diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0107484..af2d7ae 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ repos:
- id: check-executables-have-shebangs
- id: pretty-format-json
args: ['--autofix', '--no-sort-keys', '--indent=2']
- - id: check-byte-order-marker
+ - id: fix-byte-order-marker
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-merge-conflict
@@ -18,7 +18,7 @@ repos:
args: ['--allow-missing-credentials']
- id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.77.0
+ rev: v1.77.2
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d19ef09..db48098 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
## [Unreleased]
+- Comment about 'target_type' for Fargate
+- Revert container name to original
+- Remove square brackets as input is a list
+- Lint fixes
+- Turn cloudwatch logging optional - fix
+- Turn cloudwatch logging optional
+- chore: Update documentation
+- Turn cloudwatch logging optional
+- Refactored container definitions out of module
+
+
+
+## [6.7.0] - 2023-02-01
+
+- Add ecs-managed-tags parameter ([#66](https://github.com/umotif-public/terraform-aws-ecs-fargate/issues/66))
- Add readonlyRootFilesystem to container_definition ([#64](https://github.com/umotif-public/terraform-aws-ecs-fargate/issues/64))
@@ -257,7 +272,8 @@ All notable changes to this project will be documented in this file.
- Initial commit
-[Unreleased]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.6.0...HEAD
+[Unreleased]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.7.0...HEAD
+[6.7.0]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.6.0...6.7.0
[6.6.0]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.5.2...6.6.0
[6.5.2]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.5.1...6.5.2
[6.5.1]: https://github.com/umotif-public/terraform-aws-ecs-fargate/compare/6.5.0...6.5.1
diff --git a/README.md b/README.md
index a33a22e..06143f9 100644
--- a/README.md
+++ b/README.md
@@ -130,9 +130,11 @@ No modules.
|------|-------------|------|---------|:--------:|
| [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | (Optional) The capacity\_provider\_strategy configuration block. This is a list of maps, where each map should contain "capacity\_provider ", "weight" and "base" | `list(any)` | `[]` | no |
| [cluster\_id](#input\_cluster\_id) | The Amazon Resource Name (ARN) that identifies the cluster. | `string` | n/a | yes |
+| [container\_definitions](#input\_container\_definitions) | A string containing json encoded array of container definitions for Task Definition | `string` | `null` | no |
| [container\_name](#input\_container\_name) | Optional name for the container to be used instead of name\_prefix. | `string` | `""` | no |
| [cpu\_architecture](#input\_cpu\_architecture) | cpu architecture for the task | `string` | `"X86_64"` | no |
| [create\_repository\_credentials\_iam\_policy](#input\_create\_repository\_credentials\_iam\_policy) | Set to true if you are specifying `repository_credentials` variable, it will attach IAM policy with necessary permissions to task role. | `bool` | `false` | no |
+| [deny\_egress\_to\_anywhere](#input\_deny\_egress\_to\_anywhere) | When this parameter is true, no default egress rule will be created | `bool` | `false` | no |
| [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values: CODE\_DEPLOY, ECS, EXTERNAL. Default: ECS. | `string` | `"ECS"` | no |
| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of running tasks that can be running in a service during a deployment | `number` | `200` | no |
| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit of the number of running tasks that must remain running and healthy in a service during a deployment | `number` | `50` | no |
@@ -141,10 +143,12 @@ No modules.
