Skip to content

wearetechnative/terraform-aws-ecs

BranchesTags

Repository files navigation

Terraform AWS ECS

This module implements an ecs cluster.

How does it work

First use after you clone this repository or when .pre-commit-config.yaml is updated

Run pre-commit install to install any guardrails implemented using pre-commit.

See pre-commit installation on how to install pre-commit.

Usage

To use this module ...

{
  some_conf = "might need explanation"
}

Domain: ecs_service

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

Name Source Version
autoscaling ./autoscaling n/a
dns_lambda ./fargate_dns_lambda n/a
task_definition ../ecs_task_definition n/a

Resources

Name Type
aws_ecs_service.this resource
aws_service_discovery_service.this resource
aws_arn.ecs_cluster data source
aws_region.current data source

Inputs

Name Description Type Default Required
capacity_provider_name Capacity provider name which is always required if var.scheduling_strategy is set to REPLICA. string n/a yes
cloudwatch_group_name Cloudwatch log group name. string n/a yes
container_name Unique name for the container. string "application" no
desired_count Desired count of instances to start. number 0 no
discovery_service_namespace_id Namespace ID of discovery service. The service will have the same name as the var.name value. Requires the use of Fargate and will provide A records only.
WARNING: Enabling this attribute on an existing ecs_service will not have any effect. Make sure you replace the service when you do so.		 string null no
disovery_service_name_override If var.discovery_service_namespace_id is set then the servicename is equal to the application name if this value is not set. Otherwise this value prevails. string null no
docker_image_tag Docker image tag. string n/a yes
docker_image_url Docker image URL without the tag component. string n/a yes
ecs_cluster_arn ECS cluster ARN to attach service to. string n/a yes
execution_role_arn ARN of the execution role responsible for starting the container. Requires access to ECR and secrets (if used). string null no
extra_container_def_string n/a string "" no
fargate_architecture Fargate architecture, defaults to X86_64. Can also be ARM64. string "X86_64" no
fargate_assign_public_ip Assign public IP if Fargate is used. bool false no
force_new_deployment Apply any changes immediatly if a decision can be made. Recommended for testing environments but not for production. bool n/a yes
healthcheck_command If set then will use a command to check the container health. string null no
healthcheck_grace_period Number of seconds to ignore failing tasks. This is needed for containers that take a long time to start and respond to healthchecks. number 0 no
hosted_zone_id Optionally set hosted zone ID to maintain a DNS record for the Fargate pod. Requires the use of fargate and will only work effectively if only one task is used. string null no
kms_key_arn KMS key for at rest encryption purposes. string n/a yes
linux_capabilities Add additional capabilities to allow kernel access for e.g. OpenVPN servers. Requires EC2 launch, will not work with Fargate. list(string) [] no
linux_expose_devices Expose certain kernel devices that are generally hidden to support e.g. OpenVPN servers. Requires EC2 launch, will not work with Fargate. list(string) [] no
load_balancer_config Load balancer configuration for target groups. Container_name is optional and will be overwritten by var.name if not specified. 
map(object({
    target_group_arn = string
    container_port = number
    container_name = string
  }))
 {} no
max_number_of_tasks Initial task amount is set to 0. Set to >1 for autoscaling and use this value as a maximum. Use 0 or 1 to disable autoscaling and handle the amount of pods in the web console. number n/a yes
min_number_of_tasks Initial task amount is set to 0. number 0 no
name Unique name for the service within the ECS cluster. string n/a yes
scaling_down_cooldown Amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start when scaling down (agressiveness) number 900 no
scaling_down_high Number of tasks to scale down by when upper bound is reached number -3 no
scaling_down_low Number of tasks to scale down by when lower bound is reached number -1 no
scaling_up_cooldown Amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start when scaling up (agressiveness) number 300 no
scaling_up_high Number of tasks to scale up by when upper bound is reached number 5 no
scaling_up_low Number of tasks to scale up by when lower bound is reached number 3 no
scheduling_strategy ECS scheduling strategy to use. string "REPLICA" no
security_group_ids Security groups to assign. list(string) n/a yes
sqs_dlq_arn SQS DLQ Arn to send failed infra events to. Currently only used for the DNS Fargate Lambda. string n/a yes
subnet_ids Private subnets with a NAT gateway to route traffic for tasks. list(string) n/a yes
tags Additional tags to be added to resources. map(string) {} no
task_cpu_units Required CPU units for the task (and Fargate instance). number n/a yes
task_definition_command overriding docker command, skip to use image default command. list(string) [] no
task_definition_environment_variables Map of nonsecret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name  = string
    value = string
  }))
 [] no
task_definition_secrets Map of secret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name      = string
    valueFrom = string
  }))
 [] no
task_memory_units Required memory units for the task (and Fargate instance). number n/a yes
task_role_arn ARN of the role which the container software can use to get privileges. One policy for execution-command will be assigned to this task_role. string n/a yes
threshold_cpu_high Theshold for cpu high alarm which will trigger upscaling number 50 no
threshold_cpu_low Theshold for cpu low alarm which will trigger downscaling number 20 no

