Terraform module for creating a ECS docker service with optional load balancer and DNS record. Has support for both EC2 and Fargate.
- Terraform 0.12: Pin module to
~> 2+
, submit pull request to branchdevelop
- Terraform 0.11: Pin module to
~> 1.x
, submit pull request to branchterrafomr011
enable_alb
: Since release 1.3.0 the load balancer can be controlled externally, load balancers can be create via a separate module. In the next major release the embedded alb in this module will be removed.
- when using default monitoring metrics make sure that you specify the ecs clustername!!!!
- For Fargate, check the supported CPU/Memory configurations: https://aws.amazon.com/fargate/pricing/
Please see the examples:
- default - shows basic usages such as: ALB, EFS mounts.
- load-balanced - shows several scenario's for using load balancers attached to an ECS service.
- fargate - shows several scenario's for using a Fargate ECS service.
Name | Description | Type | Default | Required |
---|---|---|---|---|
alb_certificate_arn | The AWS certificate ARN, required for an ALB via HTTPS. The certificate should be available in the same zone. | string |
"" |
no |
alb_container_port | The container port to associate with the load balancer. | number |
0 |
no |
alb_port | Defines to port for the ALB. | number |
443 |
no |
alb_protocol | Defines the ALB protocol to be used. | string |
"HTTPS" |
no |
alb_timeout | The idle timeout in seconds of the ALB | number |
60 |
no |
awsvpc_service_security_groups | List of security groups to be attached to service running in awsvpc network mode. Required for launch type FARGATE. | list |
[] |
no |
awsvpc_service_subnetids | List of subnet ids to which a service is deployed in fargate mode. | list |
[] |
no |
container_cpu | CPU shares to be assigned to the container. Required for FARGATE | string |
"" |
no |
container_memory | Memory to be assigned to the container. | number |
400 |
no |
container_ports | The container ports to be exposed. Optionally can include protocol (e.g. 8080 , 8080/tcp , 8080/udp ). |
list |
n/a | yes |
container_ssl_enabled | Set to true if container has SSL enabled. This requires that the container can handle HTTPS traffic. | bool |
false |
no |
desired_count | The number of desired tasks | number |
1 |
no |
dns_name | The name DNS name. | string |
"" |
no |
dns_zone_id | The ID of the DNS zone. | string |
"" |
no |
docker_environment_vars | A JSON formated array of tuples of docker enviroment variables. | string |
"" |
no |
docker_image | Name of te docker image. | string |
n/a | yes |
docker_image_tag | The docker image version (e.g. 1.0.0 or latest). | string |
"latest" |
no |
docker_logging_config | The configuration for docker container logging | string |
"" |
no |
docker_mount_points | Defines the the mount point for the container. | string |
"" |
no |
docker_repository | The location of the docker repository (e.g. 123456789.dkr.ecr.eu-west-1.amazonaws.com). | string |
"docker.io" |
no |
ecs_cluster_id | The id of the ECS cluster where this service will be launched. | string |
n/a | yes |
ecs_cluster_name | The name of the ECS cluster where this service will be launched. | string |
n/a | yes |
ecs_service_role | ECS service role. Required when using a load balancer when launch type is not FARGATE | string |
"" |
no |
ecs_services_dependencies | A list of arns can be provided to which the creation of the ecs service is depended. | list(string) |
[] |
no |
enable_alb | If true an ALB is created. | bool |
false |
no |
enable_dns | Enable creation of DNS record. | bool |
true |
no |
enable_load_balanced | Enables load balancing for a service by creating a target group and listener rule. This option should NOT be used together with enable_target_group_connection delegates the creation of the target group to component that use this module. |
bool |
false |
no |
enable_monitoring | If true monitoring alerts will be created if needed. | bool |
true |
no |
enable_target_group_connection | If true a load balancer is created for the service which will be connected to the target group specified in target_group_arn . Creating a load balancer for an ecs service requires a target group with a connected load balancer. To ensure the right order of creation, provide a list of depended arns in ecs_services_dependencies |
bool |
false |
no |
environment | Name of the environment (e.g. project-dev); will be prefixed to all resources. | string |
n/a | yes |
health_check | Health check for the target group, will overwrite the defaults (merged). Defaults: protocol=HTTP or HTTPS depends on container_ssl , path=/ , matcher=200-399 and interval=30 . |
map(string) |
{} |
no |
health_check_grace_period_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 1800. Only valid for services configured to use load balancers. | string |
"0" |
no |
health_check_interval | The approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. Default 30 seconds. | string |
"30" |
no |
health_check_matcher | HTTP result code used for health validation. | string |
"200-399" |
no |
health_check_path | The url path part for the health check endpoint. | string |
"/" |
no |
internal_alb | If true this ALB is only available within the VPC, default (false) is publicly accessable (internetfacing). | bool |
false |
no |
launch_type | Sets launch type for service. Options are: EC2, FARGATE. Default is EC2. | string |
"EC2" |
no |
lb_listener_rule_condition | The condition for the LB listener rule which is created when enable_load_balanced is set. |
map(string) |
{ |
no |
listener_arn | Required for enable_load_balanced , provide the arn of the listener connected to a load balancer. By default a rule to the root of the listener will be created. |
string |
"" |
no |
monitoring_sns_topic_arn | ARN for the SNS topic to send alerts to. | string |
"" |
no |
networkmode | The network mode this container should run in. Default is bridge. | string |
"bridge" |
no |
project | Project cost center / cost allocation. | string |
n/a | yes |
service_name | Name of the service to be created. | string |
n/a | yes |
ssl_policy | SSL policy applied to an SSL enabled ALB, see https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html | string |
"ELBSecurityPolicy-TLS-1-2-2017-01" |
no |
subnet_ids | List of subnet ids to deploy the ALB. | list(string) |
[] |
no |
tags | A map of tags to add to the resources | map(string) |
{} |
no |
target_group_arn | Required for enable_target_group_connection provides the target group arn to be connected to the ecs load balancer. Ensure you provide the arns of the listeners or listeners rule conntected to the target group as ecs_services_dependencies . |
string |
"" |
no |
task_role_arn | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. | string |
"" |
no |
volumes | Defines the volumes that can be mounted to a container. | list(map(string)) |
[] |
no |
vpc_id | The VPC to launch the ALB in in (e.g. vpc-66ecaa02). | string |
"" |
no |
Name | Description |
---|---|
alb_dns_name | DNS address of the load balancer, if created. |
alb_route53_dns_name | Route 53 DNS name, if created. |
aws_alb_target_group_arn | ARN of the loadbalancer target group. |
Currently the automated checks are limited. In CI the following checks are done for the root and each example.
- lint:
terraform validate
andterraform fmt
- basic init / get check:
terraform init -get -backend=false -input=false
A markdown table for variables can be generated as follow. Generation requires awk and terraform-docs installed.
.ci/bin/terraform-docs.sh markdown
This module is part of the Philips Forest.
___ _
/ __\__ _ __ ___ ___| |_
/ _\/ _ \| '__/ _ \/ __| __|
/ / | (_) | | | __/\__ \ |_
\/ \___/|_| \___||___/\__|
Infrastructure
Talk to the forestkeepers in the forest
-channel on Slack.