Terraform module to create ECS on AWS.
We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.
This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.
This module has a few dependencies:
- Terraform 1.x.x
- Go
- github.com/stretchr/testify/assert
- github.com/gruntwork-io/terratest/modules/terraform
IMPORTANT: Since the master branch used in source varies based on new modifications, we suggest that you use the release versions here.
Here is an example of how you can use this module in your inventory structure:
module "ecs" {
source = "clouddrove/ecs/aws"
version = "1.0.1"
## Tags
name = "ecs-awsvpc"
repository = "https://github.com/clouddrove/terraform-aws-ecs"
environment = "test"
label_order = ["name", "environment"]
enabled = false # set to true after VPC, Subnets, Security Groups, KMS Key and Key Pair gets created
## Network
vpc_id = module.vpc.vpc_id
subnet_ids = module.subnets.private_subnet_id
additional_security_group_ids = [module.sg_ssh.security_group_ids]
## EC2
autoscaling_policies_enabled = true
key_name = module.keypair.name
image_id = "ami-001085c9389955bb6"
instance_type = "m5.large"
min_size = 1
max_size = 3
volume_size = 8
lb_security_group = module.sg_lb.security_group_ids
service_lb_security_group = [module.sg_lb.security_group_ids]
cloudwatch_prefix = "ecs-logs"
## ECS Cluster
ec2_cluster_enabled = true
ecs_settings_enabled = "enabled"
## Schedule
scheduler_down = "0 19 * * MON-FRI"
scheduler_up = "0 6 * * MON-FRI"
schedule_enabled = true
min_size_scaledown = 0
max_size_scaledown = 1
scale_up_desired = 2
scale_down_desired = 1
spot_schedule_enabled = true
spot_min_size_scaledown = 0
spot_max_size_scaledown = 1
spot_scale_up_desired = 2
spot_scale_down_desired = 1
## Spot
spot_enabled = true
spot_min_size = 1
spot_max_size = 3
spot_price = "0.10"
spot_instance_type = "m5.xlarge"
## Health Checks
memory_reservation_high_threshold_percent = 75
memory_reservation_low_threshold_percent = 50
health_check_type = "EC2"
## EBS Encryption
ebs_encryption = true
kms_key_arn = module.kms_key.key_arn
## Service
ec2_service_enabled = true
ec2_awsvpc_enabled = true
desired_count = 10
propagate_tags = "TASK_DEFINITION"
lb_subnet = module.subnets.public_subnet_id
scheduling_strategy = "REPLICA"
container_name = "nginx"
container_port = 80
target_type = "ip"
## Task Definition
ec2_td_enabled = true
network_mode = "awsvpc"
ipc_mode = "task"
pid_mode = "task"
cpu = 512
memory = 1024
file_name = "./td-ec2-awsvpc.json"
container_log_group_name = "ec2-container-logs"
}Here is an example of how you can use this module in your inventory structure:
module "ecs" {
source = "clouddrove/ecs/aws"
version = "1.0.1"
## Tags
name = "ecs-bridge"
repository = "https://github.com/clouddrove/terraform-aws-ecs"
environment = "test"
label_order = ["name", "environment"]
enabled = false # set to true after VPC, Subnets, Security Groups, KMS Key and Key Pair gets created
## Network
vpc_id = module.vpc.vpc_id
subnet_ids = module.subnets.private_subnet_id
additional_security_group_ids = [module.sg_ssh.security_group_ids]
## EC2
autoscaling_policies_enabled = true
key_name = module.keypair.name
image_id = "ami-001085c9389955bb6"
instance_type = "t3.medium"
min_size = 1
max_size = 3
volume_size = 8
lb_security_group = module.sg_lb.security_group_ids
service_lb_security_group = [module.sg_lb.security_group_ids]
cloudwatch_prefix = "ecs-logs"
## ECS Cluster
ec2_cluster_enabled = true
ecs_settings_enabled = "enabled"
## Schedule
scheduler_down = "0 19 * * MON-FRI"
scheduler_up = "0 6 * * MON-FRI"
schedule_enabled = true
min_size_scaledown = 0
max_size_scaledown = 1
scale_up_desired = 2
scale_down_desired = 1
spot_schedule_enabled = true
spot_min_size_scaledown = 0
spot_max_size_scaledown = 1
spot_scale_up_desired = 2
spot_scale_down_desired = 1
## Spot
spot_enabled = true
spot_min_size = 1
spot_max_size = 3
spot_price = "0.10"
spot_instance_type = "m5.xlarge"
## Health Checks
memory_reservation_high_threshold_percent = 75
memory_reservation_low_threshold_percent = 50
health_check_type = "EC2"
## EBS Encryption
ebs_encryption = true
kms_key_arn = module.kms_key.key_arn
## Service
ec2_service_enabled = true
desired_count = 6
propagate_tags = "TASK_DEFINITION"
lb_subnet = module.subnets.public_subnet_id
scheduling_strategy = "REPLICA"
container_name = "nginx"
container_port = 80
target_type = "instance"
## Task Definition
ec2_td_enabled = true
network_mode = "bridge"
ipc_mode = "task"
pid_mode = "task"
cpu = 512
memory = 1024
file_name = "./td-ec2-bridge.json"
