Skip to content

add: ECS example template #3915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Sep 8, 2022
Merged

add: ECS example template #3915

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c8d11d0
add: ECS example template
ericpaulsen Sep 6, 2022
49e1bd5
fix: empty main.tf
ericpaulsen Sep 6, 2022
deeaba6
cleanup
ericpaulsen Sep 6, 2022
70f9537
rm: cluster & compute
ericpaulsen Sep 7, 2022
d9c91f4
set CPU & memory vars
ericpaulsen Sep 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
add: ECS example template
  • Loading branch information
@ericpaulsen
ericpaulsen committed Sep 6, 2022
commit c8d11d021e645c7fc5eed38efaaad930413d4c3b
93 changes: 93 additions & 0 deletions examples/templates/ecs-container/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
---
name: Develop in an ECS-hosted container
description: Get started with Linux development on AWS ECS.
tags: [cloud, aws]
---

# aws-ecs

This is a sample template for running a Coder workspace on ECS.

## Required permissions / policy

The following sample policy allows Coder to create EC2 instances and modify
instances provisioned by Coder:

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:GetDefaultCreditSpecification",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:DescribeTags",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:DescribeInstanceCreditSpecifications",
"ec2:DescribeImages",
"ec2:ModifyDefaultCreditSpecification",
"ec2:DescribeVolumes"
],
"Resource": "*"
},
{
"Sid": "CoderResources",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:UnmonitorInstances",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DeleteTags",
"ec2:MonitorInstances",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyInstanceCreditSpecification"
],
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Coder_Provisioned": "true"
}
}
}
]
}
```

Additionally, the `AmazonEC2ContainerServiceforEC2Role` managed policy should be
attached to the container instance IAM role, otherwise you will receive an error
when creating the ECS cluster.

This is represented as the `iam_instance_role` argument of the `launch_template`
resource. Please see the [AWS documentation for configuring this instance role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html#instance-iam-role-verify).

## Architecture

This workspace is built using the following AWS resources:

- Launch template - this defines the EC2 instance(s) to host the container
- Auto-scaling group - EC2 auto-scaling group configuration
- ECS cluster - logical grouping of containers to be run in ECS
- Capacity provider - ECS-specific resource that ties in the auto-scaling group
- Task definition - the container definition, includes the image, command, volume(s)
- ECS service - manages the task definition

## User data

This template includes a two-part user data configuration, represented as the
`cloudinit_config` data source. There is an ECS-specific user data definition,
which is required for the EC2 instances to join the ECS cluster. Additionally, the
Coder user data (defined in the `locals` block) is needed to stop/start the instance(s).

## code-server

`code-server` is installed via the `startup_script` argument in the `coder_agent`
resource block. The `coder_app` resource is defined to access `code-server` through
the dashboard UI over `localhost:13337`.
Empty file added examples/templates/ecs-container/main.tf
View file
Open in desktop
Empty file.