github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.3More information can be found on these install methods and more in the documentation here.
This provisions a task definition for use with an ECS service.
Most of the time, you shouldn't have to use this module directly. It is integrated into the ECS service module, allowing you to specify most important configurations that are relevant to your service there unless you have very particular needs for your task definition.
Integrate this module like so:
module "task" {
source = "github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.3"
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
image_repo = "nginx"
image_tag = "latest"
}If this repo is added as a subtree, then the version of the module should be close to the version shown here:
2.0.3
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
| Name | Version |
|---|---|
| terraform | >= 1.3.2 |
| aws | >= 5.30.0 |
| Name | Version |
|---|---|
| aws | 5.24.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.logs | resource |
| aws_ecs_task_definition.task_def | resource |
| aws_iam_role.task_execution_role | resource |
| aws_iam_role.task_role | resource |
| aws_iam_role_policy.task_execution_role_policy | resource |
| aws_iam_role_policy.task_role_policy | resource |
| aws_iam_role_policy_attachment.cw_agent | resource |
| aws_caller_identity.current | data source |
| aws_default_tags.common_tags | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_iam_policy_document.policy_doc | data source |
| aws_iam_policy_document.task_execution_role_policy_doc | data source |
| aws_iam_policy_document.vgw_policy_doc | data source |
| aws_region.current | data source |
| aws_secretsmanager_secret.newrelic_secret | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
| organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
| product | Tag used to group resources according to product | string |
n/a | yes |
| repo | Tag used to point to the repo using this module | string |
n/a | yes |
| awslogs_driver_mode | (optional) awslogs driver mode. Set this to blocking if you would rather have an outage than lose logs. |
string |
"non-blocking" |
no |
| command | (optional) command to run in the container as an array. e.g. ["sleep", "10"]. If null, does not set a command in the task definition. | list(string) |
null |
no |
| container_definitions | (optional) JSON container definitions for task | string |
null |
no |
| container_name | (optional) name for the container to have | string |
null |
no |
| container_port | (optional) port the container is exposing | number |
80 |
no |
| cpu_reservation | (optional) CPU reservation for task | number |
256 |
no |
| efs_mounts | (optional) efs mount set of objects. Components should include dns_name, container_mount_point, efs_mount_point | set(object({ |
[] |
no |
| entrypoint | (optional) entrypoint to run in the container as an array. e.g. ["sleep", "10"]. If null, does not set an entrypoint in the task definition. | list(string) |
null |
no |
| env_vars | (optional) environment variables to be passed to the container. By default, only passes SSM_PATH | set(map(any)) |
null |
no |
| envoy_tag | (optional) tag for envoy. Update periodically if using App Mesh. | string |
"v1.23.1.0-prod" |
no |
| image_repo | (optional) image repo. e.g. image_repo = nginx --> nginx:image_tag | string |
"nginx" |
no |
| image_tag | (optional) tag of the image. e.g. image_tag = latest --> image_repo:latest | string |
"alpine" |
no |
| log_group_class | (Optional) log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS | string |
"INFREQUENT_ACCESS" |
no |
| log_group_name | (optional) name for the log group | string |
null |
no |
| memory_reservation | (optional) memory reservation for task | number |
512 |
no |
| mesh_name | (optional) the name for the App Mesh this task is associated with. If null, ignored | string |
null |
no |
| name | Name of the ECS Task Definition Module. If null, will default to product. | string |
null |
no |
| network_mode | (optional) network mode for the task | string |
"awsvpc" |
no |
| newrelic_firelens_image | Name for AWS Secrets Manager secret of New Relic Insights insert key. | string |
"533243300146.dkr.ecr.us-east-1.amazonaws.com/newrelic/logging-firelens-fluentbit" |
no |
| newrelic_secret_arn | ARN for AWS Secrets Manager secret of New Relic Insights insert key. | string |
null |
no |
| newrelic_secret_name | Name for AWS Secrets Manager secret of New Relic Insights insert key. | string |
null |
no |
| requires_compatibilities | (optional) capabilities that the task requires | set(string) |
[ |
no |
| retention_in_days | (optional) log retention in days | number |
7 |
no |
| role_policy_json | (optional) IAM policy to attach to role used for this task | string |
null |
no |
| runtime_platform | (optional) Runtime platform for the task. Defaults to LINUX operating system family w/ CPU architecture x86_64. | object({ |
{ |
no |
| service_name | (optional) name of the service running this task. Only important here because the AWS console defaults to /ecs/service_name when displaying logs for a service |
string |
null |
no |
| ssm_path | (optional) path to the ssm parameters you want pulled into your container during execution of the entrypoint | string |
null |
no |
| tags | Extra tags | map(string) |
{} |
no |
| task_execution_role_policy_json | (optional) IAM policy to attach to task execution role used for this task | string |
null |
no |
| task_family | (optional) task family for task. This is effectively the name of the task, without qualification of revision | string |
null |
no |
| use_cwagent_sidecar | (optional) if set to true, will add a cwagent sidecar container | bool |
false |
no |
| use_xray_sidecar | (optional) if set to null, will use the sidecar to trace the task if envoy is used, as that automatically implements tracing configs. | bool |
null |
no |
| virtual_gateway | (optional) the name of the virtual gateway associated with this task definition. If null, ignored | string |
null |
no |
| virtual_node | (optional) the name of the virtual node associated with this task definition. Ignored if virtual_gateway set. If null, ignored | string |
null |
no |
| Name | Description |
|---|---|
| arn | Task definition ARN |
| container_definitions | Task definition container definitions |
| role_arn | IAM role ARN |