terraform-aws-ecs-service

Terraform module for deploying and managing a generic ECS service onto an existing cluster.

Required

• region - AWS region in which the EC2 Container Service cluster is located
• ecs_cluster - EC2 Container Service cluster in which the service will be deployed (must already exist, the module will not create it).
• service_identifier - Unique identifier for the service, used in naming resources.
• task_identifier - Unique identifier for the task, used in naming resources.
• docker_image - Docker image specification.

Usage

module "pganalyze_testdb" {
  source             = "github.com/terraform-community-modules/tf_aws_ecs_service?ref = v1.0.0"
  region             = "${data.aws_region.current.name}"
  ecs_cluster        = "my-ecs-cluster"
  service_identifier = "pganalyze"
  task_identifier    = "testdb"
  docker_image       = "quay.io/pganalyze:stable"

  docker_environment = [
    {
      "name"  = "DB_URL",
      "value" = "postgres://user:password@host:port/database",
    },
  ]
}

Authors

Steve Huff Tim Hartmann

Changelog

2.1.0 - IAM role outputs.

1.0.0 - Initial release.

License

This software is released under the MIT License (see LICENSE).

Inputs

Name	Description	Type	Default	Required
acm_cert_domain	Domain name of ACM-managed certificate	string	""	no
app_port	Numeric port on which application listens (unnecessary if neither lb_enable_https or lb_enable_http are true)	string	""	no
attributes	Suffix name with additional attributes (policy, role, etc.)	list	<list>	no
container_definition	Container definition when not using module default definition	string	""	no
container_definition_additional	Additional parameters to add to container definition. This is a json substring	string	""	no
delimiter	Delimiter to be used between name, namespaces, attributes, etc.	string	"-"	no
dns_aliases	Additional DNS names	list	<list>	no
dns_parent_zone_name	DNS name of the parent zone to put this in	string	""	no
docker_command	String to override CMD in Docker container (default "")	string	""	no
docker_environment	List of environment maps of format { "name" = "var_name", "value" = "var_value" }	list	<list>	no
docker_image	Docker image to use for task	string	""	no
docker_memory	Hard limit on memory use for task container (default 256)	string	"256"	no
docker_memory_reservation	Soft limit on memory use for task container (default 128)	string	"128"	no
docker_mount_points	List of mount point maps of format { "sourceVolume" = "vol_name", "containerPath" = "path", ["readOnly" = "true or false" ] }	list	<list>	no
docker_port_mappings	List of port mapping maps of format { "containerPort" = integer, [ "hostPort" = integer, "protocol" = "tcp or udp" ] }	list	<list>	no
docker_registry	Docker register for image	string	""	no
docker_volumes	List of volume maps of format { "name" = "var_name", "host_path" = "var_value" }	list	<list>	no
ecs_cluster_arn	ARN of ECS cluster in which the service will be deployed	string	n/a	yes
ecs_data_volume_path	Path to volume on ECS node to be defined as a "data" volume (default "/opt/data")	string	"/opt/data"	no
ecs_deployment_maximum_percent	Upper limit in percentage of tasks that can be running during a deployment (default 200)	string	"200"	no
ecs_deployment_minimum_healthy_percent	Lower limit in percentage of tasks that must remain healthy during a deployment (default 100)	string	"100"	no
ecs_desired_count	Desired number of containers in the task (default 1)	string	"1"	no
ecs_log_retention	Number of days of ECS task logs to retain (default 3)	string	"3"	no
ecs_placement_constraints	Placement contraints to use when distributing tasks	list	<list>	no
ecs_placement_strategy_field	Container metadata field to use when distributing tasks (default memory)	string	"memory"	no
ecs_placement_strategy_type	Placement strategy to use when distributing tasks (default binpack)	string	"binpack"	no
ecs_security_group_id	Security group ID of ECS cluster in which the service will be deployed	string	n/a	yes
