Skip to content

philips-software/terraform-aws-ecs-service

Repository files navigation

Terraform module for creating an ECS service.

Terraform module for creating a ECS docker service with optional load balancer and DNS record. Has support for both EC2 and Fargate.

Terraform version

  • Terraform 0.12: Pin module to ~> 2+, submit pull request to branch develop
  • Terraform 0.11: Pin module to ~> 1.x, submit pull request to branch terrafomr011

Deprecated

  • enable_alb : Since release 1.3.0 the load balancer can be controlled externally, load balancers can be create via a separate module. In the next major release the embedded alb in this module will be removed.

Notes

Example usages:

Please see the examples:

  • default - shows basic usages such as: ALB, EFS mounts.
  • load-balanced - shows several scenario's for using load balancers attached to an ECS service.
  • fargate - shows several scenario's for using a Fargate ECS service.

Inputs

Name Description Type Default Required
alb_certificate_arn The AWS certificate ARN, required for an ALB via HTTPS. The certificate should be available in the same zone. string "" no
alb_container_port The container port to associate with the load balancer. number 0 no
alb_port Defines to port for the ALB. number 443 no
alb_protocol Defines the ALB protocol to be used. string "HTTPS" no
alb_timeout The idle timeout in seconds of the ALB number 60 no
awsvpc_service_security_groups List of security groups to be attached to service running in awsvpc network mode. Required for launch type FARGATE. list [] no
awsvpc_service_subnetids List of subnet ids to which a service is deployed in fargate mode. list [] no
container_cpu CPU shares to be assigned to the container. Required for FARGATE string "" no
container_memory Memory to be assigned to the container. number 400 no
container_ports The container ports to be exposed. Optionally can include protocol (e.g. 8080, 8080/tcp, 8080/udp). list n/a yes
container_ssl_enabled Set to true if container has SSL enabled. This requires that the container can handle HTTPS traffic. bool false no
desired_count The number of desired tasks number 1 no
dns_name The name DNS name. string "" no
dns_zone_id The ID of the DNS zone. string "" no
docker_environment_vars A JSON formated array of tuples of docker enviroment variables. string "" no
docker_image Name of te docker image. string n/a yes
docker_image_tag The docker image version (e.g. 1.0.0 or latest). string "latest" no
docker_logging_config The configuration for docker container logging string "" no
docker_mount_points Defines the the mount point for the container. string "" no
docker_repository The location of the docker repository (e.g. 123456789.dkr.ecr.eu-west-1.amazonaws.com). string "docker.io" no
ecs_cluster_id The id of the ECS cluster where this service will be launched. string n/a yes
ecs_cluster_name The name of the ECS cluster where this service will be launched. string n/a yes
ecs_service_role ECS service role. Required when using a load balancer when launch type is not FARGATE string "" no
ecs_services_dependencies A list of arns can be provided to which the creation of the ecs service is depended. list(string) [] no
enable_alb If true an ALB is created. bool false no
enable_dns Enable creation of DNS record. bool true no
enable_load_balanced Enables load balancing for a service by creating a target group and listener rule. This option should NOT be used together with enable_target_group_connection delegates the creation of the target group to component that use this module. bool false no
enable_monitoring If true monitoring alerts will be created if needed. bool true no
enable_target_group_connection If true a load balancer is created for the service which will be connected to the target group specified in target_group_arn. Creating a load balancer for an ecs service requires a target group with a connected load balancer. To ensure the right order of creation, provide a list of depended arns in ecs_services_dependencies bool false no
environment Name of the environment (e.g. project-dev); will be prefixed to all resources. string n/a yes
health_check Health check for the target group, will overwrite the defaults (merged). Defaults: protocol=HTTP or HTTPS depends on container_ssl, path=/, matcher=200-399 and interval=30. map(string) {} no
health_check_grace_period_seconds Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 1800. Only valid for services configured to use load balancers. string "0" no
health_check_interval The approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. Default 30 seconds. string "30" no
health_check_matcher HTTP result code used for health validation. string "200-399" no
health_check_path The url path part for the health check endpoint. string "/" no
internal_alb If true this ALB is only available within the VPC, default (false) is publicly accessable (internetfacing). bool false no
launch_type Sets launch type for service. Options are: EC2, FARGATE. Default is EC2. string "EC2" no
lb_listener_rule_condition The condition for the LB listener rule which is created when enable_load_balanced is set. map(string)
{
"field": "path-pattern",
"values": "/*"
}
no
listener_arn Required for enable_load_balanced, provide the arn of the listener connected to a load balancer. By default a rule to the root of the listener will be created. string "" no
monitoring_sns_topic_arn ARN for the SNS topic to send alerts to. string "" no
networkmode The network mode this container should run in. Default is bridge. string "bridge" no
project Project cost center / cost allocation. string n/a yes
service_name Name of the service to be created. string n/a yes
ssl_policy SSL policy applied to an SSL enabled ALB, see https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html string "ELBSecurityPolicy-TLS-1-2-2017-01" no
subnet_ids List of subnet ids to deploy the ALB. list(string) [] no
tags A map of tags to add to the resources map(string) {} no
target_group_arn Required for enable_target_group_connection provides the target group arn to be connected to the ecs load balancer. Ensure you provide the arns of the listeners or listeners rule conntected to the target group as ecs_services_dependencies. string "" no
task_role_arn The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. string "" no
volumes Defines the volumes that can be mounted to a container. list(map(string)) [] no
vpc_id The VPC to launch the ALB in in (e.g. vpc-66ecaa02). string "" no

Outputs

Name Description
alb_dns_name DNS address of the load balancer, if created.
alb_route53_dns_name Route 53 DNS name, if created.
aws_alb_target_group_arn ARN of the loadbalancer target group.

Automated checks

Currently the automated checks are limited. In CI the following checks are done for the root and each example.

  • lint: terraform validate and terraform fmt
  • basic init / get check: terraform init -get -backend=false -input=false

Generation variable documentation

A markdown table for variables can be generated as follow. Generation requires awk and terraform-docs installed.

 .ci/bin/terraform-docs.sh markdown

Philips Forest

This module is part of the Philips Forest.

                                                     ___                   _
                                                    / __\__  _ __ ___  ___| |_
                                                   / _\/ _ \| '__/ _ \/ __| __|
                                                  / / | (_) | | |  __/\__ \ |_
                                                  \/   \___/|_|  \___||___/\__|

                                                                 Infrastructure

Talk to the forestkeepers in the forest-channel on Slack.

Slack