container_log_group_name = "ec2-container-logs"
}Here is an example of how you can use this module in your inventory structure:
module "ecs" {
source = "clouddrove/ecs/aws"
version = "1.0.1"
## Tags
name = "ecs-fargate"
repository = "https://github.com/clouddrove/terraform-aws-ecs"
environment = "test"
label_order = ["name", "environment"]
enabled = false # set to true after VPC, Subnets, Security Groups, KMS Key and Key Pair gets created
## Network
vpc_id = module.vpc.vpc_id
subnet_ids = module.subnets.private_subnet_id
## EC2
lb_security_group = module.sg_lb.security_group_ids
service_lb_security_group = [module.sg_lb.security_group_ids]
## Fargate Cluster
fargate_cluster_enabled = true
ecs_settings_enabled = "enabled"
fargate_cluster_cp = ["FARGATE", "FARGATE_SPOT"]
## Service
fargate_service_enabled = true
desired_count = 4
assign_public_ip = true
propagate_tags = "TASK_DEFINITION"
lb_subnet = module.subnets.public_subnet_id
scheduling_strategy = "REPLICA"
container_name = "nginx"
container_port = 80
target_type = "ip"
weight_simple = 1
weight_spot = 2
base = 1
fargate_capacity_provider_simple = "FARGATE"
fargate_capacity_provider_spot = "FARGATE_SPOT"
## Task Definition
fargate_td_enabled = true
cpu = 512
memory = 1024
file_name = "./td-fargate.json"
container_log_group_name = "ec2-container-logs"
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_security_group_ids | Additional list of security groups that will be attached to the autoscaling group. | list(string) |
[] |
no |
| assign_public_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false. | bool |
false |
no |
| associate_public_ip_address | Associate a public IP address with an instance in a VPC. | bool |
false |
no |
| attributes | Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| autoscaling_policies_enabled | Whether to create aws_autoscaling_policy and aws_cloudwatch_metric_alarm resources to control Auto Scaling. |
bool |
false |
no |
| base | The number of tasks, at a minimum, to run on the specified capacity provider. | number |
1 |
no |
| cloudwatch_prefix | The prefix of cloudwatch logs. | string |
"" |
no |
| container_log_group_name | Log group name for the container. | string |
"log-group" |
no |
| container_name | The name of the container to associate with the load balancer (as it appears in a container definition). | string |
"" |
no |
| container_port | The port on the container to associate with the load balancer. | number |
80 |
no |
| cpu | The number of cpu units used by the task. If the requires_compatibilities is FARGATE this field is required. | number |
512 |
no |
| delimiter | Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| deployment_maximum_percent | The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. | number |
200 |
no |
| deployment_minimum_healthy_percent | The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | number |
100 |
no |
| desired_count | The number of instances of the task definition to place and keep running. | number |
0 |
no |
| ebs_encryption | Enables EBS encryption on the volume (Default: false). Cannot be used with snapshot_id. | bool |
false |
no |
| ebs_optimized | If true, the launched EC2 instance will be EBS-optimized. | bool |
true |
no |
| ec2_awsvpc_enabled | AWSVPC network mode is enabled or not. | bool |
false |
no |
| ec2_cluster_enabled | Whether ec2 cluster is enabled or not. | bool |
false |
no |
| ec2_service_enabled | Whether EC2 launch type is enabled. | bool |
false |
no |
| ec2_td_enabled | Whether EC2 task definition is enabled. | bool |
false |
no |
| ecs_settings_enabled | Whether ecs setting is enabled or not. | string |
"" |
no |
| enable_ecs_managed_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service. | bool |
false |
no |
| enabled | Whether to create the resources. Set to false to prevent the module from creating any resources. |
bool |
false |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| fargate_capacity_provider_simple | The name of the capacity provider. | string |
"" |
no |
| fargate_capacity_provider_spot | The name of the capacity provider. | string |
"" |
no |
| fargate_cluster_cp | The name of the capacity provider. | list(string) |
[] |
no |
| fargate_cluster_enabled | Whether fargate cluster is enabled or not. | bool |
false |
no |
| fargate_service_enabled | Whether fargate is enabled or not. | bool |
false |
no |
| fargate_td_enabled | Whether fargate task definition is enabled. | bool |
false |
no |
| file_name | File name for container definitions. | string |
"" |
no |
