Terraform AWS ECS Fargate CodeDeploy

This Terraform module offers a streamlined solution for deploying and managing AWS Elastic Container Service (ECS) on AWS Fargate in your AWS account. AWS Fargate is a serverless compute engine designed for running containers, enabling you to focus on your applications without worrying about managing the underlying infrastructure. By utilizing this Terraform module, you can effectively set up and manage your containerized applications, ensuring they are highly available and can scale to accommodate increased traffic.

Our team possesses in-depth knowledge of AWS container services and has fine-tuned this module to deliver the best possible experience for users. The module encompasses all essential configurations, making it simple to use and integrate into your existing AWS ecosystem. Whether you are just beginning your journey with containerized applications or seeking a more efficient approach to manage your workloads, this Terraform module offers a preconfigured solution for seamless scalability and high availability."

Inputs

Name	Description	Type	Default	Required
assign_public_ip	Assign a public IP address to the ENI.	`bool`	`false`	no
cloudwatch_log_group_name	The name of the CloudWatch log group.	`string`	`null`	no
cloudwatch_log_group_retention_in_days	The number of days log events are kept in CloudWatch log group.	`number`	`30`	no
codedeploy_auto_rollback_events	The event type or types that trigger a rollback. If none are defined `auto_rollback` will be disabled.	`list(string)`	[ "DEPLOYMENT_FAILURE", "DEPLOYMENT_STOP_ON_ALARM" ]	no
codedeploy_cloudwatch_alarm_names	Cloudwatch alarm NAMES (not ARNs) to add to the deployment group. Allows automated rollback on errors.	`list(string)`	`[]`	no
codedeploy_deployment_config_name	The name of the group's deployment config.	`string`	`"CodeDeployDefault.ECSAllAtOnce"`	no
codedeploy_deployment_ready_wait_time_in_minutes	The number of minutes to wait before the status of a blue/green deployment changed to Stopped if rerouting is not started manually. If set to 0 the deployment will continue without waiting for approval.	`number`	`0`	no
codedeploy_role_name	The name of the role that allows CodeDeploy to make calls to ECS, Auto Scaling, and CloudWatch on your behalf.	`string`	`null`	no
codedeploy_role_name_prefix	Whether to prefix the CodeDeploy role name.	`bool`	`false`	no
codedeploy_termination_action	The action to take on instances in the original environment after a successful blue/green deployment.	`string`	`"TERMINATE"`	no
codedeploy_termination_wait_time_in_minutes	The number of minutes to wait after a successful blue/green deployment before terminating instances from the original environment.	`number`	`0`	no
create_cloudwatch_log_group	Whether to create a CloudWatch log group for the service.	`bool`	`true`	no
deployment_maximum_percent	Upper limit (as a percentage of the service's `desired_count`) of the number of running tasks that can be running in a service during a deployment.	`number`	`200`	no
deployment_minimum_healthy_percent	Lower limit (as a percentage of the service's `desired_count`) of the number of running tasks that must remain running and healthy in a service during a deployment.	`number`	`100`	no
desired_count	Number of instances of the task definition to place and keep running.	`number`	`1`	no
ecs_cluster_name	ARN of an ECS cluster for the service.	`string`	n/a	yes
enable_ecs_managed_tags	Specifies whether to enable Amazon ECS managed tags for the tasks within the service.	`bool`	`false`	no
enable_execute_command	Specifies whether to enable Amazon ECS Exec for the tasks within the service.	`bool`	`true`	no
enable_lb_test_listener	Enable a test listener on the load balancer. This is useful for testing the deployment process.	`bool`	`false`	no
health_check_grace_period_seconds	Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown.	`number`	`0`	no
lb_arn	The ARN of the load balancer to attach to the service.	`string`	n/a	yes
lb_listener	Use an existing LB listener to attach to the service. If used, the other lb_* arguments are ignored.	`string`	`null`	no
lb_listener_alpn_policy	The ALPN policy to use for HTTPS listener.	`string`	`null`	no
lb_listener_certificate_arn	The ARN of the certificate to use for HTTPS listener.	`string`	`null`	no
lb_listener_port	The port on the load balancer listener.	`number`	`80`	no
lb_listener_protocol	The protocol on the load balancer listener.	`string`	`"HTTP"`	no
lb_listener_ssl_policy	The SSL policy to use for HTTPS listener.	`string`	`"ELBSecurityPolicy-FS-1-2-Res-2020-10"`	no
lb_test_listener	Use an existing LB test listener to attach to the service. If used, the other lb_test_* arguments are ignored.	`string`	`null`	no
lb_test_listener_alpn_policy	The ALPN policy to use for the test HTTPS listener.	`string`	`null`	no
lb_test_listener_certificate_arn	The ARN of the certificate to use for the test HTTPS listener.	`string`	`null`	no
lb_test_listener_port	The port on the load balancer test listener.	`number`	`80`	no
lb_test_listener_protocol	The protocol on the load balancer test listener.	`string`	`"HTTP"`	no
lb_test_listener_ssl_policy	The SSL policy to use for the test HTTPS listener.	`string`	`"ELBSecurityPolicy-FS-1-2-Res-2020-10"`	no
load_balancer_container_name	Name of the container to associate with the load balancer (as it appears in a container definition). Default: Will use the name of the first container in the `task_container_definitions`.	`string`	`null`	no
load_balancer_container_port	Port on the container to associate with the load balancer. Default: Will use the containerPort of the first containers first portMapping in the `task_container_definitions`.	`number`	`null`	no
name	Base name of the created resources.	`string`	n/a	yes
platform_version	Platform version on which to run your service.	`string`	`"1.4.0"`	no
propagate_tags	Specifies whether to propagate the tags from the task definition or the service to the tasks.	`string`	`"SERVICE"`	no
security_group_ids	Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.	`list(string)`	`[]`	no
service_registries	Service discovery registries for the service.	list(object({ registry_arn = string port = number container_name = optional(string) container_port = optional(number) }))	`[]`	no
subnet_ids	Subnets associated with the task or service.	`list(string)`	n/a	yes
tags	Tags to add to the created resources.	`map(any)`	`{}`	no
target_group_connection_termination	Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers.	`bool`	`false`	no
target_group_deregistration_delay	Amount time in seconds for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.	`number`	`300`	no
target_group_health_check_healthy_threshold	Number of consecutive health checks successes required before considering an unhealthy target healthy.	`number`	`3`	no
target_group_health_check_interval	Approximate amount of time, in seconds, between health checks of an individual target.	`number`	`30`	no
target_group_health_check_matcher	Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, `200,202` for HTTP(s) or `0,12` for GRPC) or a range of values (for example, `200-299` or `0-99`).	`string`	`"200-299"`	no
target_group_health_check_path	Destination for the health check request.	`string`	`"/health"`	no
target_group_health_check_port	Port to use to connect with the target.	`any`	`"traffic-port"`	no
target_group_health_check_protocol	Protocol to use to connect with the target. Default: `target_group_protocol`.	`string`	`null`	no
target_group_health_check_timeout	Amount of time, in seconds, during which no response means a failed health check.	`number`	`5`	no
target_group_health_check_unhealthy_threshold	Number of consecutive health check failures required before considering the target unhealthy.	`number`	`3`	no
target_group_load_balancing_algorithm_type	Determines how the load balancer selects targets when routing requests.	`string`	`"round_robin"`	no
target_group_protocol	Protocol on the container to associate with the target group.	`string`	`"HTTP"`	no
target_group_protocol_version	The protocol version.	`string`	`"HTTP1"`	no
target_group_proxy_protocol_v2	Whether to enable support for proxy protocol v2 on Network Load Balancers.	`bool`	`false`	no
target_group_slow_start	Amount time for targets to warm up before the load balancer sends them a full share of requests.	`number`	`0`	no
task_additional_execute_role_policies	Additional policy ARNs to attach to the execution role.	`list(string)`	`[]`	no
task_additional_task_role_policies	Additional policy ARNs to attach to the task role.	`list(string)`	`[]`	no
task_container_definitions	A list of valid container definitions provided as a valid HCL object list.	`any`	n/a	yes
task_cpu	Number of CPU units used by the task.	`number`	`1024`	no
task_cpu_architecture	CPU architecture required by the task.	`string`	`"X86_64"`	no
task_definition_name	Name of the task definition. Defaults to the base name.	`string`	`null`	no
task_ephemeral_storage_size_in_gib	The amount of ephemeral storage (in GiB) to allocate to the task.	`number`	`20`	no
task_inference_accelerators	List of Elastic Inference accelerators associated with the task.	list(object({ name = string type = string }))	`[]`	no
task_memory	Amount (in MiB) of memory used by the task.	`number`	`2048`	no
task_operating_system_family	OS family required by the task.	`string`	`"LINUX"`	no
task_proxy_configuration	Configuration details for an App Mesh proxy.	object({ container_name = string properties = map(any) type = optional(string, "APPMESH") })	`null`	no
task_volumes	A list of volume definitions.	list(object({ name = string host_path = string docker_volume_configuration = optional(object({ autoprovision = bool driver = string driver_opts = map(any) labels = map(any) scope = string })) efs_volume_configuration = optional(object({ file_system_id = string root_directory = optional(string) transit_encryption = optional(string) transit_encryption_port = optional(number) authorization_config = optional(object({ access_point_id = string iam = optional(string) })) })) }))	`[]`	no

