terraform-aws-ecs-app

Terraform module which creates a ecs app

Requirements

Name	Version
terraform	>= 1.3.0
aws	>= 4.67
elasticsearch	2.0.7
elasticstack	0.11.11
gosoline	1.4.1
grafana	3.10.0
sentry	0.13.2

Providers

Name	Version
aws	>= 4.67

Modules

Name	Source	Version
alarm_service_resources	justtrackio/alarm-service-resources/aws	1.2.0
alb_ingress	cloudposse/alb-ingress/aws	0.28.0
cloudwatch_label	justtrackio/label/null	0.26.0
container_definition	cloudposse/ecs-container-definition/aws	0.61.1
container_definition_fluentbit	cloudposse/ecs-container-definition/aws	0.61.1
ecr	terraform-aws-modules/ecr/aws	2.3.0
ecr_label	justtrackio/label/null	0.26.0
ecs_label	justtrackio/label/null	0.26.0
ecs_service_task_customized_autoscaling	justtrackio/ecs-autoscaling/aws	1.2.0
ecs_service_task_predefined_autoscaling	justtrackio/ecs-autoscaling/aws	1.2.0
ecs_service_task_schedule	justtrackio/ecs-autoscaling/aws	1.2.0
monitoring	justtrackio/ecs-gosoline-monitoring/aws	2.6.2
sentry	justtrackio/project/sentry	1.4.2
service_task	justtrackio/ecs-alb-service-task/aws	1.5.0
ssm_label	justtrackio/label/null	0.26.0
this	justtrackio/label/null	0.26.0

Resources

Name	Type
aws_cloudwatch_log_group.default	resource
aws_ssm_parameter.container_cpu	resource
aws_ssm_parameter.container_memory	resource
aws_ecr_lifecycle_policy_document.lifecycle	data source
aws_ecs_cluster.default	data source
aws_lb.default	data source
aws_lb_listener.http	data source
aws_lb_listener.https	data source
aws_ssm_parameter.container_tag	data source
aws_ssm_parameter.grafana_token	data source
aws_ssm_parameter.keep_api_key	data source
aws_ssm_parameter.sentry_token	data source
aws_vpc.default	data source

