terraform-aws-ecs-service

Terraform module for deploying and managing a generic ECS service onto an existing cluster.

Required

• region - AWS region in which the EC2 Container Service cluster is located
• ecs_cluster - EC2 Container Service cluster in which the service will be deployed (must already exist, the module will not create it).
• service_identifier - Unique identifier for the service, used in naming resources.
• task_identifier - Unique identifier for the task, used in naming resources.
• docker_image - Docker image specification.

Usage

module "pganalyze_testdb" {
  source             = "github.com/terraform-community-modules/tf_aws_ecs_service?ref = v1.0.0"
  region             = "${data.aws_region.current.name}"
  ecs_cluster        = "my-ecs-cluster"
  service_identifier = "pganalyze"
  task_identifier    = "testdb"
  docker_image       = "quay.io/pganalyze:stable"

  docker_environment = [
    {
      "name"  = "DB_URL",
      "value" = "postgres://user:password@host:port/database",
    },
  ]
}

Authors

Steve Huff Tim Hartmann

Changelog

2.1.0 - IAM role outputs.

1.0.0 - Initial release.

License

This software is released under the MIT License (see LICENSE).

Inputs

Name	Description	Type	Default	Required
acm_cert_domain	Domain name of ACM-managed certificate	string	""	no
app_port	Numeric port on which application listens (unnecessary if neither lb_enable_https or lb_enable_http are true)	string	""	no
attributes	Suffix name with additional attributes (policy, role, etc.)	list	<list>	no
container_definition	Container definition when not using module default definition	string	""	no
container_definition_additional	Additional parameters to add to container definition. This is a json substring	string	""	no
delimiter	Delimiter to be used between name, namespaces, attributes, etc.	string	"-"	no
dns_aliases	Additional DNS names	list	<list>	no
dns_parent_zone_name	DNS name of the parent zone to put this in	string	""	no
docker_command	String to override CMD in Docker container (default "")	string	""	no
docker_environment	List of environment maps of format { "name" = "var_name", "value" = "var_value" }	list	<list>	no
docker_image	Docker image to use for task	string	""	no
docker_memory	Hard limit on memory use for task container (default 256)	string	"256"	no
docker_memory_reservation	Soft limit on memory use for task container (default 128)	string	"128"	no
docker_mount_points	List of mount point maps of format { "sourceVolume" = "vol_name", "containerPath" = "path", ["readOnly" = "true or false" ] }	list	<list>	no
docker_port_mappings	List of port mapping maps of format { "containerPort" = integer, [ "hostPort" = integer, "protocol" = "tcp or udp" ] }	list	<list>	no
docker_registry	Docker register for image	string	""	no
docker_volumes	List of volume maps of format { "name" = "var_name", "host_path" = "var_value" }	list	<list>	no
ecs_cluster_arn	ARN of ECS cluster in which the service will be deployed	string	n/a	yes
ecs_data_volume_path	Path to volume on ECS node to be defined as a "data" volume (default "/opt/data")	string	"/opt/data"	no
ecs_deployment_maximum_percent	Upper limit in percentage of tasks that can be running during a deployment (default 200)	string	"200"	no
ecs_deployment_minimum_healthy_percent	Lower limit in percentage of tasks that must remain healthy during a deployment (default 100)	string	"100"	no
ecs_desired_count	Desired number of containers in the task (default 1)	string	"1"	no
ecs_health_check_grace_period_seconds	Health check grace period (seconds) before LB health checks start	string	"30"	no
ecs_log_retention	Number of days of ECS task logs to retain (default 3)	string	"3"	no
ecs_placement_constraints	Placement contraints to use when distributing tasks	list	<list>	no
ecs_placement_strategy_field	Container metadata field to use when distributing tasks (default memory)	string	"memory"	no
ecs_placement_strategy_type	Placement strategy to use when distributing tasks (default binpack)	string	"binpack"	no
ecs_security_group_id	Security group ID of ECS cluster in which the service will be deployed	string	n/a	yes
enable_ecs_managed_tags	Enable ECS managed task tagging	string	"true"	no
enable_lb	Set to false to prevent the module from creating a Load Balancer	string	"true"	no
enabled	Set to false to prevent the module from creating anything	string	"true"	no
environment	Environment (ex: dev, qa, stage, prod). (Second or top level namespace. Depending on namespacing options)	string	n/a	yes
extra_task_policy_arns	List of ARNs of IAM policies to be attached to the ECS task role (in addition to the default policy, so cannot be more than 9 ARNs)	list	<list>	no
firelens_host_url	URL of firelens application	string	""	no
firelens_port	Port of firelens application (default 24224)	string	"24224"	no
lb_cookie_duration	Duration of LB session stickiness cookie in seconds (default 86400)	string	"86400"	no
lb_enable_http	Enable HTTP listener in LB (http or https MUST be enabled)	string	"true"	no
lb_enable_https	Enable HTTPS listener in LB (http or https MUST be enabled)	string	"false"	no
lb_healthcheck_healthy_threshold	Number of consecutive successful health checks before marking service as healthy (default 5)	string	"5"	no
lb_healthcheck_interval	Time in seconds between LB health checks (default 30)	string	"30"	no
lb_healthcheck_matcher	HTTP response codes to accept as healthy (default 200)	string	"200-399"	no
lb_healthcheck_path	URI path for LB health checks (default /)	string	"/"	no
lb_healthcheck_port	Port for LB to use when connecting health checks (default same as application traffic)	string	"traffic-port"	no
lb_healthcheck_protocol	Protocol for LB to use when connecting health checks (default HTTP)	string	"HTTP"	no
lb_healthcheck_timeout	Timeout in seconds for LB to use when connecting health checks (default 5)	string	"5"	no
lb_healthcheck_unhealthy_threshold	Number of consecutive failed health checks before marking service as unhealthy (default 2)	string	"5"	no
lb_https_ports	HTTPS ports load balancer should listen on	string	"443"	no
lb_ingress_cidr_blocks	List of ingress CIDR blocks for load balancer	list	<list>	no
lb_internal	Configure LB as internal-only	string	"true"	no
lb_listener_arn	Add to existing LB listener	string	""	no
lb_listener_rule_pattern	Add to existing LB listener with rule pattern	string	""	no
lb_listener_rule_priority	Add to existing LB listener as rule priority	string	""	no
lb_ports	Ports load balancer should listen on	string	"80"	no
lb_stickiness_enabled	Enable LB session stickiness (default false)	string	"false"	no
lb_subnet_ids	VPC subnet IDs in which to create the LB (unnecessary if neither lb_enable_https or lb_enable_http are true)	list	<list>	no
lb_type	Type of LB to create: application, network	string	"application"	no
log_group_name	Name for CloudWatch Log Group that will receive collector logs (must be unique, default is created from service_identifier and task_identifier)	string	""	no
name	Base name for resources	string	n/a	yes
namespace-env	Prefix name with the environment. If true, format is: -	string	"true"	no
namespace-org	Prefix name with the organization. If true, format is: -. If both env and org namespaces are used, format will be --	string	"false"	no
network_mode	Docker network mode for task (default "bridge")	string	"bridge"	no
organization	Organization name (Top level namespace).	string	""	no
propagate_tags_method	Propagate tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION	string	"SERVICE"	no
region	AWS region in which ECS cluster is located (default is 'us-east-1')	string	"us-east-1"	no
service_identifier	Unique identifier for this pganalyze service (used in log prefix, service name etc.)	string	"service"	no
sidecar_docker_image	Sidecar Docker image to use for task	string	""	no
sidecar_container_definition_additional	Sidecar Additional parameters to add to container definition. This is a json substring	string	""	no
sidecar_docker_environment	Sidecar List of environment maps of format { "name" = "var_name", "value" = "var_value" }	list	<list>	no
sidecar_docker_memory_reservation	Sidecar Soft limit on memory use for task container (default 512)	string	"512"	no
tags	A map of additional tags	map	<map>	no
target_group_only	Only create target group without a load balancer. For when more advanced LB setups are required	string	"false"	no
target_type	Type for targets for target group. Can be: instance or ip	string	"instance"	no
task_definition_arn	Task definition ARN to use instead of module generated one	string	""	no
task_identifier	Unique identifier for this pganalyze task (used in log prefix, service name etc.)	string	"task"	no
vpc_id	ID of VPC in which ECS cluster is located	string	n/a	yes

