Skip to content

Latest commit

 

History

History

ecs

Polytomic On ECS Fargate

This module will all the necessary configuration to run a Polytomic On ECS Fargate. Using the architecture outlined in the image below.

Usage

To run this example you need to execute:

$ terraform init
$ terraform plan
$ terraform apply

Architecture

arch

Examples

Complete

provider "aws" {
  region = "us-east-1"
}

module "polytomic-ecs" {
  source = "github.com/polytomic/on-premises/terraform/modules/ecs"

  prefix = "polytomic"
  tags = {
    Owner       = "polytomic"
    Environment = "staging"
    Billing     = "R/D"
  }

  region = "us-east-1"

  ####### Polytomic settings #######
  polytomic_image = "568237466542.dkr.ecr.us-west-2.amazonaws.com/polytomic-onprem:latest"

  polytomic_root_user          = "[email protected]"
  polytomic_deployment         = "DEPLOYMENT"
  polytomic_deployment_key     = "DEPLOYMENT_KEY"
  polytomic_deployment_api_key = "DEPLOYMENT_API_KEY"

  polytomic_google_client_id     = "GOOGLE_ID"
  polytomic_google_client_secret = "GOOGLE_SECRET"
  polytomic_url                  = ""

  polytomic_single_player       = false
  polytomic_bootstrap           = true
  polytomic_record_log_disabled = false

  # valid values are debug, info, warn, error; the default is info
  polytomic_log_level = "info"

  # enable periodically writing stats to S3
  enable_stats = true


  alert_emails = ["[email protected]"]
  aws_profile  = "default"

  enable_monitoring = true

  extra_environment = {
    FOO = "BAR"
  }


  ####### VPC settings #######
  #
  # Use this to set the VPC ID to use for the VPC.
  # If not set, the VPC will be created.
  # vpc_id = "vpc-123456789"
  vpc_id             = ""
  private_subnet_ids = []
  public_subnet_ids  = []
  #
  # New VPC settings
  vpc_cidr            = "10.0.0.0/16"
  vpc_azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
  vpc_private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  vpc_public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]


  ####### ECS settings #######
  #
  # Use this if you want to use an existing ECS cluster.
  # If not set, a new ECS cluster will be created.
  # ecs_cluster_name = "my-ecs-cluster"
  ecs_cluster_name = ""


  ####### Redis settings #######
  #
  # Use this if you already have a Redis endpoint set up.
  # If left blank, we'll create a new Redis instance for you using the settings below.
  # redis_endpoint = redis://:password@host:6379/"
  redis_endpoint = ""
  #
  # New Redis instance settings
  redis_cluster_size = 1

  redis_port           = 6379
  redis_instance_type  = "cache.t2.micro"
  redis_engine_version = "6.2"
  redis_family         = "redis6.x"

  redis_at_rest_encryption_enabled = true
  redis_transit_encryption_enabled = true


  redis_maintenance_window       = "mon:03:00-mon:04:00"
  redis_snapshot_window          = "04:00-06:00"
  redis_snapshot_retention_limit = 7

  ####### Database settings #######
  #
  # Use this if you already have a database endpoint set up.
  # If left blank, we'll create a new database instance for you using the settings below.
  # database_endpoint = "postgres://user:password@host:port/database"
  database_endpoint = ""
  #
  # New database instance settings
  database_username             = "polytomic"
  database_name                 = "polytomic"
  database_port                 = 5432
  database_engine               = "postgres"
  database_engine_version       = "14.1"
  database_family               = "postgres14"
  database_major_engine_version = "14"
  database_instance_class       = "db.t3.small"

  database_multi_az              = true
  database_allocated_storage     = 20
  database_max_allocated_storage = 100
  database_backup_retention      = 30
  database_maintenance_window    = "Mon:00:00-Mon:03:00"
  database_backup_window         = "03:00-06:00"
  database_skip_final_snapshot   = false
  database_deletion_protection   = false


  database_enabled_cloudwatch_logs_exports       = ["postgresql", "upgrade"]
  database_create_cloudwatch_log_group           = false
  database_performance_insights_enabled          = true
  database_performance_insights_retention_period = 7

  database_create_monitoring_role = true
  database_monitoring_interval    = 60
  database_monitoring_role_name   = "monitoring-role"
}

