Skip to content

Latest commit

 

History

History
249 lines (205 loc) · 16.3 KB

README.md

File metadata and controls

249 lines (205 loc) · 16.3 KB

terraform-aws-ecs-alb-service-task

Terraform module to provision an ECS Service with Task Definition and CloudWatch Logs configuration.

Supports Amazon ECS Fargate capacity provider.

Usage

Basic

include {
  path = find_in_parent_folders()
}

terraform {
  source = "git::https://github.com/developertown/terraform-aws-ecs-cluster.git///?ref=v1.0.1"
}

inputs = {
  enabled = true

  region             = "us-east-2"
  availability_zones = ["us-east-2b", "us-east-2c"]
  environment        = "test"

  name = "example"
}
include {
  path = find_in_parent_folders()
}

terraform {
  source = "git::https://github.com/developertown/terraform-aws-vpc.git///?ref=v1.0.0"
}

inputs = {
  enabled = true

  name        = "example"
  region      = "us-east-2"
  environment = "test"

  azs = ["us-east-2b", "us-east-2c"]

  vpc_cidr = "10.0.0.0/16"

  private_subnets = ["10.0.0.0/24", "10.0.1.0/24"]
  public_subnets  = ["10.0.2.0/24", "10.0.3.0/24"]

  private_subnet_names = ["Private Subnet One", "Private Subnet Two"]

  create_database_subnet_group  = false
  manage_default_network_acl    = false
  manage_default_route_table    = false
  manage_default_security_group = false
  enable_dns_hostnames          = true
  enable_dns_support            = true
  enable_nat_gateway            = true
  single_nat_gateway            = true
  enable_vpn_gateway            = true
}

include {
  path = find_in_parent_folders()
}

terraform {
  source = "../../..//."
}

dependency "cluster" {
  config_path = "../cluster"

  mock_outputs = {
    id              = "cluster-1234567890"
    name            = "developertown-ecs"
    security_groups = ["sg-1234567890"]
  }
}

dependency "network" {
  config_path = "../network"

  mock_outputs = {
    vpc_id                    = "vpc-1234567890"
    private_subnets           = ["subnet-1234567890", "subnet-1234567890"]
    default_security_group_id = "sg-1234567890"
  }
}

inputs = {
  name        = "test-svc"
  region      = "us-east-2"
  environment = "test"

  vpc_id     = dependency.network.outputs.vpc_id
  subnet_ids = dependency.network.outputs.private_subnets
  cluster_security_groups = [
    dependency.network.outputs.default_security_group_id
  ]

  cluster_id   = dependency.cluster.outputs.id
  cluster_name = dependency.cluster.outputs.name
  cluster_port = 1337

  image_name       = "geodesic"
  image_repository = "cloudposse/geodesic"
  image_tag        = "latest"

  environment_variables = [
    {
      name  = "string_var"
      value = "I am a string"
    },
    {
      name  = "true_boolean_var"
      value = true
    },
    {
      name  = "false_boolean_var"
      value = false
    },
    {
      name  = "integer_var"
      value = 42
    }
  ]

  tags = {
    "CreatedBy" = "Terraform"
    "Company"   = "DeveloperTown"
  }
}

Requirements

Name Version
terraform >= 1.3.3
aws ~> 4.36.1

Providers

Name Version
aws ~> 4.36.1

Modules

Name Source Version
log_metric_default_filter terraform-aws-modules/cloudwatch/aws//modules/log-metric-filter ~> 4.2.0
log_metric_error_filter terraform-aws-modules/cloudwatch/aws//modules/log-metric-filter ~> 4.2.0
metric_alarm_cpu terraform-aws-modules/cloudwatch/aws//modules/metric-alarm ~> 4.2.0
metric_alarm_log_error terraform-aws-modules/cloudwatch/aws//modules/metric-alarm ~> 4.2.0
metric_alarm_memory terraform-aws-modules/cloudwatch/aws//modules/metric-alarm ~> 4.2.0

