From 0e702bf3f63a2d0bd12c6058af291c380e014fde Mon Sep 17 00:00:00 2001 From: Chaudhry Haris Date: Mon, 11 May 2026 22:22:49 +0200 Subject: [PATCH 1/2] feat(ecs): add monitoring module and update ECR configurations --- bootstrap/main.tf | 34 +++++++++++++++----------- terraform/env/dev/terraform.tfvars | 3 ++- terraform/main.tf | 1 + terraform/modules/ECS/main.tf | 27 +++++++++++++++++++++ terraform/modules/ECS/variables.tf | 5 ++++ terraform/modules/network/main.tf | 39 ++++++++++++++++++++++++++++++ terraform/variables.tf | 7 +++++- 7 files changed, 100 insertions(+), 16 deletions(-) diff --git a/bootstrap/main.tf b/bootstrap/main.tf index eeed916..377d45a 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -1,16 +1,22 @@ -# module "s3" { -# source = "./modules/S3" -# environment = var.environment -# } +module "s3" { + source = "./modules/S3" + environment = var.environment +} -# module "ECR_admin" { -# source = "./modules/ECR" -# environment = var.environment -# repository_name = "gocyc-ecr-${var.environment}-admin" -# } +module "ECR_admin" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-admin" +} -# module "ECR_api" { -# source = "./modules/ECR" -# environment = var.environment -# repository_name = "gocyc-ecr-${var.environment}-api" -# } +module "ECR_api" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-api" +} + +module "ECR_monitoring" { + source = "./modules/ECR" + environment = var.environment + repository_name = "gocyc-ecr-${var.environment}-monitoring" +} diff --git a/terraform/env/dev/terraform.tfvars b/terraform/env/dev/terraform.tfvars index 14def71..454722e 100644 --- a/terraform/env/dev/terraform.tfvars +++ b/terraform/env/dev/terraform.tfvars @@ -4,4 +4,5 @@ environment = "dev" db_identifier = "gocyc-dev-postgres" db_name = "gocycdevpostgresrds" ecr_registry_url_api = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-api" -ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin" \ No newline at end of file +ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin" +ecr_registry_url_monitoring = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-monitoring" diff --git a/terraform/main.tf b/terraform/main.tf index 939a241..90fc6b3 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -71,6 +71,7 @@ module "ecs" { source = "./modules/ECS" environment = var.environment ecr_registry_url_admin = var.ecr_registry_url_admin + ecr_registry_url_monitoring = var.ecr_registry_url_monitoring ecr_registry_url_api = var.ecr_registry_url_api public_subnet_ids = module.network.public_ecs_subnet_ids ecs_security_group_id = module.network.ecs_security_group_id diff --git a/terraform/modules/ECS/main.tf b/terraform/modules/ECS/main.tf index 20321bc..b4a874d 100644 --- a/terraform/modules/ECS/main.tf +++ b/terraform/modules/ECS/main.tf @@ -87,6 +87,25 @@ resource "aws_ecs_task_definition" "service_admin" { { name = "DB_PASSWORD", valueFrom = var.db_password_ssm_arn }, { name = "APP_KEY", valueFrom = var.app_key_admin_ssm_arn }, ] + }, + { + name = "monitoring" + image = "${var.ecr_registry_url_monitoring}:latest" + cpu = 256 + memory = 512 + essential = false + portMappings = [ + { + containerPort = 3000, + hostPort = 3000, + protocol = "tcp" + }, + { + containerPort = 9090, + hostPort = 9090, + protocol = "tcp" + } + ] } ]) @@ -165,6 +184,14 @@ chmod 755 /ecs/service-storage echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config systemctl enable --now amazon-ecs-agent + +# Start cAdvisor +systemctl enable --now docker +docker run -d --name cadvisor --privileged --restart=always \ + -v /:/rootfs:ro -v /var/run:/var/run:ro -v /sys:/sys:ro \ + -v /var/lib/docker/:/var/lib/docker:ro \ + -p 8083:8080 \ + gcr.io/cadvisor/cadvisor:v0.55.1 EOF ) } diff --git a/terraform/modules/ECS/variables.tf b/terraform/modules/ECS/variables.tf index 9f1c08d..7735fc9 100644 --- a/terraform/modules/ECS/variables.tf +++ b/terraform/modules/ECS/variables.tf @@ -10,6 +10,11 @@ variable "ecr_registry_url_api" { type = string } +variable "ecr_registry_url_monitoring" { + type = string +} + + variable "public_subnet_ids" { description = "Private subnets for ECS ASG" type = list(string) diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf index bf7ce7a..427ff14 100644 --- a/terraform/modules/network/main.tf +++ b/terraform/modules/network/main.tf @@ -242,6 +242,45 @@ resource "aws_vpc_security_group_ingress_rule" "ecs_admin" { cidr_ipv4 = "0.0.0.0/0" } +# Grafana for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_grafana" { + security_group_id = aws_security_group.ecs.id + from_port = 3000 + to_port = 3000 + ip_protocol = "tcp" + cidr_ipv4 = "0.0.0.0/0" + + tags = { + Name = "${var.environment}-ecs-grafana" + } +} + +# Prometheus for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_prometheus" { + security_group_id = aws_security_group.ecs.id + from_port = 9090 + to_port = 9090 + ip_protocol = "tcp" + cidr_ipv4 = "0.0.0.0/0" + + tags = { + Name = "${var.environment}-ecs-prometheus" + } +} + +# cAdvisor for ECS +resource "aws_vpc_security_group_ingress_rule" "ecs_cadvisor" { + security_group_id = aws_security_group.ecs.id + referenced_security_group_id = aws_security_group.ecs.id + from_port = 8083 + to_port = 8083 + ip_protocol = "tcp" + + tags = { + Name = "${var.environment}-ecs-cadvisor" + } +} + resource "aws_vpc_security_group_egress_rule" "ecs_all" { security_group_id = aws_security_group.ecs.id ip_protocol = "-1" diff --git a/terraform/variables.tf b/terraform/variables.tf index cd3d137..585c71d 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -40,4 +40,9 @@ variable "ecr_registry_url_api" { variable "ecr_registry_url_admin" { description = "ECR registry URL where image will be pull image" type = string -} \ No newline at end of file +} + +variable "ecr_registry_url_monitoring" { + description = "ECR registry URL for monitoring stack image" + type = string +} From 72dcee1a3973557de34597a185805dcb539a6492 Mon Sep 17 00:00:00 2001 From: Chaudhry Haris Date: Mon, 11 May 2026 22:38:28 +0200 Subject: [PATCH 2/2] refactor(ecs): remove monitoring ECR URL and related configurations --- terraform/env/dev/terraform.tfvars | 1 - terraform/main.tf | 1 - terraform/modules/ECS/main.tf | 94 ++++++++++++++++++++++++------ terraform/modules/ECS/variables.tf | 5 -- terraform/variables.tf | 5 -- 5 files changed, 75 insertions(+), 31 deletions(-) diff --git a/terraform/env/dev/terraform.tfvars b/terraform/env/dev/terraform.tfvars index 454722e..563cd98 100644 --- a/terraform/env/dev/terraform.tfvars +++ b/terraform/env/dev/terraform.tfvars @@ -5,4 +5,3 @@ db_identifier = "gocyc-dev-postgres" db_name = "gocycdevpostgresrds" ecr_registry_url_api = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-api" ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin" -ecr_registry_url_monitoring = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-monitoring" diff --git a/terraform/main.tf b/terraform/main.tf index 90fc6b3..939a241 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -71,7 +71,6 @@ module "ecs" { source = "./modules/ECS" environment = var.environment ecr_registry_url_admin = var.ecr_registry_url_admin - ecr_registry_url_monitoring = var.ecr_registry_url_monitoring ecr_registry_url_api = var.ecr_registry_url_api public_subnet_ids = module.network.public_ecs_subnet_ids ecs_security_group_id = module.network.ecs_security_group_id diff --git a/terraform/modules/ECS/main.tf b/terraform/modules/ECS/main.tf index b4a874d..a1301e4 100644 --- a/terraform/modules/ECS/main.tf +++ b/terraform/modules/ECS/main.tf @@ -1,3 +1,78 @@ +locals { + prometheus_yml = <<-YAML + global: + scrape_interval: 15s + + scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'cadvisor' + static_configs: + - targets: + - '${var.api_host_private_ip}:8083' + - '${var.admin_host_private_ip}:8083' + YAML + + compose_yml = <<-YAML + name: monitoring + + services: + prometheus: + image: prom/prometheus:v3.11.3 + restart: unless-stopped + volumes: + - /opt/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro + - prometheus_data:/prometheus + ports: + - "9090:9090" + + grafana: + image: grafana/grafana:13.0.1 + restart: unless-stopped + environment: + - GF_SECURITY_ADMIN_PASSWORD=${var.grafana_admin_password} + volumes: + - grafana_data:/var/lib/grafana + ports: + - "3000:3000" + + volumes: + prometheus_data: + grafana_data: + YAML + + user_data = <<-EOF +#!/bin/bash +set -eux + +# ECS Configuration +mkdir -p /ecs/service-storage +chmod 755 /ecs/service-storage + +echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config +echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config +systemctl enable --now amazon-ecs-agent + +# Monitoring Stack Setup +mkdir -p /usr/local/lib/docker/cli-plugins +curl -fsSL https://github.com/docker/compose/releases/download/v2.30.3/docker-compose-linux-x86_64 \ + -o /usr/local/lib/docker/cli-plugins/docker-compose +chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + +mkdir -p /opt/monitoring +cat > /opt/monitoring/prometheus.yml <<'PROM' +${local.prometheus_yml} +PROM +cat > /opt/monitoring/docker-compose.yml <<'COMPOSE' +${local.compose_yml} +COMPOSE + +cd /opt/monitoring && docker compose up -d +EOF +} + data "aws_ssm_parameter" "ecs_node_ami" { name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id" } @@ -87,25 +162,6 @@ resource "aws_ecs_task_definition" "service_admin" { { name = "DB_PASSWORD", valueFrom = var.db_password_ssm_arn }, { name = "APP_KEY", valueFrom = var.app_key_admin_ssm_arn }, ] - }, - { - name = "monitoring" - image = "${var.ecr_registry_url_monitoring}:latest" - cpu = 256 - memory = 512 - essential = false - portMappings = [ - { - containerPort = 3000, - hostPort = 3000, - protocol = "tcp" - }, - { - containerPort = 9090, - hostPort = 9090, - protocol = "tcp" - } - ] } ]) diff --git a/terraform/modules/ECS/variables.tf b/terraform/modules/ECS/variables.tf index 7735fc9..9f1c08d 100644 --- a/terraform/modules/ECS/variables.tf +++ b/terraform/modules/ECS/variables.tf @@ -10,11 +10,6 @@ variable "ecr_registry_url_api" { type = string } -variable "ecr_registry_url_monitoring" { - type = string -} - - variable "public_subnet_ids" { description = "Private subnets for ECS ASG" type = list(string) diff --git a/terraform/variables.tf b/terraform/variables.tf index 585c71d..ed61cf2 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -41,8 +41,3 @@ variable "ecr_registry_url_admin" { description = "ECR registry URL where image will be pull image" type = string } - -variable "ecr_registry_url_monitoring" { - description = "ECR registry URL for monitoring stack image" - type = string -}