make ecs cluster creation options as default in #21 (#24)

* make ecs cluster creation options as default in #21 * updating region to match the other defaults * make default option for cloudwatch log group * fixing defaults * updating docs --------- Co-authored-by: [email protected]
aws-ia · Jun 3, 2024 · 3ffa50e · 3ffa50e
1 parent 7a86698
commit 3ffa50e
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 51 deletions.
diff --git a/README.md b/README.md
@@ -24,12 +24,15 @@ This file will contain any instructional information about this module.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 5.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_log_group.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_ecs_service.hcp_terraform_agent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
 | [aws_ecs_task_definition.hcp_terraform_agent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
 | [aws_iam_role.ecs_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -50,8 +53,6 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | The name of the CloudWatch log group where agent logs will be sent. | `string` | n/a | yes |
-| <a name="input_ecs_cluster_arn"></a> [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | ARN of the ECS cluster where the agent will be deployed. | `string` | n/a | yes |
 | <a name="input_hcp_terraform_org_name"></a> [hcp\_terraform\_org\_name](#input\_hcp\_terraform\_org\_name) | The name of the HCP Terraform or HCP Terraform enterprise organization where the agent pool will be configured. The combination of `hcp_terraform_org_name` and `name` must be unique within an AWS account. | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | A name to apply to resources. The combination of `name` and `hcp_terraform_org_name` must be unique within an AWS account. | `string` | n/a | yes |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | IDs of the subnet(s) where agents can be deployed (public subnets required) | `list(string)` | n/a | yes |
@@ -64,6 +65,11 @@ No modules.
 | <a name="input_agent_log_level"></a> [agent\_log\_level](#input\_agent\_log\_level) | The logging verbosity for the agent. Valid values are trace, debug, info (default), warn, and error. | `string` | `"info"` | no |
 | <a name="input_agent_memory"></a> [agent\_memory](#input\_agent\_memory) | The amount of memory, in MB, allocated to the agent container(s). | `number` | `512` | no |
 | <a name="input_agent_single_execution"></a> [agent\_single\_execution](#input\_agent\_single\_execution) | Whether to use single-execution mode. | `bool` | `true` | no |
+| <a name="input_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | The name of the CloudWatch log group where agent logs will be sent. | `string` | `"/ecs/hcp-terraform-agent"` | no |
+| <a name="input_cloudwatch_log_group_retention"></a> [cloudwatch\_log\_group\_retention](#input\_cloudwatch\_log\_group\_retention) | The number of days to retain logs in the CloudWatch log group. | `number` | `7` | no |
+| <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | The name of the CloudWatch log group where agent logs will be sent. | `bool` | `true` | no |
+| <a name="input_create_ecs_cluster"></a> [create\_ecs\_cluster](#input\_create\_ecs\_cluster) | Whether to create a new ECS cluster for the agent. | `bool` | `true` | no |
+| <a name="input_ecs_cluster_arn"></a> [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | ARN of the ECS cluster where the agent will be deployed. | `string` | `"arn:aws:ecs:us-west-2:000000000000:cluster/ecs-basic"` | no |
 | <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables to pass to the agent container. | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_hcp_terraform_address"></a> [hcp\_terraform\_address](#input\_hcp\_terraform\_address) | The HTTPS address of the HCP Terraform or HCP Terraform enterprise instance. | `string` | `"https://app.terraform.io"` | no |
 | <a name="input_num_agents"></a> [num\_agents](#input\_num\_agents) | The number of agent containers to run. | `number` | `1` | no |

diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -17,14 +17,12 @@
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_agent_pool"></a> [agent\_pool](#module\_agent\_pool) | ../../ | n/a |
-| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 5.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 
 ## Inputs

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -22,17 +22,15 @@ locals {
 #####################################################################################
 
 module "agent_pool" {
-  source                    = "../../"
-  name                      = local.name
-  hcp_terraform_org_name    = var.hcp_terraform_org_name
-  agent_image               = "hashicorp/tfc-agent:latest"
-  use_spot_instances        = true
-  agent_cpu                 = 512
-  agent_memory              = 1024
-  ecs_cluster_arn           = module.ecs_cluster.cluster_arn
-  vpc_id                    = module.vpc.vpc_id
-  subnet_ids                = module.vpc.private_subnets
-  cloudwatch_log_group_name = aws_cloudwatch_log_group.cloudwatch.name
+  source                 = "../../"
+  name                   = local.name
+  hcp_terraform_org_name = var.hcp_terraform_org_name
+  agent_image            = "hashicorp/tfc-agent:latest"
+  use_spot_instances     = true
+  agent_cpu              = 512
+  agent_memory           = 1024
+  vpc_id                 = module.vpc.vpc_id
+  subnet_ids             = module.vpc.private_subnets
 }
 
