Terraform: AWS infrastructure for voting app with CloudWatch monitoring

result/server.js

@@ -18,7 +18,7 @@ io.on('connection', function (socket) {
 });
 
 var pool = new Pool({
-  connectionString: 'postgres://postgres:postgres@db/postgres'
+  connectionString: process.env.DATABASE_URL || 'postgres://postgres:postgres@db/postgres'
 });
 
 async.retry(

terraform/alb.tf

@@ -0,0 +1,76 @@
+# -------------------------------------------------------
+# Application Load Balancer
+# -------------------------------------------------------
+resource "aws_lb" "main" {
+  name               = "${var.project_name}-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.alb.id]
+  subnets            = aws_subnet.public[*].id
+
+  tags = { Name = "${var.project_name}-alb" }
+}
+
+# -------------------------------------------------------
+# Target Groups
+# -------------------------------------------------------
+resource "aws_lb_target_group" "vote" {
+  name        = "${var.project_name}-vote-tg"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = aws_vpc.main.id
+  target_type = "ip"
+
+  health_check {
+    path                = "/"
+    healthy_threshold   = 2
+    unhealthy_threshold = 3
+    interval            = 30
+  }
+
+  tags = { Name = "${var.project_name}-vote-tg" }
+}
+
+resource "aws_lb_target_group" "result" {
+  name        = "${var.project_name}-result-tg"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = aws_vpc.main.id
+  target_type = "ip"
+
+  health_check {
+    path                = "/"
+    healthy_threshold   = 2
+    unhealthy_threshold = 3
+    interval            = 30
+  }
+
+  tags = { Name = "${var.project_name}-result-tg" }
+}
+
+# -------------------------------------------------------
+# Listeners
+# vote app  → port 80  (default)
+# result app → port 8080 (separate listener)
+# -------------------------------------------------------
+resource "aws_lb_listener" "vote" {
+  load_balancer_arn = aws_lb.main.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.vote.arn
+  }
+}
+
+resource "aws_lb_listener" "result" {
+  load_balancer_arn = aws_lb.main.arn
+  port              = 8080
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.result.arn
+  }
+}

terraform/cloudwatch.tf

@@ -0,0 +1,81 @@
+# -------------------------------------------------------
+# CloudWatch Alarms for monitoring
+# -------------------------------------------------------
+
+# Alert when vote service CPU goes above 80%
+resource "aws_cloudwatch_metric_alarm" "vote_cpu_high" {
+  alarm_name          = "${var.project_name}-vote-cpu-high"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 2
+  metric_name         = "CPUUtilization"
+  namespace           = "AWS/ECS"
+  period              = 60
+  statistic           = "Average"
+  threshold           = 80
+  alarm_description   = "Vote service CPU utilization is too high"
+
+  dimensions = {
+    ClusterName = aws_ecs_cluster.main.name
+    ServiceName = aws_ecs_service.vote.name
+  }
+
+  tags = { Name = "${var.project_name}-vote-cpu-alarm" }
+}
+
+# Alert when result service CPU goes above 80%
+resource "aws_cloudwatch_metric_alarm" "result_cpu_high" {
+  alarm_name          = "${var.project_name}-result-cpu-high"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 2
+  metric_name         = "CPUUtilization"
+  namespace           = "AWS/ECS"
+  period              = 60
+  statistic           = "Average"
+  threshold           = 80
+  alarm_description   = "Result service CPU utilization is too high"
+
+  dimensions = {
+    ClusterName = aws_ecs_cluster.main.name
+    ServiceName = aws_ecs_service.result.name
+  }
+
+  tags = { Name = "${var.project_name}-result-cpu-alarm" }
+}
+
+# Alert when RDS has too many connections
+resource "aws_cloudwatch_metric_alarm" "rds_connections_high" {
+  alarm_name          = "${var.project_name}-rds-connections-high"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 2
+  metric_name         = "DatabaseConnections"
+  namespace           = "AWS/RDS"
+  period              = 60
+  statistic           = "Average"
+  threshold           = 50
+  alarm_description   = "RDS connection count is too high"
+
+  dimensions = {
+    DBInstanceIdentifier = aws_db_instance.postgres.identifier
+  }
+
+  tags = { Name = "${var.project_name}-rds-connections-alarm" }
+}
+
+# Alert when ElastiCache CPU goes above 75%
+resource "aws_cloudwatch_metric_alarm" "redis_cpu_high" {
+  alarm_name          = "${var.project_name}-redis-cpu-high"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 2
+  metric_name         = "CPUUtilization"
+  namespace           = "AWS/ElastiCache"
+  period              = 60
+  statistic           = "Average"
+  threshold           = 75
+  alarm_description   = "Redis CPU utilization is too high"
+
+  dimensions = {
+    CacheClusterId = aws_elasticache_cluster.redis.cluster_id
+  }
+
+  tags = { Name = "${var.project_name}-redis-cpu-alarm" }
+}

