Skip to content

Commit

Permalink
Update variables
Browse files Browse the repository at this point in the history
  • Loading branch information
@jnonino
jnonino committed Feb 10, 2023
1 parent ea5df8e commit 8b43d51
Show file tree
Hide file tree
Showing 3 changed files with 284 additions and 199 deletions.
11 changes: 9 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,21 +89,28 @@ In order to run all checks at any point run the following command:
| <a name="input_hostname"></a> [hostname](#input\_hostname) | The hostname to use for your container. | `string` | `null` | no |
| <a name="input_iam_partition"></a> [iam\_partition](#input\_iam\_partition) | IAM partition to use when referencing standard policies. GovCloud and some other regions use different partitions | `string` | `"aws"` | no |
| <a name="input_interactive"></a> [interactive](#input\_interactive) | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. | `bool` | `null` | no |
| <a name="input_ipc_mode"></a> [ipc\_mode](#input\_ipc\_mode) | (Optional) IPC resource namespace to be used for the containers in the task The valid values are host, task, and none. | `string` | `null` | no |
| <a name="input_links"></a> [links](#input\_links) | List of container names this container can communicate with without port mappings | `list(string)` | `[]` | no |
| <a name="input_linux_parameters"></a> [linux\_parameters](#input\_linux\_parameters) | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html | <pre>object({<br> capabilities = object({<br> add = list(string)<br> drop = list(string)<br> })<br> devices = list(object({<br> containerPath = string<br> hostPath = string<br> permissions = list(string)<br> }))<br> initProcessEnabled = bool<br> maxSwap = number<br> sharedMemorySize = number<br> swappiness = number<br> tmpfs = list(object({<br> containerPath = string<br> mountOptions = list(string)<br> size = number<br> }))<br> })</pre> | `null` | no |
| <a name="input_log_configuration"></a> [log\_configuration](#input\_log\_configuration) | Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html | `any` | `null` | no |
| <a name="input_map_environment"></a> [map\_environment](#input\_map\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. map\_environment overrides environment | `map(string)` | `null` | no |
| <a name="input_map_secrets"></a> [map\_secrets](#input\_map\_secrets) | The secrets variables to pass to the container. This is a map of string: {key: value}. map\_secrets overrides secrets | `map(string)` | `null` | no |
| <a name="input_mount_points"></a> [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional. | `list(any)` | `[]` | no |
| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Name prefix for resources on AWS | `any` | n/a | yes |
| <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | (Optional) The ARN of the policy that is used to set the permissions boundary for the `ecs_task_execution_role` role. | `string` | `null` | no |
| <a name="input_placement_constraints"></a> [placement\_constraints](#input\_placement\_constraints) | (Optional) A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. This is a list of maps, where each map should contain "type" and "expression" | `list(any)` | `[]` | no |
| <a name="input_pid_mode"></a> [pid\_mode](#input\_pid\_mode) | (Optional) Process namespace to use for the containers in the task. The valid values are host and task | `string` | `null` | no |
| <a name="input_placement_constraints"></a> [placement\_constraints](#input\_placement\_constraints) | (Optional) A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. | <pre>list(object({<br> expression = string # Cluster Query Language expression to apply to the constraint. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.<br> type = string # Type of constraint. Use memberOf to restrict selection to a group of valid candidates. Note that distinctInstance is not supported in task definitions.<br> }))</pre> | `[]` | no |
| <a name="input_port_mappings"></a> [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | <pre>list(object({<br> containerPort = number<br> hostPort = number<br> protocol = string<br> }))</pre> | <pre>[<br> {<br> "containerPort": 80,<br> "hostPort": 80,<br> "protocol": "tcp"<br> }<br>]</pre> | no |
| <a name="input_privileged"></a> [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. | `bool` | `null` | no |
| <a name="input_proxy_configuration"></a> [proxy\_configuration](#input\_proxy\_configuration) | (Optional) The proxy configuration details for the App Mesh proxy. This is a list of maps, where each map should contain "container\_name", "properties" and "type" | `list(any)` | `[]` | no |
| <a name="input_proxy_configuration"></a> [proxy\_configuration](#input\_proxy\_configuration) | (Optional) The proxy configuration details for the App Mesh proxy. This is a list of maps, where each map should contain "container\_name", "properties" and "type" | <pre>list(object({<br> container_name = string # Name of the container that will serve as the App Mesh proxy.<br> properties = list(object({ # Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping.<br> name = string<br> value = string<br> }))<br> type = string # Proxy type. The default value is APPMESH. The only supported value is APPMESH.<br> }))</pre> | `[]` | no |
| <a name="input_pseudo_terminal"></a> [pseudo\_terminal](#input\_pseudo\_terminal) | When this parameter is true, a TTY is allocated. | `bool` | `null` | no |
| <a name="input_readonly_root_filesystem"></a> [readonly\_root\_filesystem](#input\_readonly\_root\_filesystem) | Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value | `bool` | `false` | no |
| <a name="input_repository_credentials"></a> [repository\_credentials](#input\_repository\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no |
| <a name="input_resource_requirements"></a> [resource\_requirements](#input\_resource\_requirements) | The type and amount of a resource to assign to a container. The only supported resource is a GPU. | <pre>list(object({<br> type = string<br> value = string<br> }))</pre> | `null` | no |
| <a name="input_runtime_platform_cpu_architecture"></a> [runtime\_platform\_cpu\_architecture](#input\_runtime\_platform\_cpu\_architecture) | Must be set to either X86\_64 or ARM64 | `string` | `"X86_64"` | no |
| <a name="input_runtime_platform_operating_system_family"></a> [runtime\_platform\_operating\_system\_family](#input\_runtime\_platform\_operating\_system\_family) | If the requires\_compatibilities is FARGATE this field is required. The valid values for Amazon ECS tasks that are hosted on Fargate are LINUX, WINDOWS\_SERVER\_2019\_FULL, WINDOWS\_SERVER\_2019\_CORE, WINDOWS\_SERVER\_2022\_FULL, and WINDOWS\_SERVER\_2022\_CORE. | `string` | `"LINUX"` | no |
| <a name="input_secrets"></a> [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | <pre>list(object({<br> name = string<br> valueFrom = string<br> }))</pre> | `[]` | no |
| <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | (Optional) Whether to retain the old revision when the resource is destroyed or replacement is necessary. Default is false. | `bool` | `false` | no |
| <a name="input_start_timeout"></a> [start\_timeout](#input\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `null` | no |
| <a name="input_stop_timeout"></a> [stop\_timeout](#input\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `null` | no |
| <a name="input_system_controls"></a> [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `[]` | no |
Expand Down
85 changes: 51 additions & 34 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,65 +35,76 @@ module "container_definition" {
source = "cloudposse/ecs-container-definition/aws"
version = "0.58.1"