Outputs

Name Description
ecs_service_arn n/a
ecs_task_definition_arn n/a

Domain: ecs_cluster

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

No modules.

Resources

Name Type
aws_ecs_cluster.this resource
aws_iam_policy_document.instance_ecs_policy data source

Inputs

Name Description Type Default Required
container_insights Enable container insights. string "enabled" no
kms_key_arn KMS key arn for CI encryption. string n/a yes
name Unique name for ECS cluster powered by Fargate. string n/a yes
tags Additional tags to be added to resources. map(string) {} no

Outputs

Name Description
ec2_instance_role_ecs_policy n/a
ecs_cluster_arn n/a
ecs_cluster_name n/a

Domain: ecs_fargate_capacity_provider

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

No modules.

Resources

Name Type
aws_ecs_cluster_capacity_providers.fargate resource
aws_arn.ecs_cluster data source

Inputs

Name Description Type Default Required
ecs_cluster_arn ARN of an existing ECS cluster where the capacity provider must be assigned to. This is a requirement in order to use a capacity provider in a service. string n/a yes
use_spot Use spot instances instead of continuous instances. bool false no

Outputs

Name Description
capacity_provider_name n/a

Domain: ecs_scheduled_task

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

Name Source Version
eventbridge_role git@github.com:TechNative-B-V/modules-aws.git//identity_and_access_management/iam_role e3c1a1f94ffa77c5f787d44ec98e2028c824220a
task_definition ../ecs_task_definition n/a

Resources

Name Type
aws_cloudwatch_event_target.this resource
aws_arn.ecs_cluster data source
aws_iam_policy_document.passrole data source
aws_iam_policy_document.runtask data source

Inputs

Name Description Type Default Required
cloudwatch_group_name Cloudwatch log group name. string n/a yes
docker_image_tag Docker image tag. string n/a yes
docker_image_url Docker image URL without the tag component. string n/a yes
ecs_cluster_arn ECS cluster ARN to attach service to. string n/a yes
eventbridge_event_rule_name Eventbridge rule to write this container to. string null no
execution_role_arn ARN of the execution role responsible for starting the container. Requires access to ECR and secrets (if used). string null no
fargate_architecture Fargate architecture, defaults to X86_64. Can also be ARM64. string "X86_64" no
fargate_assign_public_ip Assign public IP if Fargate is used. bool false no
healthcheck_command If set then will use a command to check the container health. string null no
linux_capabilities Add additional capabilities to allow kernel access for e.g. OpenVPN servers. Requires EC2 launch, will not work with Fargate. list(string) [] no
linux_expose_devices Expose certain kernel devices that are generally hidden to support e.g. OpenVPN servers. Requires EC2 launch, will not work with Fargate. list(string) [] no
name Unique name for the service within the ECS cluster. string n/a yes
security_group_ids Security groups to assign. list(string) n/a yes
sqs_dlq_arn SQS DLQ Arn to send failed infra events to. Currently only used for the DNS Fargate Lambda. string n/a yes
subnet_ids Private subnets with a NAT gateway to route traffic for tasks. list(string) n/a yes
tags Additional tags to be added to resources. map(string) {} no
task_cpu_units Required CPU units for the task (and Fargate instance). number n/a yes
task_definition_command overriding docker command, skip to use image default command. list(string) [] no
task_definition_environment_variables Map of nonsecret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name  = string
    value = string
  }))
 [] no
task_definition_secrets Map of secret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name      = string
    valueFrom = string
  }))
 [] no
task_memory_units Required memory units for the task (and Fargate instance). number n/a yes
task_role_arn ARN of the role which the container software can use to get privileges. One policy for execution-command will be assigned to this task_role. string n/a yes

