Forem: erozedguy The latest articles on Forem by erozedguy (@erozedguy). https://forem.com/erozedguy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F666650%2F27a87d83-a95c-40d1-8959-b5fa64827f3d.jpeg Forem: erozedguy https://forem.com/erozedguy en Install & Manage Amazon EKS Add-ons with Terraform erozedguy Sun, 30 Jan 2022 22:47:09 +0000 https://forem.com/aws-builders/install-manage-amazon-eks-add-ons-with-terraform-2dea https://forem.com/aws-builders/install-manage-amazon-eks-add-ons-with-terraform-2dea <h3> What is an Add-on in Amazon EKS ? </h3> <p>An add-on is software that provides supporting operational capabilities to Kubernetes applications, but is not specific to the application.<br> This includes software like observability agents or Kubernetes drivers that allow the cluster to interact with underlying AWS resources for networking, compute, and storage.</p> <blockquote> <p><strong>Reference:</strong> <a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html</a></p> </blockquote> <h3> Amazon EKS Add-ons </h3> <p><strong>Amazon VPC CNI</strong> <br> The Amazon VPC CNI add-on for Kubernetes is the networking plugin for pod networking in Amazon EKS clusters. The plugin is responsible for allocating VPC IP addresses to Kubernetes nodes and configuring the necessary networking for pods on each node.</p> <blockquote> <p>Reference: <a href="https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html</a></p> </blockquote> <p><strong>CoreDNS</strong><br> CoreDNS is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS. When you launch an Amazon EKS cluster with at least one node, two replicas of the CoreDNS image are deployed by default, regardless of the number of nodes deployed in your cluster. The CoreDNS pods provide name resolution for all pods in the cluster. </p> <blockquote> <p>Reference: <a href="https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html</a></p> </blockquote> <p><strong>kube-proxy</strong><br> Kube-proxy maintains network rules on each Amazon EC2 node. It enables network communication to your pods.</p> <blockquote> <p>Reference: <a href="https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html</a></p> </blockquote> <p><strong>Amazon EBS CSI</strong><br> The Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver allows Amazon Elastic Kubernetes Service (Amazon EKS) clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes.</p> <blockquote> <p>Reference: <a href="https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html</a><br> <a href="https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html</a></p> </blockquote> <p>Amazon EKS automatically installs self-managed add-ons such as the <strong>Amazon VPC CNI</strong>, <strong>kube-proxy</strong>, and <strong>CoreDNS</strong> for every cluster, but you can change the default configuration of the add-ons and update them when desired.</p> <blockquote> <p><strong>Amazon EBS CSI Driver</strong> is now available as an Add-on. This Add-on is in preview version with some limitations and inconsistencies. For this reason, its use in Production is not recommended.</p> </blockquote> <p>This post will show the step by step how to install the Add-ons with terraform</p> <h3> Prerequisites </h3> <ul> <li>Amazon EKS cluster running Kubernetes version 1.18 and later</li> </ul> <blockquote> <p>To create an EKS cluster you can check this post <a href="https://dev.to/aws-builders/creating-an-eks-cluster-and-node-group-with-terraform-1lf6">https://dev.to/aws-builders/creating-an-eks-cluster-and-node-group-with-terraform-1lf6</a></p> </blockquote> <ul> <li>AWS CLI installed </li> </ul> <blockquote> <p><a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" rel="noopener noreferrer">https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html</a></p> </blockquote> <ul> <li>An IAM role with the <strong>AmazonEKS_CNI_Policy</strong> attached to it</li> </ul> <h3> STEPS </h3> <h4> Step 01 - Get the version of each Add-on </h4> <p>To know the all version of each Add-on we can use AWS CLI to describe all information about the Add-ons</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">aws</span> <span class="nx">eks</span> <span class="nx">describe</span><span class="o">-</span><span class="nx">addon</span><span class="o">-</span><span class="nx">versions</span> <span class="o">&gt;</span> <span class="nx">addons</span><span class="p">.</span><span class="nx">json</span> </code></pre> </div> <p>This command allows to describe all add-on versions and for more confort we can save the output in a JSON file</p> <p>The resulting JSON file will be like this</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="p">{</span> <span class="dl">"</span><span class="s2">addons</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">addonName</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">kube-proxy</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">networking</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">addonVersions</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">addonVersion</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">v1.21.2-eksbuild.2</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">architecture</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">amd64</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">arm64</span><span class="dl">"</span> <span class="p">],</span> <span class="dl">"</span><span class="s2">compatibilities</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">clusterVersion</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1.21</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">platformVersions</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">],</span> <span class="dl">"</span><span class="s2">defaultVersion</span><span class="dl">"</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">]</span> <span class="p">},</span> <span class="p">...</span> </code></pre> </div> <p>This JSON file contains all information about the EKS cluster Add-ons, like <strong>name</strong>, <strong>type</strong>, <strong>compatibilities</strong>, etc.</p> <p>Take a note of each add-on version to specify them in the terraform code, according to the cluster version</p> <h4> Step 02 - Create the terraform code </h4> <p>First, We can create a variable of the type <strong>list(object())</strong> to specify all names and versions of each Add-ons, based on the information that we get from the JSON file obtained in the last step</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">addons</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nf">object</span><span class="p">({</span> <span class="nx">name</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">version</span> <span class="o">=</span> <span class="nx">string</span> <span class="p">}))</span> <span class="k">default</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">kube-proxy</span><span class="dl">"</span> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">v1.21.2-eksbuild.2</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">vpc-cni</span><span class="dl">"</span> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">v1.10.1-eksbuild.1</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">coredns</span><span class="dl">"</span> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">v1.8.4-eksbuild.1</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">aws-ebs-csi-driver</span><span class="dl">"</span> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">v1.4.0-eksbuild.preview</span><span class="dl">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>The AWS Provider for Terraform has a specific resource to install and manage the Add-ons.</p> <p>Using a <code>for_each</code> statement we can iterate all information in the <code>addons</code> variable</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_eks_addon</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">addons</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">for_each</span> <span class="o">=</span> <span class="p">{</span> <span class="k">for</span> <span class="nx">addon</span> <span class="k">in</span> <span class="kd">var</span><span class="p">.</span><span class="na">addons</span> <span class="p">:</span> <span class="nx">addon</span><span class="p">.</span><span class="nx">name</span> <span class="o">=&gt;</span> <span class="nx">addon</span> <span class="p">}</span> <span class="nx">cluster_name</span> <span class="o">=</span> <span class="nx">aws_eks_cluster</span><span class="p">.</span><span class="nx">eks</span><span class="o">-</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">id</span> <span class="nx">addon_name</span> <span class="o">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">name</span> <span class="nx">addon_version</span> <span class="o">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">version</span> <span class="nx">resolve_conflicts</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">OVERWRITE</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <h4> Step 03 - Apply the terraform code </h4> <p>To apply the new resource we can use </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> terraform apply -auto-approve </code></pre> </div> <p>Once the installation is finished, we can check the add-ons using the UI</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmkgsutssmxf70x5rqgoz.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmkgsutssmxf70x5rqgoz.PNG" alt="EKS Add-ons"></a></p> <p>The installation was successful so we can see the <code>Status</code> of each Add-on is <code>Active</code></p> <p>Another way to check that everything is can be using <code>kubectl</code></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> kubectl get po -n kube-system </code></pre> </div> <p>With this command we can check if the pods of each Add-on are running </p> aws terraform kubernetes Creating an EKS Cluster and Node Group with Terraform erozedguy Sat, 15 Jan 2022 16:41:23 +0000 https://forem.com/aws-builders/creating-an-eks-cluster-and-node-group-with-terraform-1lf6 https://forem.com/aws-builders/creating-an-eks-cluster-and-node-group-with-terraform-1lf6 <h3> DESCRIPTION </h3> <p>In this post I'm gonna explain how to deploy an EKS Cluster and EC2 node group using Terraform for the purpose<br> The Architecture consists of a VPC with 2 public subnets and 2 private subnets in different Availability Zones. Each public subnet contains a nat gateway that allows private subnets to access the Internet.