feat(infra): bootstrap terraform configuration

tbobm · tbobm · commit 32046c6bb2f0 · 2025-04-16T17:37:37.000+02:00
Signed-off-by: Theo Bob Massard &lt;tbobm@protonmail.com&gt;
diff --git a/terraform/README.md b/terraform/README.md
@@ -0,0 +1,44 @@
+# ECS Migration task
+
+Bootstrap an ECS task definition used as a migration job by Github Actions.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ecs_task.run_migration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task) | resource |
+| [aws_ecs_task_definition.db_migration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the ECS Cluster where the ECS Task will be scheduled | `string` | n/a | yes |
+| <a name="input_container_image"></a> [container\_image](#input\_container\_image) | Container image used by the ECS Task for the Atlas container (from ECR) | `string` | n/a | yes |
+| <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | List of security group IDs to attach to the ECS Task | `list(string)` | n/a | yes |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs to attach to the ECS Task | `list(string)` | n/a | yes |
+| <a name="input_task_cpu"></a> [task\_cpu](#input\_task\_cpu) | CPU allocation to the ECS Task | `number` | `512` | no |
+| <a name="input_task_execution_role_arn"></a> [task\_execution\_role\_arn](#input\_task\_execution\_role\_arn) | ARN of the IAM Task Execution Role which will be used by the ECS Task | `string` | n/a | yes |
+| <a name="input_task_memory"></a> [task\_memory](#input\_task\_memory) | RAM of the ECS Task | `number` | `1024` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_migration_task_definition_arn"></a> [migration\_task\_definition\_arn](#output\_migration\_task\_definition\_arn) | ARN of the migration ECS Task |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,40 @@
+resource "aws_ecs_task_definition" "db_migration" {
+  family                   = "db-migration"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  cpu                      = var.task_cpu
+  memory                   = var.task_memory
+  execution_role_arn       = var.task_execution_role_arn
+  task_role_arn            = var.task_execution_role_arn
+
+  container_definitions = jsonencode([
+    {
+      name      = "atlas-migrate"
+      image     = var.container_image
+      essential = true
+      command   = ["atlas", "migrate", "apply", "--env", "local"]
+      environment = [
+        {
+          name  = "ATLAS_LOG_LEVEL"
+          value = "debug"
+        }
+      ]
+    }
+  ])
+}
+
+resource "aws_ecs_task" "run_migration" {
+  cluster         = var.cluster_name
+  task_definition = aws_ecs_task_definition.db_migration.arn
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = var.subnet_ids
+    security_groups  = var.security_group_ids
+    assign_public_ip = true
+  }
+
+  lifecycle {
+    ignore_changes = [desired_count] # One-shot
+  }
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -0,0 +1,5 @@
+output "migration_task_definition_arn" {
+  value       = aws_ecs_task_definition.db_migration.arn
+  description = "ARN of the migration ECS Task"
+}
+
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -0,0 +1,34 @@
+variable "cluster_name" {
+  description = "Name of the ECS Cluster where the ECS Task will be scheduled"
+  type        = string
+}
+
+variable "subnet_ids" {
+  description = "List of subnet IDs to attach to the ECS Task"
+  type        = list(string)
+}
+
+variable "security_group_ids" {
+  description = "List of security group IDs to attach to the ECS Task"
+  type        = list(string)
+}
+
+variable "container_image" {
+  description = "Container image used by the ECS Task for the Atlas container (from ECR)"
+  type        = string
+}
+
+variable "task_execution_role_arn" {
+  description = "ARN of the IAM Task Execution Role which will be used by the ECS Task"
+  type        = string
+}
+
+variable "task_cpu" {
+  description = "CPU allocation to the ECS Task"
+  default     = 512
+}
+
+variable "task_memory" {
+  description = "RAM of the ECS Task"
+  default     = 1024
+}
