terraform-aws-ecs-app-nlb

This terraform module is an AWS ECS Application Module that creates a Networking LoadBalance Application setup on ECS.

This module is designed to be used with DNXLabs/terraform-aws-ecs (https://github.com/DNXLabs/terraform-aws-ecs).

The following resources will be created:

• Cloudwatch Metrics alarm - Provides a CloudWatch Metric Alarm resource.

• IAM roles - The cloudwatch event needs an IAM Role to run the ECS task definition. A role is created and a policy will be granted via IAM policy.

• IAM policy - Policy to be attached to the IAM Role. This policy will have a trust with the cloudwatch event service. And it will use the managed policy AmazonEC2ContainerServiceEventsRole created by AWS.

• Security Groups for the ECS nodes

• Simple Notification Service (SNS) topics - Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms.

• Auto Scaling

  • You can specify the max number of containers to scale with autoscaling. The default is 4
  • You can specify the nin number of containers to scale with autoscaling. The default is 1
  • Cooldown in seconds to wait between scale in events. The default is 300
  • Cooldown in seconds to wait between scale out events. The default is 300

• Cloudwatch Log Groups

• Network Load Balancer (NLB)

• ECS task definition - A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:

  • Image - Docker image to deploy
    • Default value = "dnxsolutions/nginx-hello:latest"
  • CPU - Hard limit of the CPU for the container
    • Default Value = 0
  • Memory - Hard memory of the container
    • Default Value = 512
  • Name - Name of the ECS Service
  • Set log configuration

• ECS Task-scheduler activated by cloudwatch events

In addition you have the option to create or not :

• Autoscaling
  • Enables or not autoscaling based on average CPU tracking
  • Target average CPU percentage to track for autoscaling
• A Hostname to create DNS record for this app

Requirements

Name	Version
terraform	>= 0.13.0

Providers

Name	Version
aws	n/a
random	n/a

Inputs

Name	Description	Type	Default	Required
alarm_prefix	String prefix for cloudwatch alarms. (Optional, leave blank to use iam_account_alias)	string	""	no
alarm_sns_topics	Alarm topics to create and alert on ECS service metrics	list	[]	no
assign_public_ip	Configures ECS Service to assign public IP (Fargate Only)	bool	false	no
autoscaling_cpu	Enables autoscaling based on average CPU tracking	bool	false	no
autoscaling_max	Max number of containers to scale with autoscaling	number	4	no
autoscaling_min	Min number of containers to scale with autoscaling	number	1	no
autoscaling_scale_in_cooldown	Cooldown in seconds to wait between scale in events	number	300	no
autoscaling_scale_out_cooldown	Cooldown in seconds to wait between scale out events	number	300	no
autoscaling_target_cpu	Target average CPU percentage to track for autoscaling	number	50	no
cloudwatch_logs_export	Whether to mark the log group to export to an S3 bucket (needs terraform-aws-log-exporter to be deployed in the account/region)	bool	false	no
cloudwatch_logs_retention	Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.	number	120	no
cluster_name	n/a	string	"Name of existing ECS Cluster to deploy this app to"	no
codedeploy_deployment_config_name	Specifies the deployment configuration for CodeDeploy	string	"CodeDeployDefault.ECSAllAtOnce"	no
codedeploy_role_arn	Existing IAM CodeDeploy role ARN created by ECS cluster module	any	null	no
codedeploy_wait_time_for_cutover	Time in minutes to route the traffic to the new application deployment	number	0	no
codedeploy_wait_time_for_termination	Time in minutes to terminate the new deployment	number	0	no
container_port	Port your container listens (used in the placeholder task definition)	string	"8080"	no
cpu	Hard limit for CPU for the container	string	"0"	no
create_iam_codedeployrole	Create Codedeploy IAM Role for ECS or not.	bool	true	no
deployment_controller	Type of deployment controller. Valid values: CODE_DEPLOY, ECS, EXTERNAL.	string	"CODE_DEPLOY"	no
efs_mapping	A map of efs volume ids and paths to mount into the default task definition	map(string)	{}	no
enable_schedule	Enable scheduling for ECS service	bool	false	no
fargate_spot	Set true to use FARGATE_SPOT capacity provider by default (only when launch_type=FARGATE)	bool	false	no
hosted_zone	Hosted Zone to create DNS record for this app	string	""	no
hostname	Hostname to create DNS record for this app	string	""	no
hostname_create	Optional parameter to create or not a Route53 record	string	"true"	no
image	Docker image to deploy (can be a placeholder)	string	"dnxsolutions/nginx-hello:latest"	no
launch_type	The launch type on which to run your service. The valid values are EC2 and FARGATE. Defaults to EC2.	string	"FARGATE"	no
memory	Hard memory of the container	string	"512"	no
name	Name of your ECS service	any	n/a	yes
network_mode	The Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE)	any	null	no
nlb	Flag to create the NLB	bool	false	no
nlb_arn	Networking LoadBalance ARN - Required if nlb=false or nlb_internal=false	string	""	no
nlb_internal	Creates an Internal NLB for this service	bool	false	no
nlb_subnets_cidr	The subnets associated with the task or service. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE)	any	null	no
nlb_subnets_ids	The subnets associated with the task or service. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE)	any	null	no
ordered_placement_strategy	Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5.	list(object({ field = string expression = string }))	[]	no
placement_constraints	Rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10.	list(object({ type = string expression = string }))	[]	no
port	Port for target group to listen	string	"80"	no
ports	Port for target group to listen	list(object({ port = number protocol = string }))	[ { "port": 80, "protocol": "tcp" } ]	no
schedule_cron_start	Cron expression to start the ECS service	string	""	no
schedule_cron_stop	Cron expression to stop the ECS service	string	""	no
schedule_timezone	Timezone for the scheduled actions	string	"UTC"	no
security_group_ecs_nodes_inbound_cidrs	ECS Nodes inbound allowed CIDRs for the security group.	list(string)	[ "0.0.0.0/0" ]	no
security_group_nlb_inbound_cidrs	NLB inbound allowed CIDRs for the security group.	list(string)	[ "0.0.0.0/0" ]	no
security_groups	The security groups associated with the task or service	any	null	no
service_health_check_grace_period_seconds	Time until your container starts serving requests	number	0	no
service_role_arn	Existing service role ARN created by ECS cluster module	any	n/a	yes
subnets	The subnets associated with the task or service. (REQUIRED IF 'LAUCH_TYPE' IS FARGATE)	any	null	no
task_role_arn	Existing task role ARN created by ECS cluster module	any	n/a	yes
ulimits	Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit"	list(object({ name = string hardLimit = number softLimit = number }))	null	no
vpc_id	VPC ID to deploy this app to	any	n/a	yes

Outputs

Name	Description
aws_cloudwatch_log_group_arn	n/a

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.