Skip to content

This terraform module for AWS ECS Service with ALB target group (to be used with terraform-aws-ecs)

License

Notifications You must be signed in to change notification settings

DNXLabs/terraform-aws-ecs-app

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

terraform-aws-ecs-app

Lint Status LICENSE

This terraform module is an AWS ECS Application Module for Scheduler without an Application Load Balancer(ALB), designed to be used with DNXLabs/terraform-aws-ecs (https://github.com/DNXLabs/terraform-aws-ecs).

The following resources will be created:

  • Cloudwatch Metrics alarm - Provides a CloudWatch Metric Alarm resource.

    • Service has less than minimum healthy tasks} healthy tasks
  • IAM roles - The cloudwatch event needs an IAM Role to run the ECS task definition. A role is created and a policy will be granted via IAM policy.

  • IAM policy - Policy to be attached to the IAM Role. This policy will have a trust with the cloudwatch event service. And it will use the managed policy AmazonEC2ContainerServiceEventsRole created by AWS.

  • Simple Notification Service (SNS) topics - Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms.

  • Auto Scaling

    • You can specify the max number of containers to scale with autoscaling. The default is 4
    • You can specify the nin number of containers to scale with autoscaling. The default is 1
  • Cloudwatch Log Groups

    • You can specify the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.
    • Export to a S3 Bucket - Whether to mark the log group to export to an S3 bucket (needs the module terraform-aws-log-exporter (https://github.com/DNXLabs/terraform-aws-log-exporter) to be deployed in the account/region)
  • ECS task definition - A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:

    • Image - Docker image to deploy
    • CPU - Hard limit of the CPU for the container
      • Default Value = 0
    • Memory - Hard memory of the container
      • Default Value = 512
    • Name - Name of the ECS Service
    • Set log configuration
  • ECS Task-scheduler activated by cloudwatch events

In addition you have the option to create or not :

  • Application Load Balancer (ALB)
    • alb - An external ALB
    • alb_internal - A second internal ALB for private APIs
    • alb_only - Deploy only an Application Load Balancer and no cloudFront or not with the cluster
  • Autoscaling
    • Enables or not autoscaling based on average CPU tracking
    • Target average CPU percentage to track for autoscaling
  • Codedeploy
    • Time in minutes to route the traffic to the new application deployment
    • Time in minutes to terminate the new deployment

