n - REPOSITORY_URI=${repository_url}\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster ${cluster_name} --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[${subnet_id}],securityGroups=[${security_group_ids}]}\"\nartifacts:\n files: imagedefinitions.json\n", "vars.%": "5", "vars.cluster_name": "production-ecs-cluster", "vars.region": "us-east-1", "vars.repository_url": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.security_group_ids": "sg-2b37fd5c,sg-34438943,sg-ab4983dc", "vars.subnet_id": "subnet-de3444f1" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.codebuild_policy": { "type": "template_file", "depends_on": [ "aws_s3_bucket.source" ], "primary": { "id": "4c055009a1c510d22095df9aa79e4ae22ef6052f6fd5a4b27335c19c815dfc63", "attributes": { "id": "4c055009a1c510d22095df9aa79e4ae22ef6052f6fd5a4b27335c19c815dfc63", "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n }\n ]\n}\n", "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${aws_s3_bucket_arn}\",\n \"${aws_s3_bucket_arn}/*\"\n ]\n }\n ]\n}\n", "vars.%": "1", "vars.aws_s3_bucket_arn": "arn:aws:s3:::openjobs-experiment-source" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.codepipeline_policy": { "type": "template_file", "depends_on": [ "aws_s3_bucket.source" ], "primary": { "id": "ab9ecdafdd89d3679ee56bbe11c6c8dbd04026580dc57ff1987a66c5b4e69fa6", "attributes": { "id": "ab9ecdafdd89d3679ee56bbe11c6c8dbd04026580dc57ff1987a66c5b4e69fa6", "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${aws_s3_bucket_arn}\",\n \"${aws_s3_bucket_arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "vars.%": "1", "vars.aws_s3_bucket_arn": "arn:aws:s3:::openjobs-experiment-source" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" } }, "depends_on": [] }, { "path": [ "root", "ecs" ], "outputs": { "alb_dns_name": { "sensitive": false, "type": "string", "value": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com" }, "alb_zone_id": { "sensitive": false, "type": "string", "value": "Z35SXDOTRQ7X7K" }, "cluster_name": { "sensitive": false, "type": "string", "value": "production-ecs-cluster" }, "repository_url": { "sensitive": false, "type": "string", "value": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production" }, "security_group_id": { "sensitive": false, "type": "string", "value": "sg-ab4983dc" }, "service_name": { "sensitive": false, "type": "string", "value": "production-web" } }, "resources": { "aws_alb.alb_openjobs": { "type": "aws_alb", "depends_on": [ "aws_security_group.web_inbound_sg" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "attributes": { "access_logs.#": "0", "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "arn_suffix": "app/production-alb-openjobs/e05233787da23cb4", "dns_name": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com", "enable_deletion_protection": "false", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "idle_timeout": "60", "internal": "false", "ip_address_type": "ipv4", "load_balancer_type": "application", "name": "production-alb-openjobs", "security_groups.#": "3", "security_groups.2014916961": "sg-34438943", "security_groups.569761485": "sg-2b37fd5c", "security_groups.796629976": "sg-9c36fceb", "subnets.#": "2", "subnets.1535720245": "subnet-6537474a", "subnets.2382224226": "subnet-08774e43", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-alb-openjobs", "vpc_id": "vpc-32041f4a", "zone_id": "Z35SXDOTRQ7X7K" }, "meta": { "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": { "create": 600000000000, "delete": 600000000000, "update": 600000000000 } }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_alb_listener.openjobs": { "type": "aws_alb_listener", "depends_on": [ "aws_alb.alb_openjobs", "aws_alb_target_group.alb_target_group" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "attributes": { "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "default_action.#": "1", "default_action.0.target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "default_action.0.type": "forward", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "load_balancer_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "port": "80", "protocol": "HTTP", "ssl_policy": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_alb_target_group.alb_target_group": { "type": "aws_alb_target_group", "depends_on": [ "random_id.target_group_sufix" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "attributes": { "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "arn_suffix": "targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "deregistration_delay": "300", "health_check.#": "1", "health_check.0.healthy_threshold": "5", "health_check.0.interval": "30", "health_check.0.matcher": "200", "health_check.0.path": "/", "health_check.0.port": "traffic-port", "health_check.0.protocol": "HTTP", "health_check.0.timeout": "5", "health_check.0.unhealthy_threshold": "2", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "name": "production-alb-target-group-f14c", "port": "80", "protocol": "HTTP", "stickiness.#": "1", "stickiness.0.cookie_duration": "86400", "stickiness.0.enabled": "false", "stickiness.0.type": "lb_cookie", "tags.%": "0", "target_type": "ip", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_policy.down": { "type": "aws_appautoscaling_policy", "depends_on": [ "aws_appautoscaling_target.target", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_scale_down", "attributes": { "alarms.#": "0", "arn": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_down", "id": "production_scale_down", "name": "production_scale_down", "policy_type": "StepScaling", "resource_id": "service/production-ecs-cluster/production-web", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs", "step_scaling_policy_configuration.#": "1", "step_scaling_policy_configuration.0.adjustment_type": "ChangeInCapacity", "step_scaling_policy_configuration.0.cooldown": "60", "step_scaling_policy_configuration.0.metric_aggregation_type": "Maximum", "step_scaling_policy_configuration.0.min_adjustment_magnitude": "0", "step_scaling_policy_configuration.0.step_adjustment.#": "1", "step_scaling_policy_configuration.0.step_adjustment.1330763481.metric_interval_lower_bound": "0", "step_scaling_policy_configuration.0.step_adjustment.1330763481.metric_interval_upper_bound": "-1", "step_scaling_policy_configuration.0.step_adjustment.1330763481.scaling_adjustment": "-1", "target_tracking_scaling_policy_configuration.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_policy.up": { "type": "aws_appautoscaling_policy", "depends_on": [ "aws_appautoscaling_target.target", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_scale_up", "attributes": { "alarms.#": "0", "arn": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_up", "id": "production_scale_up", "name": "production_scale_up", "policy_type": "StepScaling", "resource_id": "service/production-ecs-cluster/production-web", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs", "step_scaling_policy_configuration.#": "1", "step_scaling_policy_configuration.0.adjustment_type": "ChangeInCapacity", "step_scaling_policy_configuration.0.cooldown": "60", "step_scaling_policy_configuration.0.metric_aggregation_type": "Maximum", "step_scaling_policy_configuration.0.min_adjustment_magnitude": "0", "step_scaling_policy_configuration.0.step_adjustment.#": "1", "step_scaling_policy_configuration.0.step_adjustment.2280411133.metric_interval_lower_bound": "0", "step_scaling_policy_configuration.0.step_adjustment.2280411133.metric_interval_upper_bound": "-1", "step_scaling_policy_configuration.0.step_adjustment.2280411133.scaling_adjustment": "1", "target_tracking_scaling_policy_configuration.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_target.target": { "type": "aws_appautoscaling_target", "depends_on": [ "aws_ecs_cluster.cluster", "aws_ecs_service.web", "aws_iam_role.ecs_autoscale_role" ], "primary": { "id": "service/production-ecs-cluster/production-web", "attributes": { "id": "service/production-ecs-cluster/production-web", "max_capacity": "4", "min_capacity": "2", "resource_id": "service/production-ecs-cluster/production-web", "role_arn": "arn:aws:iam::757895497645:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_cloudwatch_log_group.openjobs": { "type": "aws_cloudwatch_log_group", "depends_on": [], "primary": { "id": "openjobs", "attributes": { "arn": "arn:aws:logs:us-east-1:757895497645:log-group:openjobs:*", "id": "openjobs", "kms_key_id": "", "name": "openjobs", "retention_in_days": "0", "tags.%": "2", "tags.Application": "OpenJobs", "tags.Environment": "production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_cloudwatch_metric_alarm.service_cpu_high": { "type": "aws_cloudwatch_metric_alarm", "depends_on": [ "aws_appautoscaling_policy.down", "aws_appautoscaling_policy.up", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_openjobs_web_cpu_utilization_high", "attributes": { "actions_enabled": "true", "alarm_actions.#": "1", "alarm_actions.2876257399": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_up", "alarm_description": "", "alarm_name": "production_openjobs_web_cpu_utilization_high", "comparison_operator": "GreaterThanOrEqualToThreshold", "datapoints_to_alarm": "0", "dimensions.%": "2", "dimensions.ClusterName": "production-ecs-cluster", "dimensions.ServiceName": "production-web", "evaluate_low_sample_count_percentiles": "", "evaluation_periods": "2", "extended_statistic": "", "id": "production_openjobs_web_cpu_utilization_high", "insufficient_data_actions.#": "0", "metric_name": "CPUUtilization", "namespace": "AWS/ECS", "ok_actions.#": "1", "ok_actions.901305810": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_down", "period": "60", "statistic": "Maximum", "threshold": "85", "treat_missing_data": "missing", "unit": "" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecr_repository.openjobs_app": { "type": "aws_ecr_repository", "depends_on": [], "primary": { "id": "openjobs/production", "attributes": { "arn": "arn:aws:ecr:us-east-1:757895497645:repository/openjobs/production", "id": "openjobs/production", "name": "openjobs/production", "registry_id": "757895497645", "repository_url": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_cluster.cluster": { "type": "aws_ecs_cluster", "depends_on": [], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "id": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "name": "production-ecs-cluster" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_service.web": { "type": "aws_ecs_service", "depends_on": [ "aws_alb_target_group.alb_target_group", "aws_ecs_cluster.cluster", "aws_ecs_task_definition.web", "aws_iam_role_policy.ecs_service_role_policy", "aws_security_group.ecs_service", "data.aws_ecs_task_definition.web" ], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:service/production-web", "attributes": { "cluster": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "deployment_maximum_percent": "200", "deployment_minimum_healthy_percent": "100", "desired_count": "2", "health_check_grace_period_seconds": "0", "iam_role": "aws-service-role", "id": "arn:aws:ecs:us-east-1:757895497645:service/production-web", "launch_type": "FARGATE", "load_balancer.#": "1", "load_balancer.3261201814.container_name": "web", "load_balancer.3261201814.container_port": "80", "load_balancer.3261201814.elb_name": "", "load_balancer.3261201814.target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "name": "production-web", "network_configuration.#": "1", "network_configuration.0.security_groups.