Outputs

Name	Description
cluster_arn	ECS cluster ARN
container_json
lb_arn	ARN of the LB
lb_dns_aliases	List of DNS aliases add for ALB
lb_dns_name	FQDN of ALB provisioned for service (if present)
lb_listener_arns	ARNs of all the LB Listeners
lb_listener_http_arns	The ARNs of the HTTP LB Listeners
lb_listener_https_arns	The ARNs of the HTTPS LB Listeners
lb_listener_tcp_arns	The ARNs of the network TCP LB Listeners
lb_target_group_arns	ARNs of all the target groups. Useful for passing to your Auto Scaling group module.
lb_target_group_arns_suffix	ARNs suffix of all the target groups. Useful for passing to your Auto Scaling group module.
lb_target_group_http_arns	ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module.
lb_target_group_https_arns	ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module.
lb_target_group_tcp_arns	ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module.
lb_zone_id	Route 53 zone ID of ALB provisioned for service (if present)
log_group_name	Cloudwatch log group name for service
service_arn	ECS service ARN
service_iam_role_arn	ARN of the IAM Role for the ECS Service
service_iam_role_name	Name of the IAM Role for the ECS Task
service_name	ECS service name
task_iam_role_arn	ARN of the IAM Role for the ECS Task
task_iam_role_name	Name of the IAM Role for the ECS Task

Resource Graph of plan