<br> The EKS nodes will be create in the private subnets. The nodes are EC2 t3-micro instances managed by EKS </p> <blockquote> <p><strong>About EKS:</strong> <a href="https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html</a></p> </blockquote> <h3> ARCHITECTURE </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcp8bxvvknzy6k7js7bi4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcp8bxvvknzy6k7js7bi4.png" alt="eks"></a></p> <h3> CODE </h3> <blockquote> <p>GITHUB repository: <a href="https://github.com/erozedguy/Terraform-EKS-Cluster-with-Node-Group" rel="noopener noreferrer">https://github.com/erozedguy/Terraform-EKS-Cluster-with-Node-Group</a></p> </blockquote> <h3> DEVELOPMENT </h3> <h4> STEP 01 - Provide Networking part </h4> <p>I'm using my own terraform module to create the vpc, subnets, internet gateway, nat gateways etc</p> <blockquote> <p>AWS_VPC module: <a href="https://github.com/erozedguy/AWS-VPC-terraform-module" rel="noopener noreferrer">https://github.com/erozedguy/AWS-VPC-terraform-module</a></p> </blockquote> <h4> Module's usage </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">module</span> <span class="dl">"</span><span class="s2">aws_vpc</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">source</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">github.com/erozedguy/AWS-VPC-terraform-module.git</span><span class="dl">"</span> <span class="nx">networking</span> <span class="o">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">networking</span> <span class="nx">security_groups</span> <span class="o">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">security_groups</span> <span class="p">}</span> </code></pre> </div> <h4> Variables for the module </h4> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">networking</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nf">object</span><span class="p">({</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">vpc_name</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">azs</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">public_subnets</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">private_subnets</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">nat_gateways</span> <span class="o">=</span> <span class="nx">bool</span> <span class="p">})</span> <span class="k">default</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">10.0.0.0/16</span><span class="dl">"</span> <span class="nx">vpc_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">terraform-vpc</span><span class="dl">"</span> <span class="nx">azs</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">us-east-1a</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">us-east-1b</span><span class="dl">"</span><span class="p">]</span> <span class="nx">public_subnets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">10.0.1.0/24</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">10.0.2.0/24</span><span class="dl">"</span><span class="p">]</span> <span class="nx">private_subnets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">10.0.3.0/24</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">10.0.4.0/24</span><span class="dl">"</span><span class="p">]</span> <span class="nx">nat_gateways</span> <span class="o">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">security_groups</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nf">object</span><span class="p">({</span> <span class="nx">name</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">ingress</span> <span class="o">=</span> <span class="nf">object</span><span class="p">({</span> <span class="nx">description</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="nx">string</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="nx">number</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="nx">number</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">})</span> <span class="p">}))</span> <span class="k">default</span> <span class="o">=</span> <span class="p">[{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ssh</span><span class="dl">"</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Port 22</span><span class="dl">"</span> <span class="nx">ingress</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow SSH access</span><span class="dl">"</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tcp</span><span class="dl">"</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="nx">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="kc">null</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">}</span> </code></pre> </div> <h4> STEP 03 - IAM ROLES </h4> <h5> EKS Cluster Role </h5> <p>Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service. That's why I create this role</p> <blockquote> <p>References: <a href="https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html</a></p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">EKSClusterRole</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">EKSClusterRole</span><span class="dl">"</span> <span class="nx">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span> <span class="nx">Statement</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">sts:AssumeRole</span><span class="dl">"</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Principal</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">eks.amazonaws.com</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h5> NODE GROUP ROLE </h5> <p>The Amazon EKS node kubelet daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched.</p> <blockquote> <p>References: <a href="https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html</a></p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">NodeGroupRole</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">EKSNodeGroupRole</span><span class="dl">"</span> <span class="nx">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span> <span class="nx">Statement</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">sts:AssumeRole</span><span class="dl">"</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Principal</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ec2.amazonaws.com</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h5> ATTACH MANAGED IAM POLICIES TO IAM ROLES </h5> <p>This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role_policy_attachment</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">AmazonEKSClusterPolicy</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">policy_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">arn:aws:iam::aws:policy/AmazonEKSClusterPolicy</span><span class="dl">"</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">EKSClusterRole</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> </code></pre> </div> <p>This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role_policy_attachment</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">AmazonEKSWorkerNodePolicy</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">policy_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy</span><span class="dl">"</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">NodeGroupRole</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> </code></pre> </div> <p>Provides read-only access to Amazon EC2 Container Registry repositories.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role_policy_attachment</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">AmazonEC2ContainerRegistryReadOnly</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">policy_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly</span><span class="dl">"</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">NodeGroupRole</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> </code></pre> </div> <p>This policy provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IP address configuration on your EKS worker nodes. This permission set allows the CNI to list, describe, and modify Elastic Network Interfaces on your behalf</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role_policy_attachment</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">AmazonEKS_CNI_Policy</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">policy_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy</span><span class="dl">"</span><br> <span class="nx">role</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">NodeGroupRole</span><span class="p">.</span><span class="nx">name</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> STEP 04 - Create EKS Cluster<br> </h3> <p>You must to set up the arn of the IAM cluster role, kubernetes version and vpc configuration</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_eks_cluster</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">eks-cluster</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">eks-cluster</span><span class="dl">"</span><br> <span class="nx">role_arn</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">EKSClusterRole</span><span class="p">.</span><span class="nx">arn</span><br> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">1.21</span><span class="dl">"</span></p> <p><span class="nx">vpc_config</span> <span class="p">{</span><br> <span class="nx">subnet_ids</span> <span class="o">=</span> <span class="nf">flatten</span><span class="p">([</span> <span class="nx">module</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">public_subnets_id</span><span class="p">,</span> <span class="nx">module</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">private_subnets_id</span> <span class="p">])</span><br> <span class="nx">security_group_ids</span> <span class="o">=</span> <span class="nf">flatten</span><span class="p">(</span><span class="nx">module</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">security_groups_id</span><span class="p">)</span><br> <span class="p">}</span></p> <p><span class="nx">depends_on</span> <span class="o">=</span> <span class="p">[</span><br> <span class="nx">aws_iam_role_policy_attachment</span><span class="p">.</span><span class="nx">AmazonEKSClusterPolicy</span><br> <span class="p">]</span><br> <span class="p">}</span></p> </code></pre> </div> <h4> <br> <br> <br> NODE GROUP<br> </h4> <p>To create and run PODS we need a infrastructure. We can select between EC2 instances (worker nodes) or FARGATE.<br> For this implementation I'm gonna provide EC2 "t3-micro" instances as worker nodes to run the PODS<br> For an isolated infrastructure and more security, the best practice is to create your worker nodes in private subnets.