| [enable\_deployment\_circuit\_breaker\_rollback](#input\_enable\_deployment\_circuit\_breaker\_rollback) | Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. | `bool` | `"false"` | no |
| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `true` | no |
| [enable\_execute\_command](#input\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service. | `bool` | `true` | no |
+| [enable\_logs](#input\_enable\_logs) | Turn cloudwatch logging optional | `bool` | `true` | no |
| [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version. | `bool` | `false` | no |
-| [health\_check](#input\_health\_check) | A health block containing health check settings for the target group. Overrides the defaults. | `map(string)` | n/a | yes |
+| [health\_check](#input\_health\_check) | A health block containing health check settings for the target group. Overrides the defaults. | `map(string)` | `{}` | no |
| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers. | `number` | `300` | no |
| [load\_balanced](#input\_load\_balanced) | Whether the task should be loadbalanced. | `bool` | `true` | no |
+| [log\_groups\_arn](#input\_log\_groups\_arn) | List of CloudWatch Group ARNs to use when enable\_logs is set to false | `list(string)` | `[]` | no |
| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | Number of days the logs will be retained in CloudWatch. | `number` | `30` | no |
| [logs\_kms\_key](#input\_logs\_kms\_key) | The KMS key ARN to use to encrypt container logs. | `string` | `""` | no |
| [name\_prefix](#input\_name\_prefix) | A prefix used for naming resources. | `string` | n/a | yes |
@@ -167,10 +171,10 @@ No modules.
| [task\_container\_entrypoint](#input\_task\_container\_entrypoint) | The entrypoint that is passed to the container. | `list(string)` | `[]` | no |
| [task\_container\_environment](#input\_task\_container\_environment) | The environment variables to pass to a container. | `map(string)` | `{}` | no |
| [task\_container\_environment\_files](#input\_task\_container\_environment\_files) | The environment variable files (s3 object arns) to pass to a container. Files must use .env file extension. | `list(string)` | `[]` | no |
-| [task\_container\_image](#input\_task\_container\_image) | The image used to start a container. | `string` | n/a | yes |
+| [task\_container\_image](#input\_task\_container\_image) | The image used to start a container. | `string` | `"marcincuber/2048-game:latest"` | no |
| [task\_container\_memory](#input\_task\_container\_memory) | The hard limit (in MiB) of memory for the container. | `number` | `null` | no |
| [task\_container\_memory\_reservation](#input\_task\_container\_memory\_reservation) | The soft limit (in MiB) of memory to reserve for the container. | `number` | `null` | no |
-| [task\_container\_port](#input\_task\_container\_port) | The port number on the container that is bound to the user-specified or automatically assigned host port | `number` | n/a | yes |
+| [task\_container\_port](#input\_task\_container\_port) | The port number on the container that is bound to the user-specified or automatically assigned host port | `number` | `80` | no |
| [task\_container\_protocol](#input\_task\_container\_protocol) | Protocol that the container exposes. | `string` | `"HTTP"` | no |
| [task\_container\_secrets](#input\_task\_container\_secrets) | The secrets variables to pass to a container. | `list(map(string))` | `null` | no |
| [task\_container\_working\_directory](#input\_task\_container\_working\_directory) | The working directory to run commands inside the container. | `string` | `""` | no |
@@ -179,7 +183,7 @@ No modules.
| [task\_definition\_memory](#input\_task\_definition\_memory) | The soft limit (in MiB) of memory to reserve for the task. | `number` | `512` | no |
| [task\_health\_check](#input\_task\_health\_check) | An optional healthcheck definition for the task | `map(number)` | `null` | no |
| [task\_health\_command](#input\_task\_health\_command) | A string array representing the command that the container runs to determine if it is healthy. | `list(string)` | `null` | no |
-| [task\_host\_port](#input\_task\_host\_port) | The port number on the container instance to reserve for your container. | `number` | `0` | no |
+| [task\_host\_port](#input\_task\_host\_port) | The port number on the container instance to reserve for your container. | `number` | `80` | no |
| [task\_mount\_points](#input\_task\_mount\_points) | The mount points for data volumes in your container. Each object inside the list requires "sourceVolume", "containerPath" and "readOnly". For more information see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html | `list(object({ sourceVolume = string, containerPath = string, readOnly = bool }))` | `null` | no |
| [task\_pseudo\_terminal](#input\_task\_pseudo\_terminal) | Allocate TTY in the container | `bool` | `null` | no |
| [task\_start\_timeout](#input\_task\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container. If this parameter is not specified, the default value of 3 minutes is used (fargate). | `number` | `null` | no |
@@ -187,7 +191,6 @@ No modules.
