Skip to content

justtrackio/terraform-aws-ecs-app

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

terraform-aws-ecs-app

Terraform module which creates a ecs app

Requirements

Name Version
terraform >= 1.3.0
aws >= 4.67
elasticsearch 2.0.7
elasticstack 0.11.11
gosoline 1.5.0
grafana 3.10.0
sentry 0.13.2

Providers

Name Version
aws >= 4.67

Modules

Name Source Version
alarm_service_resources justtrackio/alarm-service-resources/aws 1.2.0
alb_ingress cloudposse/alb-ingress/aws 0.28.0
cloudwatch_label justtrackio/label/null 0.26.0
container_definition cloudposse/ecs-container-definition/aws 0.61.1
container_definition_fluentbit cloudposse/ecs-container-definition/aws 0.61.1
ecr terraform-aws-modules/ecr/aws 2.3.0
ecr_label justtrackio/label/null 0.26.0
ecs_label justtrackio/label/null 0.26.0
ecs_service_task_customized_autoscaling justtrackio/ecs-autoscaling/aws 1.2.0
ecs_service_task_predefined_autoscaling justtrackio/ecs-autoscaling/aws 1.2.0
ecs_service_task_schedule justtrackio/ecs-autoscaling/aws 1.2.0
iam_policy_ecs_access terraform-aws-modules/iam/aws//modules/iam-policy 5.52.2
monitoring justtrackio/ecs-gosoline-monitoring/aws 2.7.1
sentry justtrackio/project/sentry 1.4.2
service_task justtrackio/ecs-alb-service-task/aws 1.5.0
ssm_label justtrackio/label/null 0.26.0
this justtrackio/label/null 0.26.0

Resources

Name Type
aws_cloudwatch_log_group.default resource
aws_ssm_parameter.container_cpu resource
aws_ssm_parameter.container_memory resource
aws_ecr_lifecycle_policy_document.lifecycle data source
aws_ecs_cluster.default data source
aws_iam_policy_document.ecs_access data source
aws_lb.default data source
aws_lb_listener.http data source
aws_lb_listener.https data source
aws_ssm_parameter.container_tag data source
aws_ssm_parameter.grafana_token data source
aws_ssm_parameter.keep_api_key data source
aws_ssm_parameter.sentry_token data source
aws_vpc.default data source

