Skip to main content
Sponsor @cloudposse

ecs-service

This component is responsible for creating an ECS service.

Usage

Stack Level: Regional

Here's an example snippet for how to use this component.

# stacks/catalog/ecs-service/defaults.yaml
components:
  terraform:
    ecs-service/defaults:
      metadata:
        component: ecs-service
        type: abstract
      settings:
        spacelift:
          workspace_enabled: true
      vars:
        enabled: true
        public_lb_enabled: false
        ecr_stage_name: mgmt-automation
        task:
          launch_type: FARGATE
          network_mode: awsvpc
          desired_count: 1
          ignore_changes_desired_count: true
          ignore_changes_task_definition: false
          assign_public_ip: false
          propagate_tags: SERVICE
          wait_for_steady_state: true
          circuit_breaker_deployment_enabled: true
          circuit_breaker_rollback_enabled: true

This will launch a kong service using an ecr image from mgmt-automation account.

NOTE: Usage of ecr_image instead of image.

import:
  - catalog/ecs-service/defaults

components:
  terraform:
    ecs/b2b/kong/service:
      metadata:
        component: ecs-service
        inherits:
          - ecs-service/defaults
      vars:
        name: kong
        public_lb_enabled: true
        cluster_attributes: [b2b]
        containers:
          service:
            name: "kong-gateway"
            ecr_image: kong:latest
            map_environment:
              KONG_DECLARATIVE_CONFIG: /home/kong/production.yml
            port_mappings:
              - containerPort: 8000
                hostPort: 8000
                protocol: tcp
        task:
          desired_count: 1
          task_memory: 512
          task_cpu: 256

This will launch a httpd service using an external image from dockerhub

NOTE: Usage of image instead of ecr_image.

# stacks/catalog/ecs-service/httpd.yaml
import:
  - catalog/ecs-service/defaults

components:
  terraform:
    ecs/platform/httpd/service:
      metadata:
        component: ecs-service
        inherits:
          - ecs-service/defaults
      vars:
        enabled: true
        name: httpd
        public_lb_enabled: true
        cluster_attributes: [platform]
        containers:
          service:
            name: "Hello"
            image: httpd:2.4
            port_mappings:
              - containerPort: 80
                hostPort: 80
                protocol: tcp
            command:
              - '/bin/sh -c "echo ''<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px;
                background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS
                Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon
                ECS.</p> </div></body></html>'' >  /usr/local/apache2/htdocs/index.html && httpd-foreground"'
            entrypoint: ["sh", "-c"]
        task:
          desired_count: 1
          task_memory: 512
          task_cpu: 256

This will launch google's echoserver using an external image from gcr

NOTE: Usage of image instead of ecr_image.

# stacks/catalog/ecs-service/echoserver.yaml
import:
  - catalog/ecs-service/defaults

components:
  terraform:
    ecs/platform/echoserver/service:
      metadata:
        component: ecs-service
        inherits:
          - ecs-service/defaults
      vars:
        enabled: true
        name: echoserver
        public_lb_enabled: true
        cluster_attributes: [platform]
        containers:
          service:
            name: "echoserver"
            image: gcr.io/google_containers/echoserver:1.10
            port_mappings:
              - containerPort: 8080
                hostPort: 8080
                protocol: tcp
        task:
          desired_count: 1
          task_memory: 512
          task_cpu: 256

Other Domains

This component supports alternate service names for your ECS Service through a couple of variables:

  • vanity_domain & vanity_alias - This will create a route to the service in the listener rules of the ALB. This will also create a Route 53 alias record in the hosted zone in this account. The hosted zone is looked up by the vanity_domain input.
  • additional_targets - This will create a route to the service in the listener rules of the ALB. This will not create a Route 53 alias record.