<br> We must provide the required information about the AMI, intance type, capacity type, disk size to create the worker nodes and also scaling configuration to specify the desired, max and min size of worker nodes</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_eks_node_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">node-ec2</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">cluster_name</span> <span class="o">=</span> <span class="nx">aws_eks_cluster</span><span class="p">.</span><span class="nx">eks</span><span class="o">-</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">name</span><br> <span class="nx">node_group_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">t3_micro-node_group</span><span class="dl">"</span><br> <span class="nx">node_role_arn</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">NodeGroupRole</span><span class="p">.</span><span class="nx">arn</span><br> <span class="nx">subnet_ids</span> <span class="o">=</span> <span class="nf">flatten</span><span class="p">(</span> <span class="nx">module</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">private_subnets_id</span> <span class="p">)</span></p> <p><span class="nx">scaling_config</span> <span class="p">{</span><br> <span class="nx">desired_size</span> <span class="o">=</span> <span class="mi">2</span><br> <span class="nx">max_size</span> <span class="o">=</span> <span class="mi">3</span><br> <span class="nx">min_size</span> <span class="o">=</span> <span class="mi">1</span><br> <span class="p">}</span></p> <p><span class="nx">ami_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AL2_x86_64</span><span class="dl">"</span><br> <span class="nx">instance_types</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">t3.micro</span><span class="dl">"</span><span class="p">]</span><br> <span class="nx">capacity_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ON_DEMAND</span><span class="dl">"</span><br> <span class="nx">disk_size</span> <span class="o">=</span> <span class="mi">20</span></p> <p><span class="nx">depends_on</span> <span class="o">=</span> <span class="p">[</span><br> <span class="nx">aws_iam_role_policy_attachment</span><span class="p">.</span><span class="nx">AmazonEKSWorkerNodePolicy</span><span class="p">,</span><br> <span class="nx">aws_iam_role_policy_attachment</span><span class="p">.</span><span class="nx">AmazonEC2ContainerRegistryReadOnly</span><span class="p">,</span><br> <span class="nx">aws_iam_role_policy_attachment</span><span class="p">.</span><span class="nx">AmazonEKS_CNI_Policy</span><br> <span class="p">]</span><br> <span class="p">}</span></p> </code></pre> </div> <h4> <br> <br> <br> USAGE<br> </h4> <br> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">terraform</span> <span class="nx">init</span><br> <span class="nx">terraform</span> <span class="nx">validate</span><br> <span class="nx">terraform</span> <span class="nx">plan</span><br> <span class="nx">terraform</span> <span class="nx">apply</span> <span class="o">-</span><span class="nx">auto</span><span class="o">-</span><span class="nx">approve</span></p> </code></pre> </div> <h3> <br> <br> <br> STEP 05 - Check Cluster &amp; Node Group Creation<br> </h3> <p>Check if the node gruoup was created using AWS Console<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn633wmtoscaqdj2eq9k3.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn633wmtoscaqdj2eq9k3.PNG" alt="node group"></a></p> <p>Create or update the <code>kubeconfig</code> for Amazon EKS<br> For this purpose use this command:</p> <blockquote> <p><code>aws eks update-kubeconfig --region &lt;region-code&gt; --name &lt;cluster-name&gt;</code></p> </blockquote> <p>Replace <code>&lt;region-code&gt;</code> with you respective region, example <code>us-east-1</code><br> and <code>&lt;cluster-name</code> with your cluster's name</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzyoxc3vcexs84mhwdjz.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzyoxc3vcexs84mhwdjz.PNG" alt="kubeconfig"></a></p> <p>Check node using <code>kubectl</code><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6urhxthouv5gqy4prq8k.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6urhxthouv5gqy4prq8k.PNG" alt="check nodes"></a></p> <blockquote> <p><strong>Documentation:</strong> <a href="https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html</a></p> </blockquote> aws terraform kubernetes Getting Started with Amazon EKS: Basics and guide to create your first POD erozedguy Tue, 17 Aug 2021 16:55:25 +0000 https://forem.com/erozedguy/getting-started-with-amazon-eks-basics-and-guide-to-create-your-first-pod-gkl https://forem.com/erozedguy/getting-started-with-amazon-eks-basics-and-guide-to-create-your-first-pod-gkl <h3> 1. What is Amazon EKS? </h3> <p>Is a managed service to run Kubernetes on AWS without needing to install, operate and maintain the insfrastructure.</p> <blockquote> <p><strong>References</strong>:</p> <ul> <li><a href="https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html</a></li> <li><a href="https://kubernetes.io/es/docs/home/" rel="noopener noreferrer">https://kubernetes.io/es/docs/home/</a></li> </ul> </blockquote> <h3> 2. Important Concepts </h3> <h4> 2.1 EKS Control Plane </h4> <ul> <li>Consists of control plane nodes that run the Kubernetes Software, such as <code>etcd</code> and the kubernetes API server.</li> <li>Control Plane infrastructure is not shared across cluster or AWS accounts</li> <li>The control plane exposes a public endpoint so that clients and nodes can communicate with the cluster.</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzx0ws6ju2iqbxyd78i77.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzx0ws6ju2iqbxyd78i77.PNG" alt="control plane"></a></p> <blockquote> <p><strong>References</strong>:</p> <ul> <li><a href="https://docs.aws.amazon.com/eks/latest/userguide/clusters.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/clusters.html</a></li> <li><a href="https://www.eksworkshop.com/010_introduction/architecture/architecture_control/" rel="noopener noreferrer">https://www.eksworkshop.com/010_introduction/architecture/architecture_control/</a></li> </ul> </blockquote> <h4> 2.2 Worker Nodes &amp; Node Groups </h4> <ul> <li>Workers nodes are EC2 intances <ul> <li>Run the applications workloads</li> </ul> </li> <li>Node Groups are groups of EC2 intances that are provisioned as part of an EC2 autoscaling group</li> <li>Connect to the control plane via API server endpoint</li> </ul> <p><strong>Considerations:</strong></p> <ul> <li>All EC2 instances must be the same type</li> <li>Be running the same AMI</li> <li>Use the same EKS worker node IAM role </li> </ul> <blockquote> <p><strong>Reference</strong>: <a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-compute.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/eks-compute.html</a></p> </blockquote> <h4> 2.3 VPC </h4> <ul> <li>Control plane components cannot view or receive communications from other cluster or another AWS accounts, except as authorized with Kubernetes RBAC policies</li> <li>VPCs and subnets must be tagged appropriately, so that Kubernetes knows that it can use them for deploying resources, such as load balancers</li> <li>Amazon EKS creates and manages network interfaces in your account</li> <li>Fargate PODS are deployed to private subnets only</li> </ul> <blockquote> <p><strong>Reference</strong>: <a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-networking.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/eks-networking.html</a></p> </blockquote> <h4> 2.4 Fargate Profiles </h4> <ul> <li>The Fargate profile allows an administrator to declare which pods run on Fargate</li> <li>Each POD running on Fargate is isolated of the other resources and does not share the underlying kernel, CPU resources, memory or elastic network interface with another POD</li> <li>AWS built fargate controller that recognizes the PODS that belong to fargate and schedules the on FARGATE PROFILES</li> </ul> <blockquote> <p><strong>Reference</strong>: <a href="https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html</a></p> </blockquote> <h3> 3. Creating an EKS cluster </h3> <h4> PREREQUISITES </h4> <p>Install and configure AWS CLI</p> <blockquote> <p><strong>References</strong>: </p> <ul> <li><a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html" rel="noopener noreferrer">https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html</a></li> <li><a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html" rel="noopener noreferrer">https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html</a></li> </ul> </blockquote> <p>Install <code>eksctl</code></p> <blockquote> <p><strong>Reference</strong>: <a href="https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html</a></p> </blockquote> <p>Install <code>kubectl</code></p> <blockquote> <p><strong>Reference</strong>: <a href="https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html" rel="noopener noreferrer">https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html</a></p> </blockquote> <h4> 3.1 Create EKS Cluster with <code>eksctl</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create cluster --name &lt;my-cluster&gt; \ --version &lt;1.21&gt; \ --region &lt;region&gt; \ -- zones &lt;az1,az2...&gt;\ --without-nodegroup </code></pre> </div> <ul> <li>Check the cluster in our AWS account </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl get cluster </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fydtdvd8obmvyz9oyrldr.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fydtdvd8obmvyz9oyrldr.PNG" alt="get_cluster"></a></p> <h4> 3.2 Create and associate IAM OIDC Provider for EKS Cluster </h4> <p>With this feature, you can manage user access to your cluster by leveraging existing identity management life cycle through your OIDC identity provider.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl utils associate-iam-oidc-provider --region &lt;region-code&gt; \ --cluster &lt;cluter-name&gt; \ --approve </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fns6st26tkl8o3xf9uaab.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fns6st26tkl8o3xf9uaab.PNG" alt="oidc"></a></p> <h4> 3.3 Create a EC2 key pair with <code>AWS Management Console</code> </h4> <ul> <li>For this step you must use the AWS Management Console in your web browser</li> </ul> <blockquote> <p><strong>NOTE</strong>: When we use <code>eksctl</code> to create an EKS cluster, automatically are created public and private subnets, NAT Gateways, Cluster service Role, security group and more resources required for our eks cluster are automatically created</p> </blockquote> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhltgnxpn05qcaanmx7yg.