#": "3", "network_configuration.0.security_groups.2014916961": "sg-34438943", "network_configuration.0.security_groups.3119024256": "sg-ab4983dc", "network_configuration.0.security_groups.569761485": "sg-2b37fd5c", "network_configuration.0.subnets.#": "2", "network_configuration.0.subnets.3113454962": "subnet-30625b7b", "network_configuration.0.subnets.3378482322": "subnet-de3444f1", "placement_constraints.#": "0", "placement_strategy.#": "0", "task_definition": "production_web:18" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_task_definition.db_migrate": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_iam_role.ecs_execution_role", "data.template_file.db_migrate_task" ], "primary": { "id": "production_db_migrate", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_db_migrate:3", "container_definitions": "[{\"command\":[\"bundle\",\"exec\",\"rake\",\"db:migrate\"],\"cpu\":0,\"environment\":[{\"name\":\"RAILS_LOG_TO_STDOUT\",\"value\":\"true\"},{\"name\":\"RAILS_ENV\",\"value\":\"production\"},{\"name\":\"DATABASE_URL\",\"value\":\"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"},{\"name\":\"SECRET_KEY_BASE\",\"value\":\"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"}],\"essential\":true,\"image\":\"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"openjobs\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"db_migrate\"}},\"memory\":300,\"mountPoints\":[],\"name\":\"db-migrate\",\"portMappings\":[],\"volumesFrom\":[]}]", "cpu": "256", "execution_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "family": "production_db_migrate", "id": "production_db_migrate", "memory": "512", "network_mode": "awsvpc", "placement_constraints.#": "0", "requires_compatibilities.#": "1", "requires_compatibilities.3072437307": "FARGATE", "revision": "3", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_task_definition.web": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_ecs_task_definition.web" ], "primary": { "id": "production_web", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:15", "container_definitions": "[{\"cpu\":0,\"environment\":[{\"name\":\"RAILS_LOG_TO_STDOUT\",\"value\":\"true\"},{\"name\":\"RAILS_ENV\",\"value\":\"production\"},{\"name\":\"RAILS_SERVE_STATIC_FILES\",\"value\":\"true\"},{\"name\":\"DATABASE_URL\",\"value\":\"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"},{\"name\":\"PORT\",\"value\":\"80\"},{\"name\":\"SECRET_KEY_BASE\",\"value\":\"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"}],\"essential\":true,\"image\":\"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"openjobs\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"web\"}},\"memory\":300,\"mountPoints\":[],\"name\":\"web\",\"portMappings\":[{\"containerPort\":80,\"hostPort\":80,\"protocol\":\"tcp\"}],\"volumesFrom\":[]}]", "cpu": "256", "execution_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "family": "production_web", "id": "production_web", "memory": "512", "network_mode": "awsvpc", "placement_constraints.#": "0", "requires_compatibilities.#": "1", "requires_compatibilities.3072437307": "FARGATE", "revision": "15", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_autoscale_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "production_ecs_autoscale_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/production_ecs_autoscale_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"application-autoscaling.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "production_ecs_autoscale_role", "name": "production_ecs_autoscale_role", "path": "/", "unique_id": "AROAJVPUE3QI2CNQV4IDS" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_execution_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "ecs_task_execution_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "ecs_task_execution_role", "name": "ecs_task_execution_role", "path": "/", "unique_id": "AROAICQO62AXRIGA7AA4K" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_role": { "type": "aws_iam_role", "depends_on": [ "data.aws_iam_policy_document.ecs_service_role" ], "primary": { "id": "ecs_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/ecs_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "ecs_role", "name": "ecs_role", "path": "/", "unique_id": "AROAIVPNQJFMXVLEUPUAE" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_autoscale_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_autoscale_role" ], "primary": { "id": "production_ecs_autoscale_role:ecs_autoscale_role_policy", "attributes": { "id": "production_ecs_autoscale_role:ecs_autoscale_role_policy", "name": "ecs_autoscale_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecs:DescribeServices\",\n \"ecs:UpdateService\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudwatch:DescribeAlarms\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n", "role": "production_ecs_autoscale_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_execution_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_execution_role" ], "primary": { "id": "ecs_task_execution_role:ecs_execution_role_policy", "attributes": { "id": "ecs_task_execution_role:ecs_execution_role_policy", "name": "ecs_execution_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:GetAuthorizationToken\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n", "role": "ecs_task_execution_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_service_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_role", "data.aws_iam_policy_document.ecs_service_policy" ], "primary": { "id": "ecs_role:ecs_service_role_policy", "attributes": { "id": "ecs_role:ecs_service_role_policy", "name": "ecs_service_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\n \"elasticloadbalancing:Describe*\",\n \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\n \"ec2:Describe*\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", "role": "ecs_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.ecs_service": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-ab4983dc", "attributes": { "description": "Allow egress from container", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-ab4983dc", "ingress.#": "1", "ingress.3068409405.cidr_blocks.#": "1", "ingress.3068409405.cidr_blocks.0": "0.0.0.0/0", "ingress.3068409405.description": "", "ingress.3068409405.from_port": "8", "ingress.3068409405.ipv6_cidr_blocks.#": "0", "ingress.3068409405.protocol": "icmp", "ingress.3068409405.security_groups.#": "0", "ingress.3068409405.self": "false", "ingress.3068409405.to_port": "0", "name": "production-ecs-service-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-ecs-service-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.web_inbound_sg": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-9c36fceb", "attributes": { "description": "Allow HTTP from Anywhere into ALB", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-9c36fceb", "ingress.#": "2", "ingress.2214680975.cidr_blocks.#": "1", "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0", "ingress.2214680975.description": "", "ingress.2214680975.from_port": "80", "ingress.2214680975.ipv6_cidr_blocks.#": "0", "ingress.2214680975.protocol": "tcp", "ingress.2214680975.security_groups.#": "0", "ingress.2214680975.self": "false", "ingress.2214680975.to_port": "80", "ingress.3068409405.cidr_blocks.#": "1", "ingress.3068409405.cidr_blocks.0": "0.0.0.0/0", "ingress.3068409405.description": "", "ingress.3068409405.from_port": "8", "ingress.3068409405.ipv6_cidr_blocks.#": "0", "ingress.3068409405.protocol": "icmp", "ingress.3068409405.security_groups.#": "0", "ingress.3068409405.self": "false", "ingress.3068409405.to_port": "0", "name": "production-web-inbound-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "1", "tags.Name": "production-web-inbound-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_ecs_task_definition.web": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_ecs_task_definition.web" ], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:18", "attributes": { "family": "production_web", "id": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:18", "network_mode": "awsvpc", "revision": "18", "status": "ACTIVE", "task_definition": "production_web", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_iam_policy_document.ecs_service_policy": { "type": "aws_iam_policy_document", "depends_on": [], "primary": { "id": "3615693260", "attributes": { "id": "3615693260", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\n \"elasticloadbalancing:Describe*\",\n \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\n \"ec2:Describe*\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", "statement.#": "1", "statement.0.actions.#": "5", "statement.0.actions.2459212947": "ec2:Describe*", "statement.0.actions.2464853358": "ec2:AuthorizeSecurityGroupIngress", "statement.0.actions.2706807274": "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "statement.0.actions.2747799858": "elasticloadbalancing:Describe*", "statement.0.actions.982461153": "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "statement.0.condition.#": "0", "statement.0.effect": "Allow", "statement.0.not_actions.#": "0", "statement.0.not_principals.#": "0", "statement.0.not_resources.#": "0", "statement.0.principals.#": "0", "statement.0.resources.#": "1", "statement.0.resources.2679715827": "*", "statement.0.sid": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_iam_policy_document.ecs_service_role": { "type": "aws_iam_policy_document", "depends_on": [], "primary": { "id": "3622649364", "attributes": { "id": "3622649364", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ecs.amazonaws.com\"\n }\n }\n ]\n}", "statement.#": "1", "statement.0.actions.#": "1", "statement.0.actions.2528466339": "sts:AssumeRole", "statement.0.condition.#": "0", "statement.0.effect": "Allow", "statement.0.not_actions.#": "0", "statement.0.not_principals.#": "0", "statement.0.not_resources.#": "0", "statement.0.principals.#": "1", "statement.0.principals.1113412664.identifiers.#": "1", "statement.0.principals.1113412664.identifiers.1509832800": "ecs.amazonaws.com", "statement.0.principals.1113412664.type": "Service", "statement.0.resources.#": "0", "statement.0.sid": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.template_file.db_migrate_task": { "type": "template_file", "depends_on": [ "aws_ecr_repository.openjobs_app" ], "primary": { "id": "9f8dc05fb135a66b81d1a71719cc13472331e59cb17a7ffc53e4369a00a5d974", "attributes": { "id": "9f8dc05fb135a66b81d1a71719cc13472331e59cb17a7ffc53e4369a00a5d974", "rendered": "[\n {\n \"name\": \"db-migrate\",\n \"image\": \"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\n \"command\": [\"bundle\", \"exec\", \"rake\", \"db:migrate\"],\n \"memory\": 300,\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"openjobs\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"db_migrate\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n }\n ]\n }\n]\n", "template": "[\n {\n \"name\": \"db-migrate\",\n \"image\": \"${image}\",\n \"command\": [\"bundle\", \"exec\", \"rake\", \"db:migrate\"],\n \"memory\": 300,\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"${log_group}\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"db_migrate\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"${database_url}\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"${secret_key_base}\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n }\n ]\n }\n]\n", "vars.