| [volume](#input\_volume) | (Optional) A set of volume blocks that containers in your task may use. This is a list of maps, where each map should contain "name", "host\_path", "docker\_volume\_configuration" and "efs\_volume\_configuration". Full set of options can be found at https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html | `list(any)` | `[]` | no |
| [vpc\_id](#input\_vpc\_id) | The VPC ID. | `string` | n/a | yes |
| [wait\_for\_steady\_state](#input\_wait\_for\_steady\_state) | If true, Terraform will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. | `bool` | `false` | no |
-| [deny\_egress\_to\_anywhere](#deny\_egress\_to\_anywhere) | If true, Terraform will no create the default egress rule which allows all outgoing traffic. | `bool` | `false` | no |
## Outputs
@@ -202,6 +205,7 @@ No modules.
| [target\_group\_arn](#output\_target\_group\_arn) | The ARN of the Target Group used by Load Balancer. |
| [target\_group\_name](#output\_target\_group\_name) | The Name of the Target Group used by Load Balancer. |
| [task\_definition\_arn](#output\_task\_definition\_arn) | The Amazon Resource Name (ARN) of the task definition created |
+| [task\_definition\_container\_definitions](#output\_task\_definition\_container\_definitions) | A list of container definitions |
| [task\_definition\_name](#output\_task\_definition\_name) | The name of the task definition created |
| [task\_role\_arn](#output\_task\_role\_arn) | The Amazon Resource Name (ARN) specifying the ECS service role. |
| [task\_role\_name](#output\_task\_role\_name) | The name of the Fargate task service role. |
diff --git a/data.tf b/data.tf
index e9c2081..62189b3 100644
--- a/data.tf
+++ b/data.tf
@@ -15,18 +15,34 @@ data "aws_iam_policy_document" "task_assume" {
# Task logging privileges
data "aws_iam_policy_document" "task_permissions" {
- statement {
- effect = "Allow"
+ dynamic "statement" {
+ for_each = var.enable_logs ? [1] : []
+ content {
+ effect = "Allow"
+
+ resources = [
+ aws_cloudwatch_log_group.main[0].arn,
+ "${aws_cloudwatch_log_group.main[0].arn}:*"
+ ]
+
+ actions = [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
+ ]
+ }
+ }
- resources = [
- aws_cloudwatch_log_group.main.arn,
- "${aws_cloudwatch_log_group.main.arn}:*"
- ]
+ dynamic "statement" {
+ for_each = var.enable_logs ? [] : [1]
- actions = [
- "logs:CreateLogStream",
- "logs:PutLogEvents",
- ]
+ content {
+ effect = "Allow"
+ resources = var.log_groups_arn
+ actions = [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ]
+ }
}
}
@@ -118,4 +134,4 @@ data "aws_iam_policy_document" "get_environment_files" {
data "aws_ecs_task_definition" "task" {
task_definition = aws_ecs_task_definition.task.family
-}
\ No newline at end of file
+}
diff --git a/examples/core/main.tf b/examples/core/main.tf
index 1ba8d94..9a548a3 100644
--- a/examples/core/main.tf
+++ b/examples/core/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.0.11"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 4.6.0"
}
}
diff --git a/examples/external-container-definitions/main.tf b/examples/external-container-definitions/main.tf
new file mode 100644
index 0000000..4b06de5
--- /dev/null
+++ b/examples/external-container-definitions/main.tf
@@ -0,0 +1,188 @@
+terraform {
+ required_version = ">= 1.0.11"
+
+ required_providers {
+ aws = ">= 4.8.0"
+ }
+}
+
+provider "aws" {
+ region = "eu-west-1"
+}
+
+#####
+# VPC and subnets
+#####
+data "aws_vpc" "default" {
+ default = true
+}
+
+data "aws_subnets" "all" {
