Terraform ECS services bootstrap in an existing ECS Cluster. This terraform setup can be used to setup the AWS infrastructure for a dockerized application running on ECS with Fargate launch configuration.
This module supports the use of ALBs and NLBs by accepting the ARN of a Load Balancer Listener
and creating the target group for the service. In order to use Load Balancing, set the load_balancer_target_groups variable
with the list of Target Group ARNs that the ECS Service should register with.
Service Discovery is supported by creating a Service Discovery Service via this module and allowing the configuration of the
DNS settings for the service. In order to use Service Discovery, the enable_service_discovery input variable must be set
to true and the ID of an existing Service Discovery Namespace must be passed in. There are several service discovery
input variables that be adjusted to change the behavior Service Discovery.
This module supports Auto Scaling via a Target Tracking Policy that can be either set against CPU or Memory utilization. In order
to use Auto Scaling, the enable_auto_scaling input variable must be set to true. There are multiple auto scaling input
variables that be set to adjust the task scaling.
Note: In order to tag ECS Service resources, you must have opted in to the new ARN and Resource ID settings for ECS - if not
the ECS Service will fail to create. If you have not opted in, you can set the ecs_service_tagging_enabled input variable
to false - which will not tag the ECS Service.
IMPORTANT: The master branch is used in source just as an example. In your code, do not pin to master because there may be breaking changes between releases. Instead pin to the release tag (e.g. ?ref=tags/x.y.z) of one of our latest releases.
See examples directory for working examples to reference:
module "ecs-bootstrap" {
source = "terraform-module/ecs-bootstrap/aws"
version = "~> 1"
name = var.proxy.name
name_prefix = format("%s-%s", var.proxy.name, var.env)
vpc_id = local.vpc_id
create = local.proxy.create
tags = local.proxy.tags
service = local.proxy
cluster_id = local.cluster_id
cluster_name = local.cluster_name
subnets = local.private_subnets
lb = {
create = local.proxy.create && can(var.proxy["lb_condition_rule"])
port = local.proxy.exposed_port
health_check = local.proxy.health_check
listener_arn = data.aws_lb_listener._443.arn
priority = 1
lb_rules = can(local.proxy["lb_condition_rule"]) ? var.proxy.lb_condition_rule : {}
}
scaling = {
create = local.proxy.max_capacity > local.proxy.min_capacity ? true : false
create_iam_role = false
min_capacity = local.proxy.min_capacity
max_capacity = local.proxy.max_capacity
max_cpu_util = 60
scale_in_cooldown = 60
scale_out_cooldown = 60
}
}
data "aws_lb" "this" {
name = "${var.name}-alb"
}
data "aws_lb_listener" "_443" {
load_balancer_arn = data.aws_lb.this.arn
port = 443
}
locals {
proxy = {
name = "proxy"
create = true
create_log_group = true
description = "Public proxy service to create with task definion and LB attachment"
visibility = "public"
exposed_port = 80
health_check = {
path = "/healtz"
}
lb_condition_rule = {
host_headers = ["*."]
}
min_capacity = 1
max_capacity = 2 // Will scale out up to 2 replicas
desired_count = 1
cpu = 256
memory = 512
tags = { service = "proxy", visibility = "public" }
container_definitions = [{
name = "proxy"
image = "cloudkats/hello-world-rest:61fe8342"
essential = true
environment = [
{ name : "APP_NAME", value : "proxy" },
{ name : "APP_VISIBILITY", value : "private" },
]
linuxParameters : {
initProcessEnabled : true
},
healthCheck : {
command : [
"CMD-SHELL",
"curl -f http://localhost:80/healthz || exit 1"
],
retries : 3,
timeout : 5,
interval : 10,
startPeriod : 10
},
portMappings = [{
protocol = "tcp"
containerPort = 80
hostPort = 80
}]
secrets = [],
logConfiguration = {
logDriver = "awslogs"
options = {
awslogs-group = "/ecs/proxy-dev-task"
awslogs-stream-prefix = "proxy"
awslogs-region = "us-west-2"
}
}
}]
}
}See examples directory for working examples to reference
- Create/Update ECS tasks
- Create/Update ECS services
- CPU based autoscaling
| Name | Version |
|---|---|
| terraform | >= 1 |
| Name | Version |
|---|---|
| aws | n/a |
| random | n/a |
No modules.
| Name | Type |
|---|---|
| aws_appautoscaling_policy.ecs_cpu_policy | resource |
| aws_appautoscaling_target.this | resource |
| aws_cloudwatch_log_group.this | resource |
| aws_ecs_service.this | resource |
| aws_ecs_task_definition.this | resource |
| aws_iam_role.autoscaling | resource |
| aws_iam_role.task_execution_role | resource |
| aws_iam_role.task_role | resource |
| aws_iam_role_policy.autoscaling | resource |
| aws_iam_role_policy.task_additional_policies_attach | resource |
| aws_iam_role_policy_attachment.task_execution_role_policy_attachment | resource |
| aws_lb_listener_rule.this | resource |
| aws_lb_target_group.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.cluster | resource |
| aws_service_discovery_service.this | resource |
| random_string.tg | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_id | ECS Cluster ARN. | string |
n/a | yes |
| cluster_name | ECS Cluster name. | string |
n/a | yes |
| create | Controls if resources should be created (affects nearly all resources) | bool |
true |
no |
| iam | IAM actions and resource permissions. | any |
{} |
no |
| lb | The Load Balancer configuration for the service. A health block containing health check settings for the ALB target groups. See https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#health_check for defaults. | any |
{} |
no |
| log_configuration | The log configuration for the service. | any |
{} |
no |
| name | Resource names that do not require prefix | string |
n/a | yes |
| name_prefix | The prefix for resource names | string |
n/a | yes |
| scaling | Provides an Application AutoScaling resource management. | any |
{} |
no |
| sds | Service Discovery Service resource. | any |
{} |
no |
| service | Managed service to create. | any |
{} |
no |
| sg | Security group. | any |
{} |
no |
| subnets | VPC subnets where service to deploy to. | list(string) |
n/a | yes |
| tags | A mapping of tags to assign to all resources | map(string) |
{} |
no |
| vpc_id | VPC id where to deploy platform. | string |
n/a | yes |
| Name | Description |
|---|---|
| cloudWatch_log_groups | CloudWatch log group resources |
| ecs_lb_target_group | Provides a Target Group resource for use with Load Balancer resources. |
| ecs_service | Provides an ECS service resource |
| ecs_task_definition | A revision of an ECS task definition to be used in aws_ecs_service |
| lb_listener_rules | Load Balancer Listener Rule resources. |
| service_discovery | Service Discovery. AWS Docs https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html |
| service_security_group | ID of the service security group |
| task_execution_role | Provides an IAM roles. AWS Docs https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html |
| task_role | Provides an IAM task roles. AWS Docs https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html |
- 📝 Use a succinct title and description.
- 🐛 Bugs & feature requests can be be opened
- 📶 Support questions are better asked on Stack Overflow
- 😊 Be nice, civil and polite (as always).
Copyright 2019 Ivan Katliarhcuk
MIT Licensed. See LICENSE for full details.
Submit a pull request
Currently maintained by Ivan Katliarchuk and these awesome contributors.
- AWS: app mesh workshop
- TFLint Rules
- Terraform modules
- Blog: ECS with Fargate and Terraform
- Tfm: example
- Tags per resource
- Pass default values
- Strongly typed objects
- Basic Alerts