Terraform module which implements an ECS service which exposes a web service via ALB.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by cloudposse-releaser[bot] 3 months ago
.github/settings.yml
from org level.github/settings.yml
from org levelPublished by github-actions[bot] 5 months ago
closes #214
.github/workflows
) to add issue: write
permission needed by ReviewDog tflint
action.github/workflows/settings.yaml
)Bumps golang.org/x/net from 0.17.0 to 0.23.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)cldouposse/.github
repositoryBumps golang.org/x/net from 0.7.0 to 0.17.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself).github/settings.yaml
)This is an auto-generated PR that updates the README.md and docs
To have most recent changes of README.md and doc from origin templates
make readme
to rebuild README.md
from README.yaml
.github
repoPublished by github-actions[bot] 8 months ago
task_definition_arn_without_revision
output, using the arn_without_revision
attribute from aws_ecs_task_definition
resource.v4.59.0
.v4.59.0
: https://github.com/hashicorp/terraform-provider-aws/issues/27119
Published by github-actions[bot] 8 months ago
Make elb_name
in ecs_load_balancer
optional, as described in the linked Terraform docs for ECS Service.
Currently, when creating a service without elb_name
, Terraform will fail because it expects the variable to be set. The workaround is to set it to null
.
Published by github-actions[bot] 9 months ago
Published by github-actions[bot] about 1 year ago
Published by github-actions[bot] over 1 year ago
Change external task definition to a list(string)
so that it can be flagged on without needing the task definition to already exist.
Fix this issue when using an external task definition
│ 49: count = local.enabled && var.task_definition == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.
Similar to how this was solved for the task role arn https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/blob/main/variables.tf#L216-L226. The workaround for now is to use -target
like mentioned in #123.
Sync github from the template
Published by cloudpossebot over 1 year ago
Published by cloudpossebot over 1 year ago
task_policy_arns_map
, task_exec_policy_arns_map
) and list (task_policy_arns
, task_exec_policy_arns
) inputs for policy ARNs. Supersedes and closes #196.depends_on
for ecs_service
resource to aws_iam_role_policy.ecs_service
.
terraform apply
and are therefore not known at plan
time, which is a requirement.With the solution provided by this PR, any user can avoid #167 by providing a map whose keys are known at plan time, regardless of whether the values are known at plan time. Policy ARNs could be labeled by name, purpose, region, or whatever the user wants to avoid #167. Or, if the user doesn't care about #167, perhaps because they are only supplying a single Policy ARN, then they can just supply it in a list.
Published by cloudpossebot over 1 year ago
task_policy_arns
and task_exec_policy_arns
with task_policy_arns_map
and task_exec_policy_arns_map
respectivelyvariables-deprecated.tf
and values will be internally converted to a map if variables are definedPublished by cloudpossebot over 1 year ago
Published by cloudpossebot almost 2 years ago
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
Published by cloudpossebot almost 2 years ago
host_path
as optional in bind_mount_volumes for fargate which it cannot be specifiedPublished by cloudpossebot about 2 years ago
This is an auto-generated PR that updates the README.md and docs
To have most recent changes of README.md and doc from origin templates
Published by cloudpossebot about 2 years ago
ecs_service_enabled
used string
instead of bool
type # aws_ecs_cluster.default will be created
+ resource "aws_ecs_cluster" "default" {
+ arn = (known after apply)
+ capacity_providers = (known after apply)
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task"
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ default_capacity_provider_strategy {
+ base = (known after apply)
+ capacity_provider = (known after apply)
+ weight = (known after apply)
}
+ setting {
+ name = (known after apply)
+ value = (known after apply)
}
}
# module.ecs_alb_service_task.aws_ecs_task_definition.default[0] will be created
+ resource "aws_ecs_task_definition" "default" {
+ arn = (known after apply)
+ container_definitions = jsonencode(
[
+ {
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
},
]
)
+ cpu = "256"
+ execution_role_arn = (known after apply)
+ family = "eg-test-ecs-alb-service-task"
+ id = (known after apply)
+ memory = "512"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ task_role_arn = (known after apply)
}
# module.ecs_alb_service_task.aws_iam_role.ecs_exec[0] will be created
+ resource "aws_iam_role" "ecs_exec" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-exec"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role.ecs_task[0] will be created
+ resource "aws_iam_role" "ecs_task" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-task"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role_policy.ecs_exec[0] will be created
+ resource "aws_iam_role_policy" "ecs_exec" {
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task-exec"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "ssm:GetParameters",
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:GetAuthorizationToken",
+ "ecr:BatchGetImage",
+ "ecr:BatchCheckLayerAvailability",
]
+ Effect = "Allow"
+ Resource = "*"
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ role = (known after apply)
}
# module.ecs_alb_service_task.aws_security_group.ecs_service[0] will be created
+ resource "aws_security_group" "ecs_service" {
+ arn = (known after apply)
+ description = "Allow ALL egress from ECS service"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "eg-test-ecs-alb-service-task-service"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.ecs_alb_service_task.aws_security_group_rule.allow_all_egress[0] will be created
+ resource "aws_security_group_rule" "allow_all_egress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow all outbound traffic to any IPv4 address"
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