%": "4", "vars.database_url": "postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40", "vars.image": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.log_group": "openjobs", "vars.secret_key_base": "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.web_task": { "type": "template_file", "depends_on": [ "aws_cloudwatch_log_group.openjobs", "aws_ecr_repository.openjobs_app" ], "primary": { "id": "73682dd0b9de61124ffb2871c60782725d5be54498ef1b502df4c39d4463ab49", "attributes": { "id": "73682dd0b9de61124ffb2871c60782725d5be54498ef1b502df4c39d4463ab49", "rendered": "[\n {\n \"name\": \"web\",\n \"image\": \"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\n \"portMappings\": [\n {\n \"containerPort\": 80,\n \"hostPort\": 80\n }\n ],\n \"memory\": 300,\n \"networkMode\": \"awsvpc\",\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"openjobs\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"web\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"\n },\n {\n \"name\": \"PORT\",\n \"value\": \"80\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n },\n {\n \"name\": \"RAILS_SERVE_STATIC_FILES\",\n \"value\": \"true\"\n }\n ]\n }\n]\n\n", "template": "[\n {\n \"name\": \"web\",\n \"image\": \"${image}\",\n \"portMappings\": [\n {\n \"containerPort\": 80,\n \"hostPort\": 80\n }\n ],\n \"memory\": 300,\n \"networkMode\": \"awsvpc\",\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"${log_group}\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"web\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"${database_url}\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"${secret_key_base}\"\n },\n {\n \"name\": \"PORT\",\n \"value\": \"80\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n },\n {\n \"name\": \"RAILS_SERVE_STATIC_FILES\",\n \"value\": \"true\"\n }\n ]\n }\n]\n\n", "vars.%": "4", "vars.database_url": "postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40", "vars.image": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.log_group": "openjobs", "vars.secret_key_base": "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "random_id.target_group_sufix": { "type": "random_id", "depends_on": [], "primary": { "id": "8Uw", "attributes": { "b64": "8Uw", "b64_std": "8Uw=", "b64_url": "8Uw", "byte_length": "2", "dec": "61772", "hex": "f14c", "id": "8Uw" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.random" } }, "depends_on": [] }, { "path": [ "root", "networking" ], "outputs": { "default_sg_id": { "sensitive": false, "type": "string", "value": "sg-34438943" }, "private_subnets_id": { "sensitive": false, "type": "list", "value": [ "subnet-de3444f1", "subnet-30625b7b" ] }, "public_subnets_id": { "sensitive": false, "type": "list", "value": [ "subnet-6537474a", "subnet-08774e43" ] }, "security_groups_ids": { "sensitive": false, "type": "list", "value": [ "sg-34438943" ] }, "vpc_id": { "sensitive": false, "type": "string", "value": "vpc-32041f4a" } }, "resources": { "aws_eip.nat_eip": { "type": "aws_eip", "depends_on": [ "aws_internet_gateway.ig" ], "primary": { "id": "eipalloc-098c613f", "attributes": { "association_id": "eipassoc-eed306e5", "domain": "vpc", "id": "eipalloc-098c613f", "instance": "", "network_interface": "eni-8bf61c46", "private_ip": "10.0.1.128", "public_ip": "34.193.75.40", "tags.%": "0", "vpc": "true" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_internet_gateway.ig": { "type": "aws_internet_gateway", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "igw-1a373e63", "attributes": { "id": "igw-1a373e63", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-igw", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_nat_gateway.nat": { "type": "aws_nat_gateway", "depends_on": [ "aws_eip.nat_eip", "aws_internet_gateway.ig", "aws_subnet.public_subnet.*" ], "primary": { "id": "nat-0000beab268c3255b", "attributes": { "allocation_id": "eipalloc-098c613f", "id": "nat-0000beab268c3255b", "network_interface_id": "eni-8bf61c46", "private_ip": "10.0.1.128", "public_ip": "34.193.75.40", "subnet_id": "subnet-6537474a", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-nat" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route.private_nat_gateway": { "type": "aws_route", "depends_on": [ "aws_nat_gateway.nat", "aws_route_table.private" ], "primary": { "id": "r-rtb-6fc4f8121080289494", "attributes": { "destination_cidr_block": "0.0.0.0/0", "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", "id": "r-rtb-6fc4f8121080289494", "instance_id": "", "instance_owner_id": "", "nat_gateway_id": "nat-0000beab268c3255b", "network_interface_id": "", "origin": "CreateRoute", "route_table_id": "rtb-6fc4f812", "state": "active", "vpc_peering_connection_id": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route.public_internet_gateway": { "type": "aws_route", "depends_on": [ "aws_internet_gateway.ig", "aws_route_table.public" ], "primary": { "id": "r-rtb-8cccf0f11080289494", "attributes": { "destination_cidr_block": "0.0.0.0/0", "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "igw-1a373e63", "id": "r-rtb-8cccf0f11080289494", "instance_id": "", "instance_owner_id": "", "nat_gateway_id": "", "network_interface_id": "", "origin": "CreateRoute", "route_table_id": "rtb-8cccf0f1", "state": "active", "vpc_peering_connection_id": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table.private": { "type": "aws_route_table", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "rtb-6fc4f812", "attributes": { "id": "rtb-6fc4f812", "propagating_vgws.#": "0", "route.#": "1", "route.4236193873.cidr_block": "0.0.0.0/0", "route.4236193873.egress_only_gateway_id": "", "route.4236193873.gateway_id": "", "route.4236193873.instance_id": "", "route.4236193873.ipv6_cidr_block": "", "route.4236193873.nat_gateway_id": "nat-0000beab268c3255b", "route.4236193873.network_interface_id": "", "route.4236193873.vpc_peering_connection_id": "", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-private-route-table", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table.public": { "type": "aws_route_table", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "rtb-8cccf0f1", "attributes": { "id": "rtb-8cccf0f1", "propagating_vgws.#": "0", "route.#": "1", "route.1381113949.cidr_block": "0.0.0.0/0", "route.1381113949.egress_only_gateway_id": "", "route.1381113949.gateway_id": "igw-1a373e63", "route.1381113949.instance_id": "", "route.1381113949.ipv6_cidr_block": "", "route.1381113949.nat_gateway_id": "", "route.1381113949.network_interface_id": "", "route.1381113949.vpc_peering_connection_id": "", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-public-route-table", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.private.0": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.private", "aws_subnet.private_subnet.*" ], "primary": { "id": "rtbassoc-f2ef6e8e", "attributes": { "id": "rtbassoc-f2ef6e8e", "route_table_id": "rtb-6fc4f812", "subnet_id": "subnet-de3444f1" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.private.1": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.private", "aws_subnet.private_subnet.*" ], "primary": { "id": "rtbassoc-78ec6d04", "attributes": { "id": "rtbassoc-78ec6d04", "route_table_id": "rtb-6fc4f812", "subnet_id": "subnet-30625b7b" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.public.0": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.public", "aws_subnet.public_subnet.*" ], "primary": { "id": "rtbassoc-ebed6c97", "attributes": { "id": "rtbassoc-ebed6c97", "route_table_id": "rtb-8cccf0f1", "subnet_id": "subnet-6537474a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.public.1": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.public", "aws_subnet.public_subnet.*" ], "primary": { "id": "rtbassoc-f0f4758c", "attributes": { "id": "rtbassoc-f0f4758c", "route_table_id": "rtb-8cccf0f1", "subnet_id": "subnet-08774e43" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.default": { "type": "aws_security_group", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "sg-34438943", "attributes": { "description": "Default security group to allow inbound/outbound from the VPC", "egress.#": "1", "egress.753360330.cidr_blocks.#": "0", "egress.753360330.description": "", "egress.753360330.from_port": "0", "egress.753360330.ipv6_cidr_blocks.#": "0", "egress.753360330.prefix_list_ids.#": "0", "egress.753360330.protocol": "-1", "egress.753360330.security_groups.#": "0", "egress.753360330.self": "true", "egress.753360330.to_port": "0", "id": "sg-34438943", "ingress.#": "1", "ingress.753360330.cidr_blocks.#": "0", "ingress.753360330.description": "", "ingress.753360330.from_port": "0", "ingress.753360330.ipv6_cidr_blocks.#": "0", "ingress.753360330.protocol": "-1", "ingress.753360330.security_groups.#": "0", "ingress.753360330.self": "true", "ingress.753360330.to_port": "0", "name": "production-default-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "1", "tags.Environment": "production", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.private_subnet.0": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-de3444f1", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1a", "cidr_block": "10.0.10.0/24", "id": "subnet-de3444f1", "map_public_ip_on_launch": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-private-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.private_subnet.1": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-30625b7b", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1b", "cidr_block": "10.0.20.0/24", "id": "subnet-30625b7b", "map_public_ip_on_launch": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1b-private-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.public_subnet.0": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-6537474a", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1a", "cidr_block": "10.0.1.0/24", "id": "subnet-6537474a", "map_public_ip_on_launch": "true", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-public-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.public_subnet.1": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-08774e43", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1b", "cidr_block": "10.0.2.0/24", "id": "subnet-08774e43", "map_public_ip_on_launch": "true", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1b-public-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_vpc.vpc": { "type": "aws_vpc", "depends_on": [], "primary": { "id": "vpc-32041f4a", "attributes": { "assign_generated_ipv6_cidr_block": "false", "cidr_block": "10.0.0.0/16", "default_network_acl_id": "acl-8280eef9", "default_route_table_id": "rtb-d6bd81ab", "default_security_group_id": "sg-d335ffa4", "dhcp_options_id": "dopt-15849877", "enable_classiclink": "false", "enable_classiclink_dns_support": "false", "enable_dns_hostnames": "true", "enable_dns_support": "true", "id": "vpc-32041f4a", "instance_tenancy": "default", "main_route_table_id": "rtb-d6bd81ab", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-vpc" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] }, { "path": [ "root", "rds" ], "outputs": { "db_access_sg_id": { "sensitive": false, "type": "string", "value": "sg-2b37fd5c" }, "rds_address": { "sensitive": false, "type": "string", "value": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com" } }, "resources": { "aws_db_instance.rds": { "type": "aws_db_instance", "depends_on": [ "aws_db_subnet_group.rds_subnet_group", "aws_security_group.rds_sg" ], "primary": { "id": "production-database", "attributes": { "address": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com", "allocated_storage": "20", "arn": "arn:aws:rds:us-east-1:757895497645:db:production-database", "auto_minor_version_upgrade": "true", "availability_zone": "us-east-1a", "backup_retention_period": "0", "backup_window": "08:37-09:07", "ca_cert_identifier": "rds-ca-2015", "copy_tags_to_snapshot": "false", "db_subnet_group_name": "production-rds-subnet-group", "endpoint": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432", "engine": "postgres", "engine_version": "9.6.6", "hosted_zone_id": "Z2R2ITUGPM61AM", "iam_database_authentication_enabled": "false", "id": "production-database", "identifier": "production-database", "instance_class": "db.t2.micro", "iops": "0", "kms_key_id": "", "license_model": "postgresql-license", "maintenance_window": "sat:04:07-sat:04:37", "monitoring_interval": "0", "multi_az": "false", "name": "openjobs_production", "option_group_name": "default:postgres-9-6", "parameter_group_name": "default.postgres9.6", "password": "myawesomepasswordproduction", "port": "5432", "publicly_accessible": "false", "replicas.