Minimal

provider "aws" {
  region = "us-east-1"
}

module "polytomic-ecs" {
  source = "github.com/polytomic/on-premises//terraform/modules/ecs?ref=v1.0.0"

  prefix = "polytomic"
  region = "us-east-1"

  ####### Polytomic settings #######
  polytomic_image = "568237466542.dkr.ecr.us-west-2.amazonaws.com/polytomic-onprem:latest"

  polytomic_root_user      = "[email protected]"
  polytomic_deployment     = "DEPLOYMENT"
  polytomic_deployment_key = "DEPLOYMENT_KEY"

  polytomic_google_client_id     = "GOOGLE_ID"
  polytomic_google_client_secret = "GOOGLE_SECRET"

}

Requirements

Name Version
terraform >= 1.0
aws >= 4.0
null >= 3.0
random >= 3.0

Providers

Name Version
aws >= 4.0
null >= 3.0
random >= 3.0

Resources

Name Type
aws_alb.main resource
aws_alb_listener.http resource
aws_alb_target_group.polytomic resource
aws_cloudwatch_event_rule.oom resource
aws_cloudwatch_event_target.sns resource
aws_ecs_service.scheduler resource
aws_ecs_service.sync resource
aws_ecs_service.web resource
aws_ecs_service.worker resource
aws_ecs_task_definition.scheduler resource
aws_ecs_task_definition.stats_reporter resource
aws_ecs_task_definition.sync resource
aws_ecs_task_definition.web resource
aws_ecs_task_definition.worker resource
aws_iam_role.polytomic_ecs_execution_role resource
aws_iam_role.polytomic_ecs_task_role resource
aws_iam_role.polytomic_stats_reporter_role resource
aws_iam_role_policy.polytomic_ecs_execution_policy resource
aws_iam_role_policy.polytomic_ecs_task_policy resource
aws_iam_role_policy.polytomic_stats_reporter_policy resource
aws_kms_key.alerts resource
aws_secretsmanager_secret.task_secrets resource
aws_secretsmanager_secret_version.task_secrets_version resource
aws_sns_topic.alerts resource
aws_sns_topic_policy.oom resource
aws_sns_topic_subscription.alert_emails resource
aws_vpc_endpoint.s3 resource
null_resource.boostrap resource
null_resource.preflight resource
random_password.deployment_api_key resource
random_password.redis resource
aws_caller_identity.current data source
aws_ecs_cluster.cluster data source
aws_iam_policy_document.ecs_tasks_assume_role data source
aws_iam_policy_document.events_assume_role_policy data source
aws_iam_policy_document.oom_topic_policy data source
aws_iam_policy_document.polytomic_execution data source
aws_iam_policy_document.polytomic_stats_reporter data source
aws_iam_policy_document.polytomic_task data source
aws_subnet.subnet data source

Modules

Name Source Version
database terraform-aws-modules/rds/aws 5.9.0
database_sg terraform-aws-modules/security-group/aws ~> 4.0
ecs terraform-aws-modules/ecs/aws <5.0.0
ecs-alerts-worker ../monitoring/ecs-alerts n/a
ecs_log_groups terraform-aws-modules/cloudwatch/aws//modules/log-group ~> 3.0
efs cloudposse/efs/aws ~> 0.35.0
efs_sg terraform-aws-modules/security-group/aws ~> 4.0
elasticache-alerts ../monitoring/elasticache-alerts n/a
fargate_sg terraform-aws-modules/security-group/aws ~> 4.0
lb_sg terraform-aws-modules/security-group/aws ~> 4.0
log_group terraform-aws-modules/cloudwatch/aws//modules/log-group ~> 3.0
rds-alerts ../monitoring/rds-alerts n/a
redis umotif-public/elasticache-redis/aws n/a
s3_bucket terraform-aws-modules/s3-bucket/aws n/a
scheduled_task cn-terraform/ecs-fargate-scheduled-task/aws 1.0.22
vpc terraform-aws-modules/vpc/aws <5.0.0