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhltgnxpn05qcaanmx7yg.PNG" alt="subnets"></a></p> <h3> 4. Creating a NODE GROUP </h3> <h4> 4.1 Create Node Group with additional Add-Ons in Public Subnets </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create nodegroup --cluster &lt;CLUSTER_NAME&gt; \ --region &lt;REGION&gt; \ --name &lt;NAME_NODE_GROUP&gt; \ -node-type &lt;TYPE_EC2_INSTANCE&gt; \ --nodes &lt;#_EC2_INSTANCES&gt; \ --nodes-min &lt;MIN_NODES&gt; \ --nodes-max &lt;MAX_NODES&gt; \ --node-volume-size &lt;GB&gt;\ --ssh-access \ --ssh-public-key &lt;PUB_KEY&gt; \ --managed \ --asg-access \ --external-dns-access \ --full-ecr-access \ --appmesh-access \ --alb-ingress-access </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fig04bhh8byd369yw7kgr.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fig04bhh8byd369yw7kgr.PNG" alt="nodes"></a></p> <h4> 4.2 Check the nodes </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj6mggnulpr2t6vily6wp.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj6mggnulpr2t6vily6wp.PNG" alt="nodess"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvt96vqemuobo4bab3ihv.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvt96vqemuobo4bab3ihv.PNG" alt="ec2instances"></a></p> <h4> 4.3 Use <code>kubectl</code> to managed the EKS cluster </h4> <ul> <li>Check nodes </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl get nodes </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftuffhkwg7t1p6xumhfya.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftuffhkwg7t1p6xumhfya.PNG" alt="kubectl_nodes"></a></p> <ul> <li>Check Services </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl get services </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ioctg9zt099618uskix.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ioctg9zt099618uskix.PNG" alt="svc"></a></p> <h3> 5. Creating the first POD </h3> <ul> <li>Write a <code>.yaml</code> manifest to create a POD</li> <li>Execute the <code>.yaml</code> file to create the POD </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl apply -f &lt;manifest_name&gt;.yaml </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flkepf9hw33v3kvqyg8e8.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flkepf9hw33v3kvqyg8e8.PNG" alt="pod"></a></p> <ul> <li>Check the PODS in our EKS cluster with <code>kubectl</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl get po </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F60894opshovl1j8aykb3.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F60894opshovl1j8aykb3.PNG" alt="pods"></a></p> <ul> <li>View the POD into a node through the aws management console</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3v4h19cuin6cjn2bxtrs.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3v4h19cuin6cjn2bxtrs.PNG" alt="node_pod"></a></p> <h3> 6. DELETE THE EKS CLUSTER </h3> <ul> <li>Delete the NODE GROUP </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl delete nodegroup --cluster &lt;clusterName&gt; \ --name &lt;nodegroupName&gt; </code></pre> </div> <ul> <li>Delete the EKS Cluster </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl delete cluster &lt;clusterName&gt; </code></pre> </div> <blockquote> <p><strong>RESOURCES</strong>: <a href="https://github.com/stacksimplify/aws-eks-kubernetes-masterclass" rel="noopener noreferrer">https://github.com/stacksimplify/aws-eks-kubernetes-masterclass</a></p> </blockquote> aws devops kubernetes docker CI/CD Pipeline for Amazon ECS/FARGATE with Terraform erozedguy Sun, 08 Aug 2021 01:02:24 +0000 https://forem.com/erozedguy/ci-cd-pipeline-for-amazon-ecs-fargate-with-terraform-33na https://forem.com/erozedguy/ci-cd-pipeline-for-amazon-ecs-fargate-with-terraform-33na <h4> DESCRIPTION </h4> <p>In this post I am going to explain how to build the infrastructure on AWS with Terraform to implement a CI / CD pipeline for ECS / Fargate.<br> The Architecture consists of a VPC with 2 public subnets in different Availability Zones. The desired tasks are 2 and each task is deployed on each public subnet with Fargate and each task belongs to the same ECS service.<br> An Application Load Balancer is used to balance the load between the two tasks.<br> In this case, the main goal is to implement a docker container that contains a simple HTTP server built with GOLANG. This HTTP server allows you to obtain the private IP of each task.<br> If I push new changes to the CodeCommit repository, CodePipeline detects those changes, triggers the pipeline and creates a new docker image and then deploys it to the ECS service to update the tasks.</p> <h4> ARCHITECTURE </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs4dsxa15w38g6hrb8plg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs4dsxa15w38g6hrb8plg.png" alt="aws cicd pipeline"></a></p> <h4> RESOURCES </h4> <p><a href="https://github.com/erozedguy/CICD-Pipeline-for-Amazon-ECS-Fargate" rel="noopener noreferrer">https://github.com/erozedguy/CICD-Pipeline-for-Amazon-ECS-Fargate</a></p> <h4> STEPS </h4> <h4> STEP 01 - Create a IAM Role and CodeCommit Credentials </h4> <ul> <li><p>Create a Service Role for Elastic Container Service Task (<br> Allows ECS tasks to call AWS services on your behalf.)<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyrb8vk063qs2b76nmlx.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqyrb8vk063qs2b76nmlx.PNG" alt="taskRole"></a></p></li> <li><p>Attach <code>AWSCodeCommitPowerUser</code> Policy to my <code>USER</code><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r6y2uvog53zxcu987iz.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r6y2uvog53zxcu987iz.PNG" alt="commitpolicy"></a></p></li> <li><p>Generate <code>HTTPS Git credentials for AWS CodeCommit</code> to <code>clone</code>, <code>push</code>, <code>pull</code> to the <code>CodeCommit Repository</code></p></li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flio5kjaqy5avnrxsyvjh.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flio5kjaqy5avnrxsyvjh.PNG" alt="credentials"></a></p> <h4> STEP 02: Terraform scripts to build the infrastructure </h4> <h3> <strong><code>PROVIDERS</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">hashicorp/aws</span><span class="dl">"</span> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">~&gt; 3.51</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">provider</span> <span class="dl">"</span><span class="s2">aws</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">profile</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">default</span><span class="dl">"</span> <span class="nx">region</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">us-east-1</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>VPC</code></strong> </h3> <p>The <code>vpc script</code> has <code>VPC</code>, <code>SUBNETS</code> and <code>INTERNET GATEWAY</code> resources.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_vpc</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ecs-vpc</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${var.cidr}</span><span class="dl">"</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ecs-vpc</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="err">#</span> <span class="nx">PUBLIC</span> <span class="nx">SUBNETS</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_subnet</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">pub-subnets</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">azs</span><span class="p">)</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_vpc.ecs-vpc.id}</span><span class="dl">"</span> <span class="nx">availability_zone</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${var.azs[count.index]}</span><span class="dl">"</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${var.subnets-ip[count.index]}</span><span class="dl">"</span> <span class="nx">map_public_ip_on_launch</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">pub-subnets</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="err">#</span> <span class="nx">INTERNET</span> <span class="nx">GATEWAY</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_internet_gateway</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">i-gateway</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_vpc.ecs-vpc.id}</span><span class="dl">"</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ecs-igtw</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>VARIABLES TO VPC</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">cidr</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nx">string</span> <span class="k">default</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">145.0.0.0/16</span><span class="dl">"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">azs</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="k">default</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">us-east-1a</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">us-east-1b</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">variable</span> <span class="dl">"</span><span class="s2">subnets-ip</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">type</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="k">default</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">145.0.1.0/24</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">145.0.2.0/24</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>IAM ROLES &amp; POLICIES</code></strong> </h3> <p>For the <code>CodeBuild</code> is necessary to create a IAM Role&amp;Policy to allow access to <code>ECR</code> to push and pull the <code>Docker images</code> in the ECR repository. Also, is necessary a permission to access a S3 bucket to store the <code>artifacts</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">codebuild-role</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">codebuild-role</span><span class="dl">"</span> <span class="nx">assume_role_policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span> <span class="nx">Statement</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">sts:AssumeRole</span><span class="dl">"</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Principal</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">codebuild.amazonaws.com</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_iam_role_policy</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">codebuild-policy</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">role</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_iam_role.codebuild-role.name}</span><span class="dl">"</span> <span