+ filter {
+ name = "vpc-id"
+ values = [data.aws_vpc.default.id]
+ }
+}
+
+#####
+# ECS cluster and fargate
+#####
+resource "aws_ecs_cluster" "cluster" {
+ name = "ecs-external-container-definitions-test"
+
+ setting {
+ name = "containerInsights"
+ value = "disabled"
+ }
+}
+
+resource "aws_ecs_cluster_capacity_providers" "cluster" {
+ cluster_name = aws_ecs_cluster.cluster.name
+
+ capacity_providers = ["FARGATE_SPOT", "FARGATE"]
+
+ default_capacity_provider_strategy {
+ capacity_provider = "FARGATE_SPOT"
+ }
+}
+
+module "container_1" {
+ source = "cloudposse/ecs-container-definition/aws"
+ version = "0.58.2"
+
+ container_name = "example"
+ container_image = "hello-world:latest"
+
+ port_mappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
+ }
+ ]
+
+}
+
+module "container_2" {
+ source = "cloudposse/ecs-container-definition/aws"
+ version = "0.58.2"
+
+ container_name = "example-2"
+ container_image = "hello-world:latest"
+
+ port_mappings = [
+ {
+ containerPort = 81
+ hostPort = 81
+ protocol = "udp"
+ }
+ ]
+
+ container_depends_on = [
+ {
+ containerName = "example"
+ condition = "START"
+ }
+ ]
+}
+
+#####
+# ALB
+#####
+module "alb" {
+ source = "umotif-public/alb/aws"
+ version = "~> 2.0"
+
+ name_prefix = "alb-example"
+ load_balancer_type = "application"
+ internal = false
+ vpc_id = data.aws_vpc.default.id
+ subnets = data.aws_subnets.all.ids
+}
+
+resource "aws_lb_listener" "alb_80" {
+ load_balancer_arn = module.alb.arn
+ port = "80"
+ protocol = "HTTP"
+
+ default_action {
+ type = "forward"
+ target_group_arn = module.fargate.target_group_arn[0]
+ }
+}
+
+#####
+# Security Group Config
+#####
+resource "aws_security_group_rule" "alb_ingress_80" {
+ security_group_id = module.alb.security_group_id
+ type = "ingress"
+ protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ cidr_blocks = ["0.0.0.0/0"]
+ ipv6_cidr_blocks = ["::/0"]
+}
+
+resource "aws_security_group_rule" "task_ingress_80" {
+ security_group_id = module.fargate.service_sg_id
+ type = "ingress"
+ protocol = "tcp"
+ from_port = 80
+ to_port = 80
+ source_security_group_id = module.alb.security_group_id
+}
+
+module "fargate" {
+ source = "../../"
+
+ name_prefix = "ecs-fargate-example-2"
+ vpc_id = data.aws_vpc.default.id
+ private_subnet_ids = data.aws_subnets.all.ids
+
+ cluster_id = aws_ecs_cluster.cluster.id
+
+ container_definitions = jsonencode([
+ module.container_1.json_map_object,
+ module.container_2.json_map_object
+ ])
+
+ capacity_provider_strategy = [
+ {
+ capacity_provider = "FARGATE_SPOT",
+ weight = 100
+ }
+ ]
+
+ enable_deployment_circuit_breaker = true
+ enable_deployment_circuit_breaker_rollback = true
+
+ health_check = {
+ port = "traffic-port"
+ path = "/"
+ }
+
+ target_groups = [
+ {
+ container_name = "example"
+ target_group_name = "tg-example"
+ container_port = 80
+ }
+ ]
+
+}
+
+output "first_container_json" {
+ description = "Container definition in JSON format"
+ value = module.container_1.json_map_encoded_list
+}
+
+output "second_container_json" {
+ description = "Container definition in JSON format"
+ value = module.container_2.json_map_encoded_list
+}
+
+output "task_definition_container_definitions" {
+ description = "A list of container definitions"
+ value = module.fargate.task_definition_container_definitions
+}
\ No newline at end of file
diff --git a/examples/fargate-efs/main.tf b/examples/fargate-efs/main.tf
index dc77007..0578dff 100644
--- a/examples/fargate-efs/main.tf
