Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/infrablocks/terraform-aws-ecs-route53-registration

Route53 DNS registration for ECS services
https://github.com/infrablocks/terraform-aws-ecs-route53-registration

aws ecs infrastructure route53 terraform terraform-modules

Last synced: 3 months ago
JSON representation

Route53 DNS registration for ECS services

Awesome Lists containing this project

README 

          
Terraform AWS ECS Route53 Registration

======================================



[![CircleCI](https://circleci.com/gh/infrablocks/terraform-aws-ecs-route53-registration.svg?style=svg)](https://circleci.com/gh/infrablocks/terraform-aws-ecs-route53-registration)



A Terraform module for registering containers in an ECS service in Route53.



The ECS service requires:

* An existing VPC

* An ECS cluster

* An ECS service

* Route53 zone(s)



The ECS Route53 registration consists of:

* A lambda that listens to ECS events and registers containers into Route53



![Diagram of infrastructure managed by this module](/docs/architecture.png?raw=true)



Usage

-----



To use the module, include something like the following in your Terraform

configuration:



```hcl-terraform

module "ecs_route53_registration" {

  source = "git@github.com:infrablocks/terraform-aws-ecs-route53-registration.git"

}

```



As mentioned above, the registration lambda works with an existing base network 

and ECS cluster for an existing ECS service. Whilst these can be created using 

any mechanism you like, the following modules may be of use: 

* [AWS Base Networking](https://github.com/infrablocks/terraform-aws-base-networking)

* [AWS ECS Cluster](https://github.com/infrablocks/terraform-aws-ecs-cluster)

* [AWS ECS Service](https://github.com/infrablocks/terraform-aws-ecs-service)



See the 

[Terraform registry entry](https://registry.terraform.io/modules/infrablocks/ecs-route53-registration/aws/latest) 

for more details.



### Inputs



| Name                      | Description                      | Default            | Required |

|---------------------------|----------------------------------|:------------------:|:--------:|



### Outputs



| Name                      | Description                                                          |

|---------------------------|----------------------------------------------------------------------|



### Compatibility



This module is compatible with Terraform versions greater than or equal to 

Terraform 1.0.



Development

-----------



### Machine Requirements



In order for the build to run correctly, a few tools will need to be installed 

on your development machine:



* Ruby (3.1.1)

* Bundler

* git

* git-crypt

* gnupg

* direnv

* aws-vault



#### Mac OS X Setup



Installing the required tools is best managed by [homebrew](http://brew.sh).



To install homebrew:



```

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

```



Then, to install the required tools:



```

# ruby

brew install rbenv

brew install ruby-build

echo 'eval "$(rbenv init - bash)"' >> ~/.bash_profile

echo 'eval "$(rbenv init - zsh)"' >> ~/.zshrc

eval "$(rbenv init -)"

rbenv install 3.1.1

rbenv rehash

rbenv local 3.1.1

gem install bundler



# git, git-crypt, gnupg

brew install git

brew install git-crypt

brew install gnupg



# aws-vault

brew cask install



# direnv

brew install direnv

echo "$(direnv hook bash)" >> ~/.bash_profile

echo "$(direnv hook zsh)" >> ~/.zshrc

eval "$(direnv hook $SHELL)"



direnv allow 

```



### Running the build



Running the build requires an AWS account and AWS credentials. You are free to 

configure credentials however you like as long as an access key ID and secret

access key are available. These instructions utilise 

[aws-vault](https://github.com/99designs/aws-vault) which makes credential

management easy and secure.



To provision module infrastructure, run tests and then destroy that 

infrastructure, execute:



```bash

aws-vault exec  -- ./go

```



To provision the module prerequisites:



```bash

aws-vault exec  -- ./go deployment:prerequisites:provision[]

```



To provision the module contents:



```bash

aws-vault exec  -- ./go deployment:root:provision[]

```



To destroy the module contents:



```bash

aws-vault exec  -- ./go deployment:root:destroy[]

```



To destroy the module prerequisites:



```bash

aws-vault exec  -- ./go deployment:prerequisites:destroy[]

```



Configuration parameters can be overridden via environment variables:



```bash

DEPLOYMENT_IDENTIFIER=testing aws-vault exec  -- ./go

```



When a deployment identifier is provided via an environment variable, 

infrastructure will not be destroyed at the end of test execution. This can

be useful during development to avoid lengthy provision and destroy cycles.



By default, providers will be downloaded for each terraform execution. To

cache providers between calls:



```bash

TF_PLUGIN_CACHE_DIR="$HOME/.terraform.d/plugin-cache" aws-vault exec  -- ./go

```



### Common Tasks



#### Generating an SSH key pair



To generate an SSH key pair:



```

ssh-keygen -m PEM -t rsa -b 4096 -C integration-test@example.com -N '' -f config/secrets/keys/bastion/ssh

```



#### Generating a self-signed certificate



To generate a self signed certificate:

```

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

```



To decrypt the resulting key:



```

openssl rsa -in key.pem -out ssl.key

```



#### Add a git-crypt user



To adding a user to git-crypt using their GPG key: 



```

gpg --import ~/path/xxxx.pub

git-crypt add-gpg-user --trusted GPG-USER-ID



```



#### Managing CircleCI keys



To encrypt a GPG key for use by CircleCI:



```bash

openssl aes-256-cbc \

  -e \

  -md sha1 \

  -in ./config/secrets/ci/gpg.private \

  -out ./.circleci/gpg.private.enc \

  -k ""

```



To check decryption is working correctly:



```bash

openssl aes-256-cbc \

  -d \

  -md sha1 \

  -in ./.circleci/gpg.private.enc \

  -k ""

```



Contributing

------------



Bug reports and pull requests are welcome on GitHub at 

https://github.com/infrablocks/terraform-aws-ecs-route53-registration. 

This project is intended to be a safe, welcoming space for collaboration, and 

contributors are expected to adhere to 

the [Contributor Covenant](http://contributor-covenant.org) code of conduct.



License

-------



The library is available as open source under the terms of the 

[MIT License](http://opensource.org/licenses/MIT).