terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/ecs.tf (101 lines of code) (raw):

resource "aws_ecs_cluster" "this" { name = "110_ecs_cluster_green" } resource "aws_iam_role" "this" { name = "110_role_green" path = "/" assume_role_policy = data.aws_iam_policy_document.this.json } data "aws_iam_policy_document" "this" { statement { actions = ["sts:AssumeRole"] principals { type = "Service" identifiers = ["ec2.amazonaws.com"] } } } resource "aws_iam_role_policy_attachment" "this" { role = aws_iam_role.this.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" } resource "aws_iam_instance_profile" "this" { name = "110_ecs-instance_profile_green" path = "/" role = aws_iam_role.this.id } resource "aws_vpc" "this" { cidr_block = "10.0.0.0/16" instance_tenancy = "default" enable_dns_hostnames = true } resource "aws_subnet" "this" { vpc_id = aws_vpc.this.id cidr_block = "10.0.1.0/24" availability_zone = "us-east-1a" } resource "aws_security_group" "this" { name = "110_security_group_green" vpc_id = aws_vpc.this.id ingress { description = "SSH from VPC" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } resource "aws_internet_gateway" "this" { vpc_id = aws_vpc.this.id } resource "aws_route_table" "this" { vpc_id = aws_vpc.this.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.this.id } } resource "aws_route_table_association" "this" { subnet_id = aws_subnet.this.id route_table_id = aws_route_table.this.id } resource "aws_instance" "this" { ami = data.aws_ami.this.id instance_type = "t2.micro" associate_public_ip_address = true security_groups = [aws_security_group.this.id] subnet_id = aws_subnet.this.id iam_instance_profile = aws_iam_instance_profile.this.name user_data = <<EOF #!/bin/bash echo ECS_CLUSTER=110_ecs_cluster_green >> /etc/ecs/ecs.config EOF root_block_device { volume_type = "standard" volume_size = 30 delete_on_termination = true encrypted = true } tags = { Name = "110_ec2_instance_green" } } data "aws_ami" "this" { most_recent = true filter { name = "name" values = ["amzn2-ami-ecs-*"] # ECS optimized image } filter { name = "virtualization-type" values = ["hvm"] } owners = [ "amazon" ] }