Code Quality
Security
Cloud
Container
Data protection
Terraform AWS ECS Container Definition
This module is used to generate a container definition for use in an AWS ECS task definition.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| command | The command that is passed to the container. | list(string) |
null |
no |
| cpu | The number of cpu units reserved for the container. | number |
0 |
no |
| depend_on | The dependencies defined for container startup and shutdown. | map(string) |
{} |
no |
| disable_networking | When this parameter is true, networking is disabled within the container. | bool |
null |
no |
| dns_search_domains | A list of DNS search domains that are presented to the container. | list(string) |
null |
no |
| dns_servers | A list of DNS servers that are presented to the container. | list(string) |
null |
no |
| docker_labels | A key/value map of labels to add to the container. | map(string) |
null |
no |
| docker_security_options | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | list(string) |
null |
no |
| entrypoint | The entry point that is passed to the container. | list(string) |
null |
no |
| environment | The environment variables to pass to a container. | map(string) |
{} |
no |
| environment_files | The environment files to pass to a container. | list(string) |
[] |
no |
| essential | Whether this container is essential to the task. If the container fails or stops for any reason, all other containers that are part of the task are stopped. | bool |
true |
no |
| extra_hosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. | map(string) |
{} |
no |
| firelens_configuration | The FireLens configuration for the container. | object({ |
null |
no |
| healthcheck | The container health check command and associated configuration parameters for the container. | object({ |
null |
no |
| hostname | The hostname to use for your container. | string |
null |
no |
| image | The image used to start the container. | string |
n/a | yes |
| interactive | When this parameter is true, the container is given read-only access to its root file system. | bool |
null |
no |
| links | Links to other containers. | list(string) |
null |
no |
| linux_parameters | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. | object({ |
null |
no |
| log_configuration | The log configuration specification for the container. | object({ |
null |
no |
| memory | The hard limit (in MiB) of memory to present to the container. | number |
null |
no |
| memory_reservation | The soft limit (in MiB) of memory to reserve for the container. | number |
null |
no |
| mount_points | The mount points for data volumes in your container. | list(object({ |
[] |
no |
| name | The name of the container. | string |
n/a | yes |
| port_mappings | The list of port mappings for the container. | list(object({ |
[] |
no |
| privileged | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). | bool |
null |
no |
| pseudo_terminal | When this parameter is true, a TTY is allocated. | bool |
null |
no |
| readonly_root_filesystem | When this parameter is true, the container is given read-only access to its root file system. | bool |
null |
no |
| repository_credentials | The private repository authentication credentials to use. | string |
null |
no |
| resource_requirements | The type and amount of a resource to assign to a container. | map(string) |
{} |
no |
| secrets | The secrets to pass to the container. | map(string) |
{} |
no |
| start_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container. | number |
null |
no |
| stop_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. | number |
null |
no |
| system_controls | A list of namespaced kernel parameters to set in the container. | map(string) |
{} |
no |
| ulimits | A list of ulimits to set in the container. | map(object({ |
{} |
no |
| user | The user to use inside the container. | string |
null |
no |
| volumes_from | Data volumes to mount from another container. | map(object({ |
{} |
no |
| working_directory | The working directory in which to run commands inside the container. | string |
null |
no |
Outputs
| Name | Description |
|---|---|
| hcl | Rendered container definition as HCL object. |
| json | Rendered container definition as JSON output. |
Providers
| Name | Version |
|---|---|
| jq | 0.2.1 |
Resources
- data source.jq_query.main (main.tf#114)
Examples
Min
module "basic-example" {
source = "../../"
name = var.name
image = "nginx:1.23-alpine"
}Full
module "full" {
source = "../../"
name = var.name
image = "nginx:latest"
essential = true
command = ["sleep", "1000"]
entrypoint = ["/bin/sh", "-c"]
user = "root"
interactive = false
pseudo_terminal = false
cpu = 256
memory = 512
memory_reservation = 1024
working_directory = "/tmp"
readonly_root_filesystem = true
port_mappings = [
{
container_port = 80
host_port = 80
protocol = "tcp"
},
{
container_port = 443
host_port = 443
protocol = "tcp"
}
]
links = ["app"]
mount_points = [
{
container_path = "/tmp"
source_volume = "tmp"
read_only = false
}
]
volumes_from = {
app = { read_only = true }
}
dns_search_domains = ["example.com"]
dns_servers = ["10.0.0.1"]
hostname = "nginx"
extra_hosts = {
"local.host" = "127.0.0.1"
"loopback" = "127.0.0.1"
}
privileged = true
disable_networking = false
ulimits = {
nofile = {
soft_limit = 1024
hard_limit = 2048
}
nproc = {
soft_limit = 1024
hard_limit = 2048
}
}
docker_security_options = ["label:type:container_t"]
system_controls = {
"net.ipv4.tcp_syncookies" = 1
"net.core.somaxconn" = 1024
}
linux_parameters = {
init_process_enabled = true
shared_memory_size = 1024
max_swap = 1024
swappiness = 50
capabilities = {
add = ["SYS_TIME"]
drop = ["MKNOD"]
}
devices = [
{
host_path = "/dev/null"
container_path = "/dev/null"
permissions = ["read", "write"]
}
]
tmpfs = [
{
size = 1024
container_path = "/tmp"
mount_options = ["rw", "noexec", "nosuid", "nodev"]
}
]
}
environment_files = ["s3://bucket/key/to/file.env"]
environment = {
APP_ENV = "dev"
APP_DEBUG = false
}
secrets = {
DATABASE_USER = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:DB_PASS::"
APP_SECRET = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:APP_SECRET::"
}
docker_labels = {
"com.example.foo" = "bar"
"com.example.baz" = "qux"
}
start_timeout = 60
stop_timeout = 60
depend_on = {
redis = "HEALTHY"
}
healthcheck = {
command = ["CMD-SHELL", "curl -f http://localhost/ || exit 1"]
interval = 30
retries = 3
start_period = 0
timeout = 5
}
resource_requirements = {
GPU = 256
InferenceAccelerator = "eia1.medium"
}
repository_credentials = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter"
log_configuration = {
log_driver = "awsfirelens"
options = {
endpoint = "https://example.com"
}
secret_options = {
apiKey = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:apiKey::"
}
}
}