class="nx">policy</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span> <span class="nx">Statement</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">codecommit:GitPull</span><span class="dl">"</span><span class="p">]</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Resource</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">ecr:BatchCheckLayerAvailability</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:GetDownloadUrlForLayer</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:BatchGetImage</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:CompleteLayerUpload</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:GetAuthorizationToken</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:InitiateLayerUpload</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:PutImage</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">ecr:UploadLayerPart</span><span class="dl">"</span><span class="p">]</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Resource</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">logs:CreateLogGroup</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">logs:CreateLogStream</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">logs:PutLogEvents</span><span class="dl">"</span><span class="p">]</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Resource</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Action</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">s3:PutObject</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">s3:GetObject</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">s3:GetObjectVersion</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">s3:GetBucketAcl</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">s3:GetBucketLocation</span><span class="dl">"</span><span class="p">]</span> <span class="nx">Effect</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span> <span class="nx">Resource</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>ROUTE TABLES</code></strong> </h3> <p>A single <code>Route Table</code> for both Public Subnets</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="err">#</span> <span class="nx">TABLE</span> <span class="nx">FOR</span> <span class="nx">PUBLIC</span> <span class="nx">SUBNETS</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">pub-table</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_vpc.ecs-vpc.id}</span><span class="dl">"</span> <span class="p">}</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">pub-route</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">route_table_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_route_table.pub-table.id}</span><span class="dl">"</span> <span class="nx">destination_cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span> <span class="nx">gateway_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_internet_gateway.i-gateway.id}</span><span class="dl">"</span> <span class="p">}</span> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table_association</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">as-pub</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">count</span> <span class="o">=</span> <span class="nf">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">azs</span><span class="p">)</span> <span class="nx">route_table_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_route_table.pub-table.id}</span><span class="dl">"</span> <span class="nx">subnet_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_subnet.pub-subnets[count.index].id}</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>SECURITY GROUPS</code></strong> </h3> <p>The first Sec-Group is for the <code>ECS Service</code></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_security_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">sg1</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">golang-server</span><span class="dl">"</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Port 5000</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">ecs</span><span class="o">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow Port 5000</span><span class="dl">"</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">5000</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">5000</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tcp</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="nx">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">::/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow all ip and ports outboun</span><span class="dl">"</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">-1</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The second Sec-Group is for the <code>Application Load Balancer</code></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_security_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">sg2</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">golang-server-alb</span><span class="dl">"</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Port 80</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">ecs</span><span class="o">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow Port 80</span><span class="dl">"</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">80</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">80</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tcp</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="nx">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">::/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow all ip and ports outboun</span><span class="dl">"</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">-1</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <strong><code>APPLICATION LOAD BALANCER</code></strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_lb</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">app-lb</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">app-lb</span><span class="dl">"</span> <span class="nx">internal</span> <span class="o">=</span> <span class="kc">false</span> <span class="nx">load_balancer_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">application</span><span class="dl">"</span> <span class="nx">security_groups</span> <span class="o">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">sg2</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">subnets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">${aws_subnet.pub-subnets[0].id}</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">${aws_subnet.pub-subnets[1].id}</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Port #5000 is used in the <code>Target Group</code> because that port is used for the container</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_lb_target_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">tg-group</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tg-group</span><span class="dl">"</span> <span class="nx">port</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">5000</span><span class="dl">"</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">HTTP</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_vpc.ecs-vpc.id}</span><span class="dl">"</span> <span class="nx">target_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ip</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <p>Port #80 is used for the <code>Listener</code></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_lb_listener</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">lb-listener</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">load_balancer_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_lb.app-lb.arn}</span><span class="dl">"</span><br> <span class="nx">port</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">80</span><span class="dl">"</span><br> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">HTTP</span><span class="dl">"</span></p> <p><span class="nx">default_action</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">forward</span><span class="dl">"</span><br> <span class="nx">target_group_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_lb_target_group.tg-group.arn}</span><span class="dl">"</span><br> <span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> <strong><code>ECS &amp; ECR</code></strong><br> </h3> <h5> ECR repository </h5> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_ecr_repository</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ecr-repo</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ecr-repo</span><span class="dl">"</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> ECS Cluster<br> </h5> <br> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_ecs_cluster</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ecs-cluster</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">clusterDev</span><span class="dl">"</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> Task Definition<br> </h5> <ul> <li>In this part is important to specify the <code>containerPort</code> </li> <li>Create a ENV VAR: <code>export TF_VAR_uri_repo = &lt;ID_ACCOUNT&gt;.dkr.ecr.&lt;REGION&gt;.amazonaws.com/&lt;ECR_REPOSITORY_NAME&gt;</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_ecs_task_definition</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">task</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">family</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">HTTPserver</span><span class="dl">"</span><br> <span class="nx">network_mode</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">awsvpc</span><span class="dl">"</span><br> <span class="nx">requires_compatibilities</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">FARGATE</span><span class="dl">"</span><span class="p">]</span><br> <span class="nx">cpu</span> <span class="o">=</span> <span class="mi">256</span><br> <span class="nx">memory</span> <span class="o">=</span> <span class="mi">512</span><br> <span class="nx">execution_role_arn</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs</span><span class="o">-</span><span class="nx">task</span><span class="p">.