Terraform Module to setup Kong(OSS) in ECS with self managed EC2 instances.
This setup assumes that the ECS cluster that has Auto Scaling Group (ASG) exist with the name default. If you are using different name, you can provide those in the variables section of your Terraform configuration.
Ensure you have the AWS CLI installed on your machine. You can find the installation instructions for different operating systems in the official AWS CLI documentation: Install AWS CLI
Use the following commands to add the required parameters to AWS Systems Manager Parameter Store. These parameters are necessary for configuring your PostgreSQL database.
aws ssm put-parameter --name "/rds/POSTGRES_USERNAME" --value "value" --type "SecureString"
aws ssm put-parameter --name "/rds/POSTGRES_PASSWORD" --value "value" --type "SecureString"
aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "SecureString"| Name | Version |
|---|---|
| terraform | >= 1.13.0 |
| aws | >= 5.5.0 |
| Name | Version |
|---|---|
| aws | >= 5.5.0 |
| Name | Source | Version |
|---|---|---|
| ecs_kong | infraspecdev/ecs-deployment/aws | ~> 4.3.4 |
| ecs_task_security_group | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| internal_alb_kong | infraspecdev/ecs-deployment/aws//modules/alb | ~> 4.3.4 |
| internal_alb_security_group | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| kong_internal_dns_record | ./modules/route-53-record | n/a |
| kong_public_dns_record | ./modules/route-53-record | n/a |
| kong_rds | terraform-aws-modules/rds/aws | ~> 6.12.0 |
| postgres_security_group | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| public_alb_security_group | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| Name | Type |
|---|---|
| aws_iam_role.ecs_exec | resource |
| aws_iam_role_policy_attachment.ecs_exec | resource |
| aws_ecs_cluster.this | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_ssm_parameter.rds | data source |
| aws_vpc.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_retention_period | The number of days to retain backups | number |
1 |
no |
| backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled | string |
null |
no |
| cluster_name | Name of the ECS cluster where Kong will be deployed | string |
"default" |
no |
| container_image | Container image for kong | string |
"kong:3.7.1-ubuntu" |
no |
| cpu_for_kong_task | CPU required for kong task definiton | number |
256 |
no |
| create_db_subnet_group | Whether to create a DB subnet group for Kong RDS instance | bool |
true |
no |
| db_allocated_storage | Initial allocated storage for Kong RDS instance in GBs | number |
20 |
no |
| db_max_allocated_storage | The maximum amount of allocated storage in GBs | number |
100 |
no |
| deletion_protection | Whether to enable deletion protection | bool |
false |
no |
| desired_count_for_kong_service | Desired count for kong service | number |
1 |
no |
| force_new_deployment | Whether to force new deployment | bool |
true |
no |
| kong_admin_domain_name | Kong admin domain name | string |
n/a | yes |
| kong_public_domain_name | Kong public domain name | string |
n/a | yes |
| log_configuration_for_kong | Log configuration for kong | any |
null |
no |
| maintenance_window | The window to perform maintenance in.Syntax:ddd:hh24:mi-ddd:hh24:mi | string |
null |
no |
| manage_master_user_password | Whether to manage master user password | bool |
false |
no |
| memory_for_kong_task | Memory required for kong task definiton | number |
256 |
no |
| multi_az | Specifies if the RDS instance is multi-AZ | bool |
false |
no |
| performance_insights_enabled | Whether to enable performance insights | bool |
true |
no |
| performance_insights_retention_period | The retention period for performance insights | number |
7 |
no |
| private_subnet_ids | List of private subnet IDs for database and Kong ECS deployment | list(string) |
n/a | yes |
| public_subnet_ids | List of public subnet IDs for public-facing load balancers | list(string) |
n/a | yes |
| rds_db_tags | List of tags | map(string) |
{} |
no |
| rds_instance_class | The RDS instance class for Kong database (e.g., db.t3.micro, db.r5.large) | string |
"db.t3.micro" |
no |
| ssl_policy | Name of the SSL Policy for the listener. | string |
"ELBSecurityPolicy-2016-08" |
no |
| vpc_id | The ID of the VPC where Kong infrastructure will be deployed | string |
n/a | yes |
| Name | Description |
|---|---|
| kong_ecs_service_arn | ARN of Kong ECS service |
| kong_internal_alb_dns_name | DNS name of Kong internal ALB |
| kong_public_alb_dns_name | DNS name of Kong public ALB |
| kong_rds_instance_endpoint | Endpoint of Kong RDS instance |