feat: ECS fargate infra

Author: xDarksome

.gitignore

@@ -0,0 +1 @@
+.terraform

.terraform.lock.hcl

@@ -0,0 +1,209 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+
+  backend "remote" {
+    hostname     = "app.terraform.io"
+    organization = "wallet-connect"
+    workspaces {
+      name = "github-actions-runners"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+
+  default_tags {
+    tags = {
+      Application = "github-actions-runners"
+    }
+  }
+}
+
+variable "run_task" {
+  type    = bool
+  default = false
+}
+
+variable "cpu" {
+  type    = number
+  default = 256
+}
+
+variable "memory" {
+  type    = number
+  default = 512
+}
+
+variable "runner_token" {
+  type    = string
+  default = null
+}
+
+variable "repo_url" {
+  type    = string
+  default = null
+}
+
+variable "labels" {
+  type = string
+}
+
+variable "desired_count" {
+  type = number
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+# Public subnet
+
+resource "aws_subnet" "public" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route" "internet_gateway" {
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.this.id
+}
+
+resource "aws_route_table_association" "public" {
+  subnet_id      = aws_subnet.public.id
+  route_table_id = aws_route_table.public.id
+}
+
+# Private subnet
+
+resource "aws_subnet" "private" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.2.0/24"
+}
+
+resource "aws_route_table" "private" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_eip" "this" {}
+
+resource "aws_nat_gateway" "this" {
+  allocation_id = aws_eip.this.id
+  subnet_id     = aws_subnet.public.id
+
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_route" "nat_gateway" {
+  route_table_id         = aws_route_table.private.id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.this.id
+}
+
+resource "aws_route_table_association" "private" {
+  subnet_id      = aws_subnet.private.id
+  route_table_id = aws_route_table.private.id
+}
+
+# ECS
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "this" {
+  name               = "github-actions-runner"
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "cloudwatch_write_policy" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
+}
+
+resource "aws_ecs_cluster" "this" {
+  name = "github-actions-runners"
+}
+
+resource "aws_ecs_cluster_capacity_providers" "example" {
+  cluster_name = aws_ecs_cluster.this.name
+
+  capacity_providers = ["FARGATE_SPOT"]
+
+  default_capacity_provider_strategy {
+    capacity_provider = "FARGATE_SPOT"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "github-action-runner-logs"
+  retention_in_days = 1
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "github-actions-runner"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+
+  container_definitions = jsonencode([{
+    name      = "github-actions-runner"
+    image     = "myoung34/github-runner:ubuntu-focal"
+    essential = true
+
+    logConfiguration = {
+      logDriver = "awslogs"
+      options = {
+        awslogs-group         = aws_cloudwatch_log_group.this.name
+        awslogs-region        = "eu-central-1"
+        awslogs-stream-prefix = "ecs"
+      }
+    }
+  }])
+
+  cpu                = 256
+  memory             = 512
+  execution_role_arn = aws_iam_role.this.arn
+
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
+  }
+}
+
+module "run_task" {
+  count         = var.run_task ? 1 : 0
+  source        = "./run_task"
+  cpu           = var.cpu
+  memory        = var.memory
+  runner_token  = var.runner_token
+  repo_url      = var.repo_url
+  labels        = var.labels
+  desired_count = var.desired_count
+}

main.tf

@@ -0,0 +1,82 @@
+variable "cpu" {
+  type = number
+}
+
+variable "memory" {
+  type = number
+}
+
+variable "runner_token" {
+  type = string
+}
+
+variable "repo_url" {
+  type = string
+}
+
+variable "labels" {
+  type = string
+}
+
+variable "desired_count" {
+  type = number
+}
+
+data "aws_ecs_cluster" "this" {
+  cluster_name = "github-actions-runners"
+}
+
+data "aws_subnet" "this" {
+  cidr_block = "10.0.2.0/24"
+  filter {
+    name   = "tag:Application"
+    values = ["github-actions-runners"]
+  }
+}
+
+data "aws_ecs_task_execution" "this" {
+  cluster         = data.aws_ecs_cluster.this.id
+  task_definition = "github-actions-runner"
+  desired_count   = var.desired_count
+
+  network_configuration {
+    subnets = [data.aws_subnet.this.id]
+  }
+
+  overrides {
+    cpu    = var.cpu
+    memory = var.memory
+
+    container_overrides {
+      name   = "github-actions-runner"
+      cpu    = var.cpu
+      memory = var.memory
+
+      environment {
+        key   = "RUNNER_NAME_PREFIX"
+        value = "aws-ecs-fargate-${var.cpu}cpu-${var.memory}mem"
+      }
+      environment {
+        key   = "RUNNER_TOKEN"
+        value = var.runner_token
+      }
+      environment {
+        key   = "REPO_URL"
+        value = var.repo_url
+      }
+      environment {
+        key   = "LABELS"
+        value = var.labels
+      }
+      environment {
+        key   = "EPHEMERAL"
+        value = true
+      }
+      environment {
+        key   = "START_DOCKER_SERVICE"
+        value = true
+      }
+    }
+  }
+}
+