</span><span class="nx">arn</span></p> <p><span class="nx">container_definitions</span> <span class="o">=</span> <span class="nf">jsonencode</span><span class="p">([</span><br> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">golang-container</span><span class="dl">"</span><br> <span class="nx">image</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${var.uri_repo}:latest</span><span class="dl">"</span> <span class="err">#</span><span class="nx">URI</span><br> <span class="nx">cpu</span> <span class="o">=</span> <span class="mi">256</span><br> <span class="nx">memory</span> <span class="o">=</span> <span class="mi">512</span><br> <span class="nx">portMappings</span> <span class="o">=</span> <span class="p">[</span><br> <span class="p">{</span><br> <span class="nx">containerPort</span> <span class="o">=</span> <span class="mi">5000</span><br> <span class="p">}</span><br> <span class="p">]</span><br> <span class="p">}</span><br> <span class="p">])</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> ECS Service<br> </h5> <p>Specify the <code>load balancer</code> block</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_ecs_service</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">svc</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">golang-Service</span><span class="dl">"</span><br> <span class="nx">cluster</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_ecs_cluster.ecs-cluster.id}</span><span class="dl">"</span><br> <span class="nx">task_definition</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_ecs_task_definition.task.id}</span><span class="dl">"</span><br> <span class="nx">desired_count</span> <span class="o">=</span> <span class="mi">2</span><br> <span class="nx">launch_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">FARGATE</span><span class="dl">"</span></p> <p><span class="nx">network_configuration</span> <span class="p">{</span><br> <span class="nx">subnets</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">${aws_subnet.pub-subnets[0].id}</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">${aws_subnet.pub-subnets[1].id}</span><span class="dl">"</span><span class="p">]</span><br> <span class="nx">security_groups</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">${aws_security_group.sg1.id}</span><span class="dl">"</span><span class="p">]</span><br> <span class="nx">assign_public_ip</span> <span class="o">=</span> <span class="kc">true</span><br> <span class="p">}</span></p> <p><span class="nx">load_balancer</span> <span class="p">{</span><br> <span class="nx">target_group_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_lb_target_group.tg-group.arn}</span><span class="dl">"</span><br> <span class="nx">container_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">golang-container</span><span class="dl">"</span><br> <span class="nx">container_port</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">5000</span><span class="dl">"</span><br> <span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> <strong><code>CI/CD PIPELINE</code></strong><br> </h3> <h5> CodeCommit Repository </h5> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_codecommit_repository</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">repo</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">repository_name</span> <span class="o">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">repo_name</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> CodeBuild Project<br> </h5> <br> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_codebuild_project</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">repo-project</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${var.build_project}</span><span class="dl">"</span><br> <span class="nx">service_role</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_iam_role.codebuild-role.arn}</span><span class="dl">"</span></p> <p><span class="nx">artifacts</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">NO_ARTIFACTS</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">source</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">CODECOMMIT</span><span class="dl">"</span><br> <span class="nx">location</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_codecommit_repository.repo.clone_url_http}</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">environment</span> <span class="p">{</span><br> <span class="nx">compute_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">BUILD_GENERAL1_SMALL</span><span class="dl">"</span><br> <span class="nx">image</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">aws/codebuild/standard:5.0</span><span class="dl">"</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">LINUX_CONTAINER</span><span class="dl">"</span><br> <span class="nx">privileged_mode</span> <span class="o">=</span> <span class="kc">true</span><br> <span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> buildspec.yml<br> </h5> <ul> <li>This file is very important to create the Docker Image and Pull it to ECR repository</li> <li>To update the ECS service is important to specify the <code>containerName</code> and <code>imageUri</code> in a JSON file with the name <code>imagedefinitions.json</code>. This file is an artifact</li> <li>This file must be in the CodeCommit repository</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">version</span><span class="p">:</span> <span class="mf">0.2</span></p> <p><span class="nx">phases</span><span class="p">:</span><br> <span class="nx">pre_build</span><span class="p">:</span><br> <span class="nx">commands</span><span class="p">:</span><br> <span class="o">-</span> <span class="nx">echo</span> <span class="nx">Logging</span> <span class="k">in</span> <span class="nx">to</span> <span class="nx">Amazon</span> <span class="nx">ECR</span><span class="p">...</span><br> <span class="o">-</span> <span class="nx">echo</span> <span class="nx">$AWS_DEFAULT_REGION</span><br> <span class="o">-</span> <span class="nx">aws</span> <span class="nx">ecr</span> <span class="kd">get</span><span class="o">-</span><span class="nx">login</span><span class="o">-</span><span class="nx">password</span> <span class="o">--</span><span class="nx">region</span> <span class="nx">$AWS_DEFAULT_REGION</span> <span class="o">|</span> <span class="nx">docker</span> <span class="nx">login</span> <span class="o">--</span><span class="nx">username</span> <span class="nx">AWS</span> <span class="o">--</span><span class="nx">password</span><span class="o">-</span><span class="nx">stdin</span> <span class="mi">940401905947</span><span class="p">.</span><span class="nx">dkr</span><span class="p">.</span><span class="nx">ecr</span><span class="p">.</span><span class="nx">$AWS_DEFAULT_REGION</span><span class="p">.</span><span class="nx">amazonaws</span><span class="p">.</span><span class="nx">com</span><br> <span class="o">-</span> <span class="nx">REPOSITORY_NAME</span><span class="o">=</span><span class="dl">"</span><span class="s2">ecr-repo</span><span class="dl">"</span><br><br> <span class="o">-</span> <span class="nx">REPOSITORY_URI</span><span class="o">=</span><span class="mi">940401905947</span><span class="p">.</span><span class="nx">dkr</span><span class="p">.</span><span class="nx">ecr</span><span class="p">.</span><span class="nx">$AWS_DEFAULT_REGION</span><span class="p">.</span><span class="nx">amazonaws</span><span class="p">.</span><span class="nx">com</span><span class="o">/</span><span class="nx">$REPOSITORY_NAME</span><br> <span class="o">-</span> <span class="nx">COMMIT_HASH</span><span class="o">=</span><span class="nf">$</span><span class="p">(</span><span class="nx">echo</span> <span class="nx">$CODEBUILD_RESOLVED_SOURCE_VERSION</span> <span class="o">|</span> <span class="nx">cut</span> <span class="o">-</span><span class="nx">c</span> <span class="mi">1</span><span class="o">-</span><span class="mi">7</span><span class="p">)</span><br> <span class="o">-</span> <span class="nx">IMAGE_TAG</span><span class="o">=</span><span class="nx">$</span><span class="p">{</span><span class="nl">COMMIT_HASH</span><span class="p">:</span><span class="o">=</span><span class="nx">latest</span><span class="p">}</span><br> <span class="nl">build</span><span class="p">:</span><br> <span class="nl">commands</span><span class="p">:</span><br> <span class="o">-</span> <span class="nx">echo</span> <span class="nx">Building</span> <span class="nx">the</span> <span class="nx">Docker</span> <span class="nx">image</span><span class="p">...</span><br> <span class="o">-</span> <span class="nx">docker</span> <span class="nx">build</span> <span class="o">-</span><span class="nx">t</span> <span class="nx">$REPOSITORY_NAME</span><span class="p">:</span><span class="nx">latest</span> <span class="p">.</span><br> <span class="o">-</span> <span class="nx">docker</span> <span class="nx">tag</span> <span class="nx">$REPOSITORY_NAME</span><span class="p">:</span><span class="nx">latest</span> <span class="nx">$REPOSITORY_URI</span><span class="p">:</span><span class="nx">latest</span><br> <span class="o">-</span> <span class="nx">docker</span> <span class="nx">tag</span> <span class="nx">$REPOSITORY_NAME</span><span class="p">:</span><span class="nx">latest</span> <span class="nx">$REPOSITORY_URI</span><span class="p">:</span><span class="nx">$IMAGE_TAG</span><br> <span class="nx">post_build</span><span class="p">:</span><br> <span class="nx">commands</span><span class="p">:</span><br> <span class="o">-</span> <span class="nx">docker</span> <span class="nx">push</span> <span class="nx">$REPOSITORY_URI</span><span class="p">:</span><span class="nx">latest</span><br> <span class="o">-</span> <span class="nx">docker</span> <span class="nx">push</span> <span class="nx">$REPOSITORY_URI</span><span class="p">:</span><span class="nx">$IMAGE_TAG</span><br> <span class="o">-</span> <span class="nx">printf</span> <span class="dl">'</span><span class="s1">[{"name":"golang-container","imageUri":"%s"}]</span><span class="dl">'</span> <span class="nx">$REPOSITORY_URI</span><span class="p">:</span><span class="nx">$IMAGE_TAG</span> <span class="o">&gt;</span> <span class="nx">imagedefinitions</span><span class="p">.</span><span class="nx">json</span></p> <p><span class="nx">artifacts</span><span class="p">:</span><br> <span class="nx">files</span><span class="p">:</span> <span class="nx">imagedefinitions</span><span class="p">.