Terraform module that deploys an ECS autoscaling group. If you include an EFS ID and EFS Security Group, it will also mount the EFS volume to the ECS instances.
In some environments an HTTP proxy will be required to get containers and talk to the outside world. This module supports this via the http_proxy and http_proxy_port variables.
By default, the module will deploy without trying to mount an EFS volume.
There are two modes of using EFS with this module, either using EFS as a mounted file system on the hosts or as volumes for the containers.
If using EFS as volumes in the containers you will need to provide the security groups used for the EFS volumes.
If using EFS as a mounted filesystem and you attempt to deploy the EFS at the same time as the ECS cluster, a race condition exists where the autoscaling group gets created before the mount targets have finished being created. To avoid this, you can set the depends_on_efs variable to the aws_efs_mount_target output. This way, the autoscaling group won't get created until the EFS mount targets have been created.
This example is showing using EFS as a mounted filesystem on the hosts.
module "ecs-0" {
source = "lazzurs/ecs/aws"
version = "1.1.0"
ecs_name = "my-ecs-cluster"
vpc_id = vpc-0e151a59f874eadd8
ecs_cidr_block = ["10.0.0.0/8"]
subnet_ids = ["subnet-1e151a59f874eadd8", "subnet-0e148a59f874eadd8", "subnet-2e151a57f874eadd8"]
ecs_min_size = "1"
ecs_max_size = "3"
ecs_desired_capacity = "2"
ecs_instance_type = "t2.large"
ecs_key_name = "aws-key"
tags = var.tags
ecs_additional_iam_statements = var.ecs_additional_iam_statements
attach_efs = true
efs_id = "fs-532cdcd3"
efs_sg_id = "sg-076487b693f21bcb8"
depends_on_efs = ["fsmt-8387e72b"]
}
# Variables
tags = {
Terraform = "true"
Environment = "development"
}
ecs_additional_iam_statements = [
{
effect = "Allow"
actions = [
"ec2:*",
"autoscaling:*"
]
resources = ["*"]
}
]
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| aws | >= 2.45 |
| Name | Version |
|---|---|
| aws | 4.3.0 |
| null | 3.1.0 |
No modules.
| Name | Type |
|---|---|
| aws_autoscaling_group.this | resource |
| aws_ecs_capacity_provider.this | resource |
| aws_ecs_cluster.this | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.this | resource |
| aws_iam_role_policy_attachment.additional_instance_role_policy | resource |
| aws_launch_template.this | resource |
| aws_security_group.this | resource |
| null_resource.asg-scale-to-0-on-destroy | resource |
| null_resource.tags_as_list_of_maps | resource |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.policy | data source |
| aws_ssm_parameter.ecs_ami | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_instance_role_policy | Additional policy that can be added to the ECS instances. By default we have SSM access enabled | string |
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" |
no |
| asg_protect_from_scale_in | Allows setting instance protection. The Auto Scaling Group will not select instances with this setting for termination during scale in events. | bool |
true |
no |
| asg_provider_managed_termination_protection | Enables or disables container-aware termination of instances in the auto scaling group when scale-in happens. Valid values are ENABLED and DISABLED. | string |
"ENABLED" |
no |
| attach_efs | Whether to try and attach an EFS volume to the instances | bool |
false |
no |
| depends_on_efs | If attaching EFS, it makes sure that the mount targets are ready | list(string) |
[] |
no |
| ecs_additional_iam_statements | Additional IAM statements for the ECS instances | list(object({ effect = string actions = list(string) resources = list(string) })) |
[] |
no |
| ecs_associate_public_ip_address | Whether to associate a public IP in the launch configuration | bool |
false |
no |
| ecs_capacity_provider_target | Percentage target of capacity to get to before triggering scaling | number |
90 |
no |
| ecs_cidr_block | ECS CIDR block | list(string) |
n/a | yes |
| ecs_desired_capacity | Desired number of EC2 instances. | number |
1 |
no |
| ecs_engine_task_cleanup_wait_duration | Time to wait from when a task is stopped until the Docker container is removed. As this removes the Docker container data, be aware that if this value is set too low, you may not be able to inspect your stopped containers or view the logs before they are removed. The minimum duration is 1m; any value shorter than 1 minute is ignored. | string |
"3h" |
no |
| ecs_instance_type | Default instance type | string |
"t3.medium" |
no |
| ecs_key_name | SSH key name in your AWS account for AWS instances. | string |
"" |
no |
| ecs_max_size | Maximum number of EC2 instances. | number |
1 |
no |
| ecs_min_size | Minimum number of EC2 instances. | number |
1 |
no |
| ecs_name | ECS Cluster Name | string |
n/a | yes |
| ecs_volume_size | Default instance root volume size | string |
"30" |
no |
| ecs_volume_type | Default instance root volume type | string |
"gp2" |
no |
| ecs_wait_for_capacity_timeout | ASG creation wait timeout | string |
"20m" |
no |
| efs_id | The EFS ID - Required if attach_efs is true | string |
"" |
no |
| efs_sg_ids | The EFS Security Group ID(s) | list(string) |
[ "" ] |
no |
| http_proxy | Name of the HTTP proxy on the network | string |
"" |
no |
| http_proxy_port | Port number of the HTTP proxy | number |
3128 |
no |
| metadata_options_endpoint | Metadata option http endpoint | string |
"enabled" |
no |
| metadata_options_hop_limit | Metadata option http hop limit | number |
1 |
no |
| metadata_options_tokens | Metadata option http tokens | string |
"required" |
no |
| monitoring | Enabling detailed monitoring for launch template instances | string |
"true" |
no |
| subnet_ids | The Subnet IDs | list(string) |
n/a | yes |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| vpc_id | The VPC ID that the cluster will be deployed to | string |
n/a | yes |
| Name | Description |
|---|---|
| cluster_arn | Cluster ARN |
| cluster_asg_arn | Cluster AutoScaling Group ARN |
| cluster_asg_name | Cluster AutoScaling Group Name |
| cluster_aws_launch_template_name | Cluster AutoScaling Group aws_template Name |
| cluster_iam_role_arn | Cluster IAM role ARN |
| cluster_id | Cluster ID |
| cluster_security_group_id | ID from the security group for the ECS cluster |
Module has been forked from a module by Mark Honomichl. Maintained by Rob Lazzurs.
MIT Licensed. See LICENSE for full details