#": "0", "replicate_source_db": "", "resource_id": "db-Z2YKHEFX3HMYUCQTU4Q3FC2BGY", "security_group_names.#": "0", "skip_final_snapshot": "true", "snapshot_identifier": "rds-production-snapshot", "status": "available", "storage_encrypted": "false", "storage_type": "standard", "tags.%": "1", "tags.Environment": "production", "timezone": "", "username": "openjobs", "vpc_security_group_ids.#": "1", "vpc_security_group_ids.251623276": "sg-c931fbbe" }, "meta": { "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": { "create": 2400000000000, "delete": 2400000000000, "update": 4800000000000 } }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_db_subnet_group.rds_subnet_group": { "type": "aws_db_subnet_group", "depends_on": [], "primary": { "id": "production-rds-subnet-group", "attributes": { "arn": "arn:aws:rds:us-east-1:757895497645:subgrp:production-rds-subnet-group", "description": "RDS subnet group", "id": "production-rds-subnet-group", "name": "production-rds-subnet-group", "subnet_ids.#": "2", "subnet_ids.3113454962": "subnet-30625b7b", "subnet_ids.3378482322": "subnet-de3444f1", "tags.%": "1", "tags.Environment": "production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.db_access_sg": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-2b37fd5c", "attributes": { "description": "Allow access to RDS", "egress.#": "0", "id": "sg-2b37fd5c", "ingress.#": "0", "name": "production-db-access-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-db-access-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.rds_sg": { "type": "aws_security_group", "depends_on": [ "aws_security_group.db_access_sg" ], "primary": { "id": "sg-c931fbbe", "attributes": { "description": "production Security Group", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-c931fbbe", "ingress.#": "2", "ingress.4257570995.cidr_blocks.#": "0", "ingress.4257570995.description": "", "ingress.4257570995.from_port": "5432", "ingress.4257570995.ipv6_cidr_blocks.#": "0", "ingress.4257570995.protocol": "tcp", "ingress.4257570995.security_groups.#": "1", "ingress.4257570995.security_groups.569761485": "sg-2b37fd5c", "ingress.4257570995.self": "false", "ingress.4257570995.to_port": "5432", "ingress.753360330.cidr_blocks.#": "0", "ingress.753360330.description": "", "ingress.753360330.from_port": "0", "ingress.753360330.ipv6_cidr_blocks.#": "0", "ingress.753360330.protocol": "-1", "ingress.753360330.security_groups.#": "0", "ingress.753360330.self": "true", "ingress.753360330.to_port": "0", "name": "production-rds-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-rds-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] } ] } ================================================ FILE: terraform.tfstate.backup ================================================ { "version": 3, "terraform_version": "0.11.2", "serial": 21, "lineage": "5c7c0514-ccd7-4ff8-acfa-da519b567c34", "modules": [ { "path": [ "root" ], "outputs": {}, "resources": { "aws_key_pair.key": { "type": "aws_key_pair", "depends_on": [], "primary": { "id": "production_key", "attributes": { "fingerprint": "1c:e1:6e:32:51:dc:48:e0:14:5f:b3:fe:73:c6:ff:ef", "id": "production_key", "key_name": "production_key", "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDySaHA85axXRL25SMnHV8+DXnsGZMcy+zuQoJURDKZRkpsbo90iZgbugGtIal/6pw8voF/z/7FBJrNaZeo05kTCbqmftnDaKnqj24OlE8p5eIiiht02rXYSKQugDP7eyVK6s8iYOE9z8FhxjsfafgXBOJedhXwZj78WaRZ17P6/vp0+BgRupCWmM9otH4maN6jTHS8A4eYgketfYVk9WDo3Yvq3i+/6KYbFp6nx0kgjpwuR2zz7kRLV/IBSxFEf5TKnrhbj+DV4WFuMQjG2VjGjtnpEw6Lfz4aQ8FsAaHac2k0sbZwuG5NYEL7p+Sgx8uKp/K2CQRoGV7pgkVfj5af production_key" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_delegation_set.main": { "type": "aws_route53_delegation_set", "depends_on": [], "primary": { "id": "N1RI8P0VVZSY5D", "attributes": { "id": "N1RI8P0VVZSY5D", "name_servers.#": "4", "name_servers.0": "ns-1524.awsdns-62.org", "name_servers.1": "ns-2002.awsdns-58.co.uk", "name_servers.2": "ns-500.awsdns-62.com", "name_servers.3": "ns-563.awsdns-06.net", "reference_name": "DynDNS" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_record.www-prod": { "type": "aws_route53_record", "depends_on": [ "aws_route53_zone.primary_route", "module.ecs" ], "primary": { "id": "Z2DB0BHE7U5H9Y_www.ecsfargateexample.tk_A", "attributes": { "alias.#": "1", "alias.2656789336.evaluate_target_health": "true", "alias.2656789336.name": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com", "alias.2656789336.zone_id": "Z35SXDOTRQ7X7K", "fqdn": "www.ecsfargateexample.tk", "health_check_id": "", "id": "Z2DB0BHE7U5H9Y_www.ecsfargateexample.tk_A", "name": "www.ecsfargateexample.tk", "records.#": "0", "set_identifier": "", "ttl": "0", "type": "A", "zone_id": "Z2DB0BHE7U5H9Y" }, "meta": { "schema_version": "2" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route53_zone.primary_route": { "type": "aws_route53_zone", "depends_on": [ "aws_route53_delegation_set.main" ], "primary": { "id": "Z2DB0BHE7U5H9Y", "attributes": { "comment": "Managed by Terraform", "delegation_set_id": "N1RI8P0VVZSY5D", "force_destroy": "false", "id": "Z2DB0BHE7U5H9Y", "name": "ecsfargateexample.tk", "name_servers.#": "4", "name_servers.0": "ns-1524.awsdns-62.org", "name_servers.1": "ns-2002.awsdns-58.co.uk", "name_servers.2": "ns-500.awsdns-62.com", "name_servers.3": "ns-563.awsdns-06.net", "tags.%": "0", "zone_id": "Z2DB0BHE7U5H9Y" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] }, { "path": [ "root", "code_pipeline" ], "outputs": {}, "resources": { "aws_codebuild_project.openjobs_build": { "type": "aws_codebuild_project", "depends_on": [ "aws_iam_role.codebuild_role", "data.template_file.buildspec" ], "primary": { "id": "arn:aws:codebuild:us-east-1:757895497645:project/openjobs-codebuild", "attributes": { "artifacts.#": "1", "artifacts.2731293239.location": "", "artifacts.2731293239.name": "openjobs-codebuild", "artifacts.2731293239.namespace_type": "", "artifacts.2731293239.packaging": "NONE", "artifacts.2731293239.path": "", "artifacts.2731293239.type": "CODEPIPELINE", "build_timeout": "10", "description": "", "encryption_key": "arn:aws:kms:us-east-1:757895497645:alias/aws/s3", "environment.#": "1", "environment.2882962266.compute_type": "BUILD_GENERAL1_SMALL", "environment.2882962266.environment_variable.#": "0", "environment.2882962266.image": "aws/codebuild/docker:1.12.1", "environment.2882962266.privileged_mode": "true", "environment.2882962266.type": "LINUX_CONTAINER", "id": "arn:aws:codebuild:us-east-1:757895497645:project/openjobs-codebuild", "name": "openjobs-codebuild", "service_role": "arn:aws:iam::757895497645:role/codebuild-role", "source.#": "1", "source.3414224759.auth.#": "0", "source.3414224759.buildspec": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region us-east-1 --no-include-email)\n - REPOSITORY_URI=757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster production-ecs-cluster --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[subnet-de3444f1],securityGroups=[sg-2b37fd5c,sg-34438943]}\"\nartifacts:\n files: imagedefinitions.json\n", "source.3414224759.location": "", "source.3414224759.type": "CODEPIPELINE", "tags.%": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_codepipeline.pipeline": { "type": "aws_codepipeline", "depends_on": [ "aws_iam_role.codepipeline_role", "aws_s3_bucket.source" ], "primary": { "id": "openjobs-pipeline", "attributes": { "arn": "arn:aws:codepipeline:us-east-1:757895497645:openjobs-pipeline", "artifact_store.#": "1", "artifact_store.0.encryption_key.#": "0", "artifact_store.0.location": "openjobs-experiment-source", "artifact_store.0.type": "S3", "id": "openjobs-pipeline", "name": "openjobs-pipeline", "role_arn": "arn:aws:iam::757895497645:role/codepipeline-role", "stage.#": "3", "stage.0.action.#": "1", "stage.0.action.0.category": "Source", "stage.0.action.0.configuration.%": "3", "stage.0.action.0.configuration.Branch": "master", "stage.0.action.0.configuration.Owner": "duduribeiro", "stage.0.action.0.configuration.Repo": "openjobs_experiment", "stage.0.action.0.input_artifacts.#": "0", "stage.0.action.0.name": "Source", "stage.0.action.0.output_artifacts.#": "1", "stage.0.action.0.output_artifacts.0": "source", "stage.0.action.0.owner": "ThirdParty", "stage.0.action.0.provider": "GitHub", "stage.0.action.0.role_arn": "", "stage.0.action.0.run_order": "1", "stage.0.action.0.version": "1", "stage.0.name": "Source", "stage.1.action.#": "1", "stage.1.action.0.category": "Build", "stage.1.action.0.configuration.%": "1", "stage.1.action.0.configuration.ProjectName": "openjobs-codebuild", "stage.1.action.0.input_artifacts.#": "1", "stage.1.action.0.input_artifacts.0": "source", "stage.1.action.0.name": "Build", "stage.1.action.0.output_artifacts.#": "1", "stage.1.action.0.output_artifacts.0": "imagedefinitions", "stage.1.action.0.owner": "AWS", "stage.1.action.0.provider": "CodeBuild", "stage.1.action.0.role_arn": "", "stage.1.action.0.run_order": "1", "stage.1.action.0.version": "1", "stage.1.name": "Build", "stage.2.action.#": "1", "stage.2.action.0.category": "Deploy", "stage.2.action.0.configuration.%": "3", "stage.2.action.0.configuration.ClusterName": "production-ecs-cluster", "stage.2.action.0.configuration.FileName": "imagedefinitions.json", "stage.2.action.0.configuration.ServiceName": "production-web", "stage.2.action.0.input_artifacts.#": "1", "stage.2.action.0.input_artifacts.0": "imagedefinitions", "stage.2.action.0.name": "Deploy", "stage.2.action.0.output_artifacts.#": "0", "stage.2.action.0.owner": "AWS", "stage.2.action.0.provider": "ECS", "stage.2.action.0.role_arn": "", "stage.2.action.0.run_order": "1", "stage.2.action.0.version": "1", "stage.2.name": "Production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.codebuild_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "codebuild-role", "attributes": { "arn": "arn:aws:iam::757895497645:role/codebuild-role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "codebuild-role", "name": "codebuild-role", "path": "/", "unique_id": "AROAICHAQ5FCSUYX4VXQK" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.codepipeline_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "codepipeline-role", "attributes": { "arn": "arn:aws:iam::757895497645:role/codepipeline-role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codepipeline.