Examples:

ecs/platform/service/echo-server:
  vars:
    vanity_domain: "dev-acme.com"
    vanity_alias:
      - "echo-server.dev-acme.com"
    additional_targets:
      - "echo.acme.com"

This then creates the following listener rules:

HTTP Host Header is
echo-server.public-platform.use2.dev.plat.service-discovery.com
 OR echo-server.dev-acme.com
 OR echo.acme.com

It will also create the record in Route53 to point "echo-server.dev-acme.com" to the ALB. Thus "echo-server.dev-acme.com" should resolve.

We can then create a pointer to this service in the acme.come hosted zone.

dns-primary:
  vars:
    domain_names:
      - acme.com
    record_config:
      - root_zone: acme.com
        name: echo.
        type: CNAME
        ttl: 60
        records:
          - echo-server.dev-acme.com

This will create a CNAME record in the acme.com hosted zone that points echo.acme.com to echo-server.dev-acme.com.

EFS

EFS is supported by this ecs service, you can use either efs_volumes or efs_component_volumes in your task definition.

This example shows how to use efs_component_volumes which remote looks up efs component and uses the efs_id to mount the volume. And how to use efs_volumes

components:
  terraform:
    ecs-services/my-service:
      metadata:
        component: ecs-service
        inherits:
          - ecs-services/defaults
      vars:
        containers:
          service:
            name: app
            image: my-image:latest
            log_configuration:
              logDriver: awslogs
              options: {}
            port_mappings:
              - containerPort: 8080
                hostPort: 8080
                protocol: tcp
            mount_points:
              - containerPath: "/var/lib/"
                sourceVolume: "my-volume-mount"

        task:
          efs_component_volumes:
            - name: "my-volume-mount"
              host_path: null
              efs_volume_configuration:
                - component: efs/my-volume-mount
                  root_directory: "/var/lib/"
                  transit_encryption: "ENABLED"
                  transit_encryption_port: 2999
                  authorization_config: []
          efs_volumes:
            - name: "my-volume-mount-2"
              host_path: null
              efs_volume_ configuration:
                - file_system_id: "fs-1234"
                  root_directory: "/var/lib/"
                  transit_encryption: "ENABLED"
                  transit_encryption_port: 2998
                  authorization_config: []

Variables

Required Variables

region (string) required

AWS Region

Optional Variables

additional_targets (list(string)) optional

Additional target routes to add to the ALB that point to this service. The only difference between this and var.vanity_alias is var.vanity_alias will create an alias record in Route 53 in the hosted zone in this account as well. var.additional_targets only adds the listener route to this service's target group.


Default value: [ ]

alb_configuration (string) optional

The configuration to use for the ALB, specifying which cluster alb configuration to use


Default value: "default"

alb_name (string) optional

The name of the ALB this service should attach to


Default value: null

autoscaling_dimension (string) optional

The dimension to use to decide to autoscale


Default value: "cpu"

autoscaling_enabled (bool) optional

Should this service autoscale using SNS alarams


Default value: true

chamber_service (string) optional

SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$name/$container_name/$parameter would be the default.


Default value: "ecs-service"

cluster_attributes (list(string)) optional

The attributes of the cluster name e.g. if the full name is namespace-tenant-environment-dev-ecs-b2b then the cluster_name is ecs and this value should be b2b.


Default value: [ ]

containers optional

Feed inputs into container definition module


Type:

map(object({
name                     = string
ecr_image                = optional(string)
image                    = optional(string)
memory                   = optional(number)
memory_reservation       = optional(number)
cpu                      = optional(number)
essential                = optional(bool, true)
readonly_root_filesystem = optional(bool, null)
privileged               = optional(bool, null)
container_depends_on = optional(list(object({
  containerName = string
  condition     = string # START, COMPLETE, SUCCESS, HEALTHY
})), null)

