Terraform module to provision an ECS Service with Task Definition and CloudWatch Logs configuration.
Supports Amazon ECS Fargate capacity provider.
include {
path = find_in_parent_folders()
}
terraform {
source = "git::https://github.com/developertown/terraform-aws-ecs-cluster.git///?ref=v1.0.1"
}
inputs = {
enabled = true
region = "us-east-2"
availability_zones = ["us-east-2b", "us-east-2c"]
environment = "test"
name = "example"
}include {
path = find_in_parent_folders()
}
terraform {
source = "git::https://github.com/developertown/terraform-aws-vpc.git///?ref=v1.0.0"
}
inputs = {
enabled = true
name = "example"
region = "us-east-2"
environment = "test"
azs = ["us-east-2b", "us-east-2c"]
vpc_cidr = "10.0.0.0/16"
private_subnets = ["10.0.0.0/24", "10.0.1.0/24"]
public_subnets = ["10.0.2.0/24", "10.0.3.0/24"]
private_subnet_names = ["Private Subnet One", "Private Subnet Two"]
create_database_subnet_group = false
manage_default_network_acl = false
manage_default_route_table = false
manage_default_security_group = false
enable_dns_hostnames = true
enable_dns_support = true
enable_nat_gateway = true
single_nat_gateway = true
enable_vpn_gateway = true
}
include {
path = find_in_parent_folders()
}
terraform {
source = "../../..//."
}
dependency "cluster" {
config_path = "../cluster"
mock_outputs = {
id = "cluster-1234567890"
name = "developertown-ecs"
security_groups = ["sg-1234567890"]
}
}
dependency "network" {
config_path = "../network"
mock_outputs = {
vpc_id = "vpc-1234567890"
private_subnets = ["subnet-1234567890", "subnet-1234567890"]
default_security_group_id = "sg-1234567890"
}
}
inputs = {
name = "test-svc"
region = "us-east-2"
environment = "test"
vpc_id = dependency.network.outputs.vpc_id
subnet_ids = dependency.network.outputs.private_subnets
cluster_security_groups = [
dependency.network.outputs.default_security_group_id
]
cluster_id = dependency.cluster.outputs.id
cluster_name = dependency.cluster.outputs.name
cluster_port = 1337
image_name = "geodesic"
image_repository = "cloudposse/geodesic"
image_tag = "latest"
environment_variables = [
{
name = "string_var"
value = "I am a string"
},
{
name = "true_boolean_var"
value = true
},
{
name = "false_boolean_var"
value = false
},
{
name = "integer_var"
value = 42
}
]
tags = {
"CreatedBy" = "Terraform"
"Company" = "DeveloperTown"
}
}
| Name | Version |
|---|---|
| terraform | >= 1.3.3 |
| aws | ~> 4.36.1 |
| Name | Version |
|---|---|
| aws | ~> 4.36.1 |
| Name | Source | Version |
|---|---|---|
| log_metric_default_filter | terraform-aws-modules/cloudwatch/aws//modules/log-metric-filter | ~> 4.2.0 |
| log_metric_error_filter | terraform-aws-modules/cloudwatch/aws//modules/log-metric-filter | ~> 4.2.0 |
| metric_alarm_cpu | terraform-aws-modules/cloudwatch/aws//modules/metric-alarm | ~> 4.2.0 |
| metric_alarm_log_error | terraform-aws-modules/cloudwatch/aws//modules/metric-alarm | ~> 4.2.0 |
| metric_alarm_memory | terraform-aws-modules/cloudwatch/aws//modules/metric-alarm | ~> 4.2.0 |
| Name | Type |
|---|---|
| aws_appautoscaling_policy.ecs_policy_cpu | resource |
| aws_appautoscaling_policy.ecs_policy_memory | resource |
| aws_appautoscaling_target.service_target | resource |
| aws_cloudwatch_log_group.ecs_logs | resource |
| aws_ecs_service.default | resource |
| aws_ecs_task_definition.task | resource |
| aws_iam_instance_profile.default | resource |
| aws_iam_role.default | resource |
| aws_iam_role.ecs_task_role | resource |
| aws_iam_role_policy_attachment.default | resource |
| aws_lb_listener_rule.host_based_weighted_routing | resource |
| aws_lb_target_group.lb_target_group | resource |
| aws_security_group.ecs_service | resource |
| aws_security_group_rule.alb | resource |
| aws_security_group_rule.allow_all_egress | resource |
| aws_security_group_rule.allow_icmp_ingress | resource |
| aws_iam_policy_document.assume | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alarm_cpu_threshold | CPU Percentage that should cause an alarm if the actual cpu average is greater than or equal for 300 seconds | number |
90 |
no |
| alarm_error_threshold | Number of error logs that should cause an alarm when the average is greater than or equal for 300 seconds | number |
100 |
no |
| alarm_memory_threshold | Memory Percentage that should cause an alarm if the actual memory average is greater than or equal for 300 seconds | number |
90 |
no |
| alb_listener_rule_priority | The priority of the ALB listener rule | number |
100 |
no |
| alb_security_group | Security group of the ALB | string |
