Added metrics support (#50)

alarms.tf

@@ -3,7 +3,7 @@ locals {
 
   tg_metric_alarms = [for ma in local.metric_alarms : ma if ma.type == "target-group"]
   all_tg_metric_alarms = merge([
-    for ma in local.tg_metric_alarms : {for arn_suffix in local.target_group_arn_suffixes : "${arn_suffix}/${ma.name}" => merge(ma, { target_group = arn_suffix }) }
+    for ma in local.tg_metric_alarms : { for arn_suffix in local.target_group_arn_suffixes : "${arn_suffix}/${ma.name}" => merge(ma, { target_group = arn_suffix }) }
   ]...)
 }
 

aws.tf

@@ -1,2 +1,6 @@
 data "aws_region" "this" {}
 data "aws_caller_identity" "current" {}
+
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+}

ingress.tf

@@ -12,5 +12,5 @@ locals {
 
   // This strips the arn down to the target group name in the form: targetgroup/<name>/<id>
   // This is useful for specifying target groups in cloudwatch metric alarms
-  target_group_arn_suffixes = [ for lb in local.cap_load_balancers : element(split(":", lb.target_group_arn), 5) ]
+  target_group_arn_suffixes = [for lb in local.cap_load_balancers : element(split(":", lb.target_group_arn), 5)]
 }

metrics.tf

@@ -0,0 +1,83 @@
+locals {
+  service_dims = tomap({
+    "ClusterName" = local.cluster_name
+    "ServiceName" = aws_ecs_service.this.name
+  })
+
+  metrics_cpu_mappings = {
+    name = "cpu"
+    type = "usage"
+    unit = "vCPU"
+
+    mappings = {
+      cpu_reserved = {
+        account_id  = local.account_id
+        stat        = "Average"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "CpuReserved"
+        dimensions  = local.service_dims
+      }
+      cpu_average = {
+        account_id  = local.account_id
+        stat        = "Average"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "CpuUtilized"
+        dimensions  = local.service_dims
+      }
+      cpu_min = {
+        account_id  = local.account_id
+        stat        = "Minimum"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "CpuUtilized"
+        dimensions  = local.service_dims
+      }
+      cpu_max = {
+        account_id  = local.account_id
+        stat        = "Maximum"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "CpuUtilized"
+        dimensions  = local.service_dims
+      }
+    }
+  }
+
+  metrics_memory_mappings = {
+    name = "memory"
+    type = "usage"
+    unit = "MiB"
+
+    mappings = {
+      memory_reserved = {
+        account_id  = local.account_id
+        stat        = "Average"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "MemoryReserved"
+        dimensions  = local.service_dims
+      }
+      memory_average = {
+        account_id  = local.account_id
+        stat        = "Average"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "MemoryUtilized"
+        dimensions  = local.service_dims
+      }
+      memory_min = {
+        account_id  = local.account_id
+        stat        = "Minimum"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "MemoryUtilized"
+        dimensions  = local.service_dims
+      }
+      memory_max = {
+        account_id  = local.account_id
+        stat        = "Maximum"
+        namespace   = "ECS/ContainerInsights"
+        metric_name = "MemoryUtilized"
+        dimensions  = local.service_dims
+      }
+    }
+  }
+
+  metrics_mappings = concat(local.metrics_cpu_mappings, local.metrics_memory_mappings)
+}
+

outputs.tf

@@ -24,6 +24,21 @@ output "log_reader" {
   sensitive   = true
 }
 
+output "metrics_provider" {
+  value       = "cloudwatch"
+  description = "string ||| "
+}
+
+output "metrics_reader" {
+  value       = module.logs.reader
+  description = "object({ name: string, access_key: string, secret_key: string }) ||| An AWS User with explicit privilege to read metrics from Cloudwatch."
+  sensitive   = true
+}
+
+output "metrics_mappings" {
+  value = local.metrics_mappings
+}
+
 output "image_repo_name" {
   value       = try(aws_ecr_repository.this[0].name, "")
   description = "string ||| "

secrets.tf

@@ -1,6 +1,6 @@
 locals {
   // secret_refs is prepared in the form [{ name = "", valueFrom = "<arn>" }, ...] for injection into ECS services
-  secret_refs = [for key in local.secret_keys : { name = key, valueFrom = aws_secretsmanager_secret.app_secret[key].arn }]
+  secret_refs     = [for key in local.secret_keys : { name = key, valueFrom = aws_secretsmanager_secret.app_secret[key].arn }]
   all_secret_refs = concat(local.secret_refs, local.existing_secret_refs)
 }
 

service.tf

@@ -1,12 +1,12 @@
 resource "aws_ecs_service" "this" {
   // The name of the service determines the internal DNS name (i.e. <service-name>.<dns-namespace>)
-  name                   = local.block_name
-  tags                   = local.tags
-  cluster                = local.cluster_arn
-  desired_count          = var.num_tasks
-  task_definition        = aws_ecs_task_definition.this.arn
-  launch_type            = "FARGATE"
-  enable_execute_command = true
+  name                              = local.block_name
+  tags                              = local.tags
+  cluster                           = local.cluster_arn
+  desired_count                     = var.num_tasks
+  task_definition                   = aws_ecs_task_definition.this.arn
+  launch_type                       = "FARGATE"
+  enable_execute_command            = true
   health_check_grace_period_seconds = length(local.cap_load_balancers) > 0 ? var.health_check_grace_period : null
 
   network_configuration {

variables.tf

@@ -81,7 +81,7 @@ EOF
   }
 }
 
-variable health_check_grace_period {
+variable "health_check_grace_period" {
   type        = number
   default     = 30
   description = <<EOF