port_mappings = optional(list(object({
  containerPort = number
  hostPort      = optional(number)
  protocol      = optional(string)
  name          = optional(string)
  appProtocol   = optional(string)
})), [])
command    = optional(list(string), null)
entrypoint = optional(list(string), null)
healthcheck = optional(object({
  command     = list(string)
  interval    = number
  retries     = number
  startPeriod = number
  timeout     = number
}), null)
ulimits = optional(list(object({
  name      = string
  softLimit = number
  hardLimit = number
})), null)
log_configuration = optional(object({
  logDriver = string
  options   = optional(map(string), {})
}))
docker_labels   = optional(map(string), null)
map_environment = optional(map(string), {})
map_secrets     = optional(map(string), {})
volumes_from = optional(list(object({
  sourceContainer = string
  readOnly        = bool
})), null)
mount_points = optional(list(object({
  sourceVolume  = optional(string)
  containerPath = optional(string)
  readOnly      = optional(bool)
})), [])
}))

Default value: { }

cpu_utilization_high_alarm_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action


Default value: [ ]

cpu_utilization_high_evaluation_periods (number) optional

Number of periods to evaluate for the alarm


Default value: 1

cpu_utilization_high_ok_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action


Default value: [ ]

cpu_utilization_high_period (number) optional

Duration in seconds to evaluate for the alarm


Default value: 300

cpu_utilization_high_threshold (number) optional

The maximum percentage of CPU utilization average


Default value: 80

cpu_utilization_low_alarm_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action


Default value: [ ]

cpu_utilization_low_evaluation_periods (number) optional

Number of periods to evaluate for the alarm


Default value: 1

cpu_utilization_low_ok_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action


Default value: [ ]

cpu_utilization_low_period (number) optional

Duration in seconds to evaluate for the alarm


Default value: 300

cpu_utilization_low_threshold (number) optional

The minimum percentage of CPU utilization average


Default value: 20

custom_security_group_rules optional

The list of custom security group rules to add to the service security group


Type:

list(object({
type        = string
from_port   = number
to_port     = number
protocol    = string
cidr_blocks = list(string)
description = optional(string)
}))

Default value: [ ]

datadog_agent_sidecar_enabled (bool) optional

Enable the Datadog Agent Sidecar


Default value: false

datadog_log_method_is_firelens (bool) optional

Datadog logs can be sent via cloudwatch logs (and lambda) or firelens, set this to true to enable firelens via a sidecar container for fluentbit


Default value: false

datadog_logging_default_tags_enabled (bool) optional

Add Default tags to all logs sent to Datadog


Default value: true

datadog_logging_tags (map(string)) optional

Tags to add to all logs sent to Datadog


Default value: null

datadog_sidecar_containers_logs_enabled (bool) optional

Enable the Datadog Agent Sidecar to send logs to aws cloudwatch group, requires datadog_agent_sidecar_enabled to be true


Default value: true

ecr_region (string) optional

The region to use for the fully qualified ECR image URL. Defaults to the current region.


Default value: ""

ecr_stage_name (string) optional

The ecr stage (account) name to use for the fully qualified ECR image URL.


Default value: "auto"

ecs_cluster_name (any) optional

The name of the ECS Cluster this belongs to


Default value: "ecs"

exec_enabled (bool) optional

Specifies whether to enable Amazon ECS Exec for the tasks within the service


Default value: false

github_actions_allowed_repos (list(string)) optional

A list of the GitHub repositories that are allowed to assume this role from GitHub Actions. For example,
["cloudposse/infra-live"]. Can contain "*" as wildcard.
If org part of repo name is omitted, "cloudposse" will be assumed.



