I am looking for a simple terraform example illustrating all the require parts to spin up the required resources to run a simple linux command via AWS Batch.
I have some familiarity with terraform.
The examples I have been able to find appears to be missing some parts as getting something to run via AWS Batch requires a combination of compute_environment, queue, job definitions etc.
Thank you.
This is what I have come up with thus far but when I submit a job to the queue, it stays at RUNNABLE
Some commented that it is due to insufficient vCPUs (because the min_vcpus is set to 0), does that mean we need to associate some Auto Scaling Group (how ?) or is it because of managed/unmanage setting ?
I tried setting min_vcpus to 1 but keep getting error when terraforming
provider "aws" {
region = "ca-central-1"
}
resource "aws_batch_job_definition" "test" {
name = "tf_test_batch_job_definition"
type = "container"
container_properties = <<CONTAINER_PROPERTIES
{
"command": ["ls", "-la"],
"image": "busybox",
"memory": 1024,
"vcpus": 1,
"volumes": [
{
"host": {
"sourcePath": "/tmp"
},
"name": "tmp"
}
],
"environment": [
{"name": "VARNAME", "value": "VARVAL"}
],
"mountPoints": [
{
"sourceVolume": "tmp",
"containerPath": "/tmp",
"readOnly": false
}
],
"ulimits": [
{
"hardLimit": 1024,
"name": "nofile",
"softLimit": 1024
}
]
}
CONTAINER_PROPERTIES
}
resource "aws_batch_job_queue" "test_queue" {
name = "tf-test-batch-job-queue"
state = "ENABLED"
priority = 1
compute_environments = [
aws_batch_compute_environment.sample.arn
]
}
resource "aws_iam_role" "ecs_instance_role" {
name = "ecs_instance_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs_instance_role" {
role = aws_iam_role.ecs_instance_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
}
resource "aws_iam_instance_profile" "ecs_instance_role" {
name = "ecs_instance_role"
role = aws_iam_role.ecs_instance_role.name
}
resource "aws_iam_role" "aws_batch_service_role" {
name = "aws_batch_service_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "batch.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "aws_batch_service_role" {
role = aws_iam_role.aws_batch_service_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole"
}
resource "aws_security_group" "sample" {
name = "aws_batch_compute_environment_security_group"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_vpc" "sample" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "sample" {
vpc_id = aws_vpc.sample.id
cidr_block = "10.1.1.0/24"
}
resource "aws_batch_compute_environment" "sample" {
compute_environment_name = "sample"
compute_resources {
instance_role = aws_iam_instance_profile.ecs_instance_role.arn
instance_type = [
"c4.large",
]
max_vcpus = 16
min_vcpus = 0
security_group_ids = [
aws_security_group.sample.id,
]
subnets = [
aws_subnet.sample.id,
]
type = "EC2"
}
service_role = aws_iam_role.aws_batch_service_role.arn
type = "MANAGED"
depends_on = [aws_iam_role_policy_attachment.aws_batch_service_role]
}