Skip to content

Latest commit

 

History

History
155 lines (131 loc) · 6.99 KB

README.md

File metadata and controls

155 lines (131 loc) · 6.99 KB

Terraform AWS DataDog ECS Fargate Agent

This module deploys a DataDog agent to an ECS Fargate cluster. Basic configuration can be done via ENV vars and label configuration can be done via the auto_discovery_checks variable. An easy way to monitor databases without having to setup an EC2 instance. For more information, see: https://docs.datadoghq.com/database_monitoring/

Inputs

Name Description Type Default Required
agent_container n/a string "public.ecr.aws/datadog/agent:latest" no
agent_container_cpu n/a number 256 no
agent_container_docker_labels n/a map(string) {} no
agent_container_environment n/a map(string) 
{
  "DD_SITE": "datadoghq.eu"
}
 no
agent_container_healthcheck n/a 
object({
    command      = list(string)
    interval     = number
    retries      = number
    start_period = number
    timeout      = number
  })
 
{
  "command": [
    "CMD-SHELL",
    "agent health"
  ],
  "interval": 30,
  "retries": 3,
  "start_period": 10,
  "timeout": 2
}
 no
agent_container_memory n/a number 512 no
agent_container_secrets n/a map(string) {} no
assign_public_ip n/a bool false no
auto_discovery_checks n/a any {} no
cpu_architecture n/a string "ARM64" no
deployment_maximum_percent n/a number 200 no
deployment_minimum_healthy_percent n/a number 100 no
desired_count n/a number 1 no
ecs_cluster_name n/a string n/a yes
enable_execute_command n/a bool true no
force_new_deployment n/a bool false no
name n/a string n/a yes
operating_system_family n/a string "LINUX" no
secretsmanager_secret_keys List of keys to retrieve from SecretsManager and inject into the container. If populated, will create a Secretsmanager Secret and IAM policy to allow the ECS task to retrieve the secret. list(string) [] no
security_group_ids n/a list(string) [] no
subnet_ids n/a list(string) [] no
tags n/a map(string) {} no
task_additional_execute_role_policies n/a list(string) [] no
task_additional_task_role_policies n/a list(string) [] no
wait_for_steady_state n/a bool true no

Outputs

Name Description
secretsmanager_secret_arn n/a

Providers

Name Version
aws >= 4.50

Resources

  • resource.aws_ecs_service.main (modules/fargate_agent/main.tf#46)
  • resource.aws_iam_role_policy_attachment.ecs_exec_ssm_policy (modules/fargate_agent/main.tf#99)
  • resource.aws_secretsmanager_secret.main (modules/fargate_agent/main.tf#73)

Examples

Full

module "vpc" {
  source  = "registry.terraform.io/terraform-aws-modules/vpc/aws"
  version = "~> 5.0"

  name = "main"
  cidr = "10.100.0.0/16"
}

module "ecs_cluster" {
  source = "github.com/geekcell/terraform-aws-ecs-cluster?ref=v1"

  name = "my-ecs-cluster"
}

module "datadog_agent" {
  source = "../../"

  name             = "datadog-agent"
  ecs_cluster_name = module.ecs_cluster.name

  subnet_ids         = module.vpc.private_subnets
  security_group_ids = [module.datadog_agent_security_group.security_group_id]

  secretsmanager_secret_keys = [
    "DD_API_KEY",

    "REDIS_HOST",
    "REDIS_PASSWORD",

    "DB_USERNAME",
    "DB_PASSWORD",
    "DB_HOST_1",
    "DB_HOST_2"
  ]

  auto_discovery_checks = {
    # Redis
    redisdb = {
      instances = [
        {
          port     = 6379
          host     = "%%env_REDIS_HOST%%"
          password = "%%env_REDIS_PASSWORD%%"
          tags     = ["cacheclusterid:my-redis-cluster"]
        }
      ]
    }

    # MySQL
    mysql = {
      instances = [
        {
          dbm      = true
          port     = 3306
          host     = "%%env_DB_HOST_1%%"
          username = "%%env_DB_USERNAME%%"
          password = "%%env_DB_PASSWORD%%"
        },
        {
          dbm      = true
          port     = 3306
          host     = "%%env_DB_HOST_2%%"
          username = "%%env_DB_USERNAME%%"
          password = "%%env_DB_PASSWORD%%"
        }
      ]
    }
  }
}

module "datadog_agent_security_group" {
  source = "github.com/geekcell/terraform-aws-security-group?ref=v1"

  name   = "datadog-ecs-dd-agent"
  vpc_id = module.vpc.private_subnets

  egress_rules = [
    {
      description = "Allow HTTPS outbound traffic."
      port        = 443
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    },
    {
      port        = 6379
      protocol    = "tcp"
      cidr_blocks = ["10.100.0.0/16"]
    },
    {
      port        = 3306
      protocol    = "tcp"
      cidr_blocks = ["10.100.0.0/16"]
    }
  ]
}