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "codepipeline-role", "name": "codepipeline-role", "path": "/", "unique_id": "AROAJHWRJMZIPIHK55V3Y" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.codebuild_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.codebuild_role", "data.template_file.codebuild_policy" ], "primary": { "id": "codebuild-role:codebuild-policy", "attributes": { "id": "codebuild-role:codebuild-policy", "name": "codebuild-policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n }\n ]\n}\n", "role": "codebuild-role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.codepipeline_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.codepipeline_role", "data.template_file.codepipeline_policy" ], "primary": { "id": "codepipeline-role:codepipeline_policy", "attributes": { "id": "codepipeline-role:codepipeline_policy", "name": "codepipeline_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "role": "codepipeline-role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_s3_bucket.source": { "type": "aws_s3_bucket", "depends_on": [], "primary": { "id": "openjobs-experiment-source", "attributes": { "acceleration_status": "", "acl": "private", "arn": "arn:aws:s3:::openjobs-experiment-source", "bucket": "openjobs-experiment-source", "bucket_domain_name": "openjobs-experiment-source.s3.amazonaws.com", "force_destroy": "true", "hosted_zone_id": "Z3AQBSTGFYJSTF", "id": "openjobs-experiment-source", "logging.#": "0", "region": "us-east-1", "request_payer": "BucketOwner", "server_side_encryption_configuration.#": "0", "tags.%": "0", "versioning.#": "1", "versioning.0.enabled": "false", "versioning.0.mfa_delete": "false", "website.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.template_file.buildspec": { "type": "template_file", "depends_on": [], "primary": { "id": "e7702248cb433806793abb9abe4a00cf364fad9c8148e6325d33919122c8932f", "attributes": { "id": "e7702248cb433806793abb9abe4a00cf364fad9c8148e6325d33919122c8932f", "rendered": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region us-east-1 --no-include-email)\n - REPOSITORY_URI=757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster production-ecs-cluster --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[subnet-de3444f1],securityGroups=[sg-2b37fd5c,sg-34438943]}\"\nartifacts:\n files: imagedefinitions.json\n", "template": "version: 0.2\n\nphases:\n pre_build:\n commands:\n - pip install awscli --upgrade --user\n - echo `aws --version`\n - echo Logging in to Amazon ECR...\n - $(aws ecr get-login --region ${region} --no-include-email)\n - REPOSITORY_URI=${repository_url}\n - IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)\n - echo Entered the pre_build phase...\n build:\n commands:\n - echo Build started on `date`\n - echo Building the Docker image...\n - docker build --build-arg build_without=\"development test\" --build-arg rails_env=\"production\" -t $REPOSITORY_URI:latest .\n - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG\n post_build:\n commands:\n - echo Build completed on `date`\n - echo Pushing the Docker images...\n - docker push $REPOSITORY_URI:latest\n - docker push $REPOSITORY_URI:$IMAGE_TAG\n - echo Writing image definitions file...\n - printf '[{\"name\":\"web\",\"imageUri\":\"%s\"}]' $REPOSITORY_URI:$IMAGE_TAG \u003e imagedefinitions.json\n - echo upgrading db-migrate task definitions\n - aws ecs run-task --launch-type FARGATE --cluster ${cluster_name} --task-definition production_db_migrate --network-configuration \"awsvpcConfiguration={subnets=[${subnet_id}],securityGroups=[${security_group_ids}]}\"\nartifacts:\n files: imagedefinitions.json\n", "vars.%": "5", "vars.cluster_name": "production-ecs-cluster", "vars.region": "us-east-1", "vars.repository_url": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.security_group_ids": "sg-2b37fd5c,sg-34438943", "vars.subnet_id": "subnet-de3444f1" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.codebuild_policy": { "type": "template_file", "depends_on": [ "aws_s3_bucket.source" ], "primary": { "id": "4c055009a1c510d22095df9aa79e4ae22ef6052f6fd5a4b27335c19c815dfc63", "attributes": { "id": "4c055009a1c510d22095df9aa79e4ae22ef6052f6fd5a4b27335c19c815dfc63", "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n }\n ]\n}\n", "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecs:RunTask\",\n \"iam:PassRole\"\n ]\n },\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${aws_s3_bucket_arn}\",\n \"${aws_s3_bucket_arn}/*\"\n ]\n }\n ]\n}\n", "vars.%": "1", "vars.aws_s3_bucket_arn": "arn:aws:s3:::openjobs-experiment-source" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.codepipeline_policy": { "type": "template_file", "depends_on": [ "aws_s3_bucket.source" ], "primary": { "id": "ab9ecdafdd89d3679ee56bbe11c6c8dbd04026580dc57ff1987a66c5b4e69fa6", "attributes": { "id": "ab9ecdafdd89d3679ee56bbe11c6c8dbd04026580dc57ff1987a66c5b4e69fa6", "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::openjobs-experiment-source\",\n \"arn:aws:s3:::openjobs-experiment-source/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:List*\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${aws_s3_bucket_arn}\",\n \"${aws_s3_bucket_arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Action\": [\n \"ecs:*\",\n \"events:DescribeRule\",\n \"events:DeleteRule\",\n \"events:ListRuleNamesByTarget\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRoles\",\n \"logs:CreateLogGroup\",\n \"logs:DescribeLogGroups\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": \"ecs-tasks.amazonaws.com\"\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsInstanceRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"ec2.amazonaws.com\",\n \"ec2.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Action\": \"iam:PassRole\",\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:iam::*:role/ecsAutoscaleRole*\"\n ],\n \"Condition\": {\n \"StringLike\": {\n \"iam:PassedToService\": [\n \"application-autoscaling.amazonaws.com\",\n \"application-autoscaling.amazonaws.com.cn\"\n ]\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:CreateServiceLinkedRole\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringLike\": {\n \"iam:AWSServiceName\": [\n \"ecs.amazonaws.com\",\n \"spot.amazonaws.com\",\n \"spotfleet.amazonaws.com\"\n ]\n }\n }\n }\n ]\n}\n", "vars.%": "1", "vars.aws_s3_bucket_arn": "arn:aws:s3:::openjobs-experiment-source" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" } }, "depends_on": [] }, { "path": [ "root", "ecs" ], "outputs": { "alb_dns_name": { "sensitive": false, "type": "string", "value": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com" }, "alb_zone_id": { "sensitive": false, "type": "string", "value": "Z35SXDOTRQ7X7K" }, "cluster_name": { "sensitive": false, "type": "string", "value": "production-ecs-cluster" }, "repository_url": { "sensitive": false, "type": "string", "value": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production" }, "service_name": { "sensitive": false, "type": "string", "value": "production-web" } }, "resources": { "aws_alb.alb_openjobs": { "type": "aws_alb", "depends_on": [ "aws_security_group.web_inbound_sg" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "attributes": { "access_logs.#": "0", "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "arn_suffix": "app/production-alb-openjobs/e05233787da23cb4", "dns_name": "production-alb-openjobs-651485480.us-east-1.elb.amazonaws.com", "enable_deletion_protection": "false", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "idle_timeout": "60", "internal": "false", "ip_address_type": "ipv4", "load_balancer_type": "application", "name": "production-alb-openjobs", "security_groups.#": "3", "security_groups.2014916961": "sg-34438943", "security_groups.569761485": "sg-2b37fd5c", "security_groups.796629976": "sg-9c36fceb", "subnets.#": "2", "subnets.1535720245": "subnet-6537474a", "subnets.2382224226": "subnet-08774e43", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-alb-openjobs", "vpc_id": "vpc-32041f4a", "zone_id": "Z35SXDOTRQ7X7K" }, "meta": { "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": { "create": 600000000000, "delete": 600000000000, "update": 600000000000 } }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_alb_listener.openjobs": { "type": "aws_alb_listener", "depends_on": [ "aws_alb.alb_openjobs", "aws_alb_target_group.alb_target_group" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "attributes": { "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "default_action.#": "1", "default_action.0.target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "default_action.0.type": "forward", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:listener/app/production-alb-openjobs/e05233787da23cb4/f40e25cfcd5b6579", "load_balancer_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:loadbalancer/app/production-alb-openjobs/e05233787da23cb4", "port": "80", "protocol": "HTTP", "ssl_policy": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_alb_target_group.alb_target_group": { "type": "aws_alb_target_group", "depends_on": [ "random_id.target_group_sufix" ], "primary": { "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "attributes": { "arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "arn_suffix": "targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "deregistration_delay": "300", "health_check.#": "1", "health_check.0.healthy_threshold": "5", "health_check.0.interval": "30", "health_check.0.matcher": "200", "health_check.0.path": "/", "health_check.0.port": "traffic-port", "health_check.0.protocol": "HTTP", "health_check.0.timeout": "5", "health_check.0.unhealthy_threshold": "2", "id": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "name": "production-alb-target-group-f14c", "port": "80", "protocol": "HTTP", "stickiness.#": "1", "stickiness.0.cookie_duration": "86400", "stickiness.0.enabled": "false", "stickiness.0.type": "lb_cookie", "tags.%": "0", "target_type": "ip", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_policy.down": { "type": "aws_appautoscaling_policy", "depends_on": [ "aws_appautoscaling_target.target", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_scale_down", "attributes": { "alarms.#": "0", "arn": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_down", "id": "production_scale_down", "name": "production_scale_down", "policy_type": "StepScaling", "resource_id": "service/production-ecs-cluster/production-web", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs", "step_scaling_policy_configuration.#": "1", "step_scaling_policy_configuration.0.adjustment_type": "ChangeInCapacity", "step_scaling_policy_configuration.0.cooldown": "60", "step_scaling_policy_configuration.0.metric_aggregation_type": "Maximum", "step_scaling_policy_configuration.0.min_adjustment_magnitude": "0", "step_scaling_policy_configuration.0.step_adjustment.#": "1", "step_scaling_policy_configuration.0.step_adjustment.1330763481.metric_interval_lower_bound": "0", "step_scaling_policy_configuration.0.step_adjustment.1330763481.metric_interval_upper_bound": "-1", "step_scaling_policy_configuration.0.step_adjustment.1330763481.scaling_adjustment": "-1", "target_tracking_scaling_policy_configuration.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_policy.up": { "type": "aws_appautoscaling_policy", "depends_on": [ "aws_appautoscaling_target.target", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_scale_up", "attributes": { "alarms.#": "0", "arn": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_up", "id": "production_scale_up", "name": "production_scale_up", "policy_type": "StepScaling", "resource_id": "service/production-ecs-cluster/production-web", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs", "step_scaling_policy_configuration.