Creates an ECS cluster along with the necessary IAM resources (ecs/access) and a standard networking setup (ecs/network).
Based on AWS reference architecture and segmentio/stack
-
Creates IAM resources needed for the cluster. Instantiated by the
ecsmodule. -
Creates an autoscaling group of EC2 instances for running tasks within the cluster
-
Creates the networking stack for the cluster. Instantiated by the
ecsmodule. -
Creates an ECR container image repository.
-
Creates an ECS service exposed to the web via an Application Load Balancer.
-
Creates an internal ECS service for running tasks from some queue.
-
Creates an ECS task definition
| Name | Version |
|---|---|
| terraform | >= 0.12, <2.0 |
| aws | >= 4.0.0 |
| Name | Version |
|---|---|
| aws | >= 4.0.0 |
| Name | Source | Version |
|---|---|---|
| access | ./access | n/a |
| cloudwatch_consts | ./../cloudwatch/consts | n/a |
| metrics_count | ./../cloudwatch/metric/many | n/a |
| metrics_cpu | ./../cloudwatch/metric/many | n/a |
| metrics_memory | ./../cloudwatch/metric/many | n/a |
| network | ./network | n/a |
| widget_cpu_utilization | ./../cloudwatch/metric_widget | n/a |
| widget_instances | ./../cloudwatch/metric_widget | n/a |
| widget_memory_utilization | ./../cloudwatch/metric_widget | n/a |
| widget_services | ./../cloudwatch/metric_widget | n/a |
| widget_tasks | ./../cloudwatch/metric_widget | n/a |
| Name | Type |
|---|---|
| aws_ecs_cluster.cluster | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| availability_zones_count | Number of availability zones the network should span | number |
2 |
no |
| create | Should resources be created | bool |
true |
no |
| enable_container_insights | Enable/disable container insights for the ECS cluster | bool |
true |
no |
| enable_dns_hostnames | Enable/disable DNS hostnames in the VPC | bool |
false |
no |
| enable_dns_support | Enable/disable DNS support in the VPC | bool |
true |
no |
| environment | Kebab-cased environment name, eg. development, staging, production. | string |
n/a | yes |
| lb_ssl_policy | SSL policy to set on the HTTPS ALB listener, see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies | string |
"ELBSecurityPolicy-TLS-1-2-2017-01" |
no |
| nat_instance | Use NAT instances instead of NAT gateways. | bool |
false |
no |
| nat_instance_ami_name | Name of the EC2 AMI used by NAT instances | string |
"amzn2-ami-kernel-5.10-hvm-2.0.20240131.0-x86_64-gp2" |
no |
| nat_instance_type | EC2 instance type to use to create a NAT instance. | string |
"t3.nano" |
no |
| project | Kebab-cased project name | string |
n/a | yes |
| project_index | Unique project number in 0-255 range which will be used to build the VPC CIDR block: 10.{project_index}.0.0/16 | number |
n/a | yes |
| tags | Tags to add to resources that support them | map(string) |
{} |
no |
| Name | Description |
|---|---|
| arn | Cluster ARN |
| availability_zones | The availability zones in which corresponding public and private subnets were created |
| host_profile_arn | ECS host instance profile ARN |
| host_profile_id | ECS host instance profile ID |
| host_profile_name | ECS host instance profile name |
| host_role_arn | ECS host role ARN |
| host_role_name | ECS host role name |
| hosts_security_group_arn | The ARN of the Security Group which should be used by host instances |
| hosts_security_group_id | The ID of the Security Group which should be used by host instances |
| http_listener_arn | The ARN of the ALB's HTTP Listener |
| https_listener_arn | The ARN of the ALB's HTTPS Listener |
| internet_gateway_id | The ID of the Internet Gateway |
| lb_metrics | Load balancer related Cloudwatch metrics, see network/metrics.tf |
| lb_widgets | Load balancer related Cloudwatch dashboard widgets, see network/widgets.tf |
| load_balancer_arn | The ARN of the Application Load Balancer |
| load_balancer_domain | The domain name of the Application Load Balancer |
| load_balancer_id | The ID of the Application Load Balancer |
| load_balancer_security_group_arn | The ARN of the Application Load Balancer's Security Group |
| load_balancer_security_group_id | The ID of the Application Load Balancer's Security Group |
| load_balancer_zone_id | The canonical hosted zone ID of the Application Load Balancer (to be used in a Route 53 Alias record) |
| metrics | ECS cluster Cloudwatch metrics, see metrics.tf for details |
| name | Cluster name |
| nat_gateway_metrics | NAT gateway related Cloudwatch metrics, see network/metrics.tf |
| nat_gateway_widgets | NAT gateway related Cloudwatch dashboard widgets, see network/widgets.tf |
| nat_instance_metrics | NAT instance related Cloudwatch metrics, see network/metrics.tf |
| nat_instance_widgets | NAT instance related Cloudwatch dashboard widgets, see network/widgets.tf |
| private_blocks | The CIDR blocks of private subnets |
| private_subnet_ids | The IDs of private subnets |
| public_blocks | The CIDR blocks of public subnets |
| public_gateway_ips | The public IP addresses of nat gateways used for outbound traffic |
| public_subnet_ids | The IDs of public subnets |
| vpc_block | The CIDR block of the VPC |
| vpc_id | The ID of the VPC |
| web_service_role_arn | ECS web service task role ARN |
| web_service_role_name | ECS web service task role name |
| widgets | ECS cluster Cloudwatch dashboard widgets, see widgets.tf for details |