/terraform-aws-ecs-fargate

Terraform module to create AWS ECS FARGATE services

Primary LanguageHCLOtherNOASSERTION

GitHub release (latest SemVer)

Terraform AWS ECS Fargate

Terraform module to create AWS ECS FARGATE services. Module supports both FARGATE and FARGATE-SPOT capacity provider settings.

Terraform versions

Terraform 0.13. Pin module version to ~> v6.0. Submit pull-requests to master branch.

Usage

ECS Fargate Service

resource "aws_ecs_cluster" "cluster" {
  name = "example-ecs-cluster"

  capacity_providers = ["FARGATE_SPOT", "FARGATE"]

  default_capacity_provider_strategy {
    capacity_provider = "FARGATE_SPOT"
  }

  setting {
    name  = "containerInsights"
    value = "disabled"
  }
}

module "ecs-fargate" {
  source = "umotif-public/ecs-fargate/aws"
  version = "~> 6.1.0"

  name_prefix        = "ecs-fargate-example"
  vpc_id             = "vpc-abasdasd132"
  private_subnet_ids = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]

  cluster_id         = aws_ecs_cluster.cluster.id

  task_container_image   = "marcincuber/2048-game:latest"
  task_definition_cpu    = 256
  task_definition_memory = 512

  task_container_port             = 80
  task_container_assign_public_ip = true

  target_groups = [
    {
      target_group_name = "tg-fargate-example"
      container_port    = 80
    }
  ]

  health_check = {
    port = "traffic-port"
    path = "/"
  }

  tags = {
    Environment = "test"
    Project = "Test"
  }
}

Examples

Authors

Module managed by Marcin Cuber LinkedIn.

Requirements

Name Version
terraform >= 0.13.0
aws >= 3.34

Providers

Name Version
aws >= 3.34

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.main resource
aws_ecs_service.service resource
aws_ecs_task_definition.task resource
aws_iam_role.execution resource
aws_iam_role.task resource
aws_iam_role_policy.ecs_exec_inline_policy resource
aws_iam_role_policy.log_agent resource
aws_iam_role_policy.read_repository_credentials resource
aws_iam_role_policy.task_execution resource
aws_lb_target_group.task resource
aws_security_group.ecs_service resource
aws_security_group_rule.egress_service resource
aws_iam_policy_document.read_repository_credentials data source
aws_iam_policy_document.task_assume data source
aws_iam_policy_document.task_ecs_exec_policy data source
aws_iam_policy_document.task_execution_permissions data source
aws_iam_policy_document.task_permissions data source
aws_kms_key.secretsmanager_key data source
aws_region.current data source

