This terraform module is an AWS ECS Application Module for Scheduler without an Application Load Balancer(ALB), designed to be used with DNXLabs/terraform-aws-ecs
(https://github.com/DNXLabs/terraform-aws-ecs).
The following resources will be created:
-
Cloudwatch Metrics alarm - Provides a CloudWatch Metric Alarm resource.
- Service has less than minimum healthy tasks} healthy tasks
-
IAM roles - The cloudwatch event needs an IAM Role to run the ECS task definition. A role is created and a policy will be granted via IAM policy.
-
IAM policy - Policy to be attached to the IAM Role. This policy will have a trust with the cloudwatch event service. And it will use the managed policy
AmazonEC2ContainerServiceEventsRole
created by AWS. -
Simple Notification Service (SNS) topics - Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms.
-
Auto Scaling
- You can specify the max number of containers to scale with autoscaling. The default is 4
- You can specify the nin number of containers to scale with autoscaling. The default is 1
-
Cloudwatch Log Groups
- You can specify the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.
- Export to a S3 Bucket - Whether to mark the log group to export to an S3 bucket (needs the module terraform-aws-log-exporter (https://github.com/DNXLabs/terraform-aws-log-exporter) to be deployed in the account/region)
-
ECS task definition - A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:
- Image - Docker image to deploy
- CPU - Hard limit of the CPU for the container
- Default Value = 0
- Memory - Hard memory of the container
- Default Value = 512
- Name - Name of the ECS Service
- Set log configuration
-
ECS Task-scheduler activated by cloudwatch events
In addition you have the option to create or not :
- Application Load Balancer (ALB)
- alb - An external ALB
- alb_internal - A second internal ALB for private APIs
- alb_only - Deploy only an Application Load Balancer and no cloudFront or not with the cluster
- Autoscaling
- Enables or not autoscaling based on average CPU tracking
- Target average CPU percentage to track for autoscaling
- Codedeploy
- Time in minutes to route the traffic to the new application deployment
- Time in minutes to terminate the new deployment
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 4.0.0 |
Name | Version |
---|---|
aws | >= 4.0.0 |
random | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alarm_ecs_running_tasks_threshold | Alarm when the number of ecs service running tasks is lower than a certain value. CloudWatch Container Insights must be enabled for the cluster. | number |
0 |
no |
alarm_evaluation_periods | The number of minutes the alarm must be below the threshold before entering the alarm state. | string |
"2" |
no |
alarm_high_cpu_usage_above | Alarm when CPU is above a certain value (use 0 to disable this alarm) | number |
80 |
no |
alarm_min_healthy_tasks | Alarm when the number of healthy tasks is less than this number (use 0 to disable this alarm) | number |
2 |
no |
alarm_prefix | String prefix for cloudwatch alarms. (Optional) | string |
"alarm" |
no |
alarm_sns_topics | Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms. | list |
[] |
no |
alb_dns_name | ALB DNS Name | string |
"" |
no |
alb_listener_https_arn | ALB HTTPS Listener created by ECS cluster module | any |
n/a | yes |
alb_name | ALB name - Required if it is an internal one | string |
"" |
no |
alb_only | Whether to deploy only an alb and no cloudFront or not with the cluster | bool |
false |
no |
alb_priority | priority rules ALB (leave 0 to let terraform calculate) | number |
0 |
no |
auth_oidc_authorization_endpoint | Authorization endpoint for OIDC (Google: https://accounts.google.com/o/oauth2/v2/auth) | string |
"" |
no |
auth_oidc_client_id | Client ID for OIDC authentication | string |
"" |
no |
auth_oidc_client_secret | Client Secret for OIDC authentication | string |
"" |
no |
auth_oidc_enabled | Enables OIDC-authenticated listener rule | bool |
false |
no |
auth_oidc_hostnames | List of hostnames to use as a condition to authenticate with OIDC | list(string) |
[] |
no |
auth_oidc_issuer | Issuer URL for OIDC authentication (Google: https://accounts.google.com) | string |
"" |
no |
auth_oidc_paths | List of paths to use as a condition to authenticate (example: ['/admin*']) | list(string) |
[] |
no |
auth_oidc_session_timeout | Session timeout for OIDC authentication (default 12 hours) | number |
43200 |
no |
auth_oidc_token_endpoint | Token Endpoint URL for OIDC authentication (Google: https://oauth2.googleapis.com/token) | string |
"" |
no |
auth_oidc_user_info_endpoint | User Info Endpoint URL for OIDC authentication (Google: https://openidconnect.googleapis.com/v1/userinfo) | string |
"" |
no |
autoscaling_cpu | Enables autoscaling based on average CPU tracking | bool |
false |
no |
autoscaling_custom | Set one or more app autoscaling by customized metric | list(object({ |
[] |
no |
autoscaling_max | Max number of containers to scale with autoscaling | number |
4 |
no |
autoscaling_memory | Enables autoscaling based on average Memory tracking | bool |
false |
no |
autoscaling_min | Min number of containers to scale with autoscaling | number |
1 |
no |
autoscaling_scale_in_cooldown | Cooldown in seconds to wait between scale in events | number |
300 |
no |
autoscaling_scale_out_cooldown | Cooldown in seconds to wait between scale out events | number |
300 |
no |
autoscaling_target_cpu | Target average CPU percentage to track for autoscaling | number |
50 |
no |
autoscaling_target_memory | Target average Memory percentage to track for autoscaling | number |
90 |
no |
cloudwatch_logs_create | Whether to create cloudwatch log resources or not | bool |
true |
no |
cloudwatch_logs_export | Whether to mark the log group to export to an S3 bucket (needs terraform-aws-log-exporter to be deployed in the account/region) | bool |
false |
no |
cloudwatch_logs_retention | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number |
120 |
no |
cluster_name | n/a | string |
