terraform-aws-ecs-alb-service-task
Terraform module which implements an ECS service which exposes a web service via ALB.
APACHE-2.0 License
Stars
146
Committers
55
Bot releases are visible (Hide)
terraform-aws-ecs-alb-service-task
- v0.76.0
Latest Release
Published by cloudposse-releaser[bot] 3 months ago
🚀 Enhancements
- Adds track_latest and bumps provider version to v5.37.0 accordingly.
why
- Allow users to make the task definitions track always the latest one if track_latest is set to true.
references
- Closes https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/issues/221
- See original addition of this argument to the provider here: https://github.com/hashicorp/terraform-provider-aws/pull/30154
🤖 Automatic Updates
why
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
why
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
why
- So we can support commenting on PRs with a link to the release
why
- Reduce nested levels of reusable workflows
terraform-aws-ecs-alb-service-task
- v0.75.0
Published by github-actions[bot] 5 months ago
what
- Add support for TLS with Service Connect
- Add support for Service Connect timeouts
why
- Extend the module's functionality
references
closes #214
🤖 Automatic Updates
what
- Update workflows (
.github/workflows) to addissue: writepermission needed by ReviewDogtflintaction
why
- The ReviewDog action will comment with line-level suggestions based on linting failures
what
- Update workflows (
.github/workflows/settings.yaml)
why
- Support new readme generation workflow.
- Generate banners
Bumps golang.org/x/net from 0.17.0 to 0.23.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
what
- Install latest GitHub Action Workflows
why
- Use shared workflows from
cldouposse/.githubrepository - Simplify management of workflows from centralized hub of configuration
Bumps golang.org/x/net from 0.7.0 to 0.17.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
what
- Install a repository config (
.github/settings.yaml)
why
- Programmatically manage GitHub repo settings
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
what
- Reran
make readmeto rebuildREADME.mdfromREADME.yaml - Migrate to square badges
- Add scaffolding for repo settings and Mergify
why
- Upstream template changed in the
.githubrepo - Work better with repository rulesets
- Modernize look & feel
terraform-aws-ecs-alb-service-task
- v0.74.0
Published by github-actions[bot] 8 months ago
🚀 Enhancements
what
- Add
task_definition_arn_without_revisionoutput, using thearn_without_revisionattribute fromaws_ecs_task_definitionresource. - Update minimum AWS provider version to
v4.59.0.
why
- Useful for situations where the latest task definition is always desired.
- Avoiding manual string manipulation to strip the revision from the ARN.
references
- Added to AWS provider in version
v4.59.0: https://github.com/hashicorp/terraform-provider-aws/issues/27119
terraform-aws-ecs-alb-service-task
- v0.73.0
Published by github-actions[bot] 8 months ago
what
Make elb_name in ecs_load_balancer optional, as described in the linked Terraform docs for ECS Service.
why
Currently, when creating a service without elb_name, Terraform will fail because it expects the variable to be set. The workaround is to set it to null.
references
terraform-aws-ecs-alb-service-task
- v0.72.0
Published by github-actions[bot] 9 months ago
🚀 Enhancements
what
- This adds support for ECS Service connect, which is already supported by the provider, see service_connect_configuration block.
why
- Extend the module's functionality.
references
- There is a PR that partially covers this feature, but unfortunately, it's not active for a while, and there are requested changes to be done: https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/208
terraform-aws-ecs-alb-service-task
- v0.71.0
Published by github-actions[bot] about 1 year ago
what
- add ipc_mode
- add pid_mode
why
- support host level access for monitoring processes
terraform-aws-ecs-alb-service-task
- v0.70.0
Published by github-actions[bot] over 1 year ago
what
Change external task definition to a list(string) so that it can be flagged on without needing the task definition to already exist.
why
Fix this issue when using an external task definition
│ 49: count = local.enabled && var.task_definition == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.
references
Similar to how this was solved for the task role arn https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/blob/main/variables.tf#L216-L226. The workaround for now is to use -target like mentioned in #123.
Sync github from the template
terraform-aws-ecs-alb-service-task
- v0.69.0
Published by cloudpossebot over 1 year ago
- No changes
terraform-aws-ecs-alb-service-task
- v0.68.0
Published by cloudpossebot over 1 year ago
what
- Accept both map (
task_policy_arns_map,task_exec_policy_arns_map) and list (task_policy_arns,task_exec_policy_arns) inputs for policy ARNs. Supersedes and closes #196. - Add
depends_onforecs_serviceresource toaws_iam_role_policy.ecs_service.- Closes #182
- Closes #187
why
History
- Issue #167 is typical behavior when supplying a list of inputs to convert into resources. The solution to it is to provide a map of resources, so that changes are limited to what is necessary according to the change in inputs. Adding to or removing from the list, or changing the order of the list, no longer affects the list items that did not change, because each item is now referenced by the key in the map rather than its index in the list.