#": "1", "step_scaling_policy_configuration.0.adjustment_type": "ChangeInCapacity", "step_scaling_policy_configuration.0.cooldown": "60", "step_scaling_policy_configuration.0.metric_aggregation_type": "Maximum", "step_scaling_policy_configuration.0.min_adjustment_magnitude": "0", "step_scaling_policy_configuration.0.step_adjustment.#": "1", "step_scaling_policy_configuration.0.step_adjustment.2280411133.metric_interval_lower_bound": "0", "step_scaling_policy_configuration.0.step_adjustment.2280411133.metric_interval_upper_bound": "-1", "step_scaling_policy_configuration.0.step_adjustment.2280411133.scaling_adjustment": "1", "target_tracking_scaling_policy_configuration.#": "0" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_appautoscaling_target.target": { "type": "aws_appautoscaling_target", "depends_on": [ "aws_ecs_cluster.cluster", "aws_ecs_service.web", "aws_iam_role.ecs_autoscale_role" ], "primary": { "id": "service/production-ecs-cluster/production-web", "attributes": { "id": "service/production-ecs-cluster/production-web", "max_capacity": "4", "min_capacity": "2", "resource_id": "service/production-ecs-cluster/production-web", "role_arn": "arn:aws:iam::757895497645:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService", "scalable_dimension": "ecs:service:DesiredCount", "service_namespace": "ecs" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_cloudwatch_log_group.openjobs": { "type": "aws_cloudwatch_log_group", "depends_on": [], "primary": { "id": "openjobs", "attributes": { "arn": "arn:aws:logs:us-east-1:757895497645:log-group:openjobs:*", "id": "openjobs", "kms_key_id": "", "name": "openjobs", "retention_in_days": "0", "tags.%": "2", "tags.Application": "OpenJobs", "tags.Environment": "production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_cloudwatch_metric_alarm.service_cpu_high": { "type": "aws_cloudwatch_metric_alarm", "depends_on": [ "aws_appautoscaling_policy.down", "aws_appautoscaling_policy.up", "aws_ecs_cluster.cluster", "aws_ecs_service.web" ], "primary": { "id": "production_openjobs_web_cpu_utilization_high", "attributes": { "actions_enabled": "true", "alarm_actions.#": "1", "alarm_actions.2876257399": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_up", "alarm_description": "", "alarm_name": "production_openjobs_web_cpu_utilization_high", "comparison_operator": "GreaterThanOrEqualToThreshold", "datapoints_to_alarm": "0", "dimensions.%": "2", "dimensions.ClusterName": "production-ecs-cluster", "dimensions.ServiceName": "production-web", "evaluate_low_sample_count_percentiles": "", "evaluation_periods": "2", "extended_statistic": "", "id": "production_openjobs_web_cpu_utilization_high", "insufficient_data_actions.#": "0", "metric_name": "CPUUtilization", "namespace": "AWS/ECS", "ok_actions.#": "1", "ok_actions.901305810": "arn:aws:autoscaling:us-east-1:757895497645:scalingPolicy:4b2eb401-228f-42bb-a58c-97f439ab6844:resource/ecs/service/production-ecs-cluster/production-web:policyName/production_scale_down", "period": "60", "statistic": "Maximum", "threshold": "85", "treat_missing_data": "missing", "unit": "" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecr_repository.openjobs_app": { "type": "aws_ecr_repository", "depends_on": [], "primary": { "id": "openjobs/production", "attributes": { "arn": "arn:aws:ecr:us-east-1:757895497645:repository/openjobs/production", "id": "openjobs/production", "name": "openjobs/production", "registry_id": "757895497645", "repository_url": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_cluster.cluster": { "type": "aws_ecs_cluster", "depends_on": [], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "id": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "name": "production-ecs-cluster" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_service.web": { "type": "aws_ecs_service", "depends_on": [ "aws_alb_target_group.alb_target_group", "aws_ecs_cluster.cluster", "aws_ecs_task_definition.web", "aws_iam_role_policy.ecs_service_role_policy", "aws_security_group.ecs_service", "data.aws_ecs_task_definition.web" ], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:service/production-web", "attributes": { "cluster": "arn:aws:ecs:us-east-1:757895497645:cluster/production-ecs-cluster", "deployment_maximum_percent": "200", "deployment_minimum_healthy_percent": "100", "desired_count": "2", "health_check_grace_period_seconds": "0", "iam_role": "aws-service-role", "id": "arn:aws:ecs:us-east-1:757895497645:service/production-web", "launch_type": "FARGATE", "load_balancer.#": "1", "load_balancer.3261201814.container_name": "web", "load_balancer.3261201814.container_port": "80", "load_balancer.3261201814.elb_name": "", "load_balancer.3261201814.target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:757895497645:targetgroup/production-alb-target-group-f14c/64f397ce227b864f", "name": "production-web", "network_configuration.#": "1", "network_configuration.0.security_groups.#": "3", "network_configuration.0.security_groups.2014916961": "sg-34438943", "network_configuration.0.security_groups.3119024256": "sg-ab4983dc", "network_configuration.0.security_groups.569761485": "sg-2b37fd5c", "network_configuration.0.subnets.#": "2", "network_configuration.0.subnets.3113454962": "subnet-30625b7b", "network_configuration.0.subnets.3378482322": "subnet-de3444f1", "placement_constraints.#": "0", "placement_strategy.#": "0", "task_definition": "production_web:17" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_task_definition.db_migrate": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_iam_role.ecs_execution_role", "data.template_file.db_migrate_task" ], "primary": { "id": "production_db_migrate", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_db_migrate:3", "container_definitions": "[{\"command\":[\"bundle\",\"exec\",\"rake\",\"db:migrate\"],\"cpu\":0,\"environment\":[{\"name\":\"RAILS_LOG_TO_STDOUT\",\"value\":\"true\"},{\"name\":\"RAILS_ENV\",\"value\":\"production\"},{\"name\":\"DATABASE_URL\",\"value\":\"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"},{\"name\":\"SECRET_KEY_BASE\",\"value\":\"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"}],\"essential\":true,\"image\":\"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"openjobs\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"db_migrate\"}},\"memory\":300,\"mountPoints\":[],\"name\":\"db-migrate\",\"portMappings\":[],\"volumesFrom\":[]}]", "cpu": "256", "execution_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "family": "production_db_migrate", "id": "production_db_migrate", "memory": "512", "network_mode": "awsvpc", "placement_constraints.#": "0", "requires_compatibilities.#": "1", "requires_compatibilities.3072437307": "FARGATE", "revision": "3", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_ecs_task_definition.web": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_ecs_task_definition.web" ], "primary": { "id": "production_web", "attributes": { "arn": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:15", "container_definitions": "[{\"cpu\":0,\"environment\":[{\"name\":\"RAILS_LOG_TO_STDOUT\",\"value\":\"true\"},{\"name\":\"RAILS_ENV\",\"value\":\"production\"},{\"name\":\"RAILS_SERVE_STATIC_FILES\",\"value\":\"true\"},{\"name\":\"DATABASE_URL\",\"value\":\"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"},{\"name\":\"PORT\",\"value\":\"80\"},{\"name\":\"SECRET_KEY_BASE\",\"value\":\"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"}],\"essential\":true,\"image\":\"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"openjobs\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"web\"}},\"memory\":300,\"mountPoints\":[],\"name\":\"web\",\"portMappings\":[{\"containerPort\":80,\"hostPort\":80,\"protocol\":\"tcp\"}],\"volumesFrom\":[]}]", "cpu": "256", "execution_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "family": "production_web", "id": "production_web", "memory": "512", "network_mode": "awsvpc", "placement_constraints.#": "0", "requires_compatibilities.#": "1", "requires_compatibilities.3072437307": "FARGATE", "revision": "15", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_autoscale_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "production_ecs_autoscale_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/production_ecs_autoscale_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"application-autoscaling.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "production_ecs_autoscale_role", "name": "production_ecs_autoscale_role", "path": "/", "unique_id": "AROAJVPUE3QI2CNQV4IDS" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_execution_role": { "type": "aws_iam_role", "depends_on": [], "primary": { "id": "ecs_task_execution_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "ecs_task_execution_role", "name": "ecs_task_execution_role", "path": "/", "unique_id": "AROAICQO62AXRIGA7AA4K" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role.ecs_role": { "type": "aws_iam_role", "depends_on": [ "data.aws_iam_policy_document.ecs_service_role" ], "primary": { "id": "ecs_role", "attributes": { "arn": "arn:aws:iam::757895497645:role/ecs_role", "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}", "create_date": "2018-01-29T23:28:37Z", "force_detach_policies": "false", "id": "ecs_role", "name": "ecs_role", "path": "/", "unique_id": "AROAIVPNQJFMXVLEUPUAE" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_autoscale_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_autoscale_role" ], "primary": { "id": "production_ecs_autoscale_role:ecs_autoscale_role_policy", "attributes": { "id": "production_ecs_autoscale_role:ecs_autoscale_role_policy", "name": "ecs_autoscale_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecs:DescribeServices\",\n \"ecs:UpdateService\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudwatch:DescribeAlarms\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n", "role": "production_ecs_autoscale_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_execution_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_execution_role" ], "primary": { "id": "ecs_task_execution_role:ecs_execution_role_policy", "attributes": { "id": "ecs_task_execution_role:ecs_execution_role_policy", "name": "ecs_execution_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:GetAuthorizationToken\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n", "role": "ecs_task_execution_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_iam_role_policy.ecs_service_role_policy": { "type": "aws_iam_role_policy", "depends_on": [ "aws_iam_role.ecs_role", "data.aws_iam_policy_document.ecs_service_policy" ], "primary": { "id": "ecs_role:ecs_service_role_policy", "attributes": { "id": "ecs_role:ecs_service_role_policy", "name": "ecs_service_role_policy", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\n \"elasticloadbalancing:Describe*\",\n \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\n \"ec2:Describe*\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", "role": "ecs_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.ecs_service": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-ab4983dc", "attributes": { "description": "Allow egress from container", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-ab4983dc", "ingress.#": "1", "ingress.3068409405.cidr_blocks.