"Name of existing ECS Cluster to deploy this app to" |
no |
command | Command to run on container | list(string) |
null |
no |
compat_keep_target_group_naming | Keeps old naming convention for target groups to avoid recreation of resource in production environments | bool |
false |
no |
container_port | Port your container listens (used in the placeholder task definition) | number |
8080 |
no |
cpu | Hard limit for CPU for the container | number |
0 |
no |
dynamic_stickiness | Target Group stickiness. Used in dynamic block. | any |
[] |
no |
ecs_service_capacity_provider_strategy | (Optional) The capacity provider strategy to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if set to [] and not changing from 0 capacity_provider_strategy blocks to greater than 0, or vice versa. | list |
[ |
no |
efs_mapping | A map of efs volume ids and paths to mount into the default task definition | map(string) |
{} |
no |
enable_schedule | Enables schedule to shut down and start up instances outside business hours. | bool |
false |
no |
fargate_spot | Set true to use FARGATE_SPOT capacity provider by default (only when launch_type=FARGATE) | bool |
false |
no |
healthcheck_interval | n/a | string |
"10" |
no |
healthcheck_matcher | The HTTP codes to use when checking for a successful response from a target | number |
200 |
no |
healthcheck_path | n/a | string |
"/" |
no |
healthcheck_timeout | The amount of time, in seconds, during which no response | number |
5 |
no |
healthy_threshold | The number of consecutive health checks successes required before considering an unhealthy target healthy | number |
3 |
no |
hosted_zone | Hosted Zone to create DNS record for this app | string |
"" |
no |
hosted_zone_id | Hosted Zone ID to create DNS record for this app (use this to avoid data lookup when using hosted_zone ) |
string |
"" |
no |
hosted_zone_is_internal | Set true in case the hosted zone is in an internal VPC, otherwise false | string |
"false" |
no |
hostname_create | Optional parameter to create or not a Route53 record | string |
"false" |
no |
hostname_redirects | List of hostnames to redirect to the main one, comma-separated | string |
"" |
no |
hostnames | List of hostnames to create listerner rule and optionally, DNS records for this app | list |
[] |
no |
http_header | Header to use on listerner rule with name e values | list(any) |
[] |
no |
image | Docker image to deploy (can be a placeholder) | string |
"" |
no |
launch_type | The launch type on which to run your service. The valid values are EC2 and FARGATE. Defaults to EC2. | string |
"EC2" |
no |
log_subscription_filter_destination_arn | n/a | string |
"" |
no |
log_subscription_filter_enabled | n/a | string |
false |
no |
log_subscription_filter_filter_pattern | n/a | string |
"" |
no |
log_subscription_filter_role_arn | n/a | string |
"" |
no |
memory | Hard memory of the container | number |
512 |
no |
name | Name of your ECS service | any |
n/a | yes |
network_mode | The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE) | any |
null |
no |
ordered_placement_strategy | Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5. | list(object({ |
[] |
no |
paths | List of paths to use on listener rule (example: ['/*']) | list(string) |
[] |
no |
placement_constraints | Rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. | list(object({ |
[] |
no |
platform_version | The platform version on which to run your service. Only applicable for launch_type set to FARGATE. Defaults to LATEST. | string |
"LATEST" |
no |
port | Port for target group to listen | number |
80 |
no |
protocol | Protocol to use (HTTP or HTTPS) | string |
"HTTP" |
no |
redirects | Map of path redirects to add to the listener | map |
{} |
no |
schedule_cron_start | Cron expression to define when to trigger a start of the auto-scaling group. E.g. 'cron(00 21 ? * SUN-THU *)' to start at 8am UTC time. | string |
"" |
no |
schedule_cron_stop | Cron expression to define when to trigger a stop of the auto-scaling group. E.g. 'cron(00 09 ? * MON-FRI *)' to start at 8am UTC time | string |
"" |
no |
security_groups | The security groups associated with the task or service | any |
null |
no |
service_deployment_maximum_percent | Maximum percentage of tasks to run during deployments | number |
200 |
no |
service_deployment_minimum_healthy_percent | Minimum healthy percentage during deployments | number |
100 |
no |
service_desired_count | Desired count for this service (for use when auto scaling is disabled) | number |
1 |
no |
service_health_check_grace_period_seconds | Time until your container starts serving requests | number |
0 |
no |
service_role_arn | Existing service role ARN created by ECS cluster module | any |
null |
no |
source_ips | List of source ip to use on listerner rule | list |
[] |
no |
ssm_variables | Map of variables and SSM locations to add to the task definition | map(string) |
{} |
no |
static_variables | Map of variables and static values to add to the task definition | map(string) |
{} |
no |
subnets | The subnets associated with the task or service. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE) | any |
null |
no |
tags | Map of tags that will be added to created resources. By default resources will be tagged with terraform=true. | map(string) |
{} |
no |
task_definition_arn | Task definition to use for this service (optional) | string |
"" |
no |
task_role_arn | Existing task role ARN created by ECS cluster module | any |
null |
no |
task_role_policies | Custom policies to be added on the task role. | list |
[] |
no |
task_role_policies_managed | AWS Managed policies to be added on the task role. | list |
[] |
no |
ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list(object({ |
null |
no |
unhealthy_threshold | The number of consecutive health check failures required before considering the target unhealthy | number |
3 |
no |
vpc_id | VPC ID to deploy this app to | any |
n/a | yes |
Name | Description |
---|---|
aws_cloudwatch_log_group_arn | n/a |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.