enable_lb	Set to false to prevent the module from creating a Load Balancer	string	"true"	no
enabled	Set to false to prevent the module from creating anything	string	"true"	no
environment	Environment (ex: dev, qa, stage, prod). (Second or top level namespace. Depending on namespacing options)	string	n/a	yes
extra_task_policy_arns	List of ARNs of IAM policies to be attached to the ECS task role (in addition to the default policy, so cannot be more than 9 ARNs)	list	<list>	no
lb_cookie_duration	Duration of LB session stickiness cookie in seconds (default 86400)	string	"86400"	no
lb_enable_http	Enable HTTP listener in LB (http or https MUST be enabled)	string	"true"	no
lb_enable_https	Enable HTTPS listener in LB (http or https MUST be enabled)	string	"false"	no
lb_healthcheck_healthy_threshold	Number of consecutive successful health checks before marking service as healthy (default 5)	string	"5"	no
lb_healthcheck_interval	Time in seconds between LB health checks (default 30)	string	"30"	no
lb_healthcheck_matcher	HTTP response codes to accept as healthy (default 200)	string	"200-399"	no
lb_healthcheck_path	URI path for LB health checks (default /)	string	"/"	no
lb_healthcheck_port	Port for LB to use when connecting health checks (default same as application traffic)	string	"traffic-port"	no
lb_healthcheck_protocol	Protocol for LB to use when connecting health checks (default HTTP)	string	"HTTP"	no
lb_healthcheck_timeout	Timeout in seconds for LB to use when connecting health checks (default 5)	string	"5"	no
lb_healthcheck_unhealthy_threshold	Number of consecutive failed health checks before marking service as unhealthy (default 2)	string	"5"	no
lb_https_ports	HTTPS ports load balancer should listen on	string	"443"	no
lb_ingress_cidr_blocks	List of ingress CIDR blocks for load balancer	list	<list>	no
lb_internal	Configure LB as internal-only	string	"true"	no
lb_ports	Ports load balancer should listen on	string	"80"	no
lb_stickiness_enabled	Enable LB session stickiness (default false)	string	"false"	no
lb_subnet_ids	VPC subnet IDs in which to create the LB (unnecessary if neither lb_enable_https or lb_enable_http are true)	list	<list>	no
lb_type	Type of LB to create: application, network	string	"application"	no
log_group_name	Name for CloudWatch Log Group that will receive collector logs (must be unique, default is created from service_identifier and task_identifier)	string	""	no
name	Base name for resources	string	n/a	yes
namespace-env	Prefix name with the environment. If true, format is: -	string	"true"	no
namespace-org	Prefix name with the organization. If true, format is: -. If both env and org namespaces are used, format will be --	string	"false"	no
network_mode	Docker network mode for task (default "bridge")	string	"bridge"	no
organization	Organization name (Top level namespace).	string	""	no
region	AWS region in which ECS cluster is located (default is 'us-east-1')	string	"us-east-1"	no
service_identifier	Unique identifier for this pganalyze service (used in log prefix, service name etc.)	string	"service"	no
tags	A map of additional tags	map	<map>	no
task_identifier	Unique identifier for this pganalyze task (used in log prefix, service name etc.)	string	"task"	no
vpc_id	ID of VPC in which ECS cluster is located	string	n/a	yes

Outputs

Name	Description
cluster_arn	ECS cluster ARN
container_json
lb_dns_aliases	List of DNS aliases add for ALB
lb_dns_name	FQDN of ALB provisioned for service (if present)
lb_zone_id	Route 53 zone ID of ALB provisioned for service (if present)
log_group_name	Cloudwatch log group name for service
service_arn	ECS service ARN
service_iam_role_arn	ARN of the IAM Role for the ECS Service
service_iam_role_name	Name of the IAM Role for the ECS Task
service_name	ECS service name
task_iam_role_arn	ARN of the IAM Role for the ECS Task
task_iam_role_name	Name of the IAM Role for the ECS Task

Resource Graph of plan