Inputs

Name	Description	Type	Default	Required
additional_tag_map	Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id. This is for some rare cases where resources want additional configuration of tags and therefore take a list of maps with tag key, value, and additional configuration.	map(string)	{}	no
alarm_consumer	This can be used to override alarms for consumers. Keys are names of the consumers.	map(object({ alarm_description = optional(string) datapoints_to_alarm = optional(number, 3) evaluation_periods = optional(number, 3) period = optional(number, 60) success_rate_threshold = optional(number, 99) alarm_levels = optional(list(string), ["warning", "high"]) }))	{}	no
alarm_enabled	Defines if alarms should be created	bool	false	no
alarm_gateway	This can be used to override alarms for gateway routes. Keys are names of the gateway route.	map(object({ alarm_description = optional(string) datapoints_to_alarm = optional(number, 3) evaluation_periods = optional(number, 3) period = optional(number, 60) success_rate_threshold = optional(number, 99) alarm_levels = optional(list(string), ["warning", "high"]) }))	{}	no
alarm_kinsumer	This can be used to override alarms for kinsumers. Keys are names of the kinsumers.	map(object({ alarm_description = optional(string) datapoints_to_alarm = optional(number, 1) evaluation_periods = optional(number, 1) period = optional(number, 60) threshold_seconds_behind = optional(number, 3600) alarm_levels = optional(list(string), ["warning", "high"]) }))	{}	no
alarm_scheduled	This can be used to override scheduled alarm	object({ alarm_description = optional(string) datapoints_to_alarm = optional(number, 1) evaluation_periods = optional(number, 1) period = optional(number, 60) threshold = optional(number, 0) alarm_priority = optional(string, "high") })	{}	no
alarm_service_resources_cpu_average	Average CPUUtilization alarm specs	object({ datapoints_to_alarm = optional(number, 6) evaluation_periods = optional(number, 6) period = optional(number, 300) threshold = optional(number, 125) })	{ "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "threshold": 125 }	no
alarm_service_resources_cpu_maximum	Maximum CPUUtilization alarm specs	object({ datapoints_to_alarm = optional(number, 15) evaluation_periods = optional(number, 15) period = optional(number, 60) threshold = optional(number, 150) })	{ "datapoints_to_alarm": 15, "evaluation_periods": 15, "period": 60, "threshold": 150 }	no
alarm_service_resources_enabled	Defines if resource alarms should be created	bool	false	no
alarm_service_resources_memory_average	Average MemoryUtilization alarm specs	object({ datapoints_to_alarm = optional(number, 6) evaluation_periods = optional(number, 6) period = optional(number, 300) threshold = optional(number, 125) })	{ "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "threshold": 125 }	no
alarm_service_resources_memory_maximum	Maximum MemoryUtilization alarm specs	object({ datapoints_to_alarm = optional(number, 15) evaluation_periods = optional(number, 15) period = optional(number, 60) threshold = optional(number, 150) })	{ "datapoints_to_alarm": 15, "evaluation_periods": 15, "period": 60, "threshold": 150 }	no
alarm_service_resources_priority	Priority for service resources alarms	string	"info"	no
alarm_service_resources_treat_missing_data	How to treat missing data, defaults to 'breaching'	string	"breaching"	no
alb_health_check	ALB target group healthy check values	object({ enabled = optional(bool, true) healthy_threshold = optional(number, 2) unhealthy_threshold = optional(number, 2) threshold = optional(number, 2) interval = optional(number, 30) timeout = optional(number, 10) matcher = optional(string, "200") path = optional(string, "/health") port = optional(string, "traffic-port") protocol = optional(string, "HTTP") })	{}	no
alb_name	Name of the alb used to attach the target group	string	""	no
alb_stickiness_enabled	Boolean to enable / disable stickiness. Default is true	bool	false	no
alb_unauthenticated_hosts	Unauthenticated hosts to match in Hosts header	list(string)	[]	no
alb_unauthenticated_paths	Unauthenticated path pattern to match (a maximum of 1 can be defined)	list(string)	[ "*" ]	no
alb_unauthenticated_priority	The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from authenticated_priority since a listener can't have multiple rules with the same priority	number	100	no
app_image_tag	The default container image to use in container definition	string	null	no
attributes	ID element. Additional attributes (e.g. workers or cluster) to add to id, in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the delimiter and treated as a single ID element.	list(string)	[]	no
autoscaling_customized_metric_name	The name of the metric	string	""	no
autoscaling_customized_statistic	The name of the metric	string	"Average"	no
autoscaling_customized_unit	The name of the metric	string	"Count"	no
autoscaling_enabled	Defines if autoscaling should be enabled	bool	false	no
autoscaling_max_capacity	Maximum number of running instances of a Service	number	200	no
autoscaling_min_capacity	Minimum number of running instances of a Service	number	1	no
autoscaling_predefined_metric_type	The metric type	string	null	no
autoscaling_scale_in_cooldown	The amount of time, in seconds, after a scale in activity completes before another scale in activity can start	number	60	no
autoscaling_scale_out_cooldown	The amount of time, in seconds, after a scale out activity completes before another scale out activity can start	number	60	no
autoscaling_schedule	Provides an Application AutoScaling ScheduledAction resource	list(object({ schedule = string min_capacity = number max_capacity = number }))	[]	no
autoscaling_target_value	The target value for the metric	number	null	no
aws_account_id	AWS account id	string	null	no
aws_region	AWS region	string	null	no
circuit_breaker_deployment_enabled	If true, enable the deployment circuit breaker logic for the service	bool	false	no
circuit_breaker_rollback_enabled	If true, Amazon ECS will roll back the service if a service deployment fails	bool	false	no
cloudwatch_log_group_enabled	A boolean to disable cloudwatch log group creation	bool	true	no
container_cpu	The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)	number	null	no
container_map_environment	The environment variables to pass to the container. This is a map of string: {key: value}. environment overrides map_environment	map(string)	null	no
container_map_secrets	The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets	map(string)	null	no
container_memory	The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html)	number	null	no
