Initialize

.github/workflows/test.yml

@@ -0,0 +1,46 @@
+name: Test
+
+on: [push, pull_request]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+
+      - name: Install dependencies
+        run: go get .
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Test
+        run: go test -v ./...
+
+  test-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20
+
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ubuntu-latest-go-1.20-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ubuntu-latest-go-1.20-
+
+      - name: Test
+        run: go test ./...

.gitignore

@@ -0,0 +1,60 @@
+# Golang
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+# Terraforn
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+tf/*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# IDE
+.DS_Store
+.idea

Dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.20
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+
+COPY *.go ./
+COPY tmpl/* ./tmpl/
+COPY TestPage.txt ./
+
+RUN go build -o /gowiki
+
+CMD ["/gowiki"]

README.md

@@ -0,0 +1,37 @@
+Terraform lib: https://registry.terraform.io
+
+```bash
+terraform init
+```
+
+```bash
+terraform plan
+```
+
+```bash
+terraform apply
+```
+
+Simple web app
+
+- https://go.dev/doc/articles/wiki/
+
+Docker
+
+- https://docs.docker.com/language/golang/build-images/
+
+
+```bash
+docker build --tag docker-gowiki
+
+# Directly
+docker run --publish 8080:8080 docker-gowiki
+
+# Detached
+docker run -d -p 8080:8080 docker-gowiki
+```
+
+**TODO**
+- CD
+- grpc, grpc-web
+- dynamoDB

TestPage.txt

@@ -0,0 +1 @@
+aaa

go.mod

@@ -0,0 +1,3 @@
+module gowiki
+
+go 1.20

main.tf

@@ -0,0 +1,41 @@
+provider "aws" {
+  region = "ap-northeast-1"
+
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+}
+
+module "ecs_fargate" {
+  source = "./tf"
+
+  security_groups = [module.sg.security_group_id]
+  subnets         = module.vpc.public_subnets
+  vpc_id          = module.vpc.vpc_id
+  container_port  = "8080"
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "4.0.1"
+
+  name               = "dev"
+  cidr               = "10.0.0.0/16"
+  enable_nat_gateway = false
+
+  azs            = ["ap-northeast-1"]
+  public_subnets = ["10.0.101.0/24"]
+
+  tags = {
+    Environment = "dev"
+  }
+}
+
+module "sg" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "4.17.1"
+
+  name = "dev"
+  vpc_id = module.vpc.vpc_id
+}

tf/alb.tf

@@ -0,0 +1,36 @@
+resource "aws_alb" "_" {
+  name = local.project_name
+
+  security_groups = var.security_groups
+  subnets         = var.subnets
+
+  count = local.alb_count
+}
+
+resource "aws_alb_target_group" "_" {
+  name = local.project_name
+
+  port        = var.container_port
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+  health_check {
+    path = var.health_check_path
+  }
+
+  count = local.alb_count
+}
+
+resource "aws_alb_listener" "_" {
+  load_balancer_arn = aws_alb._[0].id
+  port              = var.alb_listen_port
+  protocol          = "HTTP"
+
+  default_action {
+    target_group_arn = aws_alb_target_group._[0].id
+    type             = "forward"
+  }
+
+  count = local.alb_count
+}

tf/cloudwatch.tf

@@ -0,0 +1,5 @@
+resource "aws_cloudwatch_log_group" "ecs" {
+  name = "/aws/ecs"
+
+  count = local.log_group_count
+}

tf/ecr.tf

@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "_" {
+  name = local.ecr_repo
+}

tf/ecs.tf

@@ -0,0 +1,61 @@
+resource "aws_ecs_cluster" "_" {
+  name = local.ecs_name_cluster
+}
+
+resource "aws_ecs_task_definition" "_" {
+  family                   = local.ecs_name_task_definition
+  container_definitions    = data.template_file.task_definition.rendered
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = var.ecs_cpu
+  memory                   = var.ecs_memory
+  network_mode             = "awsvpc"
+
+  task_role_arn      = local.ecs_role_arn
+  execution_role_arn = local.ecs_role_arn
+}
+
+resource "aws_ecs_service" "_" {
+  name            = local.ecs_name_service
+  cluster         = aws_ecs_cluster._.id
+  task_definition = aws_ecs_task_definition._.arn
+  launch_type     = "FARGATE"
+
+  desired_count                      = var.desired_count
+  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+
+  network_configuration {
+    security_groups  = [aws_security_group.alb_ecs[0].id]
+    subnets          = var.subnets
+    assign_public_ip = true
+  }
+
+  load_balancer {
+    target_group_arn = aws_alb_target_group._[0].arn
+    container_name   = local.ecs_name_task_definition
+    container_port   = var.container_port
+  }
+
+  depends_on = [
+    aws_alb_listener._,
+  ]
+
+  count = local.alb_count
+}
+
+resource "aws_ecs_service" "no_alb" {
+  name            = local.ecs_name_service
+  cluster         = aws_ecs_cluster._.id
+  task_definition = aws_ecs_task_definition._.arn
+  launch_type     = "FARGATE"
+
+  desired_count                      = var.desired_count
+  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+
+  network_configuration {
+    security_groups  = var.security_groups
+    subnets          = var.subnets
+    assign_public_ip = true
+  }
+
+  count = local.alb_count == 1 ? 0 : 1
+}

tf/iam.tf

@@ -0,0 +1,9 @@
+resource "aws_iam_role" "ecs" {
+  name               = local.ecs_iam_role_name
+  assume_role_policy = file("${path.module}/role-ecs.json")
+}
+
+resource "aws_iam_role_policy" "ecs" {
+  role   = aws_iam_role.ecs.name
+  policy = file("${path.module}/policy-ecs.json")
+}