"" |
no |
| cluster_id | The ARN of an ECS cluster | string |
"" |
no |
| cluster_name | The name of the ECS cluster, used to identify the autoscaling resource target | string |
"" |
no |
| cluster_port | The ECS Cluster / ECS Task Port Mapping | number |
5000 |
no |
| cluster_security_groups | The security groups to associate with the ecs service | list(string) |
[] |
no |
| container_health_check | The container health check | object({ |
null |
no |
| cpu | Number of cpu units used by the ecs service | number |
512 |
no |
| desired_count | Number of instances of the task definition to place and keep running | number |
2 |
no |
| enable_all_egress_rule | Whether to create a security group rule that allows all outbound traffic | bool |
true |
no |
| enable_icmp_rule | Whether to create a security group rule that allows ICMP traffic | bool |
true |
no |
| enabled | Set to false to prevent the module from creating any resources | bool |
null |
no |
| environment | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | string |
null |
no |
| environment_variables | The environment variables to pass to the container. This is a list of maps. map_environment overrides environment | list(object({ |
[] |
no |
| image_name | The name of the image to pull from Amazon ECR | string |
"" |
no |
| image_repository | The name of the ECR image repository | string |
"" |
no |
| image_tag | The tag of the image to pull from Amazon ECR | string |
"" |
no |
| init_image_name | The name of the init container image to pull from Amazon ECR | string |
"" |
no |
| init_image_repository | The name of the init container ECR image repository | string |
"" |
no |
| init_image_tag | The tag of the init container image to pull from Amazon ECR | string |
"" |
no |
| load_balancer_arn | ARN of the Load Balancer to associate with the service | string |
"" |
no |
| load_balancer_health_check | The load balancer health check | object({ |
{ |
no |
| load_balancer_listener_arn | ARN of the Load Balancer listener to associate with the service | string |
"" |
no |
| load_balancer_target_group_arn | ARN of the Load Balancer target group to associate with the service | string |
"" |
no |
| log_retention_days | Number of days to retain logs | number |
7 |
no |
| map_environment_variables | A set of key/value to provide as environment variables to the ecs task | map(string) |
null |
no |
| max_count | Maxiumum number of instances of the task definition to place and keep running | number |
4 |
no |
| memory | Amount (in MiB) of memory used by the ecs service | number |
1024 |
no |
| min_count | Minimum number of instances of the task definition to place and keep running | number |
1 |
no |
| name | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a tag.The "name" tag is set to the full id string. There is no tag with the value of the name input. |
string |
"ecs-cluster" |
no |
| region | The region in which the resources will be created | string |
null |
no |
| role_arn | The ARN of the role that will be assumed to create the resources in this module | string |
null |
no |
| secrets | A set of key/value secret pairs to read from secrets manager and provide as environment variables to the ecs task | map(string) |
{} |
no |
| security_group_description | The description of the security group | string |
"Security group for the service" |
no |
| security_group_enabled | Whether to create a security group for the service | bool |
true |
no |
| service_url | The URL of the service | string |
"" |
no |
| sns_alarm_topic_arn | The SNS Topic ARN to use for Cloudwatch Alarms | string |
"" |
no |
| subnet_ids | The subnets to associate with the ecs service | list(string) |
[] |
no |
| suffix | Suffix to be added to the name of each resource | string |
"" |
no |
| tags | Additional tags (e.g. {'Unit': 'XYZ'}).Neither the tag keys nor the tag values will be modified by this module. |
map(string) |
{} |
no |
| use_alb_security_group | A flag to enable/disable allowing traffic from the ALB security group to the service security group | bool |
false |
no |
| vpc_id | The VPC ID to associate with the ecs service | string |
"" |
no |
| Name | Description |
|---|---|
| service_arn | ECS Service ARN |
| service_name | ECS Service name |
| service_security_group_id | Security Group ID of the ECS task |
| task_definition_arn | ECS task definition ARN |
| task_definition_family | ECS task definition family |
| task_definition_revision | ECS task definition revision |