terraform-aws-ecs-service

Create a ECS (fargate) service following Luscii standards

Examples

With Load Balancer

module "lb_service" {

}

Without Load Balancer (Service Connect only)

module "sc_service" {

}

Configuration

Requirements

Name	Version
terraform	>= 1.3
aws	>= 4.9

Providers

Name	Version
aws	5.99.1

Modules

Name	Source	Version
autoscaling_label	cloudposse/label/null	0.25.0
autoscaling_scheduled_label	cloudposse/label/null	0.25.0
autoscaling_target_tracking_label	cloudposse/label/null	0.25.0
container_definitions	cloudposse/ecs-container-definition/aws	0.61.2
label	cloudposse/label/null	0.25.0

Resources

Name	Type
aws_appautoscaling_policy.target	resource
aws_appautoscaling_scheduled_action.this	resource
aws_appautoscaling_target.this	resource
aws_ecs_service.this	resource
aws_ecs_task_definition.this	resource
aws_iam_role_policy.execution_pull_cache	resource
aws_iam_role_policy.task_ecs_exec	resource
aws_iam_role_policy_attachment.execution_ecr_public	resource
aws_iam_role_policy_attachment.execution_ecs_task	resource
aws_iam_role_policy_attachment.task_xray_daemon	resource
aws_security_group.this	resource
aws_caller_identity.current	data source
aws_ecr_pull_through_cache_rule.this	data source
aws_ecs_cluster.this	data source
aws_iam_policy_document.execution_pull_cache	data source
aws_iam_policy_document.task_ecs_exec	data source
aws_region.current	data source
aws_secretsmanager_secret.pull_through_cache_credentials	data source

Inputs

Name	Description	Type	Default	Required
add_xray_container	Whether to add the xray daemon container to the task definition	bool	true	no
assign_public_ip	Whether the service needs a public ip	bool	false	no
container_definitions	List of container definitions, accepts the inputs of the module https://github.com/cloudposse/terraform-aws-ecs-container-definition	list(object({ name = string image = string pull_cache_prefix = optional(string, "") cpu = optional(number) memory = optional(number) memory_reservation = optional(number) depends_on = optional(list(object({ condition = string containerName = string })) ) essential = optional(bool, true) port_mappings = optional(list(object({ containerPort = number protocol = optional(string, "tcp") name = optional(string) }))) healthcheck = optional(object({ command = list(string) interval = optional(number) retries = optional(number) startPeriod = optional(number) timeout = optional(number) })) entrypoint = optional(list(string)) command = optional(list(string)) working_directory = optional(string) environment = optional(list(object({ name = string value = string }))) secrets = optional(list(object({ name = string valueFrom = string }))) log_configuration = optional(object({ logDriver = string options = optional(map(string)) secretOptions = optional(list(object({ name = string valueFrom = string }))) })) ulimits = optional(list(object({ hardLimit = number name = string softLimit = number }))) user = optional(string) start_timeout = optional(number) stop_timeout = optional(number) }))	n/a	yes
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	any	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "descriptor_formats": {}, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "labels_as_tags": [ "unset" ], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {}, "tenant": null }	no
desired_count	Desired number of tasks that need to be running for the service	number	1	no
ecs_cluster_name	Name of the ECS cluster in which the service is deployed	string	n/a	yes
egress_rules	Egress rules for the default security group for the service	list(object({ description = string from_port = number to_port = number protocol = optional(string, "-1") cidr_blocks = optional(list(string)) ipv6_cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) security_groups = optional(list(string)) self = optional(bool) }))	[]	no
enable_ecs_execute_command	Enables ECS exec to the service and attaches required IAM policy to task role	bool	false	no
execution_role	IAM Role used as the execution role	object({ name = string arn = string })	n/a	yes
force_new_deployment	Whether to force a new deployment of the service. This can be used to update the service with a new task definition	bool	false	no
high_traffic_service	Whether the service is a high traffic service: >500 requests/second	bool	false	no
ingress_rules	Ingress rules for the default security group for the service	list(object({ description = string from_port = number to_port = number protocol = optional(string, "-1") cidr_blocks = optional(list(string)) ipv6_cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) security_groups = optional(list(string)) self = optional(bool) }))	[]	no
load_balancers	List of load balancers to attach to the service	list(object({ target_group_arn = string container_name = string container_port = number }))	[]	no
name	Name of the ECS service	string	n/a	yes
platform_version	Platform version for the ECS service	string	"LATEST"	no
scaling	Scaling configuration for the service. Enables scaling	object({ min_capacity = number max_capacity = number })	null	no
scaling_scheduled	Scheduled scaling policies for the service. Enables Scheduled scaling	map(object({ schedule = string timezone = string min_capacity = number max_capacity = number }))	null	no
scaling_target	Target tracking scaling policies for the service. Enables Target tracking scaling. Predefined metric type must be one of ECSServiceAverageCPUUtilization, ALBRequestCountPerTarget or ECSServiceAverageMemoryUtilization - https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html	map(object({ predefined_metric_type = string resource_label = optional(string) target_value = number scale_in_cooldown = optional(number, 300) scale_out_cooldown = optional(number, 300) }))	null	no
security_group_ids	List of additional security groups to attach to the service	list(string)	[]	no
service_connect_configuration	Service discovery configuration for the service	object({ namespace = optional(string) discovery_name = optional(string) port_name = optional(string) client_alias = optional(object({ dns_name = string port = number })) cloudwatch = optional(object({ log_group = string region = string })) })	null	no
subnets	List of Subnet ids in which the Service runs	list(string)	n/a	yes
task_cpu	value in cpu units for the task	number	n/a	yes
task_memory	value in MiB for the task	number	n/a	yes
task_role	IAM Role used as the task role	object({ name = string arn = string })	n/a	yes
vpc_id	ID of the VPC in which the service is deployed	string	n/a	yes
xray_container_image	The xray daemon container image	string	"amazon/aws-xray-daemon:3.x"	no

Outputs

Name	Description
cluster_arn	The ARN of the ECS cluster
cluster_name	The name of the ECS cluster
label_context	Context of the label for subsequent use
scaling_target	The autoscaling target resource - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target
security_group_arn	The ARN of the security group
security_group_id	The ID of the security group
service_arn	The ARN of the service
service_discovery_client_aliases	The service discovery client aliases for the service
service_discovery_internal_url	Base URL for the service internally
service_discovery_name	The service discovery name for the service
service_id	The ID of the service
service_name	The name of the service
task_definition_arn	The ARN of the task definition
task_definition_family	The family of the task definition
task_definition_id	The ID of the task definition