Inputs

Name Description Type Default Required
additional_tag_map Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration.
map(string) {} no
alarm_consumer This can be used to override alarms for consumers. Keys are names of the consumers.
map(object({
alarm_description = optional(string)
datapoints_to_alarm = optional(number, 3)
evaluation_periods = optional(number, 3)
period = optional(number, 60)
success_rate_threshold = optional(number, 99)
alarm_levels = optional(list(string), ["warning", "high"])
}))
{} no
alarm_enabled Defines if alarms should be created bool false no
alarm_gateway This can be used to override alarms for gateway routes. Keys are names of the gateway route.
map(object({
alarm_description = optional(string)
datapoints_to_alarm = optional(number, 3)
evaluation_periods = optional(number, 3)
period = optional(number, 60)
success_rate_threshold = optional(number, 99)
alarm_levels = optional(list(string), ["warning", "high"])
}))
{} no
alarm_kinsumer This can be used to override alarms for kinsumers. Keys are names of the kinsumers.
map(object({
alarm_description = optional(string)
datapoints_to_alarm = optional(number, 1)
evaluation_periods = optional(number, 1)
period = optional(number, 60)
threshold_seconds_behind = optional(number, 3600)
alarm_levels = optional(list(string), ["warning", "high"])
}))
{} no
alarm_scheduled This can be used to override scheduled alarm
object({
alarm_description = optional(string)
datapoints_to_alarm = optional(number, 1)
evaluation_periods = optional(number, 1)
period = optional(number, 60)
threshold = optional(number, 0)
alarm_priority = optional(string, "high")
})
{} no
alarm_service_resources_cpu_average Average CPUUtilization alarm specs
object({
datapoints_to_alarm = optional(number, 6)
evaluation_periods = optional(number, 6)
period = optional(number, 300)
threshold = optional(number, 125)
})
{
"datapoints_to_alarm": 6,
"evaluation_periods": 6,
"period": 300,
"threshold": 125
}
no
alarm_service_resources_cpu_maximum Maximum CPUUtilization alarm specs
object({
datapoints_to_alarm = optional(number, 15)
evaluation_periods = optional(number, 15)
period = optional(number, 60)
threshold = optional(number, 150)
})
{
"datapoints_to_alarm": 15,
"evaluation_periods": 15,
"period": 60,
"threshold": 150
}
no
alarm_service_resources_enabled Defines if resource alarms should be created bool false no
alarm_service_resources_memory_average Average MemoryUtilization alarm specs
object({
datapoints_to_alarm = optional(number, 6)
evaluation_periods = optional(number, 6)
period = optional(number, 300)
threshold = optional(number, 125)
})
{
"datapoints_to_alarm": 6,
"evaluation_periods": 6,
"period": 300,
"threshold": 125
}
no
alarm_service_resources_memory_maximum Maximum MemoryUtilization alarm specs
object({
datapoints_to_alarm = optional(number, 15)
evaluation_periods = optional(number, 15)
period = optional(number, 60)
threshold = optional(number, 150)
})
{
"datapoints_to_alarm": 15,
"evaluation_periods": 15,
"period": 60,
"threshold": 150
}
no
alarm_service_resources_priority Priority for service resources alarms string "info" no
alarm_service_resources_treat_missing_data How to treat missing data, defaults to 'breaching' string "breaching" no
alb_health_check ALB target group healthy check values
object({
enabled = optional(bool, true)
healthy_threshold = optional(number, 2)
unhealthy_threshold = optional(number, 2)
threshold = optional(number, 2)
interval = optional(number, 30)
timeout = optional(number, 10)
matcher = optional(string, "200")
path = optional(string, "/health")
port = optional(string, "traffic-port")
protocol = optional(string, "HTTP")
})
{} no
alb_name Name of the alb used to attach the target group string "" no
alb_stickiness_enabled Boolean to enable / disable stickiness. Default is true bool false no
alb_unauthenticated_hosts Unauthenticated hosts to match in Hosts header list(string) [] no
alb_unauthenticated_paths Unauthenticated path pattern to match (a maximum of 1 can be defined) list(string)
[
"*"
]
no
alb_unauthenticated_priority The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from authenticated_priority since a listener can't have multiple rules with the same priority number 100 no
app_image_tag The default container image to use in container definition string null no
attributes ID element. Additional attributes (e.g. workers or cluster) to add to id,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the delimiter
and treated as a single ID element.
list(string) [] no
autoscaling_customized_metric_name The name of the metric string "" no
autoscaling_customized_statistic The name of the metric string "Average" no
autoscaling_customized_unit The name of the metric string "Count" no
autoscaling_enabled Defines if autoscaling should be enabled bool false no
autoscaling_max_capacity Maximum number of running instances of a Service number 200 no
autoscaling_min_capacity Minimum number of running instances of a Service number 1 no
autoscaling_predefined_metric_type The metric type string null no
autoscaling_scale_in_cooldown The amount of time, in seconds, after a scale in activity completes before another scale in activity can start number 60 no
autoscaling_scale_out_cooldown The amount of time, in seconds, after a scale out activity completes before another scale out activity can start number 60 no
autoscaling_schedule Provides an Application AutoScaling ScheduledAction resource
list(object({
schedule = string
min_capacity = number
max_capacity = number
}))
[] no
autoscaling_target_value The target value for the metric number null no
aws_account_id AWS account id string null no
aws_region AWS region string null no
circuit_breaker_deployment_enabled If true, enable the deployment circuit breaker logic for the service bool false no
circuit_breaker_rollback_enabled If true, Amazon ECS will roll back the service if a service deployment fails bool false no
cloudwatch_log_group_enabled A boolean to disable cloudwatch log group creation bool true no
container_cpu The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) number null no
container_map_environment The environment variables to pass to the container. This is a map of string: {key: value}. environment overrides map_environment map(string) null no
container_map_secrets The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets map(string) null no