+++ b/examples/fargate-efs/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.0.11"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 4.8.0"
}
}
diff --git a/examples/fargate-spot/main.tf b/examples/fargate-spot/main.tf
index 0735bb4..4deee31 100644
--- a/examples/fargate-spot/main.tf
+++ b/examples/fargate-spot/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.0.11"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 4.6.0"
}
}
diff --git a/examples/multiple-target-groups/main.tf b/examples/multiple-target-groups/main.tf
index 2b36d05..f100e19 100644
--- a/examples/multiple-target-groups/main.tf
+++ b/examples/multiple-target-groups/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.0.11"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 4.6.0"
}
}
diff --git a/locals.tf b/locals.tf
new file mode 100644
index 0000000..8e2d281
--- /dev/null
+++ b/locals.tf
@@ -0,0 +1,90 @@
+locals {
+ #####
+ # This format of using container definitions will be deprecated in a later version in favour of using external container definitions.
+ # An example of using external container definitions can be found in examples/external-container-definitions folder
+ #####
+ default_container_definitions = < 0}
+ "portMappings": ${jsonencode(local.target_group_portMaps)},
+ %{else}
+ %{if var.task_container_port != 0 || var.task_host_port != 0~}
+ "portMappings": [
+ {
+ %{if var.task_host_port != 0~}
+ "hostPort": ${var.task_host_port},
+ %{~endif}
+ %{if var.task_container_port != 0~}
+ "containerPort": ${var.task_container_port},
+ %{~endif}
+ "protocol":"tcp"
+ }
+ ],
+ %{~endif}
+ %{~endif}
+ %{if var.enable_logs~}
+ "logConfiguration": {
+ "logDriver": "awslogs",
+ "options": {
+ "awslogs-group": "${aws_cloudwatch_log_group.main[0].name}",
+ "awslogs-region": "${data.aws_region.current.name}",
+ "awslogs-stream-prefix": "container"
+ }
+ }
+ %{~endif},
+ %{if var.task_health_check != null || var.task_health_command != null~}
+ "healthcheck": {
+ "command": ${jsonencode(var.task_health_command)},
+ "interval": ${lookup(var.task_health_check, "interval", 30)},
+ "timeout": ${lookup(var.task_health_check, "timeout", 5)},
+ "retries": ${lookup(var.task_health_check, "retries", 3)},
+ "startPeriod": ${lookup(var.task_health_check, "startPeriod", 0)}
+ },
+ %{~endif}
+ "command": ${jsonencode(var.task_container_command)},
+ %{if var.task_container_entrypoint != ""~}
+ "entryPoint": ${jsonencode(var.task_container_entrypoint)},
+ %{~endif}
+ %{if var.task_container_working_directory != ""~}
+ "workingDirectory": ${var.task_container_working_directory},
+ %{~endif}
+ %{if var.task_container_memory != null~}
+ "memory": ${var.task_container_memory},
+ %{~endif}
+ %{if var.task_container_memory_reservation != null~}
+ "memoryReservation": ${var.task_container_memory_reservation},
+ %{~endif}
+ %{if var.task_container_cpu != null~}
+ "cpu": ${var.task_container_cpu},
+ %{~endif}
+ %{if var.task_start_timeout != null~}
+ "startTimeout": ${var.task_start_timeout},
+ %{~endif}
+ %{if var.task_stop_timeout != null~}
+ "stopTimeout": ${var.task_stop_timeout},
+ %{~endif}
+ %{if var.task_mount_points != null~}
+ "mountPoints": ${jsonencode(var.task_mount_points)},
+ %{~endif}
+ %{if var.task_container_secrets != null~}
+ "secrets": ${jsonencode(var.task_container_secrets)},
+ %{~endif}
+ %{if var.task_pseudo_terminal != null~}
+ "pseudoTerminal": ${var.task_pseudo_terminal},
+ %{~endif}
+ "environment": ${jsonencode(local.task_environment)},
+ "environmentFiles": ${jsonencode(local.task_environment_files)},