 #####################################################################################
@@ -55,36 +53,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-#####################################################################################
-# ECS CLUSTER DEFINITION
-#####################################################################################
-
-resource "aws_cloudwatch_log_group" "cloudwatch" {
-  name              = "/ecs/hcp-terraform-agents/${local.name}"
-  retention_in_days = 7
-}
-
-module "ecs_cluster" {
-  source  = "terraform-aws-modules/ecs/aws"
-  version = "~> 5.0"
-
-  cluster_name = local.name
-
-  fargate_capacity_providers = {
-    FARGATE = {
-      default_capacity_provider_strategy = {
-        weight = 50
-        base   = 20
-      }
-    }
-    FARGATE_SPOT = {
-      default_capacity_provider_strategy = {
-        weight = 50
-      }
-    }
-  }
-
-  tags = local.tags
-}
-
diff --git a/main.tf b/main.tf
@@ -17,6 +17,11 @@ resource "aws_ssm_parameter" "agent_token" {
   value       = tfe_agent_token.ecs_agent_token.token
 }
 
+resource "aws_cloudwatch_log_group" "cloudwatch" {
+  name              = "/ecs/hcp-terraform-agents/${var.name}"
+  retention_in_days = var.cloudwatch_log_group_retention
+}
+
 resource "aws_ecs_task_definition" "hcp_terraform_agent" {
   family                   = "hcp-tf-agent-${var.hcp_terraform_org_name}-${var.name}"
   cpu                      = var.agent_cpu
@@ -41,7 +46,7 @@ resource "aws_ecs_task_definition" "hcp_terraform_agent" {
           logDriver : "awslogs",
           options : {
             awslogs-create-group : "true",
-            awslogs-group : var.cloudwatch_log_group_name
+            awslogs-group : var.create_cloudwatch_log_group ? aws_cloudwatch_log_group.cloudwatch.name : var.cloudwatch_log_group_name
             awslogs-region : data.aws_region.current.name
             awslogs-stream-prefix : "hcp-tf-${var.hcp_terraform_org_name}-${var.name}"
           }
@@ -81,7 +86,7 @@ resource "aws_ecs_task_definition" "hcp_terraform_agent" {
 
 resource "aws_ecs_service" "hcp_terraform_agent" {
   name            = "hcp-tf-agent-${var.name}"
-  cluster         = var.ecs_cluster_arn
+  cluster         = var.create_ecs_cluster ? module.ecs_cluster[0].cluster_arn : var.ecs_cluster_arn
   task_definition = aws_ecs_task_definition.hcp_terraform_agent.arn
   desired_count   = var.num_agents
   propagate_tags  = "SERVICE"
@@ -139,6 +144,36 @@ resource "aws_security_group_rule" "allow_egress" {
   description       = "Egress rule for HCP Terraform agent"
 }
 
+#####################################################################################
+# ECS Cluster - Optional creation of an ECS cluster to run the HCP Terraform agent
+#####################################################################################
+
+module "ecs_cluster" {
+  count   = var.create_ecs_cluster ? 1 : 0
+  source  = "terraform-aws-modules/ecs/aws"
+  version = "~> 5.0"
+
+  cluster_name = var.name
+
+  fargate_capacity_providers = {
+    FARGATE = {
+      default_capacity_provider_strategy = {
+        weight = 50
+        base   = 20
+      }
+    }
+    FARGATE_SPOT = {
+      default_capacity_provider_strategy = {
+        weight = 50
+      }
+    }
+  }
+
+  tags = {
+    Name = var.name
+  }
+}
+
 #####################################################################################
 # IAM
 # Two roles are defined: the task execution role used during initialization,

diff --git a/variables.tf b/variables.tf
@@ -97,9 +97,28 @@ variable "num_agents" {
   default     = 1
 }
 
+variable "create_cloudwatch_log_group" {
+  type        = bool
+  description = "The name of the CloudWatch log group where agent logs will be sent."
+  default     = true
+}
+
+variable "cloudwatch_log_group_retention" {
+  type        = number
+  description = "The number of days to retain logs in the CloudWatch log group."
+  default     = 7
+}
+
 variable "cloudwatch_log_group_name" {
   type        = string
   description = "The name of the CloudWatch log group where agent logs will be sent."
+  default     = "/ecs/hcp-terraform-agent"
+}
+
+variable "create_ecs_cluster" {
+  type        = bool
+  description = "Whether to create a new ECS cluster for the agent."
+  default     = true
 }
 
 variable "ecs_cluster_arn" {
@@ -109,6 +128,7 @@ variable "ecs_cluster_arn" {
     condition     = can(regex("^arn:aws[a-z-]*:ecs:", var.ecs_cluster_arn))
     error_message = "Must be a valid ECS cluster ARN."
   }
+  default = "arn:aws:ecs:us-west-2:000000000000:cluster/ecs-basic"
 }
 
 variable "use_spot_instances" {