Requirements

Name Version
terraform >= 1.3
aws >= 4.0.0

Providers

Name Version
aws >= 4.0.0
random n/a

Inputs

Name Description Type Default Required
alarm_ecs_running_tasks_threshold Alarm when the number of ecs service running tasks is lower than a certain value. CloudWatch Container Insights must be enabled for the cluster. number 0 no
alarm_evaluation_periods The number of minutes the alarm must be below the threshold before entering the alarm state. string "2" no
alarm_high_cpu_usage_above Alarm when CPU is above a certain value (use 0 to disable this alarm) number 80 no
alarm_min_healthy_tasks Alarm when the number of healthy tasks is less than this number (use 0 to disable this alarm) number 2 no
alarm_prefix String prefix for cloudwatch alarms. (Optional) string "alarm" no
alarm_sns_topics Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms. list [] no
alb_arn ALB ARN created by ECS cluster module any n/a yes
alb_custom_rules Custom loadbalance listener rule to be added with this application target group
list(object({
name = optional(string)
paths = optional(list(string), [])
hostnames = optional(list(string), [])
source_ips = optional(list(string), [])
http_header = optional(list(string), [])
priority = optional(number)
}))
[] no
alb_dns_name ALB DNS Name string "" no
alb_listener_https_arn ALB HTTPS Listener created by ECS cluster module any n/a yes
alb_name ALB name - Required if it is an internal one string "" no
alb_only Whether to deploy only an alb and no cloudFront or not with the cluster bool false no
alb_priority priority rules ALB (leave 0 to let terraform calculate) number 0 no
auth_oidc_authorization_endpoint Authorization endpoint for OIDC (Google: https://accounts.google.com/o/oauth2/v2/auth) string "" no
auth_oidc_client_id Client ID for OIDC authentication string "" no
auth_oidc_client_secret Client Secret for OIDC authentication string "" no
auth_oidc_enabled Enables OIDC-authenticated listener rule bool false no
auth_oidc_hostnames List of hostnames to use as a condition to authenticate with OIDC list(string) [] no
auth_oidc_issuer Issuer URL for OIDC authentication (Google: https://accounts.google.com) string "" no
auth_oidc_paths List of paths to use as a condition to authenticate (example: ['/admin*']) list(string) [] no
auth_oidc_session_timeout Session timeout for OIDC authentication (default 12 hours) number 43200 no
auth_oidc_token_endpoint Token Endpoint URL for OIDC authentication (Google: https://oauth2.googleapis.com/token) string "" no
auth_oidc_user_info_endpoint User Info Endpoint URL for OIDC authentication (Google: https://openidconnect.googleapis.com/v1/userinfo) string "" no
autoscaling_cpu Enables autoscaling based on average CPU tracking bool false no
autoscaling_custom Set one or more app autoscaling by customized metric
list(object({
name = string
scale_in_cooldown = number
scale_out_cooldown = number
target_value = number
metric_name = string
namespace = string
statistic = string
}))
[] no
autoscaling_max Max number of containers to scale with autoscaling number 4 no
autoscaling_memory Enables autoscaling based on average Memory tracking bool false no
autoscaling_min Min number of containers to scale with autoscaling number 1 no
autoscaling_scale_in_cooldown Cooldown in seconds to wait between scale in events number 300 no
autoscaling_scale_out_cooldown Cooldown in seconds to wait between scale out events number 300 no
autoscaling_target_cpu Target average CPU percentage to track for autoscaling number 50 no
autoscaling_target_memory Target average Memory percentage to track for autoscaling number 90 no
cloudwatch_logs_create Whether to create cloudwatch log resources or not bool true no
cloudwatch_logs_export Whether to mark the log group to export to an S3 bucket (needs terraform-aws-log-exporter to be deployed in the account/region) bool false no
cloudwatch_logs_retention Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. number 120 no
cluster_arn n/a string "ARN of existing ECS Cluster to deploy this app to" no
cluster_name n/a string "Name of existing ECS Cluster to deploy this app to" no
command Command to run on container list(string) null no
compat_keep_target_group_naming Keeps old naming convention for target groups to avoid recreation of resource in production environments bool false no
container_port Port your container listens (used in the placeholder task definition) number 8080 no
cpu Hard limit for CPU for the container number 0 no
dynamic_stickiness Target Group stickiness. Used in dynamic block. any [] no
ecs_service_capacity_provider_strategy (Optional) The capacity provider strategy to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if set to [] and not changing from 0 capacity_provider_strategy blocks to greater than 0, or vice versa. list
[
{}
]
no
efs_mapping A map of efs volume ids and paths to mount into the default task definition map(string) {} no
enable_schedule Enables schedule to shut down and start up instances outside business hours. bool false no
fargate_spot Set true to use FARGATE_SPOT capacity provider by default (only when launch_type=FARGATE) bool false no
healthcheck_interval n/a string "10" no
healthcheck_matcher The HTTP codes to use when checking for a successful response from a target number 200 no
healthcheck_path n/a string "/" no
healthcheck_timeout The amount of time, in seconds, during which no response number 5 no
healthy_threshold The number of consecutive health checks successes required before considering an unhealthy target healthy number 3 no
hosted_zone Hosted Zone to create DNS record for this app string "" no
hosted_zone_id Hosted Zone ID to create DNS record for this app (use this to avoid data lookup when using hosted_zone) string "" no
hosted_zone_is_internal Set true in case the hosted zone is in an internal VPC, otherwise false string "false" no
hostname_create Optional parameter to create or not a Route53 record string "false" no
hostname_redirects List of hostnames to redirect to the main one, comma-separated string "" no
hostnames List of hostnames to create listerner rule and optionally, DNS records for this app list [] no
http_header Header to use on listerner rule with name e values list(any) [] no
image Docker image to deploy (can be a placeholder) string "" no
launch_type The launch type on which to run your service. The valid values are EC2 and FARGATE. Defaults to EC2. string "EC2" no
log_subscription_filter_destination_arn n/a string "" no
log_subscription_filter_enabled n/a string false no
log_subscription_filter_filter_pattern n/a string "" no
log_subscription_filter_role_arn n/a string "" no
memory Hard memory of the container number 512 no
name Name of your ECS service any n/a yes
network_mode The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE) any null no
ordered_placement_strategy Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5.
list(object({
field = string
type = string
}))
[] no
paths List of paths to use on listener rule (example: ['/*']) list(string) [] no
placement_constraints Rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10.
list(object({
type = string
expression = string
}))
[] no
platform_version The platform version on which to run your service. Only applicable for launch_type set to FARGATE. Defaults to LATEST. string "LATEST" no
port Port for target group to listen number 80 no
protocol Protocol to use (HTTP or HTTPS) string "HTTP" no
readonlyrootfilesystem Enable ready only access to root File ssystem. bool false no
redirects Map of path redirects to add to the listener map {} no
schedule_cron_start Cron expression to define when to trigger a start of the auto-scaling group. E.g. 'cron(00 21 ? * SUN-THU *)' to start at 8am UTC time. string "" no
schedule_cron_stop Cron expression to define when to trigger a stop of the auto-scaling group. E.g. 'cron(00 09 ? * MON-FRI *)' to start at 8am UTC time string "" no
security_groups The security groups associated with the task or service any null no
service_deployment_maximum_percent Maximum percentage of tasks to run during deployments number 200 no
service_deployment_minimum_healthy_percent Minimum healthy percentage during deployments number 100 no
service_desired_count Desired count for this service (for use when auto scaling is disabled) number 1 no
service_health_check_grace_period_seconds Time until your container starts serving requests number 0 no
service_role_arn Existing service role ARN created by ECS cluster module any null no
source_ips List of source ip to use on listerner rule list [] no
ssm_variables Map of variables and SSM locations to add to the task definition map(string) {} no
static_variables Map of variables and static values to add to the task definition map(string) {} no
subnets The subnets associated with the task or service. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE) any null no
tags Map of tags that will be added to created resources. By default resources will be tagged with terraform=true. map(string) {} no
task_definition_arn Task definition to use for this service (optional) string "" no
task_role_arn Existing task role ARN created by ECS cluster module any null no
task_role_policies Custom policies to be added on the task role. list [] no
task_role_policies_managed AWS Managed policies to be added on the task role. list [] no
ulimits Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit"
list(object({
name = string
hardLimit = number
softLimit = number
}))
null no
unhealthy_threshold The number of consecutive health check failures required before considering the target unhealthy number 3 no
vpc_id VPC ID to deploy this app to any n/a yes

Outputs

Name Description
aws_cloudwatch_log_group_arn n/a

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.