EPBR-6297 Creates a log group for ECS tasks

Each application creates an event rule that sends events to the ECS log group. This will enable the creation of a cloudwatch metric for stopped task that reads from the ECS log group
communitiesuk · Aug 5, 2024 · 3307c91 · 3307c91
1 parent 1308ac1
commit 3307c91
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 27 deletions.
diff --git a/service-infrastructure/application/cloudwatch.tf b/service-infrastructure/application/cloudwatch.tf
@@ -0,0 +1,20 @@
+# AWS EventBridge rule
+resource "aws_cloudwatch_event_rule" "ecs_events" {
+  name        = "${var.prefix}-ecs-events"
+  description = "${var.prefix} capture all ECS events "
+
+  event_pattern = jsonencode({
+    "source" : ["aws.ecs"],
+    "detail" : {
+      "clusterArn" : [aws_ecs_cluster.this.arn]
+    }
+  })
+}
+
+# AWS EventBridge target
+resource "aws_cloudwatch_event_target" "logs" {
+  rule      = aws_cloudwatch_event_rule.ecs_events.name
+  target_id = "${var.prefix}-send-to-cloudwatch"
+  arn       = var.cloudwatch_ecs_events_arn
+}
+
diff --git a/service-infrastructure/application/variables.tf b/service-infrastructure/application/variables.tf
@@ -172,3 +172,7 @@ variable "exec_cmd_task_ram" {
   default = 2048
 }
 
+variable "cloudwatch_ecs_events_arn" {
+  type = string
+}
+
diff --git a/service-infrastructure/logging/cloudwatch.tf b/service-infrastructure/logging/cloudwatch.tf
@@ -43,3 +43,11 @@ resource "aws_iam_policy" "cloudwatch_logs_access" {
     ]
   })
 }
+
+# CloudWatch logs group for ECS events
+resource "aws_cloudwatch_log_group" "ecs_events" {
+  # the log group name must always start with "/aws/events/" otherwise it won't work
+  name = "/aws/events/ecs/"
+  # always add logs retention as ECS produces huge amount of events
+  retention_in_days = 1
+}
diff --git a/service-infrastructure/logging/outputs.tf b/service-infrastructure/logging/outputs.tf
@@ -17,3 +17,8 @@ output "logs_bucket_name" {
 output "logs_bucket_url" {
   value = aws_s3_bucket.logs.bucket_domain_name
 }
+
+output "cloudwatch_ecs_events_arn" {
+  value = aws_cloudwatch_log_group.ecs_events.arn
+}
+
diff --git a/service-infrastructure/modules.tf b/service-infrastructure/modules.tf
@@ -297,8 +297,9 @@ module "toggles_application" {
     path_based_routing_overrides   = []
     extra_lb_target_groups         = 0
   }
-  fargate_weighting   = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
-  has_target_tracking = false
+  fargate_weighting         = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  has_target_tracking       = false
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "auth_application" {
@@ -341,8 +342,9 @@ module "auth_application" {
     path_based_routing_overrides   = []
     extra_lb_target_groups         = 1
   }
-  fargate_weighting   = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
-  has_target_tracking = false
+  fargate_weighting         = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  has_target_tracking       = false
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "auth_database" {
@@ -411,12 +413,13 @@ module "register_api_application" {
     ]
     extra_lb_target_groups = 0
   }
-  task_max_capacity     = var.task_max_capacity
-  task_desired_capacity = var.task_desired_capacity
-  task_min_capacity     = var.task_min_capacity
-  task_cpu              = var.task_cpu
-  task_memory           = var.task_memory
-  fargate_weighting     = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  task_max_capacity         = var.task_max_capacity
+  task_desired_capacity     = var.task_desired_capacity
+  task_min_capacity         = var.task_min_capacity
+  task_cpu                  = var.task_cpu
+  task_memory               = var.task_memory
+  fargate_weighting         = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "register_api_database" {
@@ -478,10 +481,11 @@ module "scheduled_tasks_application" {
     "ODE_BUCKET_NAME" : module.secrets.secret_arns["ODE_BUCKET_NAME"],
     "ONS_POSTCODE_BUCKET_NAME" : module.secrets.secret_arns["ONS_POSTCODE_BUCKET_NAME"]
   }
-  task_desired_capacity = 0
-  task_max_capacity     = 3
-  task_min_capacity     = 0
-  vpc_id                = module.networking.vpc_id
+  task_desired_capacity     = 0
+  task_max_capacity         = 3
+  task_min_capacity         = 0
+  vpc_id                    = module.networking.vpc_id
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "warehouse_scheduled_tasks_application" {
@@ -517,6 +521,7 @@ module "warehouse_scheduled_tasks_application" {
   task_min_capacity             = 0
   external_ecr                  = module.warehouse_application.ecr_repository_url
   has_target_tracking           = false
+  cloudwatch_ecs_events_arn     = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "frontend_application" {
@@ -572,13 +577,14 @@ module "frontend_application" {
     cdn_include_static_error_pages = true
     error_pages_bucket_name        = module.error_pages.error_pages_bucket_name
   }
-  task_max_capacity      = var.task_max_capacity
-  task_desired_capacity  = var.task_desired_capacity
-  task_min_capacity      = var.task_min_capacity
-  task_cpu               = var.task_cpu
-  task_memory            = var.task_memory
-  enable_execute_command = var.environment != "prod"
-  fargate_weighting      = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  task_max_capacity         = var.task_max_capacity
+  task_desired_capacity     = var.task_desired_capacity
+  task_min_capacity         = var.task_min_capacity
+  task_cpu                  = var.task_cpu
+  task_memory               = var.task_memory
+  enable_execute_command    = var.environment != "prod"
+  fargate_weighting         = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "warehouse_application" {
@@ -623,6 +629,7 @@ module "warehouse_application" {
   enable_execute_command        = true
   fargate_weighting             = { standard : 0, spot : 10 }
   has_target_tracking           = false
+  cloudwatch_ecs_events_arn     = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "warehouse_api_application" {
@@ -660,12 +667,13 @@ module "warehouse_api_application" {
   internal_alb_config = {
     ssl_certificate_arn = module.ssl_certificate.certificate_arn
   }
-  task_max_capacity     = var.task_max_capacity
-  task_desired_capacity = var.task_desired_capacity
-  task_min_capacity     = var.task_min_capacity
-  task_cpu              = var.task_cpu
-  task_memory           = var.task_memory
-  fargate_weighting     = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  task_max_capacity         = var.task_max_capacity
+  task_desired_capacity     = var.task_desired_capacity
+  task_min_capacity         = var.task_min_capacity
+  task_cpu                  = var.task_cpu
+  task_memory               = var.task_memory
+  fargate_weighting         = var.environment == "prod" ? { standard : 10, spot : 0 } : { standard : 0, spot : 10 }
+  cloudwatch_ecs_events_arn = module.logging.cloudwatch_ecs_events_arn
 }
 
 module "warehouse_database" {