diff --git a/bootstrap/main.tf b/bootstrap/main.tf index eeed916..377d45a 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -1,16 +1,22 @@ -# module "s3" { -# source = "./modules/S3" -# environment = var.environment -# } +module "s3" { + source = "./modules/S3" + environment = var.environment +} -# module "ECR_admin" { -# source = "./modules/ECR" -# environment = var.environment -# repository_name = "gocyc-ecr-${var.environment}-admin" -# } +module "ECR_admin" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-admin" +} -# module "ECR_api" { -# source = "./modules/ECR" -# environment = var.environment -# repository_name = "gocyc-ecr-${var.environment}-api" -# } +module "ECR_api" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-api" +} + +module "ECR_monitoring" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-monitoring" +} diff --git a/terraform/env/dev/terraform.tfvars b/terraform/env/dev/terraform.tfvars index 14def71..563cd98 100644 --- a/terraform/env/dev/terraform.tfvars +++ b/terraform/env/dev/terraform.tfvars @@ -4,4 +4,4 @@ environment = "dev" db_identifier = "gocyc-dev-postgres" db_name = "gocycdevpostgresrds" ecr_registry_url_api = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-api" -ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin" \ No newline at end of file +ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin" diff --git a/terraform/modules/ECS/main.tf b/terraform/modules/ECS/main.tf index 20321bc..a1301e4 100644 --- a/terraform/modules/ECS/main.tf +++ b/terraform/modules/ECS/main.tf @@ -1,3 +1,78 @@ +locals { + prometheus_yml = <<-YAML + global: + scrape_interval: 15s + + scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'cadvisor' + static_configs: + - targets: + - '${var.api_host_private_ip}:8083' + - '${var.admin_host_private_ip}:8083' + YAML + + compose_yml = <<-YAML + name: monitoring + + services: + prometheus: + image: prom/prometheus:v3.11.3 + restart: unless-stopped + volumes: + - /opt/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro + - prometheus_data:/prometheus + ports: + - "9090:9090" + + grafana: + image: grafana/grafana:13.0.1 + restart: unless-stopped + environment: + - GF_SECURITY_ADMIN_PASSWORD=${var.grafana_admin_password} + volumes: + - grafana_data:/var/lib/grafana + ports: + - "3000:3000" + + volumes: + prometheus_data: + grafana_data: + YAML + + user_data = <<-EOF +#!/bin/bash +set -eux + +# ECS Configuration +mkdir -p /ecs/service-storage +chmod 755 /ecs/service-storage + +echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config +echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config +systemctl enable --now amazon-ecs-agent + +# Monitoring Stack Setup +mkdir -p /usr/local/lib/docker/cli-plugins +curl -fsSL https://github.com/docker/compose/releases/download/v2.30.3/docker-compose-linux-x86_64 \ + -o /usr/local/lib/docker/cli-plugins/docker-compose +chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + +mkdir -p /opt/monitoring +cat > /opt/monitoring/prometheus.yml <<'PROM' +${local.prometheus_yml} +PROM +cat > /opt/monitoring/docker-compose.yml <<'COMPOSE' +${local.compose_yml} +COMPOSE + +cd /opt/monitoring && docker compose up -d +EOF +} + data "aws_ssm_parameter" "ecs_node_ami" { name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id" } @@ -165,6 +240,14 @@ chmod 755 /ecs/service-storage echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config systemctl enable --now amazon-ecs-agent + +# Start cAdvisor +systemctl enable --now docker +docker run -d --name cadvisor --privileged --restart=always \ + -v /:/rootfs:ro -v /var/run:/var/run:ro -v /sys:/sys:ro \ + -v /var/lib/docker/:/var/lib/docker:ro \ + -p 8083:8080 \ + gcr.io/cadvisor/cadvisor:v0.55.1 EOF ) } diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf index bf7ce7a..427ff14 100644 --- a/terraform/modules/network/main.tf +++ b/terraform/modules/network/main.tf @@ -242,6 +242,45 @@ resource "aws_vpc_security_group_ingress_rule" "ecs_admin" { cidr_ipv4 = "0.0.0.0/0" } +# Grafana for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_grafana" { + security_group_id = aws_security_group.ecs.id + from_port = 3000 + to_port = 3000 + ip_protocol = "tcp" + cidr_ipv4 = "0.0.0.0/0" + + tags = { + Name = "${var.environment}-ecs-grafana" + } +} + +# Prometheus for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_prometheus" { + security_group_id = aws_security_group.ecs.id + from_port = 9090 + to_port = 9090 + ip_protocol = "tcp" + cidr_ipv4 = "0.0.0.0/0" + + tags = { + Name = "${var.environment}-ecs-prometheus" + } +} + +# cAdvisor for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_cadvisor" { + security_group_id = aws_security_group.ecs.id + referenced_security_group_id = aws_security_group.ecs.id + from_port = 8083 + to_port = 8083 + ip_protocol = "tcp" + + tags = { + Name = "${var.environment}-ecs-cadvisor" + } +} + resource "aws_vpc_security_group_egress_rule" "ecs_all" { security_group_id = aws_security_group.ecs.id ip_protocol = "-1" diff --git a/terraform/variables.tf b/terraform/variables.tf index cd3d137..ed61cf2 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -40,4 +40,4 @@ variable "ecr_registry_url_api" { variable "ecr_registry_url_admin" { description = "ECR registry URL where image will be pull image" type = string -} \ No newline at end of file +}