Outputs

Name	Description
aws_lb_listener_arn	ARN of the ALB main listener.
aws_lb_test_listener_arn	ARN of the ALB test listener.
blue_target_group_arn	ARN of the blue target group.
cloudwatch_log_group_arn	ARN of the CloudWatch log group.
codedeploy_app_name	CodeDeploy application name.
codedeploy_deployment_group_name	CodeDeploy deployment group name.
green_target_group_arn	ARN of the green target group.
service_name	ECS service name.
task_definition_arn	ARN of the task definition.
task_definition_execution_role_arn	ARN of the task execution role.
task_definition_execution_role_name	Name of the task execution role.
task_definition_task_role_arn	ARN of the task role.
task_definition_task_role_name	Name of the task role.

Providers

Name	Version
aws	>= 4.36
random	>= 3.1

Resources

resource.aws_cloudwatch_log_group.main (main.tf#309)
resource.aws_codedeploy_app.main (main.tf#231)
resource.aws_codedeploy_deployment_group.main (main.tf#238)
resource.aws_ecs_service.main (main.tf#56)
resource.aws_lb_listener.main (main.tf#176)
resource.aws_lb_listener.test_listener (main.tf#202)
resource.aws_lb_target_group.main (main.tf#133)
resource.random_id.target_group (main.tf#122)
data source.aws_subnet.main (data.tf#1)

Examples

Basic

module "basic-example" {
  source = "../../"

  name                       = "basic-example"
  ecs_cluster_name           = "example-cluster"
  lb_arn                     = "lb.aws.amazon.com"
  subnet_ids                 = ["subnet-123", "subnet-456", "subnet-789"]
  task_container_definitions = "nginx"
}

crazynuxer/terraform-aws-ecs-fargate-codedeploy

Code Quality

Security

Cloud

Container