clientIO
diff --git a/‎README.md
Lines changed: 58 additions & 26 deletions b/‎README.md
Lines changed: 58 additions & 26 deletions
diff --git a/‎docs/ecs-diagram.png
151 KB b/‎docs/ecs-diagram.png
151 KB
diff --git a/‎document_db.tf
Lines changed: 6 additions & 2 deletions b/‎document_db.tf
Lines changed: 6 additions & 2 deletions
diff --git a/‎ecs-ec2.tf
Lines changed: 2 additions & 2 deletions b/‎ecs-ec2.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎elasticache.tf
Lines changed: 3 additions & 6 deletions b/‎elasticache.tf
Lines changed: 3 additions & 6 deletions
diff --git a/‎elasticsearch.tf
Lines changed: 6 additions & 5 deletions b/‎elasticsearch.tf
Lines changed: 6 additions & 5 deletions
diff --git a/‎examples/development/README.md
Lines changed: 7 additions & 3 deletions b/‎examples/development/README.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎examples/development/main.tf
Lines changed: 149 additions & 3 deletions b/‎examples/development/main.tf
Lines changed: 149 additions & 3 deletions
diff --git a/‎examples/production/README.md
Lines changed: 2 additions & 2 deletions b/‎examples/production/README.md
Lines changed: 2 additions & 2 deletions
@@ -1,6 +1,6 @@
 locals {
   documentdb_enabled    = var.external_documentdb == null
-  documentdb_subnet_ids = slice(local.private_subnet_ids, 0, min(length(local.private_subnet_ids), var.document_db.cluster_size))
+  documentdb_subnet_ids = slice(local.private_subnet_ids, 0, min(length(local.private_subnet_ids), max(2, var.document_db.cluster_size)))
 }
 
 module "documentdb_cluster" {
@@ -19,7 +19,7 @@ module "documentdb_cluster" {
   cluster_size   = try(var.document_db["cluster_size"], null)
   instance_class = try(var.document_db["instance_class"], null)
 
-  master_username = try(var.document_db["master_username"], null)
+  master_username = random_pet.document_db_username.id
 
   engine_version = try(var.document_db["engine_version"], null)
 
@@ -30,6 +30,10 @@ module "documentdb_cluster" {
   cluster_parameters = try(var.document_db["cluster_parameters"], [])
 }
 
+resource "random_pet" "document_db_username" {
+  length = 1
+}
+
 module "document_db_ssm_password" {
   source  = "cloudposse/ssm-parameter-store/aws"
   version = "0.11.0"
 
@@ -49,7 +49,7 @@ locals {
         ECS_ENABLE_HIGH_DENSITY_ENI=true
         ECS_ENABLE_SPOT_INSTANCE_DRAINING=true
         ECS_ENGINE_AUTH_TYPE=dockercfg
-        ECS_ENGINE_AUTH_DATA=${sensitive(base64decode(var.ecs_auth_data))} # pragma: allowlist secret
+        ECS_ENGINE_AUTH_DATA=${sensitive(base64decode(var.ecs_registry_auth_data))} # pragma: allowlist secret
         EOF
       EOT
 }
@@ -286,7 +286,7 @@ module "ecs_cluster" {
   cluster_name = module.label.id
 
   cluster_configuration = {
-    execute_command_configuration = var.ecs_cluster_configuration
+    execute_command_configuration = var.ecs_cluster_config
   }
 
   cluster_service_connect_defaults = {
 
@@ -31,14 +31,11 @@ module "elasticache" {
   family                     = try(var.elasticache["family"], null)
   at_rest_encryption_enabled = try(var.elasticache["at_rest_encryption_enabled"], null)
   transit_encryption_enabled = try(var.elasticache["transit_encryption_enabled"], null)
-  auth_token                 = random_password.redis.result
+  auth_token                 = random_password.redis_password.result
   parameter                  = try(var.elasticache["parameter"], null)
 }
 
-resource "random_password" "redis" {
-  keepers = {
-    ami_id = module.label.id
-  }
+resource "random_password" "redis_password" {
   min_upper        = 1
   min_lower        = 1
   min_numeric      = 1
@@ -55,7 +52,7 @@ module "elasticache_ssm_password" {
   parameter_write = [
     {
       name        = "/${module.label.id}/elasticache/auth_token"
-      value       = sensitive(random_password.redis.result)
+      value       = sensitive(random_password.redis_password.result)
       type        = "SecureString"
       overwrite   = "true"
       description = "Auth token for ${module.elasticache.id} Elasticache"
 
@@ -1,5 +1,5 @@
 locals {
-  elasticsearch_master_username = random_pet.elasticsearch.id
+  elasticsearch_master_username = random_pet.elasticsearch_username.id
   elasticsearch_enabled         = var.external_elasticsearch == null
   elasticsearch_subnet_ids      = slice(local.private_subnet_ids, 0, min(length(local.private_subnet_ids), var.elasticsearch.instance_count))
 }
@@ -37,9 +37,9 @@ module "elasticsearch" {
   advanced_security_options_enabled                        = true
   advanced_security_options_internal_user_database_enabled = true
   advanced_security_options_master_user_name               = local.elasticsearch_master_username
-  advanced_security_options_master_user_password           = random_password.elasticsearch.result
+  advanced_security_options_master_user_password           = random_password.elasticsearch_password.result
 }
-resource "random_password" "elasticsearch" {
+resource "random_password" "elasticsearch_password" {
   min_upper        = 1
   min_lower        = 1
   min_numeric      = 1
@@ -48,7 +48,8 @@ resource "random_password" "elasticsearch" {
   length           = 16
 }
 
-resource "random_pet" "elasticsearch" {
+resource "random_pet" "elasticsearch_username" {
+  length = 1
 }
 
 
@@ -61,7 +62,7 @@ module "elasticsearch_ssm_password" {
   parameter_write = [
     {
       name        = "/${module.label.id}/elasticsearch/master_password"
-      value       = sensitive(random_password.elasticsearch.result)
+      value       = sensitive(random_password.elasticsearch_password.result)
       type        = "SecureString"
       overwrite   = "true"
       description = "Master password for Elasticsearch ${module.elasticsearch.domain_name} "
 
@@ -1,6 +1,6 @@
 # Basic example
 
-The code in this example shows how to use the module with basic configuration and minimal set of other resources.
+The code in this example shows how to use the module with development configuration and minimal set of other resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -14,7 +14,9 @@ The code in this example shows how to use the module with basic configuration an
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_example_module"></a> [example\_module](#module\_example\_module) | ../../ | n/a |
+| <a name="module_appmixer_module"></a> [appmixer\_module](#module\_appmixer\_module) | ../../ | n/a |
+| <a name="module_subnets"></a> [subnets](#module\_subnets) | cloudposse/dynamic-subnets/aws | 2.4.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | cloudposse/vpc/aws | 2.1.1 |
 
 ## Resources
 
@@ -26,5 +28,7 @@ No inputs.
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_appmixer_module"></a> [appmixer\_module](#output\_appmixer\_module) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -1,19 +1,165 @@
-module "example_module" {
+locals {
+  vpc_cidr_block = "10.0.0.0/16"
+  name           = "appmixer"
+  environment    = "dev"
+  namespace      = "cio"
+}
+
+module "vpc" {
+  source                           = "cloudposse/vpc/aws"
+  version                          = "2.1.1"
+  name                             = local.name
+  namespace                        = local.namespace
+  environment                      = local.environment
+  ipv4_primary_cidr_block          = local.vpc_cidr_block
+  assign_generated_ipv6_cidr_block = true
+  internet_gateway_enabled         = true
+}
+
+module "subnets" {
+  source              = "cloudposse/dynamic-subnets/aws"
+  version             = "2.4.1"
+  name                = local.name
+  namespace           = local.namespace
+  environment         = local.environment
+  vpc_id              = module.vpc.vpc_id
+  igw_id              = [module.vpc.igw_id]
+  nat_gateway_enabled = true
+  ipv4_cidr_block     = [local.vpc_cidr_block]
+  availability_zones  = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]
+}
+
+
+module "appmixer_module" {
   source = "../../"
 
+  name        = local.name
+  namespace   = local.environment
+  environment = local.environment
+
   root_dns_name = "ecs.appmixer.co"
   zone_id       = "XXX"
 
+  external_vpc = {
+    vpc_id             = module.vpc.vpc_id
+    public_subnet_ids  = module.subnets.public_subnet_ids
+    private_subnet_ids = module.subnets.private_subnet_ids
+  }
+
+  ecs_registry_auth_data = "XXX"
+
   init_user = {
     email    = "XXX"
     username = "XXX"
     password = "XXX"
   }
 
-  ecs_auth_data = "XXX"
+  enable_deletion_protection = false
+
+  elasticache = {
+    parameter = [
+      {
+        name  = "notify-keyspace-events"
+        value = "lK"
+      }
+    ]
+  }
+  ecs_autoscaling_config = {
+    on_demand = {
+      instance_type              = "m5.large"
+      use_mixed_instances_policy = true
+      mixed_instances_policy = {
+        instances_distribution = {
+          on_demand_base_capacity                  = 1   # min 1 on demand instance
+          on_demand_percentage_above_base_capacity = 100 # 100% on demand instances
+          on_demand_allocation_strategy            = "lowest-price"
+        }
+        override = [
+          {
+            instance_type     = "m5.large"
+            weighted_capacity = "1"
+          },
+          {
+            instance_type     = "c5.large"
+            weighted_capacity = "1"
+          }
+        ]
+      }
+
+      max_size = 2
+      min_size = 1
+      capacity_provider = {
+        maximum_scaling_step_size = 1
+        minimum_scaling_step_size = 1
+        target_capacity           = 100
+        default_capacity_provider_strategy = {
+          weight = 10
+          base   = 1
+        }
+      }
+    }
+    spot = {
+      instance_type              = "m5.large"
+      use_mixed_instances_policy = true
+      mixed_instances_policy = {
+        instances_distribution = {
+          on_demand_base_capacity                  = 0 # min 0 on demand instance
+          on_demand_percentage_above_base_capacity = 0 # 0% on demand instances
+          spot_allocation_strategy                 = "lowest-price"
+        }
+        override = [
+          {
+            instance_type     = "m5.large"
+            weighted_capacity = "1"
+          },
+          {
+            instance_type     = "c5.large"
+            weighted_capacity = "1"
+          }
+        ]
+      }
+      max_size = 2
+      min_size = 1
+      capacity_provider = {
+        maximum_scaling_step_size = 1
+        minimum_scaling_step_size = 1
+        target_capacity           = 100
+        default_capacity_provider_strategy = {
+          weight = 80
+          base   = 0
+        }
+      }
+    }
+  }
 
   ecs_common_service_config = {
+    autoscaling_min_capacity = 2
     wait_for_steady_state    = true
-    autoscaling_min_capacity = 1
+    force_new_deployment     = true
+    ordered_placement_strategy = [
+      {
+        type  = "spread"
+        field = "attribute:ecs.availability-zone"
+      },
+      {
+        type  = "binpack"
+        field = "cpu"
+      },
+    ]
   }
+
+  # Mongo DB TLS temporary disabled - to enable just remove env variables below
+  ecs_per_service_config = {
+    engine = {
+      env = {
+        DB_SSL_VALIDATE = "false"
+        DB_USE_TLS      = "false"
+        DB_TLS_CA_FILE  = ""
+      }
+    }
+  }
+}
+
+output "appmixer_module" {
+  value = module.appmixer_module
 }
@@ -1,6 +1,6 @@
 # Basic example
 
-The code in this example shows how to use the module with basic configuration and minimal set of other resources.
+The code in this example shows how to use the module with production configuration and minimal set of other resources.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -14,7 +14,7 @@ The code in this example shows how to use the module with basic configuration an
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_example_module"></a> [example\_module](#module\_example\_module) | ../../ | n/a |
+| <a name="module_appmixer_module"></a> [appmixer\_module](#module\_appmixer\_module) | ../../ | n/a |
 
 ## Resources