Creates the dev environment's infrastructure. These templates are designed to be customized.
The optional components can be removed by simply deleting the .tf file.
| Name | Description | Optional |
|---|---|---|
| main.tf | Terrform remote state, AWS provider, output | |
| api-gateway.tf | Regional API Gateway proxy | |
| api-usage-plans.tf | API Gateway Usage Plan | Yes |
| autoscale-perf.tf | Performance-based auto scaling | Yes |
| autoscale-time.tf | Time-based auto scaling | Yes |
| cert.tf | ACM Certificate to enable HTTPS (with auto-validation) | |
| cicd.tf | IAM user that can be used by CI/CD systems | Yes |
| dns.tf | Registers a custom domain name for use with AWS API Gateway | |
| dashboard.tf | CloudWatch dashboard: CPU, memory, and HTTP-related metrics | Yes |
| ecs.tf | ECS Cluster, Service, Task Definition, ecsTaskExecutionRole, CloudWatch Log Group | |
| ecs-event-stream.tf | Cloudwatch dashboard for ECS events | yes |
| logs-logzio.tf | Ship container logs to logz.io | Yes |
| nlb.tf | NLB, Target Group, Listener | |
| nsg.tf | NSG for NLB and Task | |
| role.tf | Application Role for container | |
| secretsmanager.tf | Add a Secrets Manager secret with a CMK KMS key. Also gives app role and ECS task definition role access to read secrets from Secrets Manager | Yes |
| ssm-parameters.tf | Add a CMK KMS key for use with SSM Parameter Store. Also gives ECS task definition role access to read secrets from parameter store. | Yes |
| waf.tf | WAF Regional Web ACL | Yes |
# Sets up Terraform to run
$ terraform init
# Executes the Terraform run
$ terraform apply
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app | The application's name | string | - | yes |
| aws_profile | The AWS Profile to use | string | - | yes |
| container_name | The name of the container to run | string | app |
no |
| container_port | The port the container will listen on, used for load balancer health check Best practice is that this value is higher than 1024 so the container processes isn't running at root. | string | - | yes |
| default_backend_image | The default docker image to deploy with the infrastructure. Note that you can use the fargate CLI for application concerns like deploying actual application images and environment variables on top of the infrastructure provisioned by this template https://github.com/turnerlabs/fargate note that the source for the turner default backend image is here: https://github.com/turnerlabs/turner-defaultbackend | string | quay.io/turner/turner-defaultbackend:0.2.0 |
no |
| deregistration_delay | The amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused | string | 30 |
no |
| ecs_as_cpu_high_threshold_per | If the average CPU utilization over a minute rises to this threshold, the number of containers will be increased (but not above ecs_autoscale_max_instances). | string | 80 |
no |
| ecs_as_cpu_low_threshold_per | If the average CPU utilization over a minute drops to this threshold, the number of containers will be reduced (but not below ecs_autoscale_min_instances). | string | 20 |
no |
| ecs_autoscale_max_instances | The maximum number of containers that should be running. used by both autoscale-perf.tf and autoscale.time.tf | string | 8 |
no |
| ecs_autoscale_min_instances | The minimum number of containers that should be running. Must be at least 1. used by both autoscale-perf.tf and autoscale.time.tf For production, consider using at least "2". | string | 1 |
no |
| environment | The environment that is being built | string | - | yes |
| health_check_interval | How often to check the liveliness of the container | string | 30 |
no |
| lb_port | The port the load balancer will listen on | string | 80 |
no |
| lb_protocol | The load balancer protocol | string | TCP |
no |
| logs_retention_in_days | Specifies the number of days you want to retain log events | int | 90 | no |
| logz_token | The auth token to use for sending logs to Logz.io | string | - | yes |
| logz_url | The endpoint to use for sending logs to Logz.io | string | https://listener.logz.io:8071 |
no |
| private_subnets | The private subnets, minimum of 2, that are a part of the VPC(s) | string | - | yes |
| region | The AWS region to use for the dev environment's infrastructure Currently, Fargate is only available in us-east-1. |
string | us-east-1 |
no |
| replicas | How many containers to run | string | 1 |
no |
| saml_role | The SAML role to use for adding users to the ECR policy | string | - | yes |
| scale_down_cron | Default scale down at 7 pm every day | string | cron(0 23 * * ? *) |
no |
| scale_down_max_capacity | The maximum number of containers to scale down to. | string | 0 |
no |
| scale_down_min_capacity | The mimimum number of containers to scale down to. Set this and scale_down_max_capacity to 0 to turn off service on the scale_down_cron schedule. |
string | 0 |
no |
| scale_up_cron | Default scale up at 7 am weekdays, this is UTC so it doesn't adjust to daylight savings https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html | string | cron(0 11 ? * MON-FRI *) |
no |
| secrets_saml_users | The users (email addresses) from the saml role to give access | list | - | yes |
| tags | Tags for the infrastructure | map | - | yes |
| vpc | The VPC to use for the Fargate cluster | string | - | yes |
| Name | Description |
|---|---|
| aws_profile | Command to set the AWS_PROFILE |
| cicd_keys | The AWS keys for the CICD user to use in a build system |
| deploy | Command to deploy a new task definition to the service using Docker Compose |
| docker_registry | The URL for the docker image repo in ECR |
| scale_out | Command to scale out the number of tasks (container replicas) |
| scale_up | Command to scale up cpu and memory |
| status | Command to view the status of the Fargate service |
| api_gateway_endpoint | The API Gateway endpoint |
*Note: You may get the following terraform error when applying:
Error: Error creating API Gateway Integration Response: NotFoundException: Invalid Integration identifier specified
It appears that this error is related to this issue. If you run terraform apply the second time it should work.