diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bbb0e32e2aa339c7aebafed5983d6e33fda4b68b..486447b00f1f65c17bf5f4cc2f8d8217f0d62ccc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -75,6 +75,8 @@ repos:
rev: v6.0.2
hooks:
- id: ansible-lint
+ args:
+ - "--project-dir Ansible"
- repo: https://github.com/AleksaC/hadolint-py.git
rev: v2.8.0
diff --git a/Terraform/AWS/.terraform.lock.hcl b/Terraform/AWS/.terraform.lock.hcl
index c6c8a13e6ebc712af2f5b6e5a34b3b43fd5d8896..cebc26d4e298463bf581ef5bfde47b0af6376311 100644
--- a/Terraform/AWS/.terraform.lock.hcl
+++ b/Terraform/AWS/.terraform.lock.hcl
@@ -2,21 +2,24 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "4.9.0"
+ version = "4.47.0"
constraints = "~> 4.0"
hashes = [
- "h1:GtmIOZMkKmr9tMLWouHWiGXmKEL/diOTNar5XfOVLjs=",
- "zh:084b83aef3335ad4f5e4b8323c6fe43c1ff55e17a7647c6a5cad6af519f72b42",
- "zh:132e47ce69f14de4523b84b213cedf7173398acda14245b1ffe7747aac50f050",
- "zh:2068baef7dfce3613f3b4f27314175e971f8db68d9cde9ec30b5659f80c68c6c",
- "zh:63c6f489683d5f1ac55e82a0df387143ed22701d5f22c109a4d5c9924dd4e437",
- "zh:8115fd21965954fa4568c09331e05bb29da967fab8d077419aed09954378e216",
- "zh:8efdc95fde108f777ed9c79ae25dc17aea9771903250f5c5c8a4c726b90a345f",
+ "h1:J4PCUWoWaJbNP+GadGduWIeERw/AusE5enUJY8kKmNU=",
+ "zh:01afccb7e358ccff4ad800bcdea785198669f23070fba4561c65eb05f4364fc4",
+ "zh:0c45f46461d666c6e084ed742dbf01c9d9dc749e691771717c5ac1f82f4f6e74",
+ "zh:291ddb5a4c0da5fdd2f247ee37089a0f5e48e8446bdad2ed0f9b39cb71a11a9d",
+ "zh:338a888c04ff0da3642b64dbc29f45e5d734dd88d7c4c101c2d9a0bde726d40b",
+ "zh:35cd3c76f485f4486f187032807ef4aad99fac51e32b0ac341ab4e6fe30f2bf1",
+ "zh:39296c9baf7863fdd64194d932ec81886a4d207c05d34474be43abfeeb0f13e2",
+ "zh:6dc77793b52f127f2f48a5353865d8879eab44e5db4b837625eaa35fc842114c",
+ "zh:8bb8c7488e69a65f08bfadbf0b0801bafa28bde9ae908d12dc7490a81b88d368",
+ "zh:8fcfb26008559f514f80a8ab6d380211dfaaa902cb9e9ff2af3203bbe4c9f506",
+ "zh:95a69ccc0fdd5756d3c7311788908ab5fd1392e271b8478f3ee11238c3cbcc57",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
- "zh:9d42a7bc34d84b70c1d1bcc215cabd63abbcbd0352b70bd84da6c3916634932f",
- "zh:aacbcceb241aa475888c0869e87593182edeced3170c76a0c960dd9c905df449",
- "zh:c7fe7904511052e4102870256819a1917177572cf684f0611ebf767f9c1fbaa8",
- "zh:c8e07c3424663d1d0e7e32f4ade8099c19f6326d37c6da98104d90c986ff66fc",
- "zh:e47cafbd38b56ef14fd8d727b4ffea847c166b1c684f585ee5fb78983b537248",
+ "zh:a93a1320344d9e8f10a8e6b81b9fabfa36fb824a9b7bcb252fa060523dd0da62",
+ "zh:c4902c4aebb4174442fef42ea4a093c5881973a27a5d2c171d7d18a6e092f756",
+ "zh:c70a757e63ffc62d74003ab7719443012c57a2bbb0ae275c5c25a30aaa21dbf2",
+ "zh:de0ef6684a81f74766629bfdc3206cde58a2e1619c9d1b65d199148da3b2f50e",
]
}
diff --git a/Terraform/AWS/ecs.tf b/Terraform/AWS/ecs.tf
new file mode 100644
index 0000000000000000000000000000000000000000..6c7816b7f377bdec622ff2c8bbf96ecd9c86d44d
--- /dev/null
+++ b/Terraform/AWS/ecs.tf
@@ -0,0 +1,177 @@
+# vim: ft=tf
+
+locals {
+ ecs_instance_count = 2
+ ecs_instance_type = "t3.xlarge"
+ ecs_key_name = "Nimrod"
+}
+
+data "aws_ec2_instance_type" "ecs" {
+ instance_type = local.ecs_instance_type
+}
+
+data "aws_ami" "ecs" {
+ most_recent = true
+ owners = ["amazon"]
+
+ filter {
+ name = "owner-alias"
+ values = ["amazon"]
+ }
+
+ filter {
+ name = "name"
+ values = ["amzn2-ami-ecs-hvm-*"]
+ }
+
+ filter {
+ name = "virtualization-type"
+ values = ["hvm"]
+ }
+
+ filter {
+ name = "architecture"
+ values = data.aws_ec2_instance_type.ecs.supported_architectures
+ }
+}
+
+resource "aws_ecs_cluster" "this" {
+ name = local.name
+}
+
+locals {
+ long_arn_settings = [
+ "serviceLongArnFormat",
+ "taskLongArnFormat",
+ "containerInstanceLongArnFormat",
+ ]
+}
+
+resource "aws_ecs_account_setting_default" "this" {
+ count = length(local.long_arn_settings)
+ name = element(local.long_arn_settings, count.index)
+ value = "enabled"
+}
+
+resource "aws_security_group" "ecs" {
+ description = "The ${local.name} ECS instances."