| health_check_grace_period_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. | number |
360 |
no |
| health_check_type | Controls how health checking is done. Valid values are EC2 or ELB. |
string |
"EC2" |
no |
| image_id | The EC2 image ID to launch. | string |
"" |
no |
| instance_type | Instance type to launch. | string |
"t2.medium" |
no |
| ipc_mode | The IPC resource namespace to be used for the containers in the task The valid values are host, task, and none. (It does not support for fargate launch type). | string |
"task" |
no |
| key_name | The SSH key name that should be used for the instance. | string |
"" |
no |
| kms_key_arn | AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. encrypted must be set to true when this is set. | string |
"" |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[] |
no |
| lb_security_group | The LB security groups. | string |
"" |
no |
| lb_subnet | The subnet associated with the load balancer. | list(string) |
[] |
no |
| load_balancers | A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use target_group_arns instead. |
list(string) |
[] |
no |
| managedby | ManagedBy, eg 'CloudDrove'. | string |
"hello@clouddrove.com" |
no |
| max_size | The maximum size of the autoscale group. | number |
3 |
no |
| max_size_scaledown | The maximum size for the Auto Scaling group. Default 0. Set to -1 if you don't want to change the minimum size at the scheduled time. | number |
1 |
no |
| memory | The amount (in MiB) of memory used by the task. If the requires_compatibilities is FARGATE this field is required. | number |
1024 |
no |
| memory_reservation_high_threshold_percent | The value against which the specified statistic is compared. | number |
75 |
no |
| memory_reservation_low_threshold_percent | The value against which the specified statistic is compared. | number |
25 |
no |
| min_size | The minimum size of the autoscale group. | number |
0 |
no |
| min_size_scaledown | The minimum size for the Auto Scaling group. Default 0. Set to -1 if you don't want to change the minimum size at the scheduled time. | number |
0 |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| network_mode | The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. | string |
"bridge" |
no |
| pid_mode | The process namespace to use for the containers in the task. The valid values are host and task. (It does not support for fargate launch type). | string |
"task" |
no |
| platform_version | The platform version on which to run your service. | string |
"LATEST" |
no |
| propagate_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION. | string |
"SERVICE" |
no |
| repository | Terraform current module repo | string |
"" |
no |
| retention_in_days | The retention of cloud watch logs. | number |
30 |
no |
| scale_down_desired | The number of Amazon EC2 instances that should be running in the group. | number |
0 |
no |
| scale_up_desired | The number of Amazon EC2 instances that should be running in the group. | number |
0 |
no |
| schedule_enabled | AutoScaling Schedule resource | bool |
false |
no |
| scheduler_down | What is the recurrency for scaling up operations ? | string |
"0 19 * * MON-FRI" |
no |
| scheduler_up | What is the recurrency for scaling down operations ? | string |
"0 6 * * MON-FRI" |
no |
| scheduling_strategy | The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. | string |
"REPLICA" |
no |
| security_group_ids | A list of associated security group IDs. | list(string) |
[] |
no |
| service_lb_security_group | The service LB security groups. | list(string) |
[] |
no |
| spot_enabled | Whether to create the spot instance. Set to false to prevent the module from creating any spot instances. |
bool |
false |
no |
| spot_instance_type | Sport instance type to launch. | string |
"t2.medium" |
no |
| spot_max_size | The maximum size of the spot autoscale group. | number |
3 |
no |
| spot_max_size_scaledown | The maximum size for the Auto Scaling group of spot instances. Default 0. Set to -1 if you don't want to change the minimum size at the scheduled time. | number |
1 |
no |
| spot_min_size | The minimum size of the spot autoscale group. | number |
0 |
no |
| spot_min_size_scaledown | The minimum size for the Auto Scaling group of spot instances. Default 0. Set to -1 if you don't want to change the minimum size at the scheduled time. | number |
0 |
no |
| spot_price | The maximum hourly price you're willing to pay for the Spot Instances. | number |
1 |
no |