container_memory The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) number null no
container_memory_reservation The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than container_memory if set number null no
container_start_timeout Time duration (in seconds) to wait before giving up on resolving dependencies for a container number null no
container_stop_timeout Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own number null no
context Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
any
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
}
no
delimiter Delimiter to be used between ID elements.
Defaults to - (hyphen). Set to "" to use no delimiter at all.
string null no
deployment_maximum_percent The upper limit of the number of tasks (as a percentage of desired_count) that can be running in a service during a deployment number 200 no
deployment_minimum_healthy_percent The lower limit (as a percentage of desired_count) of the number of tasks that must remain running and healthy in a service during a deployment number 100 no
descriptor_formats Describe additional descriptors to be output in the descriptors output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
{<br/> format = string<br/> labels = list(string)<br/>}
(Type is any so the map values can later be enhanced to provide additional options.)
format is a Terraform format string to be passed to the format() function.
labels is a list of labels, in order, to pass to format() function.
Label values will be normalized before being passed to format() so they will be
identical to how they appear in id.
Default is {} (descriptors output will be empty).
any {} no
desired_count The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) number 1 no
docker_labels The configuration options to send to the docker_labels map(string) null no
domain The default domain string n/a yes
ecr_repository_lifecycle_policy The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs string null no
ecs_access_policy_enabled Defines if the ecs tasks should have the ecs access policy bool false no
elasticsearch_host Defines the elasticsearch host to query for logs string null no
elasticsearch_index_template This defines the properties used within the index template (Only used if create_elasticsearch_data_stream is true)
object({
additional_fields = map(any)
name = string
priority = number
node_name = string
number_of_shards = number
number_of_replicas = number
})
{
"additional_fields": {},
"name": "",
"node_name": "*",
"number_of_replicas": 1,
"number_of_shards": 1,
"priority": 250
}
no
elasticsearch_lifecycle_policy This defines the properties used within the index lifecycle management policy (Only used if create_elasticsearch_data_stream is true)
object({
delete_phase_min_age = string
hot_phase_max_primary_shard_size = string
hot_phase_max_age = optional(string)
warm_phase_min_age = string
warm_phase_number_of_replicas = number
})
{
"delete_phase_min_age": "28d",
"hot_phase_max_primary_shard_size": "10gb",
"warm_phase_min_age": "1d",
"warm_phase_number_of_replicas": 0
}
no
enabled Set to false to prevent the module from creating any resources bool null no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string null no
exec_enabled Specifies whether to enable Amazon ECS Exec for the tasks within the service bool true no
gosoline_metadata Define custom metadata for the gosoline provider
object({
domain = optional(string),
use_https = optional(string),
port = optional(string)
})
null no
gosoline_name_patterns Define custom name patters for the gosoline provider
object({
hostname = optional(string),
cloudwatch_namespace = optional(string),
ecs_cluster = optional(string),
ecs_service = optional(string),
grafana_cloudwatch_datasource = optional(string),
grafana_elasticsearch_datasource = optional(string)
})
{
"cloudwatch_namespace": "{env}/{group}/{app}",
"ecs_cluster": "{env}",
"ecs_service": "{group}-{app}",
"grafana_cloudwatch_datasource": "cloudwatch-{family}",
"grafana_elasticsearch_datasource": "elasticsearch-{env}-{family}-{group}-{app}",
"hostname": "{scheme}://{app}.{group}.{env}.{metadata_domain}:{port}"
}
no
grafana_dashboard_url Url of the grafana dashboard string null no
health_check_grace_period_seconds Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers number 0 no
healthcheck A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries)
object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
})
null no
id_length_limit Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for keep the existing setting, which defaults to 0.
Does not affect id_full.
number null no
ignore_changes_desired_count Whether to ignore changes for desired count in the ECS service bool true no
ignore_changes_task_definition Ignore changes (like environment variables) to the ECS task definition bool false no
kibana_data_view_enabled Defines whether there will be a kibana data view bool true no
kibana_host Defines the kibana host string null no
kibana_space_id Space identifier to place the kibana data view into string null no
label_key_case Controls the letter case of the tags keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the tags input.
Possible values: lower, title, upper.
Default value: title.
string null no
label_order The order in which the labels (ID elements) appear in the id.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
list(string) null no
label_orders Overrides the labels_order for the different labels to modify ID elements appear in the id
object({
cloudwatch = optional(list(string), ["environment", "stage", "name"]),
ecr = optional(list(string)),
ecs = optional(list(string), ["stage", "name"]),
ec2 = optional(list(string), ["environment", "stage", "name"]),
iam = optional(list(string)),
sentry = optional(list(string), ["stage", "name"]),
ssm = optional(list(string)),
vpc = optional(list(string)),
elasticsearch = optional(list(string), ["environment", "namespace", "stage", "name"])
kibana = optional(list(string))
})
{} no
label_value_case Controls the letter case of ID elements (labels) as included in id,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the tags input.
Possible values: lower, title, upper and none (no transformation).
Set this to title and set delimiter to "" to yield Pascal Case IDs.
Default value: lower.
string null no
labels_as_tags Set of labels (ID elements) to include as tags in the tags output.
Default is to include all labels.
