-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy pathcode-deploy.tf
110 lines (92 loc) · 2.71 KB
/
code-deploy.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
data "aws_iam_policy_document" "assume_by_codedeploy" {
statement {
sid = ""
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["codedeploy.amazonaws.com"]
}
}
}
resource "aws_iam_role" "codedeploy" {
name = "${var.service_name}-codedeploy"
assume_role_policy = "${data.aws_iam_policy_document.assume_by_codedeploy.json}"
}
data "aws_iam_policy_document" "codedeploy" {
statement {
sid = "AllowLoadBalancingAndECSModifications"
effect = "Allow"
actions = [
"ecs:CreateTaskSet",
"ecs:DeleteTaskSet",
"ecs:DescribeServices",
"ecs:UpdateServicePrimaryTaskSet",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyRule",
"lambda:InvokeFunction",
"cloudwatch:DescribeAlarms",
"sns:Publish",
"s3:GetObject",
"s3:GetObjectMetadata",
"s3:GetObjectVersion"
]
resources = ["*"]
}
statement {
sid = "AllowPassRole"
effect = "Allow"
actions = ["iam:PassRole"]
resources = [
"${aws_iam_role.execution_role.arn}",
"${aws_iam_role.task_role.arn}",
]
}
}
resource "aws_iam_role_policy" "codedeploy" {
role = "${aws_iam_role.codedeploy.name}"
policy = "${data.aws_iam_policy_document.codedeploy.json}"
}
resource "aws_codedeploy_app" "this" {
compute_platform = "ECS"
name = "${var.service_name}-service-deploy"
}
resource "aws_codedeploy_deployment_group" "this" {
app_name = "${aws_codedeploy_app.this.name}"
deployment_group_name = "${var.service_name}-service-deploy-group"
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
service_role_arn = "${aws_iam_role.codedeploy.arn}"
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = 60
}
}
ecs_service {
cluster_name = "${aws_ecs_cluster.this.name}"
service_name = "${aws_ecs_service.this.name}"
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = ["${aws_lb_listener.this.arn}"]
}
target_group {
name = "${aws_lb_target_group.this.*.name[0]}"
}
target_group {
name = "${aws_lb_target_group.this.*.name[1]}"
}
}
}
}