Skip to content

Latest commit

 

History

History
142 lines (110 loc) · 12 KB

File metadata and controls

142 lines (110 loc) · 12 KB

PBS TF ECS Task Definition Module

Installation

Using the Repo Source

github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.3

Alternative Installation Methods

More information can be found on these install methods and more in the documentation here.

Usage

This provisions a task definition for use with an ECS service.

Most of the time, you shouldn't have to use this module directly. It is integrated into the ECS service module, allowing you to specify most important configurations that are relevant to your service there unless you have very particular needs for your task definition.

Integrate this module like so:

module "task" {
  source = "github.com/pbs/terraform-aws-ecs-task-definition-module?ref=2.0.3"

  # Tagging Parameters
  organization = var.organization
  environment  = var.environment
  product      = var.product
  repo         = var.repo

  # Optional Parameters
  image_repo = "nginx"
  image_tag = "latest"
}

Adding This Version of the Module

If this repo is added as a subtree, then the version of the module should be close to the version shown here:

2.0.3

Note, however that subtrees can be altered as desired within repositories.

Further documentation on usage can be found here.

Below is automatically generated documentation on this Terraform module using terraform-docs


Requirements

Name Version
terraform >= 1.3.2
aws >= 5.30.0

Providers

Name Version
aws 5.24.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.logs resource
aws_ecs_task_definition.task_def resource
aws_iam_role.task_execution_role resource
aws_iam_role.task_role resource
aws_iam_role_policy.task_execution_role_policy resource
aws_iam_role_policy.task_role_policy resource
aws_iam_role_policy_attachment.cw_agent resource
aws_caller_identity.current data source
aws_default_tags.common_tags data source
aws_iam_policy_document.assume_role_policy data source
aws_iam_policy_document.policy_doc data source
aws_iam_policy_document.task_execution_role_policy_doc data source
aws_iam_policy_document.vgw_policy_doc data source
aws_region.current data source
aws_secretsmanager_secret.newrelic_secret data source

Inputs

Name Description Type Default Required
environment Environment (sharedtools, dev, staging, qa, prod) string n/a yes
organization Organization using this module. Used to prefix tags so that they are easily identified as being from your organization string n/a yes
product Tag used to group resources according to product string n/a yes
repo Tag used to point to the repo using this module string n/a yes
awslogs_driver_mode (optional) awslogs driver mode. Set this to blocking if you would rather have an outage than lose logs. string "non-blocking" no
command (optional) command to run in the container as an array. e.g. ["sleep", "10"]. If null, does not set a command in the task definition. list(string) null no
container_definitions (optional) JSON container definitions for task string null no
container_name (optional) name for the container to have string null no
container_port (optional) port the container is exposing number 80 no
cpu_reservation (optional) CPU reservation for task number 256 no
efs_mounts (optional) efs mount set of objects. Components should include dns_name, container_mount_point, efs_mount_point
set(object({
file_system_id = string
efs_path = string
container_path = string
}))
[] no
entrypoint (optional) entrypoint to run in the container as an array. e.g. ["sleep", "10"]. If null, does not set an entrypoint in the task definition. list(string) null no
env_vars (optional) environment variables to be passed to the container. By default, only passes SSM_PATH set(map(any)) null no
envoy_tag (optional) tag for envoy. Update periodically if using App Mesh. string "v1.23.1.0-prod" no
image_repo (optional) image repo. e.g. image_repo = nginx --> nginx:image_tag string "nginx" no
image_tag (optional) tag of the image. e.g. image_tag = latest --> image_repo:latest string "alpine" no
log_group_class (Optional) log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS string "INFREQUENT_ACCESS" no
log_group_name (optional) name for the log group string null no
memory_reservation (optional) memory reservation for task number 512 no
mesh_name (optional) the name for the App Mesh this task is associated with. If null, ignored string null no
name Name of the ECS Task Definition Module. If null, will default to product. string null no
network_mode (optional) network mode for the task string "awsvpc" no
newrelic_firelens_image Name for AWS Secrets Manager secret of New Relic Insights insert key. string "533243300146.dkr.ecr.us-east-1.amazonaws.com/newrelic/logging-firelens-fluentbit" no
newrelic_secret_arn ARN for AWS Secrets Manager secret of New Relic Insights insert key. string null no
newrelic_secret_name Name for AWS Secrets Manager secret of New Relic Insights insert key. string null no
requires_compatibilities (optional) capabilities that the task requires set(string)
[
"FARGATE"
]
no
retention_in_days (optional) log retention in days number 7 no
role_policy_json (optional) IAM policy to attach to role used for this task string null no
runtime_platform (optional) Runtime platform for the task. Defaults to LINUX operating system family w/ CPU architecture x86_64.
object({
operating_system_family = optional(string, "LINUX")
cpu_architecture = optional(string, "X86_64")
})
{
"cpu_architecture": "X86_64",
"operating_system_family": "LINUX"
}
no
service_name (optional) name of the service running this task. Only important here because the AWS console defaults to /ecs/service_name when displaying logs for a service string null no
ssm_path (optional) path to the ssm parameters you want pulled into your container during execution of the entrypoint string null no
tags Extra tags map(string) {} no
task_execution_role_policy_json (optional) IAM policy to attach to task execution role used for this task string null no
task_family (optional) task family for task. This is effectively the name of the task, without qualification of revision string null no
use_cwagent_sidecar (optional) if set to true, will add a cwagent sidecar container bool false no
use_xray_sidecar (optional) if set to null, will use the sidecar to trace the task if envoy is used, as that automatically implements tracing configs. bool null no
virtual_gateway (optional) the name of the virtual gateway associated with this task definition. If null, ignored string null no
virtual_node (optional) the name of the virtual node associated with this task definition. Ignored if virtual_gateway set. If null, ignored string null no

Outputs

Name Description
arn Task definition ARN
container_definitions Task definition container definitions
role_arn IAM role ARN