Terraform Module to setup Kong(OSS) in ECS with self managed EC2 instances.
This setup assumes that the ECS cluster that has Auto Scaling Group (ASG) exist with the name default. If you are using different name, you can provide those in the variables section of your Terraform configuration.
Ensure you have the AWS CLI installed on your machine. You can find the installation instructions for different operating systems in the official AWS CLI documentation: Install AWS CLI
Use the following commands to add the required parameters to AWS Systems Manager Parameter Store. These parameters are necessary for configuring your PostgreSQL database.
aws ssm put-parameter --name "/rds/POSTGRES_USERNAME" --value "value" --type "SecureString"
aws ssm put-parameter --name "/rds/POSTGRES_PASSWORD" --value "value" --type "SecureString"
aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "SecureString"| Name | Version |
|---|---|
| terraform | >= 1.8.4 |
| aws | >= 5.5.0 |
| Name | Version |
|---|---|
| aws | >= 5.5.0 |
| Name | Source | Version |
|---|---|---|
| ecs_kong | infraspecdev/ecs-deployment/aws | ~> 4.0.4 |
| ecs_task_security_group | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| internal_alb_kong | infraspecdev/ecs-deployment/aws//modules/alb | ~> 2.0.0 |
| internal_alb_security_group | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| kong_internal_dns_record | ./modules/route-53-record | n/a |
| kong_public_dns_record | ./modules/route-53-record | n/a |
| kong_rds | terraform-aws-modules/rds/aws | ~> 6.7.0 |
| postgres_security_group | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| public_alb_security_group | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| Name | Type |
|---|---|
| aws_iam_role.ecs_exec | resource |
| aws_iam_role_policy_attachment.ecs_exec | resource |
| aws_ecs_cluster.default | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_ssm_parameter.rds | data source |
| aws_vpc.vpc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_retention_period | The number of days to retain backups | number |
1 |
no |
| backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled | string |
null |
no |
| cluster_name | Name of the cluster | string |
"default" |
no |
| container_image | Container image for kong | string |
"kong:3.7.1-ubuntu" |
no |
| cpu_for_kong_task | CPU required for kong task definiton | number |
256 |
no |
| create_db_subnet_group | Whether to create a DB subnet group | bool |
true |
no |
| db_allocated_storage | The amount of allocated storage in GBs | number |
20 |
no |
| db_max_allocated_storage | The maximum amount of allocated storage in GBs | number |
100 |
no |
| deletion_protection | Whether to enable deletion protection | bool |
false |
no |
| desired_count_for_kong_service | Desired count for kong service | number |
1 |
no |
| force_new_deployment | Whether to force new deployment | bool |
true |
no |
| kong_admin_domain_name | Kong admin domain name | string |
n/a | yes |
| kong_public_domain_name | Kong public domain name | string |
n/a | yes |
| log_configuration_for_kong | Log configuration for kong | any |
null |
no |
| maintenance_window | The window to perform maintenance in.Syntax:ddd:hh24:mi-ddd:hh24:mi | string |
null |
no |
| manage_master_user_password | Whether to manage master user password | bool |
false |
no |
| memory_for_kong_task | Memory required for kong task definiton | number |
256 |
no |
| multi_az | Specifies if the RDS instance is multi-AZ | bool |
false |
no |
| performance_insights_enabled | Whether to enable performance insights | bool |
true |
no |
| performance_insights_retention_period | The retention period for performance insights | number |
7 |
no |
| private_subnet_ids | List of private subnet id | list(string) |
n/a | yes |
| public_subnet_ids | List of public subnet id | list(string) |
n/a | yes |
| rds_db_tags | List of tags | map(string) |
{} |
no |
| rds_instance_class | The instance class to use | string |
"db.t3.micro" |
no |
| ssl_policy | Name of the SSL Policy for the listener. | string |
"ELBSecurityPolicy-2016-08" |
no |
| vpc_id | The ID of the VPC | string |
n/a | yes |
| Name | Description |
|---|---|
| ecs_service_arn | ARN of kong ECS service |
| internal_alb_dns | DNS name of internal ALB |
| public_alb_dns | DNS name of public ALB |
| rds_instance_endpoint | Endpoint of RDS instance |