Tags with empty values will not be included in the tags output.
Set to [] to suppress all generated tags.
Notes:
The value of the name tag, if included, will be the id, not the name.
Unlike other null-label inputs, the initial setting of labels_as_tags cannot be
changed in later chained modules. Attempts to change it will be silently ignored.
set(string)
[
"default"
]
no
launch_type The ECS launch type (valid options: FARGATE or EC2) string "EC2" no
log_driver The log driver to use for the container. If using Fargate launch type, only supported value is awslogs string "awsfirelens" no
log_retention_in_days The number of days to retain logs for the log group number 1 no
log_router_container_cpu The log router cpu reservation for the ECS task definition string 30 no
log_router_container_memory_reservation The log router memory reservation for the ECS task definition string 64 no
log_router_essential Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value bool false no
log_router_image_repository Container registry repository url string n/a yes
log_router_image_tag The default container image to use in container definition string "stable-3.0.7" no
log_router_options The log router options to use map(string)
{
"config-file-type": "file",
"config-file-value": "/fluent-bit/etc/extra.conf"
}
no
log_router_stop_timeout Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own number 60 no
log_router_type The log router type to use string "fluentbit" no
metric_based_autoscaling_ignore_changes_min_max_capacity Whether or not to ignore min_capacity/max_capacity changes on the aws_appautoscaling_target of the metric based autoscaling module bool false no
metric_calculator_enabled Whether to use the metrics produced by the metric calculator for autoscaling (gosoline feature), see: https://github.com/justtrackio/gosoline bool null no
metric_enabled Defines if metrics should be written bool n/a yes
monitoring_enabled Defines if the monitoring module should be created bool true no
name ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.
string null no
namespace ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique string null no
network_mode The network mode to use for the task. This is required to be awsvpc for FARGATE launch_type or null for EC2 launch_type string null no
ordered_placement_strategy Service level strategy rules that are taken into consideration during task placement.
List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5.
See ordered_placement_strategy
list(object({
type = string
field = string
}))
[
{
"field": "instanceId",
"type": "spread"
}
]
no
organizational_unit Usually used to indicate the AWS organizational unit, e.g. 'prod', 'sdlc' string null no
port_gateway Define the gateway port number 8088 no
port_health Define the health port number 8090 no
port_mappings The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort
list(object({
containerPort = number
hostPort = number
protocol = string
}))
[] no
port_metadata Define the metadata port number 8070 no
propagate_tags Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION string null no
regex_replace_chars Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.
string null no
scheduled_autoscaling_ignore_changes_min_max_capacity Whether or not to ignore min_capacity/max_capacity changes on the aws_appautoscaling_target of the scheduled autoscaling module bool true no
sentry_alarm_action_match Trigger actions when an event is captured by Sentry and any or all of the specified conditions happen. string "any" no
sentry_alarm_actions List of actions. In JSON string format. string "[]" no
sentry_alarm_conditions List of conditions. In JSON string format. string "[]" no
sentry_alarm_filter_match A string determining which filters need to be true before any actions take place. Required when a value is provided for filters. string "all" no
sentry_alarm_filters A list of filters that determine if a rule fires after the necessary conditions have been met. In JSON string format. string null no
sentry_alarm_frequency Perform actions at most once every X minutes for this issue. number 5 no
sentry_dsn Define a custom sentry dsn if sentry_enabled is set to false string null no
sentry_enabled Set to false to prevent the module from creating any resources for sentry bool true no
service_placement_constraints The rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See placement_constraints docs
list(object({
type = string
expression = string
}))
[] no
service_registries Zero or one service discovery registries for the service.
The currently supported service registry is Amazon Route 53 Auto Naming Service - aws_service_discovery_service;
see service_registries docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1"
Service registry is object with required key registry_arn = string and optional keys
port = number
container_name = string
container_port = number
list(any) [] no
stage ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' string null no
tags Additional tags (e.g. {'BusinessUnit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.
map(string) {} no
target_group_arn ARN of the target group to register the task into. Only works when alb_name is not specified. Can be used for services that are made available via a vpc endpoint string "" no
task_cpu The number of CPU units used by the task. If unspecified, it will default to container_cpu. If using FARGATE launch type task_cpu must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) number null no
task_memory The amount of memory (in MiB) used by the task. If unspecified, it will default to container_memory. If using Fargate launch type task_memory must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) number null no
task_policy_arns A list of IAM Policy ARNs to attach to the generated task role. list(string) [] no
tenant ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for string null no
tracing_provider Defines which tracing provider to use. Valid values are 'local', 'xray', 'noop', or any tracer you registered yourself string "local" no
ulimits The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit"
list(object({
name = string
softLimit = number
hardLimit = number
}))
[] no
wait_for_steady_state If true, it will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing bool true no
working_directory The working directory to run commands inside the container string "/app" no

Outputs

No outputs.