Inputs

Name Description Type Default Required
capacity_provider_strategy (Optional) The capacity_provider_strategy configuration block. This is a list of maps, where each map should contain "capacity_provider ", "weight" and "base" list(any) [] no
cluster_id The Amazon Resource Name (ARN) that identifies the cluster. string n/a yes
container_name Optional name for the container to be used instead of name_prefix. string "" no
create_repository_credentials_iam_policy Set to true if you are specifying repository_credentials variable, it will attach IAM policy with necessary permissions to task role. bool false no
deployment_controller_type Type of deployment controller. Valid values: CODE_DEPLOY, ECS, EXTERNAL. Default: ECS. string "ECS" no
deployment_maximum_percent The upper limit of the number of running tasks that can be running in a service during a deployment number 200 no
deployment_minimum_healthy_percent The lower limit of the number of running tasks that must remain running and healthy in a service during a deployment number 50 no
desired_count The number of instances of the task definitions to place and keep running. number 1 no
enable_execute_command Specifies whether to enable Amazon ECS Exec for the tasks within the service. bool true no
force_new_deployment Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version. bool false no
health_check A health block containing health check settings for the target group. Overrides the defaults. map(string) n/a yes
health_check_grace_period_seconds Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers. number 300 no
load_balanced Whether the task should be loadbalanced. bool true no
log_retention_in_days Number of days the logs will be retained in CloudWatch. number 30 no
logs_kms_key The KMS key ARN to use to encrypt container logs. string "" no
name_prefix A prefix used for naming resources. string n/a yes
placement_constraints (Optional) A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. This is a list of maps, where each map should contain "type" and "expression" list(any) [] no
platform_version The platform version on which to run your service. Only applicable for launch_type set to FARGATE. string "LATEST" no
private_subnet_ids A list of private subnets inside the VPC list(string) n/a yes
propogate_tags Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION. string "TASK_DEFINITION" no
proxy_configuration (Optional) The proxy configuration details for the App Mesh proxy. This is a list of maps, where each map should contain "container_name", "properties" and "type" list(any) [] no
repository_credentials name or ARN of a secrets manager secret (arn:aws:secretsmanager:region:aws_account_id:secret:secret_name) string "" no
repository_credentials_kms_key key id, key ARN, alias name or alias ARN of the key that encrypted the repository credentials string "alias/aws/secretsmanager" no
service_registry_arn ARN of aws_service_discovery_service resource string "" no
sg_name_prefix A prefix used for Security group name. string "" no
tags A map of tags (key-value pairs) passed to resources. map(string) {} no
target_groups The name of the target groups to associate with ecs service any [] no
task_container_assign_public_ip Assigned public IP to the container. bool false no
task_container_command The command that is passed to the container. list(string) [] no
task_container_cpu Amount of CPU to reserve for the container. number null no
task_container_environment The environment variables to pass to a container. map(string) {} no
task_container_image The image used to start a container. string n/a yes
task_container_memory The hard limit (in MiB) of memory for the container. number null no
task_container_memory_reservation The soft limit (in MiB) of memory to reserve for the container. number null no
task_container_port The port number on the container that is bound to the user-specified or automatically assigned host port number n/a yes
task_container_protocol Protocol that the container exposes. string "HTTP" no
task_container_secrets The secrets variables to pass to a container. list(map(string)) null no
task_container_working_directory The working directory to run commands inside the container. string "" no
task_definition_cpu Amount of CPU to reserve for the task. number 256 no
task_definition_memory The soft limit (in MiB) of memory to reserve for the task. number 512 no
task_health_check An optional healthcheck definition for the task object({ command = list(string), interval = number, timeout = number, retries = number, startPeriod = number }) null no
task_host_port The port number on the container instance to reserve for your container. number 0 no
task_mount_points The mount points for data volumes in your container. Each object inside the list requires "sourceVolume", "containerPath" and "readOnly". For more information see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html list(object({ sourceVolume = string, containerPath = string, readOnly = bool })) null no
task_start_timeout Time duration (in seconds) to wait before giving up on resolving dependencies for a container. If this parameter is not specified, the default value of 3 minutes is used (fargate). number null no
task_stop_timeout Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. number null no
volume (Optional) A set of volume blocks that containers in your task may use. This is a list of maps, where each map should contain "name", "host_path", "docker_volume_configuration" and "efs_volume_configuration". Full set of options can be found at https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html list [] no
vpc_id The VPC ID. string n/a yes
wait_for_steady_state If true, Terraform will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. bool false no

Outputs

Name Description
execution_role_arn The Amazon Resource Name (ARN) specifying the ECS execution role.
execution_role_name The name of the ECS execution role.
log_group_name The name of the Cloudwatch log group for the task.
service_arn The Amazon Resource Name (ARN) that identifies the ECS service.
service_name The name of the service.
service_sg_id The Amazon Resource Name (ARN) that identifies the service security group.
target_group_arn The ARN of the Target Group used by Load Balancer.
target_group_name The Name of the Target Group used by Load Balancer.
task_definition_arn The Amazon Resource Name (ARN) of the task definition created
task_definition_name The name of the task definition created
task_role_arn The Amazon Resource Name (ARN) specifying the ECS service role.
task_role_name The name of the Fargate task service role.

License

See LICENSE for full details.

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog