- Web server apps with ALB
- ALB listener rules registrations.
- TCP/UDP servers with NLB
- Workers.
- Cron jobs.
- EC2 or FARGATE launch type.
- Autoscaling
- Volume mounts
- Webserver as a sidecar container
- Secrets from AWS Secrets Manager
module "app" {
source = "registry.terraform.io/l4gdev/ecs-service/aws"
version = "xxxxx"
application_config = {
name = var.application_name
environment = var.environment
cpu = 0,
memory = 0,
port = 5000
image = var.image,
environments_variables = merge(
local.app_envs,
)
}
web_server = {
enabled = true
name = "nginx"
image = var.nginx_image
port = 80
}
placement_constraints = [
{
type = "memberOf"
expression = "attribute:ecs.instance-type =~ c5.*"
}
]
list_of_secrets_in_secrets_manager_to_load = []
aws_alb_listener_rule_conditions = [
{
type = "host_header",
values = var.domains
}
]
health_checks = [
{
enabled = true
healthy_threshold = 5
interval = 10
matcher = 200
path = "/api/v1/health"
timeout = 5
unhealthy_threshold = 5
}
]
ecs_settings = {
ecs_launch_type = "EC2",
ecs_cluster_name = local.ecs_cluster_name,
run_type = "WEB",
}
alb_listener_arn = data.terraform_remote_state.backend.outputs.alb_arn
alb_deregistration_delay = 30
tags = {
Environment = var.environment
Service = var.application_name
}
service_policy = data.aws_iam_policy_document.app_policy.json
vpc_id = local.vpc.vpc_id
deployment = {
first_deployment_desired_count = 1
minimum_healthy_percent = 50
maximum_healthy_percent = 200
enable_asg = false
}
}
locals {
worker_configuration = [
{
args = "my:awesome:consumer",
desired_count = 1,
},
]
}
module "asset-workers" {
source = "registry.terraform.io/l4gdev/ecs-service/aws"
version = "xxxx"
for_each = { for worker in local.worker_configuration : replace(worker.args, ":", "-") => worker }
application_config = {
name = "worker-${each.key}",
cpu = 0,
memory = 150,
port = 0
image = var.image,
environment = var.environment
environments_variables = local.app_envs
}
deployment = {
first_deployment_desired_count = 1
minimum_healthy_percent = 50
maximum_healthy_percent = 200
enable_asg = true
auto_scaling = {
minimum = 1
maximum = 10
rules = [
{
name = "cpu_scale_up"
metric = "CPUUtilization"
statistic = "Average"
comparison_operator = "GreaterThanOrEqualToThreshold"
metric_period = 120
cooldown = 60
threshold = 40
period = 60
evaluation_periods = 2 #datapoins
scaling_adjustment = 2
}, {
name = "cpu_scale_down"
metric = "CPUUtilization"
statistic = "Average"
comparison_operator = "LessThanThreshold"
metric_period = 120
cooldown = 300
threshold = 20
period = 60
evaluation_periods = 5
scaling_adjustment = -1
}
]
}
}
list_of_secrets_in_secrets_manager_to_load = local.list_of_secrets_in_secrets_manager_to_load
worker_configuration = {
execution_script = local.execution_script
args = each.value["args"]
}
desired_count = each.value["desired_count"]
ecs_settings = {
ecs_launch_type = "EC2",
ecs_cluster_name = local.terraform_env.ecs_cluster.name,
run_type = "WORKER",
}
tags = {
Environment = var.environment
Service = var.application_name
}
security_groups = [local.terraform_env.ecs_cluster.security_group_id]
subnets = local.terraform_env.vpc.private_subnets
vpc_id = local.terraform_env.vpc.vpc_id
service_policy = data.aws_iam_policy_document.app_policy.json
}
Name | Version |
---|---|
terraform | >= 1.3.0 |
Name | Version |
---|---|
aws | 4.59.0 |
local | 2.4.0 |
Name | Source | Version |
---|---|---|
asg | ./asg | n/a |
cron | ./cron/ | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alb_deregistration_delay | The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds | number |
30 |
no |
alb_listener_arn | The ARN of the listener to which to attach the routing rule. | string |
"" |
no |
alb_slow_start | The amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.The amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds. | number |
0 |
no |
application_config | n/a | object({ |
n/a | yes |
aws_alb_listener_rule_conditions | Example [{ type = "host_header", values = ["google.com"] }, { type = "path_pattern", values = ["/"] }] | list(object({ |
[] |
no |
aws_alb_listener_rule_conditions_advanced | A list of maps describing the conditions of the rule. The order in which conditions are specified is not significant. Any condition block with a type of path-pattern or host-header must include a values block. For any other condition type, only one values block can be specified. For more information, see the AWS documentation on Listener Rules. Example: | list(object({ |
null |
no |
capacity_provider_strategy | n/a | list(object({ |
[] |
no |
cloudwatch_logs | Cloudwatch logs configuration | object({ |
{ |
no |
cron | Allows to set cron jobs using aws event bridge please check examples | object({ |
null |
no |
deployment | Desired count will be ignored after first deployment | object({ |
n/a | yes |
docker_labels | Docker labels to be added to the container. The labels map is a set of key/value pairs. Application container is named var.application_config.name .To add labels to webserver you have to set container_name to webserver name for example nginx. | list(object({ |
[] |
no |
ecs_settings | n/a | object({ |
n/a | yes |
enable_code_build | Enable code build | bool |
false |
no |
fargate_datadog_sidecar_parameters | n/a | object({ |
{ |
no |
health_checks | Health check configuration for the service. | list(object({ |
[ |
no |
list_of_secrets_in_secrets_manager_to_load | List of names of secret manager secrets to load by theirs name. Module will load all secrets from secret manager and put them to envs. | set(string) |
[] |
no |
network_lb | Network load balancer configuration | object({ |
{ |
no |
network_mode | The network mode to use for the tasks. The valid values are awsvpc, bridge, host, and none. If no network mode is specified, the default is bridge. | string |
null |
no |
ordered_placement_strategy | https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html | list(object({ |
[ |
no |
placement_constraints | Placement constraints for the task | list(object({ |
[] |
no |
scheduling_strategy | Scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Tasks using the Fargate launch type or the CODE_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy. | string |
"REPLICA" |
no |
security_groups | Setting requires network_mode to be set to awsvpc. | list(string) |
[] |
no |
service_policy | please use aws_iam_policy_document to define your policy | string |
"" |
no |
store_secrets_at_s3 | Store secrets at s3 bucket, i dont recommend this option | object({ |
{ |
no |
subnets | Setting requires network_mode to be set to awsvpc. | list(string) |
[] |
no |
tags | A mapping of tags to assign to the resource. | map(string) |
{} |
no |
use_static_port_on_ec2 | If set to true, the service will use the random port on the EC2 instances. | bool |
false |
no |
volumes | Volumes to attach to the container. This parameter maps to Volumes in the Create a container section of the Docker Remote API and the --volume option to docker run. List of maps with keys: name, host_path, container_path, read_only | list(any) |
[] |
no |
volumes_mount_point | Volumes mount point at host | list(object({ |
[] |
no |
vpc_id | The ID of the VPC. | string |
n/a | yes |
web_server | n/a | object({ |
{ |
no |
worker_configuration | Allows to set worker configuration | object({ |
null |
no |
Name | Description |
---|---|
s3_secrets | n/a |
task_iam_role_arn | n/a |
task_iam_role_name | n/a |