#": "1", "ingress.3068409405.cidr_blocks.0": "0.0.0.0/0", "ingress.3068409405.description": "", "ingress.3068409405.from_port": "8", "ingress.3068409405.ipv6_cidr_blocks.#": "0", "ingress.3068409405.protocol": "icmp", "ingress.3068409405.security_groups.#": "0", "ingress.3068409405.self": "false", "ingress.3068409405.to_port": "0", "name": "production-ecs-service-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-ecs-service-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.web_inbound_sg": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-9c36fceb", "attributes": { "description": "Allow HTTP from Anywhere into ALB", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-9c36fceb", "ingress.#": "2", "ingress.2214680975.cidr_blocks.#": "1", "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0", "ingress.2214680975.description": "", "ingress.2214680975.from_port": "80", "ingress.2214680975.ipv6_cidr_blocks.#": "0", "ingress.2214680975.protocol": "tcp", "ingress.2214680975.security_groups.#": "0", "ingress.2214680975.self": "false", "ingress.2214680975.to_port": "80", "ingress.3068409405.cidr_blocks.#": "1", "ingress.3068409405.cidr_blocks.0": "0.0.0.0/0", "ingress.3068409405.description": "", "ingress.3068409405.from_port": "8", "ingress.3068409405.ipv6_cidr_blocks.#": "0", "ingress.3068409405.protocol": "icmp", "ingress.3068409405.security_groups.#": "0", "ingress.3068409405.self": "false", "ingress.3068409405.to_port": "0", "name": "production-web-inbound-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "1", "tags.Name": "production-web-inbound-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_ecs_task_definition.web": { "type": "aws_ecs_task_definition", "depends_on": [ "aws_ecs_task_definition.web" ], "primary": { "id": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:17", "attributes": { "family": "production_web", "id": "arn:aws:ecs:us-east-1:757895497645:task-definition/production_web:17", "network_mode": "awsvpc", "revision": "17", "status": "ACTIVE", "task_definition": "production_web", "task_role_arn": "arn:aws:iam::757895497645:role/ecs_task_execution_role" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_iam_policy_document.ecs_service_policy": { "type": "aws_iam_policy_document", "depends_on": [], "primary": { "id": "3615693260", "attributes": { "id": "3615693260", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:RegisterInstancesWithLoadBalancer\",\n \"elasticloadbalancing:Describe*\",\n \"elasticloadbalancing:DeregisterInstancesFromLoadBalancer\",\n \"ec2:Describe*\",\n \"ec2:AuthorizeSecurityGroupIngress\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", "statement.#": "1", "statement.0.actions.#": "5", "statement.0.actions.2459212947": "ec2:Describe*", "statement.0.actions.2464853358": "ec2:AuthorizeSecurityGroupIngress", "statement.0.actions.2706807274": "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "statement.0.actions.2747799858": "elasticloadbalancing:Describe*", "statement.0.actions.982461153": "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "statement.0.condition.#": "0", "statement.0.effect": "Allow", "statement.0.not_actions.#": "0", "statement.0.not_principals.#": "0", "statement.0.not_resources.#": "0", "statement.0.principals.#": "0", "statement.0.resources.#": "1", "statement.0.resources.2679715827": "*", "statement.0.sid": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.aws_iam_policy_document.ecs_service_role": { "type": "aws_iam_policy_document", "depends_on": [], "primary": { "id": "3622649364", "attributes": { "id": "3622649364", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ecs.amazonaws.com\"\n }\n }\n ]\n}", "statement.#": "1", "statement.0.actions.#": "1", "statement.0.actions.2528466339": "sts:AssumeRole", "statement.0.condition.#": "0", "statement.0.effect": "Allow", "statement.0.not_actions.#": "0", "statement.0.not_principals.#": "0", "statement.0.not_resources.#": "0", "statement.0.principals.#": "1", "statement.0.principals.1113412664.identifiers.#": "1", "statement.0.principals.1113412664.identifiers.1509832800": "ecs.amazonaws.com", "statement.0.principals.1113412664.type": "Service", "statement.0.resources.#": "0", "statement.0.sid": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "data.template_file.db_migrate_task": { "type": "template_file", "depends_on": [ "aws_ecr_repository.openjobs_app" ], "primary": { "id": "9f8dc05fb135a66b81d1a71719cc13472331e59cb17a7ffc53e4369a00a5d974", "attributes": { "id": "9f8dc05fb135a66b81d1a71719cc13472331e59cb17a7ffc53e4369a00a5d974", "rendered": "[\n {\n \"name\": \"db-migrate\",\n \"image\": \"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\n \"command\": [\"bundle\", \"exec\", \"rake\", \"db:migrate\"],\n \"memory\": 300,\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"openjobs\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"db_migrate\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n }\n ]\n }\n]\n", "template": "[\n {\n \"name\": \"db-migrate\",\n \"image\": \"${image}\",\n \"command\": [\"bundle\", \"exec\", \"rake\", \"db:migrate\"],\n \"memory\": 300,\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"${log_group}\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"db_migrate\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"${database_url}\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"${secret_key_base}\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n }\n ]\n }\n]\n", "vars.%": "4", "vars.database_url": "postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40", "vars.image": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.log_group": "openjobs", "vars.secret_key_base": "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "data.template_file.web_task": { "type": "template_file", "depends_on": [ "aws_cloudwatch_log_group.openjobs", "aws_ecr_repository.openjobs_app" ], "primary": { "id": "73682dd0b9de61124ffb2871c60782725d5be54498ef1b502df4c39d4463ab49", "attributes": { "id": "73682dd0b9de61124ffb2871c60782725d5be54498ef1b502df4c39d4463ab49", "rendered": "[\n {\n \"name\": \"web\",\n \"image\": \"757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production\",\n \"portMappings\": [\n {\n \"containerPort\": 80,\n \"hostPort\": 80\n }\n ],\n \"memory\": 300,\n \"networkMode\": \"awsvpc\",\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"openjobs\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"web\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e\"\n },\n {\n \"name\": \"PORT\",\n \"value\": \"80\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n },\n {\n \"name\": \"RAILS_SERVE_STATIC_FILES\",\n \"value\": \"true\"\n }\n ]\n }\n]\n\n", "template": "[\n {\n \"name\": \"web\",\n \"image\": \"${image}\",\n \"portMappings\": [\n {\n \"containerPort\": 80,\n \"hostPort\": 80\n }\n ],\n \"memory\": 300,\n \"networkMode\": \"awsvpc\",\n \"logConfiguration\": {\n \"logDriver\": \"awslogs\",\n \"options\": {\n \"awslogs-group\": \"${log_group}\",\n \"awslogs-region\": \"us-east-1\",\n \"awslogs-stream-prefix\": \"web\"\n }\n },\n \"environment\": [\n {\n \"name\": \"RAILS_ENV\",\n \"value\": \"production\"\n },\n {\n \"name\": \"DATABASE_URL\",\n \"value\": \"${database_url}\"\n },\n {\n \"name\": \"SECRET_KEY_BASE\",\n \"value\": \"${secret_key_base}\"\n },\n {\n \"name\": \"PORT\",\n \"value\": \"80\"\n },\n {\n \"name\": \"RAILS_LOG_TO_STDOUT\",\n \"value\": \"true\"\n },\n {\n \"name\": \"RAILS_SERVE_STATIC_FILES\",\n \"value\": \"true\"\n }\n ]\n }\n]\n\n", "vars.%": "4", "vars.database_url": "postgresql://openjobs:myawesomepasswordproduction@production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432/openjobs_production?encoding=utf8\u0026pool=40", "vars.image": "757895497645.dkr.ecr.us-east-1.amazonaws.com/openjobs/production", "vars.log_group": "openjobs", "vars.secret_key_base": "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.template" }, "random_id.target_group_sufix": { "type": "random_id", "depends_on": [], "primary": { "id": "8Uw", "attributes": { "b64": "8Uw", "b64_std": "8Uw=", "b64_url": "8Uw", "byte_length": "2", "dec": "61772", "hex": "f14c", "id": "8Uw" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.random" } }, "depends_on": [] }, { "path": [ "root", "networking" ], "outputs": { "default_sg_id": { "sensitive": false, "type": "string", "value": "sg-34438943" }, "private_subnets_id": { "sensitive": false, "type": "list", "value": [ "subnet-de3444f1", "subnet-30625b7b" ] }, "public_subnets_id": { "sensitive": false, "type": "list", "value": [ "subnet-6537474a", "subnet-08774e43" ] }, "security_groups_ids": { "sensitive": false, "type": "list", "value": [ "sg-34438943" ] }, "vpc_id": { "sensitive": false, "type": "string", "value": "vpc-32041f4a" } }, "resources": { "aws_eip.nat_eip": { "type": "aws_eip", "depends_on": [ "aws_internet_gateway.ig" ], "primary": { "id": "eipalloc-098c613f", "attributes": { "association_id": "eipassoc-eed306e5", "domain": "vpc", "id": "eipalloc-098c613f", "instance": "", "network_interface": "eni-8bf61c46", "private_ip": "10.0.1.128", "public_ip": "34.193.75.40", "tags.%": "0", "vpc": "true" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_internet_gateway.ig": { "type": "aws_internet_gateway", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "igw-1a373e63", "attributes": { "id": "igw-1a373e63", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-igw", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_nat_gateway.nat": { "type": "aws_nat_gateway", "depends_on": [ "aws_eip.nat_eip", "aws_internet_gateway.ig", "aws_subnet.public_subnet.*" ], "primary": { "id": "nat-0000beab268c3255b", "attributes": { "allocation_id": "eipalloc-098c613f", "id": "nat-0000beab268c3255b", "network_interface_id": "eni-8bf61c46", "private_ip": "10.0.1.128", "public_ip": "34.193.75.40", "subnet_id": "subnet-6537474a", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-nat" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route.private_nat_gateway": { "type": "aws_route", "depends_on": [ "aws_nat_gateway.nat", "aws_route_table.private" ], "primary": { "id": "r-rtb-6fc4f8121080289494", "attributes": { "destination_cidr_block": "0.0.0.0/0", "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "", "id": "r-rtb-6fc4f8121080289494", "instance_id": "", "instance_owner_id": "", "nat_gateway_id": "nat-0000beab268c3255b", "network_interface_id": "", "origin": "CreateRoute", "route_table_id": "rtb-6fc4f812", "state": "active", "vpc_peering_connection_id": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route.public_internet_gateway": { "type": "aws_route", "depends_on": [ "aws_internet_gateway.ig", "aws_route_table.public" ], "primary": { "id": "r-rtb-8cccf0f11080289494", "attributes": { "destination_cidr_block": "0.0.0.0/0", "destination_prefix_list_id": "", "egress_only_gateway_id": "", "gateway_id": "igw-1a373e63", "id": "r-rtb-8cccf0f11080289494", "instance_id": "", "instance_owner_id": "", "nat_gateway_id": "", "network_interface_id": "", "origin": "CreateRoute", "route_table_id": "rtb-8cccf0f1", "state": "active", "vpc_peering_connection_id": "" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table.private": { "type": "aws_route_table", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "rtb-6fc4f812", "attributes": { "id": "rtb-6fc4f812", "propagating_vgws.#": "0", "route.