aws_ecs_task_definition: Add support for proxyConfiguration parameter

[dalen]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The new proxyConfiguration parameter needs to be supported to configure AWS App Mesh: https://docs.aws.amazon.com/AmazonECS/latest/userguide/task_definition_parameters.html#task_definition_proxyConfiguration

New or Affected Resource(s)

• aws_ecs_task_definition

Potential Terraform Configuration

resource "aws_ecs_task_definition" "service" {
  family                = "service"
  container_definitions = "${file("task-definitions/service.json")}"

  proxy_configuration =  {
    type = "APPMESH"
    container_name = "string"
    properties = [
        {
           "name": "string",
           "value": "string"
        }
    ]
  }
}

References

[aureliomarcoag]

Hi,
I was also in need of the proxy_configuration parameter. After some fiddling with the code I was able to get it working, and now I'm sharing in case anyone else really needs it: https://github.com/aureliomarcoag/terraform-provider-aws/tree/feature/8253-add-support-for-proxy-configuration-ecs-task-definition
Now, I'm no developer nor am I familiar with Go, so I apologize for any inconsistencies that may be present in the few lines I changed. I based most of the code on the container_definitions parameter, since both container_definitions and proxy_configuration are sent as JSON values to the AWS API.
If you want to use it too, you'll need to build the provider yourself. First, clone the repo with the changes:

git clone -b 'feature/8253-add-support-for-proxy-configuration-ecs-task-definition' --single-branch https://github.com/aureliomarcoag/terraform-provider-aws.git
cd terraform-provider-aws

Build the provider:

go build -o aws-provider-fork

Now just replace your current AWS provider with the newly built version. To do that, move the new binary to PROJECT_ROOT/.terraform/plugins/PLATFORM/BINARY. I my case that translates to:

mv aws-provider-fork ~/repos/cmage/terraform/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.6.0_x4

Afterwards, run terraform init and you'll likely be up and running. If you want to go back to the provider terraform automatically installs, just rm -Rf the directory where the plugin is and re-run terraform init.

You can use it just like container_definitions, by specifying a JSON file path and using the file() function:

resource "aws_ecs_task_definition" "service" {
  family                = "service"
  container_definitions = "${file("task-definitions/service.json")}"
  proxy_configuration =  "${file("task-definitions/proxy.json")}"

Example Proxy Configuration JSON:

{
    "type": "APPMESH",
    "containerName": "envoy",
    "properties": [
        {
            "name": "IgnoredUID",
            "value": "1390"
        },
        {
            "name": "ProxyIngressPort",
            "value": "15000"
        },
        {
            "name": "ProxyEgressPort",
            "value": "15001"
        },
        {
            "name": "AppPorts",
            "value": "9080"
        },
        {
            "name": "EgressIgnoredIPs",
            "value": "169.254.170.2,169.254.169.254"
        }
    ]
}

This is what my apply looks like now:

And the resulting TD:

Cheers,
Marco

[bflad]

Support for managing a new proxy_configuration configuration block in the aws_ecs_task_definition resource has been merged and will be released with version 2.16.0 of the Terraform AWS Provider, likely tomorrow. Thanks, @SebastianC!

[bflad]

This has been released in version 2.16.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[bartvollebregt]

No sure if I should open a new issue or comment here, but I'm having some issues with the proxy_configuration tag.

This is my setup (partially):

provider "aws" {
  region     = var.region
  version     = "~> 2.16.0"

  assume_role {
    role_arn     = "arn:aws:iam::${var.account_id}:role/admin"
  }
}

resource "aws_ecs_task_definition" "frontend_task_definition" {
  family = "${var.customer}_frontend_${var.environment}"
  container_definitions = data.template_file.frontend_template.rendered
  memory = 512
  cpu = 256
  network_mode = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  execution_role_arn = "arn:aws:iam::123456789012:role/ecsTaskExecutionRole"

  proxy_configuration = {
    type = "APPMESH"
    container_name = "app"
    properties = {
      IgnoredUID = "1337"
      AppPorts = "8080"
      ProxyIngressPort = "15000"
      ProxyEgressPort = "15001"
      EgressIgnoredIPs = "169.254.170.2,169.254.169.254"
    }
  }
}


data "template_file" "frontend_template" {
  template = file("templates/frontend.json")
}

When I run terraform validate it says:

% terraform validate

Error: Unsupported argument

  on ecs.tf line 37, in resource "aws_ecs_task_definition" "frontend_task_definition":
  37:   proxy_configuration = {

An argument named "proxy_configuration" is not expected here. Did you mean to
define a block of type "proxy_configuration"?

[bflad]

Hi @bartvollebregt 👋

Terraform 0.12 performs stricter validation of the configuration language, which in previous versions allowed assignment of both configuration blocks and arguments with the equals (=) sign. In this case, proxy_configuration is a configuration block, so it must be defined without the equals = sign, e.g.

resource "aws_ecs_task_definition" "frontend_task_definition" {
  # ... other configuration ...

  proxy_configuration {
    # ... other configuration ...
  }
}

Hope this helps.

[bartvollebregt]

Hope this helps.

It's working now. Thanks a lot!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!