11resource "aws_iam_role" "playwright_worker_task_execution_role" {
2- name = " playwright-worker-task-execution-role"
2+ name = " ${ var . crossfeed_playwright } -task-execution-role"
3+ assume_role_policy = jsonencode ({
4+ Version = " 2012-10-17"
5+ Statement = [
6+ {
7+ Action = " sts:AssumeRole"
8+ Principal = {
9+ Service = " ecs-tasks.amazonaws.com"
10+ }
11+ Effect = " Allow"
12+ }
13+ ]
14+ })
15+ }
16+
17+ resource "aws_iam_role" "playwright_worker_task_role" {
18+ name = " ${ var . crossfeed_playwright } -worker-task-role"
319
420 assume_role_policy = jsonencode ({
521 Version = " 2012-10-17"
@@ -16,8 +32,8 @@ resource "aws_iam_role" "playwright_worker_task_execution_role" {
1632}
1733
1834resource "aws_iam_role_policy" "playwright_ecs_task_policy" {
19- name = " playwright -ecs-task-policy"
20- role = . worker_task_role . id
35+ name = " ${ var . crossfeed_playwright } -ecs-task-policy"
36+ role = . playwright_worker_task_role . id
2137
2238 policy = jsonencode ({
2339 Version = " 2012-10-17"
@@ -26,8 +42,8 @@ resource "aws_iam_role_policy" "playwright_ecs_task_policy" {
2642 Action = [" s3:ListBucket" " s3:GetObject" " s3:PutObject"
2743 Effect = " Allow"
2844 Resource = [
29- " arn:aws:s3:::${ var . automated_test_report_bucket_name } " # ListBucket on the bucket itself
30- " arn:aws:s3:::${ var . automated_test_report_bucket_name } /*" # GetObject and PutObject on all objects within the bucket
45+ " arn:aws:s3:::${ var . automated_test_reports_bucket_name } " # ListBucket on the bucket itself
46+ " arn:aws:s3:::${ var . automated_test_reports_bucket_name } /*" # GetObject and PutObject on all objects within the bucket
3147 ]
3248 }
3349 ]
@@ -36,28 +52,7 @@ resource "aws_iam_role_policy" "playwright_ecs_task_policy" {
3652
3753resource "aws_iam_role_policy_attachment" "playwright_ecs_execution_policy" {
3854 policy_arn = " arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
39- role = . playwright_worker_task_execution_role . name
40- }
41-
42- resource "aws_ecr_repository" "playwright" {
43- name = " playwright-ui-testing"
44-
45- image_scanning_configuration {
46- scan_on_push = true
47- }
48-
49- image_tag_mutability = " MUTABLE"
50-
51- encryption_configuration {
52- encryption_type = " KMS"
53- kms_key = . key . arn
54- }
55-
56- tags =
57- Project = var.project
58- Stage = var.stage
59- Owner = " Crossfeed managed resource"
60- }
55+ role = . playwright_worker_task_execution_role . id
6156}
6257
6358resource "aws_ecs_task_definition" "playwright_worker" {
@@ -66,7 +61,7 @@ resource "aws_ecs_task_definition" "playwright_worker" {
6661[
6762 {
6863 "name": "playwright",
69- "image": "${ aws_ecr_repository . playwright . repository_url } : ${ var . image_tag } ",
64+ "image": "public.ecr.aws/sphmedia/sphmedia/microsoft-playwright:v1.50.1-jammy ",
7065 "essential": true,
7166 "mountPoints": [],
7267 "portMappings": [],
@@ -93,9 +88,10 @@ resource "aws_ecs_task_definition" "playwright_worker" {
9388]
9489EOF
9590 requires_compatibilities = " FARGATE"
96- network_mode = " awsvpc"
97- execution_role_arn = . playwright_worker_task_execution_role . arn
98- task_role_arn = . worker_task_role . arn
91+ # "awsvpc" is required for Fargate tasks to enable the use of ENIs for networking.
92+ network_mode = " awsvpc"
93+ execution_role_arn = . playwright_worker_task_execution_role . arn # Execution role for ECS tasks
94+ task_role_arn = . playwright_worker_task_role . arn # Task role for the application
9995
10096 cpu = 256 # .25 vCPU
10197 memory = 512 # 512 MB
106102 Owner = " Crossfeed managed resource"
107103 }
108104}
105+
106+ resource "aws_ecs_cluster" "playwright_ecs_cluster" {
107+ name = " ${ var . crossfeed_playwright } -ecs-cluster"
108+
109+ setting {
110+ name = " containerInsights"
111+ value = " enabled"
112+ }
113+
114+ tags =
115+ Project = var.project
116+ Stage = var.stage
117+ Owner = " Crossfeed managed resource"
118+ }
119+ }
120+
121+ resource "aws_ecs_cluster_capacity_providers" "playwright_ecs_cluster_capacity_providers" {
122+ cluster_name = . playwright_ecs_cluster . name
123+ capacity_providers = " FARGATE"
124+ }
125+
126+ resource "aws_s3_bucket" "automated_test_reports_bucket" {
127+ bucket = . automated_test_reports_bucket_name
128+ tags =
129+ Project = var.project
130+ Stage = var.stage
131+ Owner = " Crossfeed managed resource"
132+ }
133+ }
134+
135+ resource "aws_s3_bucket_policy" "automated_test_reports_bucket" {
136+ bucket = . automated_test_reports_bucket_name
137+ policy = jsonencode ({
138+ " Version" : " 2012-10-17"
139+ " Statement" : [
140+ {
141+ " Sid" : " RequireSSLRequests"
142+ " Action" : " s3:*"
143+ " Effect" : " Deny"
144+ " Principal" : " *"
145+ " Resource" : [
146+ aws_s3_bucket.automated_test_reports_bucket.arn,
147+ " ${ aws_s3_bucket . automated_test_reports_bucket . arn } /*"
148+ ],
149+ " Condition" : {
150+ " Bool" : {
151+ " aws:SecureTransport" : " false"
152+ }
153+ }
154+ }
155+ ]
156+ })
157+ }
158+
159+ resource "aws_s3_bucket_acl" "automated_test_reports_bucket" {
160+ count = . is_dmz ? 1 : 0
161+ bucket = . automated_test_reports_bucket . id
162+ acl = " private"
163+ }
164+
165+ resource "aws_s3_bucket_ownership_controls" "automated_test_reports_bucket" {
166+ count = . is_dmz ? 1 : 0
167+ bucket = . automated_test_reports_bucket . id
168+ rule {
169+ object_ownership = " ObjectWriter"
170+ }
171+ }
172+
173+ resource "aws_s3_bucket_server_side_encryption_configuration" "automated_test_reports_bucket" {
174+ bucket = . automated_test_reports_bucket . id
175+ rule {
176+ apply_server_side_encryption_by_default {
177+ sse_algorithm = " AES256"
178+ }
179+ }
180+ }
181+
182+ resource "aws_s3_bucket_versioning" "automated_test_reports_bucket" {
183+ bucket = . automated_test_reports_bucket . id
184+ versioning_configuration {
185+ status = " Enabled"
186+ }
187+ }
188+
189+ resource "aws_s3_bucket_logging" "automated_test_reports_bucket" {
190+ bucket = . automated_test_reports_bucket . id
191+ target_bucket = . logging_bucket . id
192+ target_prefix = " automated_test_reports_bucket/"
193+ }
0 commit comments