+ "readonlyRootFilesystem": ${var.readonlyRootFilesystem ? true : false}
+}]
+EOF
+
+ container_definitions = var.container_definitions != null ? var.container_definitions : local.default_container_definitions
+}
diff --git a/main.tf b/main.tf
index 5b34744..a5aff39 100644
--- a/main.tf
+++ b/main.tf
@@ -2,6 +2,8 @@
# Cloudwatch
#####
resource "aws_cloudwatch_log_group" "main" {
+ count = var.enable_logs ? 1 : 0
+
name = var.name_prefix
retention_in_days = var.log_retention_in_days
@@ -109,20 +111,21 @@ resource "aws_lb_target_group" "task" {
protocol = var.task_container_protocol
port = lookup(each.value, "container_port", var.task_container_port)
deregistration_delay = lookup(each.value, "deregistration_delay", null)
- target_type = "ip"
+ # awsvpc network mode (required for the AWS Fargate launch type), IP must be the target type.
+ target_type = "ip"
dynamic "health_check" {
for_each = [var.health_check]
content {
- enabled = lookup(health_check.value, "enabled", null)
- interval = lookup(health_check.value, "interval", null)
- path = lookup(health_check.value, "path", null)
- port = lookup(health_check.value, "port", null)
- protocol = lookup(health_check.value, "protocol", null)
- timeout = lookup(health_check.value, "timeout", null)
- healthy_threshold = lookup(health_check.value, "healthy_threshold", null)
- unhealthy_threshold = lookup(health_check.value, "unhealthy_threshold", null)
+ enabled = lookup(health_check.value, "enabled", true)
+ interval = lookup(health_check.value, "interval", 30)
+ path = lookup(health_check.value, "path", "/")
+ port = lookup(health_check.value, "port", "traffic-port")
+ protocol = lookup(health_check.value, "protocol", "TCP")
+ timeout = lookup(health_check.value, "timeout", 5)
+ healthy_threshold = lookup(health_check.value, "healthy_threshold", 5)
+ unhealthy_threshold = lookup(health_check.value, "unhealthy_threshold", 2)
matcher = lookup(health_check.value, "matcher", null)
}
}
@@ -181,86 +184,7 @@ resource "aws_ecs_task_definition" "task" {
}
}
- container_definitions = < 0}
- "portMappings": ${jsonencode(local.target_group_portMaps)},
- %{else}
- %{if var.task_container_port != 0 || var.task_host_port != 0~}
- "portMappings": [
- {
- %{if var.task_host_port != 0~}
- "hostPort": ${var.task_host_port},
- %{~endif}
- %{if var.task_container_port != 0~}
- "containerPort": ${var.task_container_port},
- %{~endif}
- "protocol":"tcp"
- }
- ],
- %{~endif}
- %{~endif}
- "logConfiguration": {
- "logDriver": "awslogs",
- "options": {
- "awslogs-group": "${aws_cloudwatch_log_group.main.name}",
- "awslogs-region": "${data.aws_region.current.name}",
- "awslogs-stream-prefix": "container"
- }
- },
- %{if var.task_health_check != null || var.task_health_command != null~}
- "healthcheck": {
- "command": ${jsonencode(var.task_health_command)},
- "interval": ${lookup(var.task_health_check, "interval", 30)},
- "timeout": ${lookup(var.task_health_check, "timeout", 5)},
- "retries": ${lookup(var.task_health_check, "retries", 3)},
- "startPeriod": ${lookup(var.task_health_check, "startPeriod", 0)}
- },
- %{~endif}
- "command": ${jsonencode(var.task_container_command)},
- %{if var.task_container_entrypoint != ""~}
- "entryPoint": ${jsonencode(var.task_container_entrypoint)},
- %{~endif}
- %{if var.task_container_working_directory != ""~}
- "workingDirectory": ${var.task_container_working_directory},
- %{~endif}
- %{if var.task_container_memory != null~}
- "memory": ${var.task_container_memory},