+ name = "${local.name}-ecs"
+ tags = { "Name" = "${local.name}-ecs" }
+ vpc_id = aws_vpc.vpc.id
+
+ egress {
+ cidr_blocks = ["0.0.0.0/0"]
+ from_port = 0
+ protocol = -1
+ to_port = 0
+ }
+
+ ingress {
+ cidr_blocks = [var.cidr_block]
+ from_port = 0
+ protocol = -1
+ to_port = 0
+ }
+
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+locals {
+ ecs_instance_policies = [
+ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
+ ]
+}
+
+data "aws_iam_policy_document" "ecs_assume_policy" {
+ statement {
+ effect = "Allow"
+ actions = ["sts:AssumeRole"]
+
+ principals {
+ type = "Service"
+ identifiers = ["ec2.amazonaws.com"]
+ }
+ }
+}
+
+resource "aws_iam_role" "ecs" {
+ assume_role_policy = data.aws_iam_policy_document.ecs_assume_policy.json
+ description = "EC2 instances in the ECS cluster in ${local.env}."
+ name = local.name
+}
+
+resource "aws_iam_role_policy_attachment" "ecs" {
+ for_each = toset(local.ecs_instance_policies)
+ policy_arn = each.key
+ role = aws_iam_role.ecs.name
+}
+
+resource "aws_iam_instance_profile" "ecs" {
+ name = local.name
+ role = aws_iam_role.ecs.name
+}
+
+locals {
+ user_data_vars = {
+ cluster_name = aws_ecs_cluster.this.name
+ region = var.region
+ }
+ user_data = trimspace(templatefile("${path.module}/user-data.yaml", local.user_data_vars))
+}
+
+resource "aws_launch_template" "ecs" {
+ image_id = data.aws_ami.ecs.image_id
+ instance_initiated_shutdown_behavior = "terminate"
+ instance_type = local.ecs_instance_type
+ key_name = local.ecs_key_name
+ name = local.name
+ user_data = base64encode(local.user_data)
+ vpc_security_group_ids = [aws_security_group.ecs.id]
+
+ block_device_mappings {
+ device_name = "/dev/sda1"
+
+ ebs {
+ delete_on_termination = true
+ volume_size = "128"
+ volume_type = "gp3"
+ }
+ }
+
+ iam_instance_profile {
+ arn = aws_iam_instance_profile.ecs.arn
+ }
+}
+
+resource "aws_autoscaling_group" "ecs" {
+ desired_capacity = local.ecs_instance_count
+ force_delete = true
+ health_check_type = "EC2"
+ max_size = local.ecs_instance_count
+ min_size = local.ecs_instance_count
+ name = local.name
+ vpc_zone_identifier = local.private_subnet_ids
+ wait_for_capacity_timeout = "10m"
+
+ instance_refresh {
+ strategy = "Rolling"
+ }
+
+ launch_template {
+ id = aws_launch_template.ecs.id
+ version = aws_launch_template.ecs.latest_version
+ }
+
+ dynamic "tag" {
+ for_each = local.common_tags
+
+ content {
+ key = tag.key
+ propagate_at_launch = true
+ value = tag.value
+ }
+ }
+}
diff --git a/Terraform/AWS/main.tf b/Terraform/AWS/main.tf
index 128ca23dff3b4936f19d2de0b08816d015133819..a23b094f37f87bf32ccadacd2eb6c50e690341a6 100644
--- a/Terraform/AWS/main.tf
+++ b/Terraform/AWS/main.tf
@@ -1,3 +1,5 @@
+# vim: ft=tf
+
terraform {
backend "http" {}
required_providers {
diff --git a/Terraform/AWS/route53.tf b/Terraform/AWS/route53.tf
index fc772abf1b443f05b826a63d871b5e0b3f4260d1..2ba008c967587ccf94f36d157e189bc331394843 100644
--- a/Terraform/AWS/route53.tf
+++ b/Terraform/AWS/route53.tf
@@ -1,3 +1,5 @@
+# vim: ft=tf
+
resource "aws_route53_zone" "zone" {
name = "aws.shore.co.il"
}
diff --git a/Terraform/AWS/user-data.yaml b/Terraform/AWS/user-data.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ab4d5ee37ec276f28e33436c5b2257f766a473ca
--- /dev/null
+++ b/Terraform/AWS/user-data.yaml
@@ -0,0 +1,10 @@
+#cloud-config
+---
+runcmd:
+ # yamllint disable-line rule:line-length
+ - [yum, install, "-y", "https://amazon-ssm-${region}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm"]
+write_files:
+ - path: /etc/ecs/ecs.config
+ append: true
+ content: |
+ ECS_CLUSTER=${cluster_name}
diff --git a/Terraform/AWS/vpc.tf b/Terraform/AWS/vpc.tf
index a6b2968b1ec35936785ab61042ff7f3aa9c4142c..0283f2b28236f7aa0a5ef9fce8c2b5a9e4a65adc 100644
--- a/Terraform/AWS/vpc.tf
+++ b/Terraform/AWS/vpc.tf
@@ -1,3 +1,5 @@
+# vim: ft=tf
+
variable "cidr_block" {
default = "172.31.0.0/16"
description = "CIDR block for the VPC."