</span><span class="nx">json</span></p> </code></pre> </div> <h5> <br> <br> <br> S3 Bucket to store the <code>artifacts</code><br> </h5> <br> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_s3_bucket</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">bucket-artifact</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">bucket</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">eroz-artifactory-bucket</span><span class="dl">"</span><br> <span class="nx">acl</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">private</span><span class="dl">"</span><br> <span class="p">}</span></p> </code></pre> </div> <h5> <br> <br> <br> CodePipeline<br> </h5> <p>Specify <code>Source</code>, <code>Build</code>, <code>Deploy</code> Stages</p> <p><strong>NOTE</strong>: to code the <code>stages</code> check the official documentation<br> <a href="https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html" rel="noopener noreferrer">https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html</a></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_codepipeline</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">pipeline</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">pipeline</span><span class="dl">"</span><br> <span class="nx">role_arn</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${data.aws_iam_role.pipeline_role.arn}</span><span class="dl">"</span></p> <p><span class="nx">artifact_store</span> <span class="p">{</span><br> <span class="nx">location</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">${aws_s3_bucket.bucket-artifact.bucket}</span><span class="dl">"</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">S3</span><span class="dl">"</span><br> <span class="p">}</span><br> <span class="err">#</span> <span class="nx">SOURCE</span><br> <span class="nx">stage</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Source</span><span class="dl">"</span><br> <span class="nx">action</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Source</span><span class="dl">"</span><br> <span class="nx">category</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Source</span><span class="dl">"</span><br> <span class="nx">owner</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AWS</span><span class="dl">"</span><br> <span class="nx">provider</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">CodeCommit</span><span class="dl">"</span><br> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">1</span><span class="dl">"</span><br> <span class="nx">output_artifacts</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">source_output</span><span class="dl">"</span><span class="p">]</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> &lt;span class="nx"&gt;configuration&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;RepositoryName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;${var.repo_name}&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="nx"&gt;BranchName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;${var.branch_name}&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; </code></pre> </div> <p><span class="p">}</span><br> <span class="err">#</span> <span class="nx">BUILD</span><br> <span class="nx">stage</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Build</span><span class="dl">"</span><br> <span class="nx">action</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Build</span><span class="dl">"</span><br> <span class="nx">category</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Build</span><span class="dl">"</span><br> <span class="nx">owner</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AWS</span><span class="dl">"</span><br> <span class="nx">provider</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">CodeBuild</span><span class="dl">"</span><br> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">1</span><span class="dl">"</span><br> <span class="nx">input_artifacts</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">source_output</span><span class="dl">"</span><span class="p">]</span><br> <span class="nx">output_artifacts</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">build_output</span><span class="dl">"</span><span class="p">]</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> &lt;span class="nx"&gt;configuration&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;ProjectName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;${var.build_project}&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; </code></pre> </div> <p><span class="p">}</span><br> <span class="err">#</span> <span class="nx">DEPLOY</span><br> <span class="nx">stage</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Deploy</span><span class="dl">"</span><br> <span class="nx">action</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Deploy</span><span class="dl">"</span><br> <span class="nx">category</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Deploy</span><span class="dl">"</span><br> <span class="nx">owner</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">AWS</span><span class="dl">"</span><br> <span class="nx">provider</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ECS</span><span class="dl">"</span><br> <span class="nx">version</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">1</span><span class="dl">"</span><br> <span class="nx">input_artifacts</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">build_output</span><span class="dl">"</span><span class="p">]</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> &lt;span class="nx"&gt;configuration&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;ClusterName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;clusterDev&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="nx"&gt;ServiceName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;golang-Service&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="nx"&gt;FileName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;imagedefinitions.json&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; </code></pre> </div> <p><span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> <strong><code>DATA</code></strong><br> </h3> <p>This section is for using created IAM roles</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">data</span> <span class="dl">"</span><span class="s2">aws_iam_role</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">pipeline_role</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">codepipeline-role</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">data</span> <span class="dl">"</span><span class="s2">aws_iam_role</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ecs-task</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ecsTaskExecutionRole</span><span class="dl">"</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> <strong><code>OUTPUTS</code></strong><br> </h3> <p>To get the ALB DNS and the CodeCommit Repository URL</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">output</span> <span class="dl">"</span><span class="s2">repo_url</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">value</span> <span class="o">=</span> <span class="nx">aws_codecommit_repository</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">clone_url_http</span><br> <span class="p">}</span></p> <p><span class="nx">output</span> <span class="dl">"</span><span class="s2">alb_dns</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">value</span> <span class="o">=</span> <span class="nx">aws_lb</span><span class="p">.</span><span class="nx">app</span><span class="o">-</span><span class="nx">lb</span><span class="p">.</span><span class="nx">dns_name</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> <strong><code>EXTRA VARIABLES</code></strong><br> </h3> <br> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">variable</span> <span class="dl">"</span><span class="s2">repo_name</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="nx">string</span><br> <span class="k">default</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev-repo</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">variable</span> <span class="dl">"</span><span class="s2">branch_name</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="nx">string</span><br> <span class="k">default</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">master</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">variable</span> <span class="dl">"</span><span class="s2">build_project</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="nx">string</span><br> <span class="k">default</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev-build-repo</span><span class="dl">"</span><br> <span class="p">}</span></p> <p><span class="nx">variable</span> <span class="dl">"</span><span class="s2">uri_repo</span><span class="dl">"</span> <span class="p">{</span><br> <span class="nx">type</span> <span class="o">=</span> <span class="nx">string</span><br> <span class="err">#</span><span class="nx">The</span> <span class="nx">URI_REPO</span> <span class="nx">value</span> <span class="nx">is</span> <span class="k">in</span> <span class="nx">a</span> <span class="nx">TF_VAR</span> <span class="k">in</span> <span class="nx">my</span> <span class="nx">PC</span><br> <span class="p">}</span></p> </code></pre> </div> <h4> <br> <br> <br> STEP 03: HTTP Simple Server with <code>GOLANG</code><br> </h4> <p>This code is useful to get the PRIVATE IP of the ecs tasks</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="kr">package</span> <span class="nx">main</span></p> <p><span class="k">import </span><span class="p">(</span><br> <span class="dl">"</span><span class="s2">fmt</span><span class="dl">"</span><br> <span class="dl">"</span><span class="s2">log</span><span class="dl">"</span><br> <span class="dl">"</span><span class="s2">net</span><span class="dl">"</span><br> <span class="dl">"</span><span class="s2">net/http</span><span class="dl">"</span><br> <span class="p">)</span></p> <p><span class="nx">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span><br> <span class="nx">log</span><span class="p">.</span><span class="nc">Print</span><span class="p">(</span><span class="dl">"</span><span class="s2">HTTPserver: Enter main()</span><span class="dl">"</span><span class="p">)</span><br> <span class="nx">http</span><span class="p">.</span><span class="nc">HandleFunc</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span> <span class="nx">handler</span><span class="p">)</span><br> <span class="nx">log</span><span class="p">.</span><span class="nc">Fatal</span><span class="p">(</span><span class="nx">http</span><span class="p">.</span><span class="nc">ListenAndServe</span><span class="p">(</span><span class="dl">"</span><span class="s2">0.0.0.0:5000</span><span class="dl">"</span><span class="p">,</span> <span class="nx">nil</span><span class="p">))</span><br> <span class="p">}</span></p> <p><span class="c1">// printing request headers/params</span><br> <span class="nx">func</span> <span class="nf">handler</span><span class="p">(</span><span class="nx">w</span> <span class="nx">http</span><span class="p">.</span><span class="nx">ResponseWriter</span><span class="p">,</span> <span class="nx">r</span> <span class="o">*</span><span class="nx">http</span><span class="p">.