| spot_scale_down_desired | The number of Amazon EC2 instances that should be running in the group. | number |
0 |
no |
| spot_scale_up_desired | The number of Amazon EC2 instances that should be running in the group. | number |
0 |
no |
| spot_schedule_enabled | AutoScaling Schedule resource for spot | bool |
false |
no |
| subnet_ids | A list of subnet IDs to launch resources in. | list(string) |
[] |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| target_group_arns | A list of aws_alb_target_group ARNs, for use with Application Load Balancing. | list(string) |
[] |
no |
| target_type | The target type for load balancer. | string |
"" |
no |
| task_role_arn | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. | string |
"" |
no |
| type | Type of deployment controller. Valid values: CODE_DEPLOY, ECS. Default: ECS. | string |
"ECS" |
no |
| volume_size | The size of ebs volume. | number |
50 |
no |
| volume_type | The type of volume. Can be standard, gp2, or io1. (Default: standard). |
string |
"gp2" |
no |
| vpc_id | VPC ID for the EKS cluster. | string |
"" |
no |
| wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | string |
"15m" |
no |
| weight_simple | The relative percentage of the total number of launched tasks that should use the specified capacity provider. | number |
1 |
no |
| weight_spot | The relative percentage of the total number of launched tasks that should use the specified capacity provider. | number |
1 |
no |
| Name | Description |
|---|---|
| auto_scaling_tags | The tags of the autoscaling group |
| autoscaling_group_arn | The ARN for this AutoScaling Group |
| autoscaling_group_default_cooldown | Time between a scaling activity and the succeeding scaling activity |
| autoscaling_group_desired_capacity | The number of Amazon EC2 instances that should be running in the group |
| autoscaling_group_health_check_grace_period | Time after instance comes into service before checking health |
| autoscaling_group_health_check_type | EC2 or ELB. Controls how health checking is done |
| autoscaling_group_id | The autoscaling group id |
| autoscaling_group_max_size | The maximum size of the autoscale group |
| autoscaling_group_min_size | The minimum size of the autoscale group |
| autoscaling_group_name | The autoscaling group name |
| ec2_cluster_arn | The Amazon Resource Name (ARN) that identifies the cluster |
| ec2_cluster_id | The Amazon Resource Name (ARN) that identifies the cluster |
| ec2_cluster_name | The name of the ECS cluster |
| ec2_service_cluster | The Amazon Resource Name (ARN) of cluster which the service runs on |
| ec2_service_desired_count | The number of instances of the task definition |
| ec2_service_iam_role | The ARN of IAM role used for LB |
| ec2_service_id | The Amazon Resource Name (ARN) that identifies the service |
| ec2_service_name | The name of the service |
| ec2_td_arn | Full ARN of the Task Definition (including both family and revision). |
| ec2_td_family | The family of the Task Definition. |
| ec2_td_revision | The revision of the task in a particular family. |
| ecs_tags | The tags of the autoscaling group |
| fargate_cluster_arn | The Amazon Resource Name (ARN) that identifies the cluster |
| fargate_cluster_id | The Amazon Resource Name (ARN) that identifies the cluster |
| fargate_cluster_name | The name of the ECS cluster |
| fargate_service_cluster | The Amazon Resource Name (ARN) of cluster which the service runs on |
| fargate_service_desired_count | The number of instances of the task definition |
| fargate_service_id | The Amazon Resource Name (ARN) that identifies the service |
| fargate_service_name | The name of the service |
| fargate_td_arn | Full ARN of the Task Definition (including both family and revision). |
| fargate_td_family | The family of the Task Definition. |
| fargate_td_revision | The revision of the task in a particular family. |
| launch_configuration_arn | The ARN of the launch configuration |
| launch_configuration_id | The ID of the launch configuration |
| service_tags | The tags of the service |
| spot_autoscaling_group_arn | The ARN for this AutoScaling Group |
| spot_autoscaling_group_id | The spot autoscaling group id |
| spot_autoscaling_group_name | The spot autoscaling group name |
| td_tags | The tags of task definition |
In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.
You need to run the following command in the testing folder:
go test -run TestIf you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at hello@clouddrove.com.
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.