container_memory_reservation	The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than container_memory if set	number	null	no
container_start_timeout	Time duration (in seconds) to wait before giving up on resolving dependencies for a container	number	null	no
container_stop_timeout	Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own	number	null	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	any	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "descriptor_formats": {}, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "labels_as_tags": [ "unset" ], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {}, "tenant": null }	no
delimiter	Delimiter to be used between ID elements. Defaults to - (hyphen). Set to "" to use no delimiter at all.	string	null	no
deployment_maximum_percent	The upper limit of the number of tasks (as a percentage of desired_count) that can be running in a service during a deployment	number	200	no
deployment_minimum_healthy_percent	The lower limit (as a percentage of desired_count) of the number of tasks that must remain running and healthy in a service during a deployment	number	100	no
descriptor_formats	Describe additional descriptors to be output in the descriptors output map. Map of maps. Keys are names of descriptors. Values are maps of the form {<br/> format = string<br/> labels = list(string)<br/>} (Type is any so the map values can later be enhanced to provide additional options.) format is a Terraform format string to be passed to the format() function. labels is a list of labels, in order, to pass to format() function. Label values will be normalized before being passed to format() so they will be identical to how they appear in id. Default is {} (descriptors output will be empty).	any	{}	no
desired_count	The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type)	number	1	no
docker_labels	The configuration options to send to the docker_labels	map(string)	null	no
domain	The default domain	string	n/a	yes
ecr_repository_lifecycle_policy	The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs	string	null	no
elasticsearch_host	Defines the elasticsearch host to query for logs	string	null	no
elasticsearch_index_template	This defines the properties used within the index template (Only used if create_elasticsearch_data_stream is true)	object({ additional_fields = map(any) name = string priority = number node_name = string number_of_shards = number number_of_replicas = number })	{ "additional_fields": {}, "name": "", "node_name": "*", "number_of_replicas": 1, "number_of_shards": 1, "priority": 250 }	no
elasticsearch_lifecycle_policy	This defines the properties used within the index lifecycle management policy (Only used if create_elasticsearch_data_stream is true)	object({ delete_phase_min_age = string hot_phase_max_primary_shard_size = string hot_phase_max_age = optional(string) warm_phase_min_age = string warm_phase_number_of_replicas = number })	{ "delete_phase_min_age": "28d", "hot_phase_max_primary_shard_size": "10gb", "warm_phase_min_age": "1d", "warm_phase_number_of_replicas": 0 }	no
enabled	Set to false to prevent the module from creating any resources	bool	null	no
environment	ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'	string	null	no
exec_enabled	Specifies whether to enable Amazon ECS Exec for the tasks within the service	bool	true	no
gosoline_metadata	Define custom metadata for the gosoline provider	object({ domain = optional(string), use_https = optional(string), port = optional(string) })	null	no
gosoline_name_patterns	Define custom name patters for the gosoline provider	object({ hostname = optional(string), cloudwatch_namespace = optional(string), ecs_cluster = optional(string), ecs_service = optional(string), grafana_cloudwatch_datasource = optional(string), grafana_elasticsearch_datasource = optional(string) })	{ "cloudwatch_namespace": "{env}/{group}/{app}", "ecs_cluster": "{env}", "ecs_service": "{group}-{app}", "grafana_cloudwatch_datasource": "cloudwatch-{family}", "grafana_elasticsearch_datasource": "elasticsearch-{env}-{family}-{group}-{app}", "hostname": "{scheme}://{app}.{group}.{env}.{metadata_domain}:{port}" }	no
grafana_dashboard_url	Url of the grafana dashboard	string	null	no
health_check_grace_period_seconds	Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers	number	0	no
healthcheck	A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries)	object({ command = list(string) retries = number timeout = number interval = number startPeriod = number })	null	no
id_length_limit	Limit id to this many characters (minimum 6). Set to 0 for unlimited length. Set to null for keep the existing setting, which defaults to 0. Does not affect id_full.	number	null	no
ignore_changes_desired_count	Whether to ignore changes for desired count in the ECS service	bool	true	no
ignore_changes_task_definition	Ignore changes (like environment variables) to the ECS task definition	bool	false	no
kibana_data_view_enabled	Defines whether there will be a kibana data view	bool	true	no
kibana_host	Defines the kibana host	string	null	no
kibana_space_id	Space identifier to place the kibana data view into	string	null	no
label_key_case	Controls the letter case of the tags keys (label names) for tags generated by this module. Does not affect keys of tags passed in via the tags input. Possible values: lower, title, upper. Default value: title.	string	null	no
label_order	The order in which the labels (ID elements) appear in the id. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.	list(string)	null	no
label_orders	Overrides the labels_order for the different labels to modify ID elements appear in the id	object({ cloudwatch = optional(list(string), ["environment", "stage", "name"]), ecr = optional(list(string)), ecs = optional(list(string), ["stage", "name"]), ec2 = optional(list(string), ["environment", "stage", "name"]), iam = optional(list(string)), sentry = optional(list(string), ["stage", "name"]), ssm = optional(list(string)), vpc = optional(list(string)), elasticsearch = optional(list(string), ["environment", "namespace", "stage", "name"]) kibana = optional(list(string)) })	{}	no
label_value_case	Controls the letter case of ID elements (labels) as included in id, set as tag values, and output by this module individually. Does not affect values of tags passed in via the tags input. Possible values: lower, title, upper and none (no transformation). Set this to title and set delimiter to "" to yield Pascal Case IDs. Default value: lower.	string	null	no
labels_as_tags	Set of labels (ID elements) to include as tags in the tags output. Default is to include all labels. Tags with empty values will not be included in the tags output. Set to [] to suppress all generated tags. Notes: The value of the name tag, if included, will be the id, not the name. Unlike other null-label inputs, the initial setting of labels_as_tags cannot be changed in later chained modules. Attempts to change it will be silently ignored.	set(string)	[ "default" ]	no
launch_type	The ECS launch type (valid options: FARGATE or EC2)	string	"EC2"	no
log_driver	The log driver to use for the container. If using Fargate launch type, only supported value is awslogs	string	"awsfirelens"	no
log_retention_in_days	The number of days to retain logs for the log group	number	1	no
log_router_container_cpu	The log router cpu reservation for the ECS task definition	string	30	no
log_router_container_memory_reservation	The log router memory reservation for the ECS task definition	string	64	no
log_router_essential	Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value	bool	false	no
log_router_image_repository	Container registry repository url	string	n/a	yes
log_router_image_tag	The default container image to use in container definition	string	"stable-3.0.7"	no
log_router_options	The log router options to use	map(string)	{ "config-file-type": "file", "config-file-value": "/fluent-bit/etc/extra.conf" }	no
log_router_stop_timeout	Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own	number	60	no
log_router_type	The log router type to use	string	"fluentbit"	no
metric_based_autoscaling_ignore_changes_min_max_capacity	Whether or not to ignore min_capacity/max_capacity changes on the aws_appautoscaling_target of the metric based autoscaling module	bool	false	no
metric_calculator_enabled	Whether to use the metrics produced by the metric calculator for autoscaling (gosoline feature), see: https://github.com/justtrackio/gosoline	bool	null	no
metric_enabled	Defines if metrics should be written	bool	n/a	yes
monitoring_enabled	Defines if the monitoring module should be created	bool	true	no
name	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a tag. The "name" tag is set to the full id string. There is no tag with the value of the name input.	string	null	no
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	string	null	no
network_mode	The network mode to use for the task. This is required to be awsvpc for FARGATE launch_type or null for EC2 launch_type	string	null	no
ordered_placement_strategy	Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5. See ordered_placement_strategy	list(object({ type = string field = string }))	[ { "field": "instanceId", "type": "spread" } ]	no
organizational_unit	Usually used to indicate the AWS organizational unit, e.g. 'prod', 'sdlc'	string	null	no
port_gateway	Define the gateway port	number	8088	no
port_health	Define the health port	number	8090	no
port_mappings	The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort	list(object({ containerPort = number hostPort = number protocol = string }))	[]	no
port_metadata	Define the metadata port	number	8070	no
propagate_tags	Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION	string	null	no
regex_replace_chars	Terraform regular expression (regex) string. Characters matching the regex will be removed from the ID elements. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.	string	null	no
scheduled_autoscaling_ignore_changes_min_max_capacity	Whether or not to ignore min_capacity/max_capacity changes on the aws_appautoscaling_target of the scheduled autoscaling module	bool	true	no
sentry_alarm_action_match	Trigger actions when an event is captured by Sentry and any or all of the specified conditions happen.	string	"any"	no
sentry_alarm_actions	List of actions. In JSON string format.	string	"[]"	no
sentry_alarm_conditions	List of conditions. In JSON string format.	string	"[]"	no
sentry_alarm_filter_match	A string determining which filters need to be true before any actions take place. Required when a value is provided for filters.	string	"all"	no
sentry_alarm_filters	A list of filters that determine if a rule fires after the necessary conditions have been met. In JSON string format.	string	null	no
sentry_alarm_frequency	Perform actions at most once every X minutes for this issue.	number	5	no
sentry_dsn	Define a custom sentry dsn if sentry_enabled is set to false	string	null	no
sentry_enabled	Set to false to prevent the module from creating any resources for sentry	bool	true	no
service_placement_constraints	The rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See placement_constraints docs	list(object({ type = string expression = string }))	[]	no
service_registries	Zero or one service discovery registries for the service. The currently supported service registry is Amazon Route 53 Auto Naming Service - aws_service_discovery_service; see service_registries docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1" Service registry is object with required key registry_arn = string and optional keys port = number container_name = string container_port = number	list(any)	[]	no
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	string	null	no
tags	Additional tags (e.g. {'BusinessUnit': 'XYZ'}). Neither the tag keys nor the tag values will be modified by this module.	map(string)	{}	no
target_group_arn	ARN of the target group to register the task into. Only works when alb_name is not specified. Can be used for services that are made available via a vpc endpoint	string	""	no
task_cpu	The number of CPU units used by the task. If unspecified, it will default to container_cpu. If using FARGATE launch type task_cpu must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size)	number	null	no
task_memory	The amount of memory (in MiB) used by the task. If unspecified, it will default to container_memory. If using Fargate launch type task_memory must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size)	number	null	no
task_policy_arns	A list of IAM Policy ARNs to attach to the generated task role.	list(string)	[]	no
tenant	ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for	string	null	no
tracing_provider	Defines which tracing provider to use. Valid values are 'local', 'xray', 'noop', or any tracer you registered yourself	string	"local"	no
ulimits	The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit"	list(object({ name = string softLimit = number hardLimit = number }))	[]	no
wait_for_steady_state	If true, it will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing	bool	true	no
working_directory	The working directory to run commands inside the container	string	"/app"	no

Outputs

No outputs.