terraform/ecs.tf

@@ -0,0 +1,188 @@
+# -------------------------------------------------------
+# ECS Cluster
+# -------------------------------------------------------
+resource "aws_ecs_cluster" "main" {
+  name = "${var.project_name}-cluster"
+  tags = { Name = "${var.project_name}-cluster" }
+}
+
+# -------------------------------------------------------
+# CloudWatch Log Group
+# -------------------------------------------------------
+resource "aws_cloudwatch_log_group" "voting_app" {
+  name              = "/ecs/${var.project_name}"
+  retention_in_days = 7
+}
+
+# -------------------------------------------------------
+# Task Definitions
+# -------------------------------------------------------
+
+# --- Vote ---
+resource "aws_ecs_task_definition" "vote" {
+  family                   = "${var.project_name}-vote"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = "256"
+  memory                   = "512"
+  execution_role_arn       = aws_iam_role.ecs_task_execution.arn
+  task_role_arn            = aws_iam_role.ecs_task.arn
+
+  container_definitions = jsonencode([{
+    name      = "vote"
+    image     = var.vote_image
+    essential = true
+
+    portMappings = [{
+      containerPort = 80
+      protocol      = "tcp"
+    }]
+
+    environment = [
+      { name = "REDIS_HOST", value = aws_elasticache_cluster.redis.cache_nodes[0].address }
+    ]
+
+    logConfiguration = {
+      logDriver = "awslogs"
+      options = {
+        "awslogs-group"         = aws_cloudwatch_log_group.voting_app.name
+        "awslogs-region"        = var.aws_region
+        "awslogs-stream-prefix" = "vote"
+      }
+    }
+  }])
+}
+
+# --- Result ---
+resource "aws_ecs_task_definition" "result" {
+  family                   = "${var.project_name}-result"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = "256"
+  memory                   = "512"
+  execution_role_arn       = aws_iam_role.ecs_task_execution.arn
+  task_role_arn            = aws_iam_role.ecs_task.arn
+
+  container_definitions = jsonencode([{
+    name      = "result"
+    image     = var.result_image
+    essential = true
+
+    portMappings = [{
+      containerPort = 80
+      protocol      = "tcp"
+    }]
+
+    environment = [
+      { name = "DATABASE_URL", value = "postgres://${var.db_username}:${var.db_password}@${aws_db_instance.postgres.address}/${var.db_name}" }
+    ]
+
+    logConfiguration = {
+      logDriver = "awslogs"
+      options = {
+        "awslogs-group"         = aws_cloudwatch_log_group.voting_app.name
+        "awslogs-region"        = var.aws_region
+        "awslogs-stream-prefix" = "result"
+      }
+    }
+  }])
+}
+
+# --- Worker ---
+resource "aws_ecs_task_definition" "worker" {
+  family                   = "${var.project_name}-worker"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = "256"
+  memory                   = "512"
+  execution_role_arn       = aws_iam_role.ecs_task_execution.arn
+  task_role_arn            = aws_iam_role.ecs_task.arn
+
+  container_definitions = jsonencode([{
+    name      = "worker"
+    image     = var.worker_image
+    essential = true
+
+    environment = [
+      { name = "REDIS_HOST",       value = aws_elasticache_cluster.redis.cache_nodes[0].address },
+      { name = "DATABASE_HOST",    value = aws_db_instance.postgres.address },
+      { name = "DATABASE_USER",    value = var.db_username },
+      { name = "DATABASE_PASSWORD", value = var.db_password },
+      { name = "DATABASE_NAME",    value = var.db_name }
+    ]
+
+    logConfiguration = {
+      logDriver = "awslogs"
+      options = {
+        "awslogs-group"         = aws_cloudwatch_log_group.voting_app.name
+        "awslogs-region"        = var.aws_region
+        "awslogs-stream-prefix" = "worker"
+      }
+    }
+  }])
+}
+
+# -------------------------------------------------------
+# ECS Services
+# -------------------------------------------------------
+
+# --- Vote Service ---
+resource "aws_ecs_service" "vote" {
+  name            = "${var.project_name}-vote"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.vote.arn
+  desired_count   = 2
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = aws_subnet.private[*].id
+    security_groups  = [aws_security_group.ecs_tasks.id]
+    assign_public_ip = false
+  }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.vote.arn
+    container_name   = "vote"
+    container_port   = 80
+  }
+
+  depends_on = [aws_lb_listener.vote]
+}
+
+# --- Result Service ---
+resource "aws_ecs_service" "result" {
+  name            = "${var.project_name}-result"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.result.arn
+  desired_count   = 2
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = aws_subnet.private[*].id
+    security_groups  = [aws_security_group.ecs_tasks.id]
+    assign_public_ip = false
+  }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.result.arn
+    container_name   = "result"
+    container_port   = 80
+  }
+
+  depends_on = [aws_lb_listener.result]
+}
+
+# --- Worker Service (no ALB needed, background processor) ---
+resource "aws_ecs_service" "worker" {
+  name            = "${var.project_name}-worker"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.worker.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = aws_subnet.private[*].id
+    security_groups  = [aws_security_group.ecs_tasks.id]
+    assign_public_ip = false
+  }
+}