Outputs

No outputs.

Domain: ecs_task_definition

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

No modules.

Resources

Name Type
aws_ecs_task_definition.this resource
aws_iam_policy.ssm_session resource
aws_iam_role_policy_attachment.ssm_session resource
aws_iam_policy_document.ssm_session data source
aws_region.current data source

Inputs

Name Description Type Default Required
cloudwatch_group_name Cloudwatch log group name. string n/a yes
command If set then will use a command to override the image command. Format as list with command arguments. E.g. ["bundle", "exec", "rails", "s"] list(string) [] no
container_name Unique name for the task container. string "application" no
docker_image_tag Docker image tag. string n/a yes
docker_image_url Docker image URL without the tag component. string n/a yes
execution_role_arn ARN of the execution role responsible for starting the container. Requires access to ECR and secrets (if used). string null no
extra_container_def_string n/a string "" no
fargate_architecture Fargate architecture, defaults to X86_64. Can also be ARM64. string "X86_64" no
healthcheck_command If set then will use a command to check the container health. string null no
linux_capabilities Add additional capabilities to allow kernel access for e.g. OpenVPN servers. list(string) [] no
linux_expose_devices Expose certain kernel devices that are generally hidden to support e.g. OpenVPN servers. list(string) [] no
load_balancer_config Load balancer configuration for target groups. Container_name is optional and will be overwritten by var.name if not specified. 
map(object({
    target_group_arn = string
    container_port = number
    container_name = string
  }))
 {} no
name Unique name for the task definition. string n/a yes
tags Additional tags to be added to resources. map(string) {} no
task_cpu_units Required CPU units for the task (and Fargate instance). number n/a yes
task_definition_environment_variables Map of nonsecret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name  = string
    value = string
  }))
 [] no
task_definition_secrets Map of secret environment variables with the value of an SSM parameter where this value is stored. 
list(object({
    name      = string
    valueFrom = string
  }))
 [] no
task_memory_units Required memory units for the task (and Fargate instance). number n/a yes
task_role_arn ARN of the role which the container software can use to get privileges. One policy for execution-command will be assigned to this task_role. string n/a yes
use_fargate Enable Fargate containers. bool n/a yes

Outputs

Name Description
task_definition_arn n/a

Domain: ecs_account_settings

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

No modules.

Resources

Name Type
aws_ecs_account_setting_default.aws_vpc_trunking resource
aws_ecs_account_setting_default.container_insights resource
aws_ecs_account_setting_default.container_instance_long_arn_format resource
aws_ecs_account_setting_default.service_long_arn_format resource
aws_ecs_account_setting_default.task_long_arn_format resource

Inputs

No inputs.

Outputs

No outputs.

Domain: ecs_default_service_linked_role

Requirements

Name Version
terraform >= 1.1.0
aws >=4.18.0

Providers

Name Version
aws >=4.18.0

Modules

No modules.

Resources

Name Type
aws_iam_service_linked_role.this resource

Inputs

No inputs.

Outputs

No outputs.

About

Terraform module to provision an ECS cluster, with fargate, service and ALB

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages