Merge branch 'main' into feature/create-pipeline

environments/prod/tokyo/s3/terragrunt.hcl

@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "this" {
+  bucket = var.bucket_name
+
+  versioning {
+    enabled = true
+  }
+
+  tags = var.tags
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}

modules/ecs/main.tf

@@ -170,13 +170,72 @@ resource "aws_lb_listener" "app" {
   }
 }
 
+resource "aws_iam_role" "ecs_service_linked_role" {
+  name               = "${var.project_name}-ecs-service-role"
+  assume_role_policy = <<-EOF
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "ecs.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+  EOF
+}
+
+resource "aws_iam_policy" "ecs_custom_service_policy" {
+  name        = "${var.project_name}-ecs-service-policy"
+  description = "Custom policy for ECS service role"
+  policy      = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "ecs:CreateCluster",
+          "ecs:DeleteCluster",
+          "ecs:DeregisterContainerInstance",
+          "ecs:DiscoverPollEndpoint",
+          "ecs:Poll",
+          "ecs:RegisterContainerInstance",
+          "ecs:StartTelemetrySession",
+          "ecs:Submit*",
+          "ec2:AuthorizeSecurityGroupIngress",
+          "ec2:Describe*",
+          "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+          "elasticloadbalancing:Describe*",
+          "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
+          "ecr:GetAuthorizationToken",
+          "ecr:BatchCheckLayerAvailability",
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ],
+        "Resource": "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_service_linked_role_attachment" {
+  role       = aws_iam_role.ecs_service_linked_role.name
+  policy_arn = aws_iam_policy.ecs_custom_service_policy.arn
+}
+
 resource "aws_ecs_service" "this" {
   for_each        = aws_ecs_task_definition.ecs_task_definitions
   name            = "${var.project_name}-${each.key}-service"
   cluster         = aws_ecs_cluster.this.id
   task_definition = each.value.arn
   desired_count   = 1
   launch_type     = "EC2"
+  iam_role        = aws_iam_role.ecs_service_linked_role.arn
 
   load_balancer {
     target_group_arn = aws_lb_target_group.app.arn

modules/kinesis/variables.tf

@@ -2,7 +2,6 @@ variable "stream_name" {
   description = "The name of stream"
   type        = string
 }
-
 variable "tags" {
   description = "A map of tags to assign to the repository"
   type        = map(string)

modules/s3/main.tf

@@ -0,0 +1,10 @@
+resource "aws_kinesis_firehose_delivery_stream" "firehose" {
+  name        = var.stream_name
+  destination = "s3"
+
+  s3_configuration {
+    role_arn   = var.role_arn
+    bucket_arn = var.bucket_arn
+    prefix     = var.s3_prefix
+  }
+}

modules/s3/outputs.tf

@@ -0,0 +1,7 @@
+output "bucket_arn" {
+  value = aws_s3_bucket.this.arn
+}
+
+output "bucket_name" {
+  value = aws_s3_bucket.this.bucket
+}

modules/s3/variables.tf

@@ -0,0 +1,10 @@
+variable "bucket_name" {
+  description = "The name of the S3 bucket"
+  type        = string
+}
+
+variable "tags" {
+  description = "A map of tags to assign to the bucket"
+  type        = map(string)
+  default     = {}
+}