Default value: [ ]

github_actions_ecspresso_enabled (bool) optional

Create IAM policies required for deployments with Ecspresso


Default value: false

github_actions_iam_role_attributes (list(string)) optional

Additional attributes to add to the role name


Default value: [ ]

github_actions_iam_role_enabled (bool) optional

Flag to toggle creation of an IAM Role that GitHub Actions can assume to access AWS resources



Default value: false

github_oidc_trusted_role_arns (list(string)) optional

A list of IAM Role ARNs allowed to assume this cluster's GitHub OIDC role


Default value: [ ]

health_check_healthy_threshold (number) optional

The number of consecutive health checks successes required before healthy


Default value: 2

health_check_interval (number) optional

The duration in seconds in between health checks


Default value: 15

health_check_matcher (string) optional

The HTTP response codes to indicate a healthy check


Default value: "200-404"

health_check_path (string) optional

The destination for the health check request


Default value: "/health"

health_check_port (string) optional

The port to use to connect with the target. Valid values are either ports 1-65536, or traffic-port. Defaults to traffic-port


Default value: "traffic-port"

health_check_timeout (number) optional

The amount of time to wait in seconds before failing a health check request


Default value: 10

health_check_unhealthy_threshold (number) optional

The number of consecutive health check failures required before unhealthy


Default value: 2

http_protocol (string) optional

Which http protocol to use in outputs and SSM url params. This value is ignored if a load balancer is not used. If it is null, the redirect value from the ALB determines the protocol.


Default value: null

iam_policy_enabled (bool) optional

If set to true will create IAM policy in AWS


Default value: false

iam_policy_statements (any) optional

Map of IAM policy statements to use in the policy. This can be used with or instead of the var.iam_source_json_url.


Default value: { }

kinesis_enabled (bool) optional

Enable Kinesis


Default value: false

kms_alias_name_ssm (string) optional

KMS alias name for SSM


Default value: "alias/aws/ssm"

kms_key_alias (string) optional

ID of KMS key


Default value: "default"

lb_catch_all (bool) optional

Should this service act as catch all for all subdomain hosts of the vanity domain


Default value: false

logs (any) optional

Feed inputs into cloudwatch logs module


Default value: { }

memory_utilization_high_alarm_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action


Default value: [ ]

memory_utilization_high_evaluation_periods (number) optional

Number of periods to evaluate for the alarm


Default value: 1

memory_utilization_high_ok_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action


Default value: [ ]

memory_utilization_high_period (number) optional

Duration in seconds to evaluate for the alarm


Default value: 300

memory_utilization_high_threshold (number) optional

The maximum percentage of Memory utilization average


Default value: 80

memory_utilization_low_alarm_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action


Default value: [ ]

memory_utilization_low_evaluation_periods (number) optional

Number of periods to evaluate for the alarm


Default value: 1

memory_utilization_low_ok_actions (list(string)) optional

A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action


Default value: [ ]

memory_utilization_low_period (number) optional

Duration in seconds to evaluate for the alarm


Default value: 300

memory_utilization_low_threshold (number) optional

The minimum percentage of Memory utilization average


Default value: 20

nlb_name (string) optional

The name of the NLB this service should attach to


Default value: null

rds_name (any) optional

The name of the RDS database this service should allow access to


Default value: null

retention_period (number) optional

Length of time data records are accessible after they are added to the stream


Default value: 48

s3_mirror_name (string) optional

The name of the S3 mirror component


Default value: null

service_connect_configurations optional

The list of Service Connect configurations.
See service_connect_configuration docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#service_connect_configuration



Type:

list(object({
enabled   = bool
namespace = optional(string, null)
log_configuration = optional(object({
  log_driver = string
  options    = optional(map(string), null)
  secret_option = optional(list(object({
    name       = string
    value_from = string
  })), [])
}), null)
service = optional(list(object({
  client_alias = list(object({
    dns_name = string
    port     = number
  }))
  discovery_name        = optional(string, null)
  ingress_port_override = optional(number, null)
  port_name             = string
})), [])
}))

Default value: [ ]

service_registries optional

The list of Service Registries.
See service_registries docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#service_registries



Type:

list(object({
namespace      = string
registry_arn   = optional(string)
port           = optional(number)
container_name = optional(string)
container_port = optional(number)
}))

Default value: [ ]

shard_count (number) optional

Number of shards that the stream will use


Default value: 1

shard_level_metrics (list(string)) optional

List of shard-level CloudWatch metrics which can be enabled for the stream


Default value:

[
  "IncomingBytes",
  "IncomingRecords",
  "IteratorAgeMilliseconds",
  "OutgoingBytes",
  "OutgoingRecords",
  "ReadProvisionedThroughputExceeded",
  "WriteProvisionedThroughputExceeded"
]
ssm_enabled (bool) optional

If true create SSM keys for the database user and password.