Inputs

Name Description Type Default Required
additional_ecs_security_groups ECS security group ids list [] no
alert_emails Email addresses to send alerts to list(string) [] no
aws_profile AWS profile to use string "default" no
bucket_prefix Bucket prefix string "" no
database_allocated_storage Database allocated storage number 20 no
database_auto_minor_version_upgrade Database auto minor version upgrade bool false no
database_backup_retention Database backup retention number 30 no
database_backup_window Database backup window string "03:00-06:00" no
database_create_cloudwatch_log_group Database create cloudwatch log group bool true no
database_create_monitoring_role Database create monitoring role bool true no
database_deletion_protection Database deletion protection bool true no
database_enabled_cloudwatch_logs_exports Database enabled cloudwatch logs exports list
[
"postgresql",
"upgrade"
]
no
database_endpoint Database Endpoint string "" no
database_engine Database engine string "postgres" no
database_engine_version Database engine version string "14.15" no
database_family Database family string "postgres14" no
database_instance_class Database instance class string "db.t3.small" no
database_maintenance_window Database maintenance window string "Mon:00:00-Mon:03:00" no
database_major_engine_version Database major engine version string "14" no
database_max_allocated_storage Database max allocated storage number 100 no
database_monitoring_interval Database monitoring interval number 60 no
database_monitoring_role_name Database monitoring role name string "polytomic-monitoring-role" no
database_multi_az Multi-AZ database bool true no
database_name Database Name string "polytomic" no
database_performance_insights_enabled Database performance insights enabled bool true no
database_performance_insights_retention_period Database performance insights retention period number 7 no
database_port Database port number 5432 no
database_skip_final_snapshot Database skip final snapshot bool false no
database_username Database username string "polytomic" no
ecs_cluster_name ECS cluster name string "" no
ecs_enable_container_insights ECS enable container insights bool true no
enable_monitoring enable automatic monitoring bool false no
enable_stats enable automatic stats reporting bool false no
extra_environment Extra environment variables to pass to the containers map(string) {} no
extra_secrets Extra secrets that make it into the managed aws secret manager that get passed to the containers securely map(string) {} no
load_balancer_internal use internal load balancer bool false no
load_balancer_redirect_https enable https listener on load balancer bool false no
load_balancer_security_groups security groups for load balancer list(string) [] no
log_retention_days Cloudwatch log retention days number 120 no
polyotmic_efs_caching Enable EFS caching bool false no
polytomic_bootstrap Whether to bootstrap Polytomic bool false no
polytomic_data_path Filesystem path to local data cache string "/var/polytomic" no
polytomic_dd_agent_image Docker image to use for the Datadog agent string "568237466542.dkr.ecr.us-west-2.amazonaws.com/polytomic-dd-agent:latest" no
polytomic_deployment A unique identifier for your on premises deploy, provided by Polytomic string "" no
polytomic_deployment_api_key API key used to authenticate with the Polytomic management API string "" no
polytomic_deployment_key The license key for your deployment, provided by Polytomic string "" no
polytomic_deployment_links Additional links to display in the Polytomic navigation
list(object({
name = string
url = string
}))
[] no
polytomic_enabled_backends List of backends to enable list [] no
polytomic_ga_measurement_id Google Analytics Measurement ID string "" no
polytomic_google_client_id Google OAuth Client ID, obtained by creating a OAuth 2.0 Client ID string "" no
polytomic_google_client_secret Google OAuth Client Secret, obtained by creating a OAuth 2.0 Client ID string "" no
polytomic_image Docker image to use for the Polytomic ECS cluster string "568237466542.dkr.ecr.us-west-2.amazonaws.com/polytomic-onprem:latest" no
polytomic_legacy_config Use legacy configuration bool false no
polytomic_log_level The log level to use for Polytomic string "info" no
