/terraform-aws-miggo-deployment

Terraform module for Miggo AWS deployment

Primary LanguageHCLApache License 2.0Apache-2.0

Terraform deployment of Miggo for ECS

This Terraform module deploys Miggo Collector and Miggo Operator for ECS, based on the lambda function.

Architecture

The is the module architecture:

Network architecture (default deployment):

Usage

  1. Install terraform Hashicorp Ref.
  2. AWS CLI installation AWS Ref.
  3. AWS CLI authentication AWS Ref.
  4. Create a provider.tf file Terraform Ref.
  5. Create a main.tf and configure the module inputs. Here are Miggo examples
  6. Create a two secrets in AWS Secret Manager. First for dockerhub with the following keys (Values provided by Miggo):
aws secretsmanager create-secret --name miggo_dockerhub --secret-string {\"PASSWORD\":\"PASSWORDVALUE\", \"USERNAME\":\"USERNAMEVALUE\"}

The second with the following keys (Values provided by Miggo):

aws secretsmanager create-secret --name miggo --secret-string {\"MIGGO_OTEL_AUTH\":\"PASSWORDVALUE\", \"LAMBDA_AUTH\":\"PASSWORDVALUE\"}
  1. Run the following commands:
terraform init
terraform apply

Requirements

Name Version
aws 5.41.0

Providers

Name Version
aws 5.41.0

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 3.0
vpc terraform-aws-modules/vpc/aws 4.0.2

Resources

Name Type
aws_alb.collector resource
aws_alb.demo resource
aws_autoscaling_group.ecs resource
aws_cloudwatch_log_group.miggo resource
aws_cloudwatch_log_stream.collector_log_stream resource
aws_cloudwatch_log_stream.demo_log_stream resource
aws_cloudwatch_log_stream.ecs_operator resource
aws_ecs_capacity_provider.main resource
aws_ecs_cluster.miggo resource
aws_ecs_cluster_capacity_providers.main resource
aws_ecs_service.collector resource
aws_ecs_service.demo resource
aws_ecs_task_definition.collector resource
aws_ecs_task_definition.demo resource
aws_iam_instance_profile.ecs_node resource
aws_iam_policy.dockerhub_secret resource
aws_iam_policy.lambda_extra_policy resource
aws_iam_policy.lambda_logs_policy resource
aws_iam_policy.task_exec_policy resource
aws_iam_role.ecs_node_role resource
aws_iam_role.lambda_exec_role resource
aws_iam_role.task_exec_role resource
aws_iam_role_policy_attachment.ecs_node_role_policy resource
aws_lambda_function.LambdaFunction resource
aws_launch_template.ecs_ec2 resource
aws_lb_listener.collector_http resource
aws_lb_listener.demo resource
aws_lb_target_group.collector_http resource
aws_lb_target_group.demo resource
aws_route53_record.collector resource
aws_route53_record.demo resource
aws_route53_record.sub_domain resource
aws_route53_zone.sub_domain resource
aws_security_group.alb_collector resource
aws_security_group.alb_demo resource
aws_security_group.collector resource
aws_security_group.demo resource
aws_security_group.ecs_node_sg resource
aws_ami.amzn data source
aws_caller_identity.current data source
aws_ecs_cluster.provided data source
aws_iam_policy_document.ecs_node_doc data source
aws_region.current data source
aws_route53_zone.selected data source
aws_secretsmanager_secret.dockerhub data source
aws_secretsmanager_secret.miggo data source
aws_secretsmanager_secret_version.miggo data source

Inputs

Name Description Type Default Required
additional_collector_env_vars Additional env variables of contorller, configure as map of key=values any {} no
certificate_arn ARN of a certificate for Miggo collecotr, Will be used by ALB string "" no
cluster_name ECS cluster name, if we want to deploy to existing one or rename cluster name string "" no
collector_image collector image name string "miggoprod/miggo-infra-agent" no
collector_replicas Miggo collector replicas string 2 no
collector_resource Miggo collector resource map map(any) 
{
  "cpu": 2048,
  "memory": 4096
}
 no
collector_sg_ingress_cidr_blocks Ingress CIDRs of Miggo collector security group list(string) 
[
  "0.0.0.0/0"
]
 no
collector_version Miggo collector image version string "latest" no
create_cluster whether create a cluster or use existing one bool true no
create_vpc # VPC variables. bool true no
custom_iam_task_exec_role_arn ECS execution IAM Role overwrite, please pass arn of existing IAM Role string "" no
demo_sg_ingress_cidr_blocks Ingress CIDRs of Miggo collector security group list(string) 
[
  "0.0.0.0/0"
]
 no
deploy_collector (Optional) If true will deploy will deploy collector as ECS service bool true no
deploy_demo_app (Optional) If true will deploy will deploy collector as ECS service bool false no
deploy_ecs_operator (Optional) If true will deploy will deploy ECS operator for OTeL as Lambda bool true no
dockerhub_secret_name Dockerhub secert name string n/a yes
domain_name DNS domain to write collector address string n/a yes
ecs_operator_s3 Needed for fetching the lambda from Miggo s3 bucket 
object({
    bucket  = string
    key     = string
    version = string
  })
 
{
  "bucket": "",
  "key": "",
  "version": ""
}
 no
environment Environment name string "miggo" no
fargate whether the created cluster should run on fargate bool true no
miggo_endpoint n/a string "https://collector.miggo.io" no
miggo_secret_name Miggo secert name string n/a yes
public n/a bool false no
region AWS region, using providers region as default string "" no
tenant_id Miggo tenant ID string "" no
vpc_availability_zones n/a list(string) 
[
  ""
]
 no
vpc_cidr n/a string "172.30.1.0/25" no
vpc_id VPC id should be passed only if create_vpc = false string "" no
vpc_private_subnets n/a list(string) 
[
  "172.30.1.0/27",
  "172.30.1.32/27"
]
 no
vpc_public_subnets n/a list(string) 
[
  "172.30.1.64/27",
  "172.30.1.96/27"
]
 no

Outputs

Name Description
collector_dns Miggo collector dns address
demo_dns Miggo demo dns address