# module.subnets.data.aws_vpc.default[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_vpc" "default" {
+ arn = (known after apply)
+ cidr_block = (known after apply)
+ cidr_block_associations = (known after apply)
+ default = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = (known after apply)
+ id = (known after apply)
+ instance_tenancy = (known after apply)
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ state = (known after apply)
+ tags = (known after apply)
+ timeouts {
+ read = (known after apply)
}
}
# module.subnets.aws_eip.default[0] will be created
+ resource "aws_eip" "default" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc = true
}
# module.subnets.aws_eip.default[1] will be created
+ resource "aws_eip" "default" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc = true
}
# module.subnets.aws_nat_gateway.default[0] will be created
+ resource "aws_nat_gateway" "default" {
+ allocation_id = (known after apply)
+ connectivity_type = "public"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
# module.subnets.aws_nat_gateway.default[1] will be created
+ resource "aws_nat_gateway" "default" {
+ allocation_id = (known after apply)
+ connectivity_type = "public"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
# module.subnets.aws_network_acl.private[0] will be created
+ resource "aws_network_acl" "private" {
+ arn = (known after apply)
+ egress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_network_acl.public[0] will be created
+ resource "aws_network_acl" "public" {
+ arn = (known after apply)
+ egress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route.default[0] will be created
+ resource "aws_route" "default" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route.default[1] will be created
+ resource "aws_route" "default" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route.public[0] will be created
+ resource "aws_route" "public" {
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route_table.private[0] will be created
+ resource "aws_route_table" "private" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table.private[1] will be created
+ resource "aws_route_table" "private" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table.public[0] will be created
+ resource "aws_route_table" "public" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table_association.private[0] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.private[1] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_subnet.private[0] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.0.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.private[1] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.32.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.public[0] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.96.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.public[1] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.128.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default[0] will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "Default Security Group"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "Default Security Group"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.default[0] will be created
+ resource "aws_internet_gateway" "default" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_vpc.default[0] will be created
+ resource "aws_vpc" "default" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = true
+ cidr_block = "172.16.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = false
+ enable_classiclink_dns_support = false
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
Plan: 30 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ container_definition_json = jsonencode(
[
+ {
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
},
]
)
+ container_definition_json_map = jsonencode(
{
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
}
)
+ ecs_cluster_arn = (known after apply)
+ ecs_cluster_id = (known after apply)
+ ecs_exec_role_policy_id = (known after apply)
+ ecs_exec_role_policy_name = "eg-test-ecs-alb-service-task-exec"
+ private_subnet_cidrs = [
+ "172.16.0.0/19",
+ "172.16.32.0/19",
]
+ public_subnet_cidrs = [
+ "172.16.96.0/19",
+ "172.16.128.0/19",
]
+ service_security_group_id = (known after apply)
+ task_definition_family = "eg-test-ecs-alb-service-task"
+ task_definition_revision = (known after apply)
+ task_exec_role_arn = (known after apply)
+ task_exec_role_name = "eg-test-ecs-alb-service-task-exec"
+ task_role_arn = (known after apply)
+ task_role_id = (known after apply)
+ task_role_name = "eg-test-ecs-alb-service-task-task"
+ vpc_cidr = "172.16.0.0/16"
╷
│ Warning: Argument is deprecated
│
│ with module.subnets.aws_route.nat_instance,
│ on .terraform/modules/subnets/nat-instance.tf line 130, in resource "aws_route" "nat_instance":
│ 130: instance_id = element(aws_instance.nat_instance.*.id, count.index)
│
│ Use network_interface_id instead
Published by cloudpossebot about 2 years ago
N/A
Published by cloudpossebot about 2 years ago
deployment_circuit_breaker
option is now a dynamic block with a conditional for the deployment_controller_type
valueCODE_DEPLOY
deployment_circuit_breaker
option.deployment_circuit_breaker
was always included as part of the module. However, the AWS DeploymentCircuitBreaker documentation states":The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type that aren't behind a Classic Load Balancer.
Consequently, when using CODE_DEPLOY
for deployment_circuit_breaker
with this module, the state is consistently out of sync with the remote, which attempts to sync with the remote on every update.
Published by cloudpossebot over 2 years ago
Docker/EFS
volumes to the ECS task definition. With this PR added support to add FSx Windows file server
volumes to the ECS task definitions.Change all references to git.io/build-harness
into cloudposse.tools/build-harness
, since git.io
redirects will stop working on April 29th, 2022.
Published by cloudpossebot over 2 years ago
Published by cloudpossebot over 2 years ago
efs_volume_configuration
and docker_volume_configuration
main.tf
when iterating over the volumes it is looking for efs_volume_configuration
and docker_volume_configuration
instead of just volume_configuration
.