polytomic_logger_image Docker image to use for the Polytomic log aggregator string "568237466542.dkr.ecr.us-west-2.amazonaws.com/polytomic-vector:latest" no
polytomic_managed_logs Use managed logs bool false no
polytomic_mssql_tx_isolation Transaction isolation level for MSSQL connections string "" no
polytomic_port Port on which Polytomic is listening string "80" no
polytomic_preflight_check Whether to run a preflight check bool false no
polytomic_query_runner_exclude_dbs List of databases to exclude from query runner list [] no
polytomic_query_worker_count Number of query workers to use number 20 no
polytomic_record_log_disabled Globally disable record logging for this deployment bool false no
polytomic_resource_scheduler_cpu CPU units for the scheduler container number 1024 no
polytomic_resource_scheduler_memory Memory units for the scheduler container number 2048 no
polytomic_resource_sync_count Number of sync containers to run number 2 no
polytomic_resource_sync_cpu CPU units for the sync container number 4096 no
polytomic_resource_sync_memory Memory units for the sync container number 8192 no
polytomic_resource_sync_storage Ephemeral storage for the sync container number 21 no
polytomic_resource_web_cpu CPU units for the web container number 2048 no
polytomic_resource_web_memory Memory units for the web container number 4096 no
polytomic_resource_worker_cpu CPU units for the worker container number 2048 no
polytomic_resource_worker_memory Memory units for the worker container number 4096 no
polytomic_root_user The email address to use when starting for the first time; this user will be able to add additional users and configure Polytomic string "" no
polytomic_single_player Whether to use the single player mode bool false no
polytomic_sso_domain Domain for SSO users of first Polytomic workspace; ie, example.com. string "" no
polytomic_sync_logging_enabled Record execution logs for syncs performed via Polytomic bool true no
polytomic_tx_buffer_size Transaction buffer size for datalite cache number 50000 no
polytomic_url Base URL for accessing Polytomic. This will be used when redirecting back from Google and other integrations after authenticating with OAuth. string "" no
polytomic_use_dd_agent Use Datadog agent bool false no
polytomic_use_logger Use polytomic log aggregator bool true no
polytomic_workos_api_key The API key for the WorkOS account to use for Polytomic string "" no
polytomic_workos_client_id The WorkOS client ID string "" no
polytomic_workos_org_id WorkOS organization ID for workspace SSO string "" no
polytomic_workspace_name Name of first Polytomic workspace string "" no
prefix n/a any n/a yes
private_subnet_ids Private subnet IDs list [] no
public_subnet_ids Public subnet IDs list [] no
redis_at_rest_encryption_enabled Redis at rest encryption enabled string "true" no
redis_auth_token Redis auth token string "" no
redis_cluster_size Redis cluster size string "1" no
redis_endpoint Redis endpoint string "" no
redis_engine_version Redis engine version string "6.2" no
redis_family Redis family string "redis6.x" no
redis_instance_type Redis instance type string "cache.t2.micro" no
redis_maintenance_window Redis maintenance window string "mon:03:00-mon:04:00" no
redis_port Redis port number 6379 no
redis_snapshot_retention_limit Redis snapshot retention limit string "7" no
redis_snapshot_window Redis snapshot window string "04:00-06:00" no
redis_transit_encryption_enabled Redis transit encryption enabled string "true" no
region AWS region to use string "us-east-1" no
stats_cron Stats cron string "cron(0 0 * * ? *)" no
stats_format Output format for stats reporter string "json" no
tags A map of tags to add to all resources map(string) {} no
task_tags A map of tags to add to application-launched tasks map(string) {} no
vpc_azs VPC availability zones list
[
"us-east-1a",
"us-east-1b",
"us-east-1c"
]
no
vpc_cidr VPC CIDR string "10.0.0.0/16" no
vpc_id VPC ID string "" no
vpc_private_subnets VPC private subnets list
[
"10.0.1.0/24",
"10.0.2.0/24",
"10.0.3.0/24"
]
no
vpc_public_subnets VPC public subnets list
[
"10.0.101.0/24",
"10.0.102.0/24",
"10.0.103.0/24"
]
no

Outputs

Name Description
cluster_arn n/a
deploy_api_key API key used to authenticate with the Polytomic management API.
loadbalancer_arn n/a
loadbalancer_dns_name n/a
loadbalancer_zone_id n/a
override_sgs n/a
override_subnets n/a
override_task_definition n/a
target_group_arn n/a