Skip to content

Ecs patch monitoring #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SquidRings1 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Ecs patch monitoring #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0e702bf
feat(ecs): add monitoring module and update ECR configurations
SquidRings1 May 11, 2026
72dcee1
refactor(ecs): remove monitoring ECR URL and related configurations
SquidRings1 May 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 20 additions & 14 deletions bootstrap/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,22 @@
# module "s3" {
# source = "./modules/S3"
# environment = var.environment
# }
module "s3" {
source = "./modules/S3"
environment = var.environment
}

# module "ECR_admin" {
# source = "./modules/ECR"
# environment = var.environment
# repository_name = "gocyc-ecr-${var.environment}-admin"
# }
module "ECR_admin" {
source = "./modules/ECR"
environment = var.environment
repository_name = "gocyc-ecr-${var.environment}-admin"
}

# module "ECR_api" {
# source = "./modules/ECR"
# environment = var.environment
# repository_name = "gocyc-ecr-${var.environment}-api"
# }
module "ECR_api" {
source = "./modules/ECR"
environment = var.environment
repository_name = "gocyc-ecr-${var.environment}-api"
}

module "ECR_monitoring" {
source = "./modules/ECR"
environment = var.environment
repository_name = "gocyc-ecr-${var.environment}-monitoring"
}
2 changes: 1 addition & 1 deletion terraform/env/dev/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ environment = "dev"
db_identifier = "gocyc-dev-postgres"
db_name = "gocycdevpostgresrds"
ecr_registry_url_api = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-api"
ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin"
ecr_registry_url_admin = "873325492354.dkr.ecr.eu-west-3.amazonaws.com/gocyc-ecr-dev-admin"
83 changes: 83 additions & 0 deletions terraform/modules/ECS/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,78 @@
locals {
prometheus_yml = <<-YAML
global:
scrape_interval: 15s

scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']

- job_name: 'cadvisor'
static_configs:
- targets:
- '${var.api_host_private_ip}:8083'
- '${var.admin_host_private_ip}:8083'
YAML

compose_yml = <<-YAML
name: monitoring

services:
prometheus:
image: prom/prometheus:v3.11.3
restart: unless-stopped
volumes:
- /opt/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
- prometheus_data:/prometheus
ports:
- "9090:9090"

grafana:
image: grafana/grafana:13.0.1
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_PASSWORD=${var.grafana_admin_password}
volumes:
- grafana_data:/var/lib/grafana
ports:
- "3000:3000"

volumes:
prometheus_data:
grafana_data:
YAML

user_data = <<-EOF
#!/bin/bash
set -eux

# ECS Configuration
mkdir -p /ecs/service-storage
chmod 755 /ecs/service-storage

echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config
echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config
systemctl enable --now amazon-ecs-agent

# Monitoring Stack Setup
mkdir -p /usr/local/lib/docker/cli-plugins
curl -fsSL https://github.com/docker/compose/releases/download/v2.30.3/docker-compose-linux-x86_64 \
-o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose

mkdir -p /opt/monitoring
cat > /opt/monitoring/prometheus.yml <<'PROM'
${local.prometheus_yml}
PROM
cat > /opt/monitoring/docker-compose.yml <<'COMPOSE'
${local.compose_yml}
COMPOSE

cd /opt/monitoring && docker compose up -d
EOF
}

data "aws_ssm_parameter" "ecs_node_ami" {
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id"
}
Expand Down Expand Up @@ -165,6 +240,14 @@ chmod 755 /ecs/service-storage
echo "ECS_CLUSTER=${aws_ecs_cluster.main.name}" >> /etc/ecs/ecs.config
echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config
systemctl enable --now amazon-ecs-agent

# Start cAdvisor
systemctl enable --now docker
docker run -d --name cadvisor --privileged --restart=always \
-v /:/rootfs:ro -v /var/run:/var/run:ro -v /sys:/sys:ro \
-v /var/lib/docker/:/var/lib/docker:ro \
-p 8083:8080 \
gcr.io/cadvisor/cadvisor:v0.55.1
EOF
)
}
Expand Down
39 changes: 39 additions & 0 deletions terraform/modules/network/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,45 @@ resource "aws_vpc_security_group_ingress_rule" "ecs_admin" {
cidr_ipv4 = "0.0.0.0/0"
}

# Grafana for ECS
resource "aws_vpc_security_group_ingress_rule" "ecs_grafana" {
security_group_id = aws_security_group.ecs.id
from_port = 3000
to_port = 3000
ip_protocol = "tcp"
cidr_ipv4 = "0.0.0.0/0"

tags = {
Name = "${var.environment}-ecs-grafana"
}
}

# Prometheus for ECS
resource "aws_vpc_security_group_ingress_rule" "ecs_prometheus" {
security_group_id = aws_security_group.ecs.id
from_port = 9090
to_port = 9090
ip_protocol = "tcp"
cidr_ipv4 = "0.0.0.0/0"

tags = {
Name = "${var.environment}-ecs-prometheus"
}
}

# cAdvisor for ECS
resource "aws_vpc_security_group_ingress_rule" "ecs_cadvisor" {
security_group_id = aws_security_group.ecs.id
referenced_security_group_id = aws_security_group.ecs.id
from_port = 8083
to_port = 8083
ip_protocol = "tcp"

tags = {
Name = "${var.environment}-ecs-cadvisor"
}
}

resource "aws_vpc_security_group_egress_rule" "ecs_all" {
security_group_id = aws_security_group.ecs.id
ip_protocol = "-1"
Expand Down
2 changes: 1 addition & 1 deletion terraform/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ variable "ecr_registry_url_api" {
variable "ecr_registry_url_admin" {
description = "ECR registry URL where image will be pull image"
type = string
}
}