</span><span class="nx">Request</span><span class="p">)</span> <span class="p">{</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;span class="nx"&gt;log&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;request from address: %q&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;RemoteAddr&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="nx"&gt;fmt&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Fprintf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;w&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;%s %s %s&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Method&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;URL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Proto&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="nx"&gt;fmt&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Fprintf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;w&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Host = %q&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Host&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="nx"&gt;fmt&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Fprintf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;w&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;RemoteAddr = %q&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;RemoteAddr&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="nx"&gt;err&lt;/span&gt; &lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;ParseForm&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt; &lt;span class="nx"&gt;err&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="nx"&gt;nil&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;log&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="nx"&gt;k&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;v&lt;/span&gt; &lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;range&lt;/span&gt; &lt;span class="nx"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Form&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;fmt&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Fprintf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;w&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Form[%q] = %q&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;k&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;v&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="nx"&gt;fmt&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;Fprintf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;w&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\n&lt;/span&gt;&lt;span class="s2"&gt;===&amp;gt; local IP: %q&lt;/span&gt;&lt;span class="se"&gt;\n\n&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nc"&gt;GetOutboundIP&lt;/span&gt;&lt;span class="p"&gt;())&lt;/span&gt; </code></pre> </div> <p><span class="p">}</span></p> <p><span class="nx">func</span> <span class="nc">GetOutboundIP</span><span class="p">()</span> <span class="nx">net</span><span class="p">.</span><span class="nx">IP</span> <span class="p">{</span><br> <span class="nx">conn</span><span class="p">,</span> <span class="nx">err</span> <span class="p">:</span><span class="o">=</span> <span class="nx">net</span><span class="p">.</span><span class="nc">Dial</span><span class="p">(</span><span class="dl">"</span><span class="s2">udp</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">8.8.8.8:80</span><span class="dl">"</span><span class="p">)</span><br> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="nx">nil</span> <span class="p">{</span><br> <span class="nx">log</span><span class="p">.</span><span class="nc">Fatal</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span><br> <span class="p">}</span><br> <span class="nx">defer</span> <span class="nx">conn</span><span class="p">.</span><span class="nc">Close</span><span class="p">()</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;span class="nx"&gt;localAddr&lt;/span&gt; &lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;conn&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;LocalAddr&lt;/span&gt;&lt;span class="p"&gt;().(&lt;/span&gt;&lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="nx"&gt;net&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;UDPAddr&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nx"&gt;localAddr&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;IP&lt;/span&gt; </code></pre> </div> <p><span class="p">}</span></p> </code></pre> </div> <h4> <br> <br> <br> STEP 04: Dockerfile<br> </h4> <ul> <li>This Dockerfile create a image with a HTTP Server with GOLANG</li> <li>This file must be in the CodeCommit repository</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="nx">FROM</span> <span class="nx">golang</span><span class="p">:</span><span class="nx">alpine</span> <span class="nx">AS</span> <span class="nx">builder</span></p> <p><span class="nx">ENV</span> <span class="nx">GO111MODULE</span><span class="o">=</span><span class="nx">on</span> <span class="o">&lt;/span&gt;<br> <span class="nx">CGO_ENABLED</span><span class="o">=</span><span class="mi">0</span> <span class="o">&lt;/span&gt;<br> <span class="nx">GOOS</span><span class="o">=</span><span class="nx">linux</span> <span class="o">&lt;/span&gt;<br> <span class="nx">GOARCH</span><span class="o">=</span><span class="nx">amd64</span><br> <span class="nx">WORKDIR</span> <span class="o">/</span><span class="nx">build</span><br> <span class="nx">COPY</span> <span class="p">.</span><span class="o">/</span><span class="nx">HTTPserver</span><span class="p">.</span><span class="nx">go</span> <span class="p">.</span></span></span></span></p> <p><span class="err">#</span> <span class="nx">Build</span> <span class="nx">the</span> <span class="nx">application</span><br> <span class="nx">RUN</span> <span class="nx">go</span> <span class="nx">build</span> <span class="o">-</span><span class="nx">o</span> <span class="nx">HTTPserver</span> <span class="p">.</span><span class="o">/</span><span class="nx">HTTPserver</span><span class="p">.</span><span class="nx">go</span></p> <p><span class="nx">WORKDIR</span> <span class="o">/</span><span class="nx">dist</span><br> <span class="nx">RUN</span> <span class="nx">cp</span> <span class="o">/</span><span class="nx">build</span><span class="o">/</span><span class="nx">HTTPserver</span> <span class="p">.</span></p> <p><span class="err">#</span> <span class="nx">Build</span> <span class="nx">a</span> <span class="nx">small</span> <span class="nx">image</span><br> <span class="nx">FROM</span> <span class="nx">scratch</span><br> <span class="nx">COPY</span> <span class="o">--</span><span class="k">from</span><span class="o">=</span><span class="nx">builder</span> <span class="o">/</span><span class="nx">dist</span><span class="o">/</span><span class="nx">HTTPserver</span> <span class="o">/</span><br> <span class="nx">EXPOSE</span> <span class="mi">5000</span><br> <span class="nx">ENTRYPOINT</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/HTTPserver</span><span class="dl">"</span><span class="p">]</span></p> </code></pre> </div> <h4> <br> <br> <br> STEP 05: Create TF_VAR<br> </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlb1ai9m3pxzetcyfcdb.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlb1ai9m3pxzetcyfcdb.PNG" alt="uri_repo"></a></p> <h4> STEP 06: Create the Infrastructure </h4> <p><strong>Commands</strong></p> <ul> <li><code>terraform init</code></li> <li><code>terraform validate</code></li> <li><code>terraform plan</code></li> <li><code>terraform apply -auto-approve</code></li> </ul> <p>When the creation is finished we get the OUTPUTS<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6n7cbiht66t5jmijlxq2.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6n7cbiht66t5jmijlxq2.PNG" alt="outputs"></a></p> <h4> STEP 07: Upload Dockerfile, Code and buildspect files to the CodeCommit repository </h4> <ul> <li><p>Clone the repository<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1y6sdhhncepadaf13rjr.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1y6sdhhncepadaf13rjr.PNG" alt="Alt Text"></a></p></li> <li><p>Copy <code>buildspect.yml</code>, <code>Dockerfile</code> and <code>Golang Code</code> to the cloned repository folder and then do a <code>commit</code><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1gk61ye2cbvpiw9m3kgy.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1gk61ye2cbvpiw9m3kgy.PNG" alt="git"></a></p></li> <li><p>Git push to the CodeCommit Repository<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71nsj0w15lc9hdev7asu.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71nsj0w15lc9hdev7asu.PNG" alt="git push"></a></p></li> </ul> <h4> STEP 08: Check the Pipeline </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt1muxin9ib7p94f1roa.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgt1muxin9ib7p94f1roa.PNG" alt="pipeline"></a></p> <ul> <li>When the "Build" stage is done, check the docker image in the ECR repository <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F49t0js497ydntdwoipm6.PNG" alt="build"> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe5zr5r5qfdg92pgxth23.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe5zr5r5qfdg92pgxth23.PNG" alt="repo"></a></p> <h4> STEP 09: Check the ECS Service </h4> <p>When the "Deploy" stage is done, check the Tasks in the ECS Service</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5kz1adnh7famj0iimkw0.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5kz1adnh7famj0iimkw0.PNG" alt="deploy"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjojpsbciirel7pqff1n3.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjojpsbciirel7pqff1n3.PNG" alt="service"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsouu25xfmthhki0dks84.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsouu25xfmthhki0dks84.PNG" alt="tasks"></a></p> <h4> STEP 10: Check the <code>Target Group</code> </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdg75qcx02ep3gb1jo3bq.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdg75qcx02ep3gb1jo3bq.PNG" alt="target_group"></a></p> <h4> STEP 11: Check the operation of the Application Load Balancer </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttpf3q3u6lamb594z7nd.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttpf3q3u6lamb594z7nd.PNG" alt="alb1"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fal70x5lvef9sd7rp5ufx.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fal70x5lvef9sd7rp5ufx.PNG" alt="alb2"></a></p> <h4> FINAL STEP: Delete the Infrastructure </h4> <p><code>terraform destroy -auto-approve</code></p> terraform aws devops cloud