Resources

Name Type
aws_appautoscaling_policy.ecs_policy_cpu resource
aws_appautoscaling_policy.ecs_policy_memory resource
aws_appautoscaling_target.service_target resource
aws_cloudwatch_log_group.ecs_logs resource
aws_ecs_service.default resource
aws_ecs_task_definition.task resource
aws_iam_instance_profile.default resource
aws_iam_role.default resource
aws_iam_role.ecs_task_role resource
aws_iam_role_policy_attachment.default resource
aws_lb_listener_rule.host_based_weighted_routing resource
aws_lb_target_group.lb_target_group resource
aws_security_group.ecs_service resource
aws_security_group_rule.alb resource
aws_security_group_rule.allow_all_egress resource
aws_security_group_rule.allow_icmp_ingress resource
aws_iam_policy_document.assume data source
aws_partition.current data source

Inputs

Name Description Type Default Required
alarm_cpu_threshold CPU Percentage that should cause an alarm if the actual cpu average is greater than or equal for 300 seconds number 90 no
alarm_error_threshold Number of error logs that should cause an alarm when the average is greater than or equal for 300 seconds number 100 no
alarm_memory_threshold Memory Percentage that should cause an alarm if the actual memory average is greater than or equal for 300 seconds number 90 no
alb_listener_rule_priority The priority of the ALB listener rule number 100 no
alb_security_group Security group of the ALB string "" no
cluster_id The ARN of an ECS cluster string "" no
cluster_name The name of the ECS cluster, used to identify the autoscaling resource target string "" no
cluster_port The ECS Cluster / ECS Task Port Mapping number 5000 no
cluster_security_groups The security groups to associate with the ecs service list(string) [] no
container_health_check The container health check 
object({
    retries     = number
    command     = list(string)
    timeout     = number
    interval    = number
    startPeriod = number
  })
 null no
cpu Number of cpu units used by the ecs service number 512 no
desired_count Number of instances of the task definition to place and keep running number 2 no
enable_all_egress_rule Whether to create a security group rule that allows all outbound traffic bool true no
enable_icmp_rule Whether to create a security group rule that allows ICMP traffic bool true no
enabled Set to false to prevent the module from creating any resources bool null no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string null no
environment_variables The environment variables to pass to the container. This is a list of maps. map_environment overrides environment 
list(object({
    name  = string
    value = string
  }))
 [] no
image_name The name of the image to pull from Amazon ECR string "" no
image_repository The name of the ECR image repository string "" no
image_tag The tag of the image to pull from Amazon ECR string "" no
init_image_name The name of the init container image to pull from Amazon ECR string "" no
init_image_repository The name of the init container ECR image repository string "" no
init_image_tag The tag of the init container image to pull from Amazon ECR string "" no
load_balancer_arn ARN of the Load Balancer to associate with the service string "" no
load_balancer_health_check The load balancer health check 
object({
    enabled  = bool
    matcher  = string
    path     = string
    protocol = string
  })
 
{
  "enabled": false,
  "matcher": "200-399",
  "path": "/",
  "protocol": "HTTP"
}
 no
load_balancer_listener_arn ARN of the Load Balancer listener to associate with the service string "" no
load_balancer_target_group_arn ARN of the Load Balancer target group to associate with the service string "" no
log_retention_days Number of days to retain logs number 7 no
map_environment_variables A set of key/value to provide as environment variables to the ecs task map(string) null no
max_count Maxiumum number of instances of the task definition to place and keep running number 4 no
memory Amount (in MiB) of memory used by the ecs service number 1024 no
min_count Minimum number of instances of the task definition to place and keep running number 1 no
name ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.		 string "ecs-cluster" no
region The region in which the resources will be created string null no
role_arn The ARN of the role that will be assumed to create the resources in this module string null no
secrets A set of key/value secret pairs to read from secrets manager and provide as environment variables to the ecs task map(string) {} no
security_group_description The description of the security group string "Security group for the service" no
security_group_enabled Whether to create a security group for the service bool true no
service_url The URL of the service string "" no
sns_alarm_topic_arn The SNS Topic ARN to use for Cloudwatch Alarms string "" no
subnet_ids The subnets to associate with the ecs service list(string) [] no
suffix Suffix to be added to the name of each resource string "" no
tags Additional tags (e.g. {'Unit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.		 map(string) {} no
use_alb_security_group A flag to enable/disable allowing traffic from the ALB security group to the service security group bool false no
vpc_id The VPC ID to associate with the ecs service string "" no

Outputs

Name Description
service_arn ECS Service ARN
service_name ECS Service name
service_security_group_id Security Group ID of the ECS task
task_definition_arn ECS task definition ARN
task_definition_family ECS task definition family
task_definition_revision ECS task definition revision