Default value: false

ssm_key_format (string) optional

SSM path format. The values will will be used in the following order: var.ssm_key_prefix, var.name, var.ssm_key_*


Default value: "/%v/%v/%v"

ssm_key_prefix (string) optional

SSM path prefix. Omit the leading forward slash /.


Default value: "ecs-service"

stickiness_cookie_duration (number) optional

The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds)


Default value: 86400

stickiness_enabled (bool) optional

Boolean to enable / disable stickiness. Default is true


Default value: true

stickiness_type (string) optional

The type of sticky sessions. The only current possible value is lb_cookie


Default value: "lb_cookie"

stream_mode (string) optional

Stream mode details for the Kinesis stream


Default value: "PROVISIONED"

task optional

Feed inputs into ecs_alb_service_task module


Type:

object({
task_cpu                = optional(number)
task_memory             = optional(number)
task_role_arn           = optional(string, "")
pid_mode                = optional(string, null)
ipc_mode                = optional(string, null)
network_mode            = optional(string)
propagate_tags          = optional(string)
assign_public_ip        = optional(bool, false)
use_alb_security_groups = optional(bool, true)
launch_type             = optional(string, "FARGATE")
scheduling_strategy     = optional(string, "REPLICA")
capacity_provider_strategies = optional(list(object({
  capacity_provider = string
  weight            = number
  base              = number
})), [])

deployment_minimum_healthy_percent = optional(number, null)
deployment_maximum_percent         = optional(number, null)
desired_count                      = optional(number, 0)
min_capacity                       = optional(number, 1)
max_capacity                       = optional(number, 2)
wait_for_steady_state              = optional(bool, true)
circuit_breaker_deployment_enabled = optional(bool, true)
circuit_breaker_rollback_enabled   = optional(bool, true)

ecs_service_enabled = optional(bool, true)
bind_mount_volumes = optional(list(object({
  name      = string
  host_path = string
})), [])
efs_volumes = optional(list(object({
  host_path = string
  name      = string
  efs_volume_configuration = list(object({
    file_system_id          = string
    root_directory          = string
    transit_encryption      = string
    transit_encryption_port = string
    authorization_config = list(object({
      access_point_id = string
      iam             = string
    }))
  }))
})), [])
efs_component_volumes = optional(list(object({
  host_path = string
  name      = string
  efs_volume_configuration = list(object({
    component   = optional(string, "efs")
    tenant      = optional(string, null)
    environment = optional(string, null)
    stage       = optional(string, null)

    root_directory          = string
    transit_encryption      = string
    transit_encryption_port = string
    authorization_config = list(object({
      access_point_id = string
      iam             = string
    }))
  }))
})), [])
docker_volumes = optional(list(object({
  host_path = string
  name      = string
  docker_volume_configuration = list(object({
    autoprovision = bool
    driver        = string
    driver_opts   = map(string)
    labels        = map(string)
    scope         = string
  }))
})), [])
fsx_volumes = optional(list(object({
  host_path = string
  name      = string
  fsx_windows_file_server_volume_configuration = list(object({
    file_system_id = string
    root_directory = string
    authorization_config = list(object({
      credentials_parameter = string
      domain                = string
    }))
  }))
})), [])
})

Default value: { }

task_enabled (bool) optional

Whether or not to use the ECS task module


Default value: true

task_exec_policy_arns_map (map(string)) optional

A map of name to IAM Policy ARNs to attach to the generated task execution role.
The names are arbitrary, but must be known at plan time. The purpose of the name
is so that changes to one ARN do not cause a ripple effect on the other ARNs.
If you cannot provide unique names known at plan time, use task_exec_policy_arns instead.



