Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

corrected target group reference from the infra stack #120

Merged
merged 1 commit into from
Nov 28, 2024
Merged

corrected target group reference from the infra stack #120

merged 1 commit into from
Nov 28, 2024

Conversation

kunduso
Copy link
Owner

@kunduso kunduso commented Nov 28, 2024

This PR closes #114

@kunduso kunduso self-assigned this Nov 28, 2024
@github-actions GitHub Actions
Copy link

💰 Infracost report

Monthly estimate increased by $79 📈

Changed project Baseline cost Usage cost* Total change New monthly cost
kunduso/add-aws-ecr-ecs-fargate/deploy/TFplan.JSON +$79 - +$79 $79

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

Estimate details 
Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: kunduso/add-aws-ecr-ecs-fargate/deploy/TFplan.JSON

+ aws_ecs_service.service
  +$79

    + Per GB per hour
      +$19

    + Per vCPU per hour
      +$59

Monthly cost change for kunduso/add-aws-ecr-ecs-fargate/deploy/TFplan.JSON
Amount:  +$79 ($0.00 → $79)

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

10 cloud resources were detected:
∙ 1 was estimated
∙ 9 were free

Infracost estimate: Monthly estimate increased by $79 ↑
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Changed project                                    ┃ Baseline cost ┃ Usage cost* ┃ Total change ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━╋━━━━━━━━━━━━━━┫
┃ kunduso/add-aws-ecr-ecs-fargate/deploy/TFplan.JSON ┃          +$79 ┃           - ┃         +$79 ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━┻━━━━━━━━━━━━━━┛
This comment will be updated when code changes.

@github-actions GitHub Actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Terraform Validation 🤖success

Show Plan 

terraform
data.aws_ssm_parameter.infra_output: Reading...
data.aws_caller_identity.current: Reading...
data.aws_caller_identity.current: Read complete after 0s [id=743794601996]
data.aws_ssm_parameter.infra_output: Read complete after 0s [id=/app-6/output]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ecs_service.service will be created
  + resource "aws_ecs_service" "service" {
      + cluster                            = (sensitive value)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 2
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "app-6"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (sensitive value)
          + subnets          = (sensitive value)
        }
    }

  # aws_ecs_task_definition.web_app will be created
  + resource "aws_ecs_task_definition" "web_app" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (sensitive value)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "app-6"
      + id                       = (known after apply)
      + memory                   = "3072"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }
    }

  # aws_iam_policy.ecr_access_policy will be created
  + resource "aws_iam_policy" "ecr_access_policy" {
      + arn         = (known after apply)
      + description = "Policy to allow ECR image pulling and KMS decryption"
      + id          = (known after apply)
      + name        = "ecr-access-policy"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ecr:GetAuthorizationToken",
                          + "ecr:BatchCheckLayerAvailability",
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:BatchGetImage",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ecr:us-east-2:076680484948:repository/*"
                    },
                  + {
                      + Action   = [
                          + "kms:Decrypt",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:kms:us-east-2:076680484948:key/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id   = (known after apply)
      + tags_all    = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
    }

  # aws_iam_policy.secrets_manager_read_policy will be created
  + resource "aws_iam_policy" "secrets_manager_read_policy" {
      + arn         = (known after apply)
      + description = "IAM policy for ECS Fargate to access Secrets Manager secrets and decrypt it."
      + id          = (known after apply)
      + name        = "app-6-ecs-fargate-secrets-manager-access"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = (sensitive value)
      + policy_id   = (known after apply)
      + tags_all    = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
    }

  # aws_iam_role.ecs_task_execution_role will be created
  + resource "aws_iam_role" "ecs_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "app-6-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # aws_iam_role.ecs_task_role will be created
  + resource "aws_iam_role" "ecs_task_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Condition = {
                          + ArnLike      = {
                              + "aws:SourceArn" = "arn:aws:ecs:us-east-2:743794601996:*"
                            }
                          + StringEquals = {
                              + "aws:SourceAccount" = "743794601996"
                            }
                        }
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "app-6-task-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = {
          + "Source" = "https://github.com/kunduso/add-aws-ecr-ecs-fargate"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # aws_iam_role_policy_attachment.attach_ecr_access_task_execution_role will be created
  + resource "aws_iam_role_policy_attachment" "attach_ecr_access_task_execution_role" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "app-6-task-execution-role"
    }

  # aws_iam_role_policy_attachment.attach_secrets_read_task_execution_role will be created
  + resource "aws_iam_role_policy_attachment" "attach_secrets_read_task_execution_role" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "app-6-task-execution-role"
    }

  # aws_iam_role_policy_attachment.attach_secrets_read_task_role will be created
  + resource "aws_iam_role_policy_attachment" "attach_secrets_read_task_role" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "app-6-task-role"
    }

  # aws_iam_role_policy_attachment.custom will be created
  + resource "aws_iam_role_policy_attachment" "custom" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
      + role       = "app-6-task-execution-role"
    }

Plan: 10 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: TFplan.JSON

To perform exactly these actions, run the following command to apply:
    terraform apply "TFplan.JSON"

Pushed by: @kunduso, Action: pull_request

@kunduso kunduso merged commit affc481 into main Nov 28, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kunduso kunduso

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Separate out the ECR repository into the Central AWS account
1 participant
@kunduso