ric/terraform-tofu-labs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-tofu-labs/demo/iac/modules/cluster
History
Ric Harvey f2a8db492e
Move to demo folder
2024-04-15 21:41:32 +01:00
..
main.tf Move to demo folder 2024-04-15 21:41:32 +01:00
outputs.tf Move to demo folder 2024-04-15 21:41:32 +01:00
README.md Move to demo folder 2024-04-15 21:41:32 +01:00
variables.tf Move to demo folder 2024-04-15 21:41:32 +01:00
versions.tf Move to demo folder 2024-04-15 21:41:32 +01:00

README.md

Amazon ECS Cluster Terraform Module

Terraform module which creates Amazon ECS (Elastic Container Service) cluster resources on AWS.

Available Features

  • ECS cluster
  • Fargate capacity providers
  • EC2 AutoScaling Group capacity providers
  • ECS Service w/ task definition, task set, and container definition support

For more details see the design doc

Usage

Fargate Capacity Providers

module "ecs_cluster" {
  source = "terraform-aws-modules/ecs/aws//modules/cluster"

  cluster_name = "ecs-fargate"

  cluster_configuration = {
    execute_command_configuration = {
      logging = "OVERRIDE"
      log_configuration = {
        cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
      }
    }
  }

  fargate_capacity_providers = {
    FARGATE = {
      default_capacity_provider_strategy = {
        weight = 50
      }
    }
    FARGATE_SPOT = {
      default_capacity_provider_strategy = {
        weight = 50
      }
    }
  }

  tags = {
    Environment = "Development"
    Project     = "EcsEc2"
  }
}

EC2 Autoscaling Capacity Providers

module "ecs_cluster" {
  source = "terraform-aws-modules/ecs/aws//modules/cluster"

  cluster_name = "ecs-ec2"

  cluster_configuration = {
    execute_command_configuration = {
      logging = "OVERRIDE"
      log_configuration = {
        cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
      }
    }
  }

  autoscaling_capacity_providers = {
    one = {
      auto_scaling_group_arn         = "arn:aws:autoscaling:eu-west-1:012345678901:autoScalingGroup:08419a61:autoScalingGroupName/ecs-ec2-one-20220603194933774300000011"
      managed_termination_protection = "ENABLED"

      managed_scaling = {
        maximum_scaling_step_size = 5
        minimum_scaling_step_size = 1
        status                    = "ENABLED"
        target_capacity           = 60
      }

      default_capacity_provider_strategy = {
        weight = 60
        base   = 20
      }
    }
    two = {
      auto_scaling_group_arn         = "arn:aws:autoscaling:eu-west-1:012345678901:autoScalingGroup:08419a61:autoScalingGroupName/ecs-ec2-two-20220603194933774300000022"
      managed_termination_protection = "ENABLED"

      managed_scaling = {
        maximum_scaling_step_size = 15
        minimum_scaling_step_size = 5
        status                    = "ENABLED"
        target_capacity           = 90
      }

      default_capacity_provider_strategy = {
        weight = 40
      }
    }
  }

  tags = {
    Environment = "Development"
    Project     = "EcsEc2"
  }
}

Conditional Creation

The following values are provided to toggle on/off creation of the associated resources as desired:

module "ecs_cluster" {
  source = "terraform-aws-modules/ecs/aws//modules/cluster"

  # Disable creation of cluster and all resources
  create = false

  # ... omitted
}

Examples

Requirements

Name Version
terraform >= 1.0
aws >= 4.66.1

Providers

Name Version
aws >= 4.66.1

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_ecs_capacity_provider.this resource
aws_ecs_cluster.this resource
aws_ecs_cluster_capacity_providers.this resource
aws_iam_policy.task_exec resource
aws_iam_role.task_exec resource
aws_iam_role_policy_attachment.task_exec resource
aws_iam_role_policy_attachment.task_exec_additional resource
aws_iam_policy_document.task_exec data source
aws_iam_policy_document.task_exec_assume data source

Inputs

Name Description Type Default Required
autoscaling_capacity_providers Map of autoscaling capacity provider definitions to create for the cluster any {} no
cloudwatch_log_group_kms_key_id If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) string null no
cloudwatch_log_group_name Custom name of CloudWatch Log Group for ECS cluster string null no
cloudwatch_log_group_retention_in_days Number of days to retain log events number 90 no
cloudwatch_log_group_tags A map of additional tags to add to the log group created map(string) {} no
cluster_configuration The execute command configuration for the cluster any {} no
cluster_name Name of the cluster (up to 255 letters, numbers, hyphens, and underscores) string "" no
cluster_service_connect_defaults Configures a default Service Connect namespace map(string) {} no
cluster_settings List of configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster any 
[
  {
    "name": "containerInsights",
    "value": "enabled"
  }
]
 no
create Determines whether resources will be created (affects all resources) bool true no
create_cloudwatch_log_group Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled bool true no
create_task_exec_iam_role Determines whether the ECS task definition IAM role should be created bool false no
create_task_exec_policy Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters bool true no
default_capacity_provider_use_fargate Determines whether to use Fargate or autoscaling for default capacity provider strategy bool true no
fargate_capacity_providers Map of Fargate capacity provider definitions to use for the cluster any {} no
tags A map of tags to add to all resources map(string) {} no
task_exec_iam_role_description Description of the role string null no
task_exec_iam_role_name Name to use on IAM role created string null no
task_exec_iam_role_path IAM role path string null no
task_exec_iam_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the IAM role string null no
task_exec_iam_role_policies Map of IAM role policy ARNs to attach to the IAM role map(string) {} no
task_exec_iam_role_tags A map of additional tags to add to the IAM role created map(string) {} no
task_exec_iam_role_use_name_prefix Determines whether the IAM role name (task_exec_iam_role_name) is used as a prefix bool true no
task_exec_iam_statements A map of IAM policy statements for custom permission usage any {} no
task_exec_secret_arns List of SecretsManager secret ARNs the task execution role will be permitted to get/read list(string) 
[
  "arn:aws:secretsmanager:::secret:*"
]
 no
task_exec_ssm_param_arns List of SSM parameter ARNs the task execution role will be permitted to get/read list(string) 
[
  "arn:aws:ssm:::parameter/*"
]
 no

Outputs

Name Description
arn ARN that identifies the cluster
autoscaling_capacity_providers Map of autoscaling capacity providers created and their attributes
cloudwatch_log_group_arn ARN of CloudWatch log group created
cloudwatch_log_group_name Name of CloudWatch log group created
cluster_capacity_providers Map of cluster capacity providers attributes
id ID that identifies the cluster
name Name that identifies the cluster
task_exec_iam_role_arn Task execution IAM role ARN
task_exec_iam_role_name Task execution IAM role name
task_exec_iam_role_unique_id Stable and unique string identifying the task execution IAM role

License

Apache-2.0 Licensed. See LICENSE.