Default value: { }

task_iam_role_component (string) optional

A component that outputs an iam_role module as 'role' for adding to the service as a whole.


Default value: null

task_policy_arns (list(string)) optional

The IAM policy ARNs to attach to the ECS task IAM role


Default value:

[
  "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
  "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
]
task_security_group_component (string) optional

A component that outputs security_group_id for adding to the service as a whole.


Default value: null

unauthenticated_paths (list(string)) optional

Unauthenticated path pattern to match


Default value: [ ]

unauthenticated_priority (string) optional

The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from authenticated_priority since a listener can't have multiple rules with the same priority


Default value: 0

use_lb (bool) optional

Whether use load balancer for the service


Default value: false

use_rds_client_sg (bool) optional

Use the RDS client security group


Default value: false

vanity_alias (list(string)) optional

The vanity aliases to use for the public LB.


Default value: [ ]

vanity_domain (string) optional

Whether to use the vanity domain alias for the service


Default value: null

zone_component (string) optional

The component name to look up service domain remote-state on


Default value: "dns-delegated"

zone_component_output (string) optional

A json query to use to get the zone domain from the remote state. See


Default value: ".default_domain_name"

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

additional_tag_map (map(string)) optional

Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration.


Required: No

Default value: { }

attributes (list(string)) optional

ID element. Additional attributes (e.g. workers or cluster) to add to id,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the delimiter
and treated as a single ID element.


Required: No

Default value: [ ]

context (any) optional

Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.


Required: No

Default value:

{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
delimiter (string) optional

Delimiter to be used between ID elements.
Defaults to - (hyphen). Set to "" to use no delimiter at all.


Required: No

Default value: null

descriptor_formats (any) optional

Describe additional descriptors to be output in the descriptors output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
\{<br/> format = string<br/> labels = list(string)<br/> \}
(Type is any so the map values can later be enhanced to provide additional options.)
format is a Terraform format string to be passed to the format() function.
labels is a list of labels, in order, to pass to format() function.
Label values will be normalized before being passed to format() so they will be
identical to how they appear in id.
Default is {} (descriptors output will be empty).


Required: No

Default value: { }

enabled (bool) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: null

environment (string) optional

ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'
Required: No

Default value: null

id_length_limit (number) optional

Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for keep the existing setting, which defaults to 0.
Does not affect id_full.


Required: No

Default value: null

label_key_case (string) optional

Controls the letter case of the tags keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the tags input.
Possible values: lower, title, upper.
Default value: title.


Required: No

Default value: null

label_order (list(string)) optional

The order in which the labels (ID elements) appear in the id.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.


Required: No

Default value: null

label_value_case (string) optional

Controls the letter case of ID elements (labels) as included in id,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the tags input.
Possible values: lower, title, upper and none (no transformation).
Set this to title and set delimiter to "" to yield Pascal Case IDs.
Default value: lower.


Required: No

Default value: null

labels_as_tags (set(string)) optional

Set of labels (ID elements) to include as tags in the tags output.
Default is to include all labels.
Tags with empty values will not be included in the tags output.
Set to [] to suppress all generated tags.
Notes:
The value of the name tag, if included, will be the id, not the name.
Unlike other null-label inputs, the initial setting of labels_as_tags cannot be
changed in later chained modules. Attempts to change it will be silently ignored.


Required: No

Default value:

[
  "default"
]
name (string) optional

ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.


Required: No

Default value: null

namespace (string) optional

ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique
Required: No

Default value: null

regex_replace_chars (string) optional

Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.