#": "1", "route.4236193873.cidr_block": "0.0.0.0/0", "route.4236193873.egress_only_gateway_id": "", "route.4236193873.gateway_id": "", "route.4236193873.instance_id": "", "route.4236193873.ipv6_cidr_block": "", "route.4236193873.nat_gateway_id": "nat-0000beab268c3255b", "route.4236193873.network_interface_id": "", "route.4236193873.vpc_peering_connection_id": "", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-private-route-table", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table.public": { "type": "aws_route_table", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "rtb-8cccf0f1", "attributes": { "id": "rtb-8cccf0f1", "propagating_vgws.#": "0", "route.#": "1", "route.1381113949.cidr_block": "0.0.0.0/0", "route.1381113949.egress_only_gateway_id": "", "route.1381113949.gateway_id": "igw-1a373e63", "route.1381113949.instance_id": "", "route.1381113949.ipv6_cidr_block": "", "route.1381113949.nat_gateway_id": "", "route.1381113949.network_interface_id": "", "route.1381113949.vpc_peering_connection_id": "", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-public-route-table", "vpc_id": "vpc-32041f4a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.private.0": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.private", "aws_subnet.private_subnet.*" ], "primary": { "id": "rtbassoc-f2ef6e8e", "attributes": { "id": "rtbassoc-f2ef6e8e", "route_table_id": "rtb-6fc4f812", "subnet_id": "subnet-de3444f1" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.private.1": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.private", "aws_subnet.private_subnet.*" ], "primary": { "id": "rtbassoc-78ec6d04", "attributes": { "id": "rtbassoc-78ec6d04", "route_table_id": "rtb-6fc4f812", "subnet_id": "subnet-30625b7b" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.public.0": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.public", "aws_subnet.public_subnet.*" ], "primary": { "id": "rtbassoc-ebed6c97", "attributes": { "id": "rtbassoc-ebed6c97", "route_table_id": "rtb-8cccf0f1", "subnet_id": "subnet-6537474a" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_route_table_association.public.1": { "type": "aws_route_table_association", "depends_on": [ "aws_route_table.public", "aws_subnet.public_subnet.*" ], "primary": { "id": "rtbassoc-f0f4758c", "attributes": { "id": "rtbassoc-f0f4758c", "route_table_id": "rtb-8cccf0f1", "subnet_id": "subnet-08774e43" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.default": { "type": "aws_security_group", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "sg-34438943", "attributes": { "description": "Default security group to allow inbound/outbound from the VPC", "egress.#": "1", "egress.753360330.cidr_blocks.#": "0", "egress.753360330.description": "", "egress.753360330.from_port": "0", "egress.753360330.ipv6_cidr_blocks.#": "0", "egress.753360330.prefix_list_ids.#": "0", "egress.753360330.protocol": "-1", "egress.753360330.security_groups.#": "0", "egress.753360330.self": "true", "egress.753360330.to_port": "0", "id": "sg-34438943", "ingress.#": "1", "ingress.753360330.cidr_blocks.#": "0", "ingress.753360330.description": "", "ingress.753360330.from_port": "0", "ingress.753360330.ipv6_cidr_blocks.#": "0", "ingress.753360330.protocol": "-1", "ingress.753360330.security_groups.#": "0", "ingress.753360330.self": "true", "ingress.753360330.to_port": "0", "name": "production-default-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "1", "tags.Environment": "production", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.private_subnet.0": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-de3444f1", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1a", "cidr_block": "10.0.10.0/24", "id": "subnet-de3444f1", "map_public_ip_on_launch": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-private-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.private_subnet.1": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-30625b7b", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1b", "cidr_block": "10.0.20.0/24", "id": "subnet-30625b7b", "map_public_ip_on_launch": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1b-private-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.public_subnet.0": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-6537474a", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1a", "cidr_block": "10.0.1.0/24", "id": "subnet-6537474a", "map_public_ip_on_launch": "true", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1a-public-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_subnet.public_subnet.1": { "type": "aws_subnet", "depends_on": [ "aws_vpc.vpc" ], "primary": { "id": "subnet-08774e43", "attributes": { "assign_ipv6_address_on_creation": "false", "availability_zone": "us-east-1b", "cidr_block": "10.0.2.0/24", "id": "subnet-08774e43", "map_public_ip_on_launch": "true", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-us-east-1b-public-subnet", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_vpc.vpc": { "type": "aws_vpc", "depends_on": [], "primary": { "id": "vpc-32041f4a", "attributes": { "assign_generated_ipv6_cidr_block": "false", "cidr_block": "10.0.0.0/16", "default_network_acl_id": "acl-8280eef9", "default_route_table_id": "rtb-d6bd81ab", "default_security_group_id": "sg-d335ffa4", "dhcp_options_id": "dopt-15849877", "enable_classiclink": "false", "enable_classiclink_dns_support": "false", "enable_dns_hostnames": "true", "enable_dns_support": "true", "id": "vpc-32041f4a", "instance_tenancy": "default", "main_route_table_id": "rtb-d6bd81ab", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-vpc" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] }, { "path": [ "root", "rds" ], "outputs": { "db_access_sg_id": { "sensitive": false, "type": "string", "value": "sg-2b37fd5c" }, "rds_address": { "sensitive": false, "type": "string", "value": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com" } }, "resources": { "aws_db_instance.rds": { "type": "aws_db_instance", "depends_on": [ "aws_db_subnet_group.rds_subnet_group", "aws_security_group.rds_sg" ], "primary": { "id": "production-database", "attributes": { "address": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com", "allocated_storage": "20", "arn": "arn:aws:rds:us-east-1:757895497645:db:production-database", "auto_minor_version_upgrade": "true", "availability_zone": "us-east-1a", "backup_retention_period": "0", "backup_window": "08:37-09:07", "ca_cert_identifier": "rds-ca-2015", "copy_tags_to_snapshot": "false", "db_subnet_group_name": "production-rds-subnet-group", "endpoint": "production-database.ccgs7gcr5zuj.us-east-1.rds.amazonaws.com:5432", "engine": "postgres", "engine_version": "9.6.6", "hosted_zone_id": "Z2R2ITUGPM61AM", "iam_database_authentication_enabled": "false", "id": "production-database", "identifier": "production-database", "instance_class": "db.t2.micro", "iops": "0", "kms_key_id": "", "license_model": "postgresql-license", "maintenance_window": "sat:04:07-sat:04:37", "monitoring_interval": "0", "multi_az": "false", "name": "openjobs_production", "option_group_name": "default:postgres-9-6", "parameter_group_name": "default.postgres9.6", "password": "myawesomepasswordproduction", "port": "5432", "publicly_accessible": "false", "replicas.#": "0", "replicate_source_db": "", "resource_id": "db-Z2YKHEFX3HMYUCQTU4Q3FC2BGY", "security_group_names.#": "0", "skip_final_snapshot": "true", "snapshot_identifier": "rds-production-snapshot", "status": "available", "storage_encrypted": "false", "storage_type": "standard", "tags.%": "1", "tags.Environment": "production", "timezone": "", "username": "openjobs", "vpc_security_group_ids.#": "1", "vpc_security_group_ids.251623276": "sg-c931fbbe" }, "meta": { "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": { "create": 2400000000000, "delete": 2400000000000, "update": 4800000000000 } }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_db_subnet_group.rds_subnet_group": { "type": "aws_db_subnet_group", "depends_on": [], "primary": { "id": "production-rds-subnet-group", "attributes": { "arn": "arn:aws:rds:us-east-1:757895497645:subgrp:production-rds-subnet-group", "description": "RDS subnet group", "id": "production-rds-subnet-group", "name": "production-rds-subnet-group", "subnet_ids.#": "2", "subnet_ids.3113454962": "subnet-30625b7b", "subnet_ids.3378482322": "subnet-de3444f1", "tags.%": "1", "tags.Environment": "production" }, "meta": {}, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.db_access_sg": { "type": "aws_security_group", "depends_on": [], "primary": { "id": "sg-2b37fd5c", "attributes": { "description": "Allow access to RDS", "egress.#": "0", "id": "sg-2b37fd5c", "ingress.#": "0", "name": "production-db-access-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-db-access-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" }, "aws_security_group.rds_sg": { "type": "aws_security_group", "depends_on": [ "aws_security_group.db_access_sg" ], "primary": { "id": "sg-c931fbbe", "attributes": { "description": "production Security Group", "egress.#": "1", "egress.482069346.cidr_blocks.#": "1", "egress.482069346.cidr_blocks.0": "0.0.0.0/0", "egress.482069346.description": "", "egress.482069346.from_port": "0", "egress.482069346.ipv6_cidr_blocks.#": "0", "egress.482069346.prefix_list_ids.#": "0", "egress.482069346.protocol": "-1", "egress.482069346.security_groups.#": "0", "egress.482069346.self": "false", "egress.482069346.to_port": "0", "id": "sg-c931fbbe", "ingress.#": "2", "ingress.4257570995.cidr_blocks.#": "0", "ingress.4257570995.description": "", "ingress.4257570995.from_port": "5432", "ingress.4257570995.ipv6_cidr_blocks.#": "0", "ingress.4257570995.protocol": "tcp", "ingress.4257570995.security_groups.#": "1", "ingress.4257570995.security_groups.569761485": "sg-2b37fd5c", "ingress.4257570995.self": "false", "ingress.4257570995.to_port": "5432", "ingress.753360330.cidr_blocks.#": "0", "ingress.753360330.description": "", "ingress.753360330.from_port": "0", "ingress.753360330.ipv6_cidr_blocks.#": "0", "ingress.753360330.protocol": "-1", "ingress.753360330.security_groups.#": "0", "ingress.753360330.self": "true", "ingress.753360330.to_port": "0", "name": "production-rds-sg", "owner_id": "757895497645", "revoke_rules_on_delete": "false", "tags.%": "2", "tags.Environment": "production", "tags.Name": "production-rds-sg", "vpc_id": "vpc-32041f4a" }, "meta": { "schema_version": "1" }, "tainted": false }, "deposed": [], "provider": "provider.aws" } }, "depends_on": [] } ] } ================================================ FILE: terraform.tfvars ================================================ region = "us-east-1" domain = "ecsfargateexample.tk" /* rds */ production_database_name = "openjobs_production" production_database_username = "openjobs" production_database_password = "myawesomepasswordproduction" /* secret key */ production_secret_key_base = "8d412aee3ceaa494fe1c276f5f7e524b9e33f649c03690e689e5b36a0cf4ce2a6f50024bc31f276c22b668e619d61a42b79f5e595759f377a8fa373e2907f41e" ================================================ FILE: variables.tf ================================================ variable "region" { description = "Region that the instances will be created" } /*==== environment specific variables ======*/ variable "production_database_name" { description = "The database name for Production" } variable "production_database_username" { description = "The username for the Production database" } variable "production_database_password" { description = "The user password for the Production database" } variable "production_secret_key_base" { description = "The Rails secret key for production" } variable "domain" { default = "The domain of your application" }