- %{~endif}
- %{if var.task_container_memory_reservation != null~}
- "memoryReservation": ${var.task_container_memory_reservation},
- %{~endif}
- %{if var.task_container_cpu != null~}
- "cpu": ${var.task_container_cpu},
- %{~endif}
- %{if var.task_start_timeout != null~}
- "startTimeout": ${var.task_start_timeout},
- %{~endif}
- %{if var.task_stop_timeout != null~}
- "stopTimeout": ${var.task_stop_timeout},
- %{~endif}
- %{if var.task_mount_points != null~}
- "mountPoints": ${jsonencode(var.task_mount_points)},
- %{~endif}
- %{if var.task_container_secrets != null~}
- "secrets": ${jsonencode(var.task_container_secrets)},
- %{~endif}
- %{if var.task_pseudo_terminal != null~}
- "pseudoTerminal": ${var.task_pseudo_terminal},
- %{~endif}
- "environment": ${jsonencode(local.task_environment)},
- "environmentFiles": ${jsonencode(local.task_environment_files)},
- "readonlyRootFilesystem": ${var.readonlyRootFilesystem ? true : false}
-}]
-EOF
+ container_definitions = local.container_definitions
runtime_platform {
operating_system_family = var.operating_system_family
diff --git a/outputs.tf b/outputs.tf
index 4f01681..82ab7c9 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -35,7 +35,7 @@ output "service_name" {
output "log_group_name" {
description = "The name of the Cloudwatch log group for the task."
- value = aws_cloudwatch_log_group.main.name
+ value = var.enable_logs ? aws_cloudwatch_log_group.main[0].name : null
}
output "execution_role_arn" {
@@ -56,4 +56,9 @@ output "task_definition_arn" {
output "task_definition_name" {
description = "The name of the task definition created"
value = aws_ecs_task_definition.task.arn
-}
\ No newline at end of file
+}
+
+output "task_definition_container_definitions" {
+ description = "A list of container definitions"
+ value = aws_ecs_task_definition.task.container_definitions
+}
diff --git a/variables.tf b/variables.tf
index 19f1882..e747200 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,6 +39,7 @@ variable "platform_version" {
variable "task_container_image" {
description = "The image used to start a container."
type = string
+ default = "marcincuber/2048-game:latest"
}
variable "desired_count" {
@@ -56,12 +57,13 @@ variable "task_container_assign_public_ip" {
variable "task_container_port" {
description = "The port number on the container that is bound to the user-specified or automatically assigned host port"
type = number
+ default = 80
}
variable "task_host_port" {
description = "The port number on the container instance to reserve for your container."
type = number
- default = 0
+ default = 80
}
variable "task_container_protocol" {
@@ -127,6 +129,7 @@ variable "log_retention_in_days" {
variable "health_check" {
description = "A health block containing health check settings for the target group. Overrides the defaults."
type = map(string)
+ default = {}
}
variable "health_check_grace_period_seconds" {
@@ -351,3 +354,21 @@ variable "deny_egress_to_anywhere" {
description = "When this parameter is true, no default egress rule will be created"
type = bool
}
+
+variable "container_definitions" {
+ description = "A string containing json encoded array of container definitions for Task Definition"
+ type = string
+ default = null
+}
+
+variable "enable_logs" {
+ description = "Turn cloudwatch logging optional"
+ type = bool
+ default = true
+}
+
+variable "log_groups_arn" {
+ description = "List of CloudWatch Group ARNs to use when enable_logs is set to false"
+ type = list(string)
+ default = []
+}