Required: No

Default value: null

stage (string) optional

ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'
Required: No

Default value: null

tags (map(string)) optional

Additional tags (e.g. {'BusinessUnit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.


Required: No

Default value: { }

tenant (string) optional

ID element (Rarely used, not included by default). A customer identifier, indicating who this instance of a resource is for
Required: No

Default value: null

Outputs

ecs_cluster_arn

Selected ECS cluster ARN

environment_map

Environment variables to pass to the container, this is a map of key/value pairs, where the key is containerName,variableName

full_domain

Domain to respond to GET requests

github_actions_iam_role_arn

ARN of IAM role for GitHub Actions

github_actions_iam_role_name

Name of IAM role for GitHub Actions

lb_arn

Selected LB ARN

lb_listener_https

Selected LB HTTPS Listener

lb_sg_id

Selected LB SG ID

logs

Output of cloudwatch logs module

service_image

The image of the service container

ssm_key_prefix

SSM prefix

ssm_parameters

SSM parameters for the ECS Service

subnet_ids

Selected subnet IDs

task_definition_arn

The task definition ARN

task_definition_revision

The task definition revision

task_template

The task template rendered

vpc_id

Selected VPC ID

vpc_sg_id

Selected VPC SG ID

Dependencies

Requirements

  • terraform, version: >= 1.0.0
  • aws, version: >= 4.66.1
  • jq, version: >=0.2.0
  • template, version: >= 2.2

Providers

  • aws, version: >= 4.66.1
  • jq, version: >=0.2.0
  • template, version: >= 2.2

Modules

NameVersionSourceDescription
alb1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
alb_ingress0.28.0cloudposse/alb-ingress/awsn/a
cloudmap_namespace1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
cloudmap_namespace_service_discovery1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
container_definition0.61.1cloudposse/ecs-container-definition/awsn/a
datadog_configurationlatest../datadog-configuration/modules/datadog_keysn/a
datadog_container_definition0.58.1cloudposse/ecs-container-definition/awsn/a
datadog_fluent_bit_container_definition0.58.1cloudposse/ecs-container-definition/awsn/a
datadog_sidecar_logs0.6.6cloudposse/cloudwatch-logs/awsn/a
ecs_alb_service_task0.72.0cloudposse/ecs-alb-service-task/awsn/a
ecs_cloudwatch_autoscaling0.7.3cloudposse/ecs-cloudwatch-autoscaling/awsn/a
ecs_cloudwatch_sns_alarms0.12.3cloudposse/ecs-cloudwatch-sns-alarms/awsn/a
ecs_cluster1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
efs1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
gha_assume_rolelatest../account-map/modules/team-assume-role-policyn/a
gha_role_name0.25.0cloudposse/label/nulln/a
iam_role1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
iam_roleslatest../account-map/modules/iam-rolesn/a
logs0.6.8cloudposse/cloudwatch-logs/awsn/a
nlb1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
rds1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
roles_to_principalslatest../account-map/modules/roles-to-principalsn/a
s31.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
security_group1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
service_domain1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a
this0.25.0cloudposse/label/nulln/a
vanity_alias0.13.0cloudposse/route53-alias/awsn/a
vpc1.5.0cloudposse/stack-config/yaml//modules/remote-staten/a

Resources

The following resources are used by this module:

Data Sources

The following data sources are used by this module:

References

Changelog

PR #1008

Possible Breaking Change

  • Refactored how S3 Task Definitions and the Terraform Task definition are merged.
    • Introduced local local.containers_priority_terraform to be referenced whenever terraform Should take priority
    • Introduced local local.containers_priority_s3 to be referenced whenever S3 Should take priority
  • map_secrets pulled out from container definition to local where it can be better maintained. Used Terraform as priority as it is a calculated as a map of arns.
  • s3_mirror_name now automatically uploads a task-template.json to s3 mirror where it can be pulled from GitHub Actions.