container_name = var.container_name
command = var.command
container_cpu = var.container_cpu
container_definition = var.container_definition
container_depends_on = var.container_depends_on
container_image = var.container_image
container_memory = var.container_memory
container_memory_reservation = var.container_memory_reservation
container_definition = var.container_definition
port_mappings = var.port_mappings
healthcheck = var.healthcheck
container_cpu = var.container_cpu
essential = var.essential
container_name = var.container_name
disable_networking = var.disable_networking
dns_search_domains = var.dns_search_domains
dns_servers = var.dns_servers
docker_labels = var.docker_labels
docker_security_options = var.docker_security_options
entrypoint = var.entrypoint
command = var.command
working_directory = var.working_directory
environment = var.environment
extra_hosts = var.extra_hosts
map_environment = var.map_environment
environment_files = var.environment_files
secrets = var.secrets
readonly_root_filesystem = var.readonly_root_filesystem
essential = var.essential
extra_hosts = var.extra_hosts
firelens_configuration = var.firelens_configuration
healthcheck = var.healthcheck
hostname = var.hostname
interactive = var.interactive
links = var.links
linux_parameters = var.linux_parameters
log_configuration = var.log_configuration
firelens_configuration = var.firelens_configuration
map_environment = var.map_environment
map_secrets = var.map_secrets
mount_points = var.mount_points
dns_servers = var.dns_servers
dns_search_domains = var.dns_search_domains
ulimits = var.ulimits
port_mappings = var.port_mappings
privileged = var.privileged
pseudo_terminal = var.pseudo_terminal
readonly_root_filesystem = var.readonly_root_filesystem
repository_credentials = var.repository_credentials
volumes_from = var.volumes_from
links = var.links
user = var.user
container_depends_on = var.container_depends_on
docker_labels = var.docker_labels
resource_requirements = var.resource_requirements
secrets = var.secrets
start_timeout = var.start_timeout
stop_timeout = var.stop_timeout
privileged = var.privileged
system_controls = var.system_controls
hostname = var.hostname
disable_networking = var.disable_networking
interactive = var.interactive
pseudo_terminal = var.pseudo_terminal
docker_security_options = var.docker_security_options
ulimits = var.ulimits
user = var.user
volumes_from = var.volumes_from
working_directory = var.working_directory
}

# Task Definition
resource "aws_ecs_task_definition" "td" {
family = "${var.name_prefix}-td"
container_definitions = length(var.containers) == 0 ? "[${module.container_definition.json_map_encoded}]" : jsonencode(var.containers)
task_role_arn = var.task_role_arn == null ? aws_iam_role.ecs_task_execution_role.arn : var.task_role_arn
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
network_mode = "awsvpc"
family = var.name_prefix

cpu = var.container_cpu
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
ipc_mode = var.ipc_mode
memory = var.container_memory
network_mode = "awsvpc" # awsvpc required for Fargate tasks

runtime_platform {
cpu_architecture = var.runtime_platform_cpu_architecture
operating_system_family = var.runtime_platform_operating_system_family
}

pid_mode = var.pid_mode

dynamic "placement_constraints" {
for_each = var.placement_constraints
content {
expression = lookup(placement_constraints.value, "expression", null)
type = placement_constraints.value.type
}
}
cpu = var.container_cpu
memory = var.container_memory
requires_compatibilities = ["FARGATE"]

dynamic "proxy_configuration" {
for_each = var.proxy_configuration
content {
Expand All @@ -102,12 +113,18 @@ resource "aws_ecs_task_definition" "td" {
type = lookup(proxy_configuration.value, "type", null)
}
}

dynamic "ephemeral_storage" {
for_each = var.ephemeral_storage_size == 0 ? [] : [var.ephemeral_storage_size]
content {
size_in_gib = var.ephemeral_storage_size
}
}

requires_compatibilities = ["FARGATE"]
skip_destroy = var.skip_destroy
task_role_arn = var.task_role_arn == null ? aws_iam_role.ecs_task_execution_role.arn : var.task_role_arn

dynamic "volume" {
for_each = var.volumes
content {
Expand Down
Loading

0 comments on commit 8b43d51

Please sign in to comment.