- PR #178 tried to fix #167 by using the input values as keys. However, this created issue #191, because the values (IAM Policy ARNs) are generated by the
terraform applyand are therefore not known atplantime, which is a requirement. - PR #194 fixed #198, but re-introduced #167, because it simply replaced the implicit "list index as key" with an explicit one in the case of list inputs.
- PR #195 used the values as keys, but this just recreated #191, so it was abandoned
- PR #196 used a little-used provider that tries to let us have it both ways: it gives us #167 if the values are unknown at plan time but works well if the values are known at plan time. Unfortunately, this can render a plan non-deterministic. Even more importantly, it does not give a user whose values are unknown at plan time a way to avoid #167.
This Solution
With the solution provided by this PR, any user can avoid #167 by providing a map whose keys are known at plan time, regardless of whether the values are known at plan time. Policy ARNs could be labeled by name, purpose, region, or whatever the user wants to avoid #167. Or, if the user doesn't care about #167, perhaps because they are only supplying a single Policy ARN, then they can just supply it in a list.
terraform-aws-ecs-alb-service-task
- v0.67.1
Published by cloudpossebot over 1 year ago
🚀 Enhancements
what
- Replaced variables
task_policy_arnsandtask_exec_policy_arnswithtask_policy_arns_mapandtask_exec_policy_arns_maprespectively - Existing variables were moved to
variables-deprecated.tfand values will be internally converted to a map if variables are defined
why
- The for_each change implemented in https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/commit/14008fc2491eb31b03567ea98e319e90340546d6 has the potential to cause the Terraform '"for_each" value depends on resource attributes that cannot be determined until apply' error.
- Modifying this input to use a map can circumvent this error
references
- closes #191
terraform-aws-ecs-alb-service-task
- v0.67.0
Published by cloudpossebot over 1 year ago
what
- Adds a variable to enable/disable triggering a new ECS service deployment on apply.
why
- In aws provider v4.40.0 an option was added to allow triggering a new ECS service deployment on apply.
- This is useful so the service can be updated to the latest service/task configuration without needing to take additional steps are applying the Terraform config.
references
- None
terraform-aws-ecs-alb-service-task
- v0.66.4
Published by cloudpossebot almost 2 years ago
🚀 Enhancements
what
- task role uses for each
why
- fixes: #167
Note:
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
🐛 Bug Fixes
what
- task role uses for each
why
- fixes: #167
Note:
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
terraform-aws-ecs-alb-service-task
- v0.66.3
Published by cloudpossebot almost 2 years ago
🚀 Enhancements
what
- Sets
host_pathas optional in bind_mount_volumes for fargate which it cannot be specified
why
- Fargate Volumes
references
- Closes #174
terraform-aws-ecs-alb-service-task
- v0.66.2
Published by cloudpossebot about 2 years ago
what
- Adding support for a basic bind_mount volume type for tasks
why
- This is a supported feature of ECS. This update adds that support into the terraform module
references
- closes #172
🤖 Automatic Updates
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
terraform-aws-ecs-alb-service-task
- v0.66.1
Published by cloudpossebot about 2 years ago
🚀 Enhancements
what
- set bool type on applicable inputs
- bumped test version to latest in example module
why
-
ecs_service_enabledusedstringinstead ofbooltype
references
- Previous PR https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/169
- Previous PR https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/162
command
# aws_ecs_cluster.default will be created
+ resource "aws_ecs_cluster" "default" {
+ arn = (known after apply)
+ capacity_providers = (known after apply)
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task"
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ default_capacity_provider_strategy {
+ base = (known after apply)
+ capacity_provider = (known after apply)
+ weight = (known after apply)
}
+ setting {
+ name = (known after apply)
+ value = (known after apply)
}
}
# module.ecs_alb_service_task.aws_ecs_task_definition.default[0] will be created
+ resource "aws_ecs_task_definition" "default" {
+ arn = (known after apply)
+ container_definitions = jsonencode(
[
+ {
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
},
]
)
+ cpu = "256"
+ execution_role_arn = (known after apply)
+ family = "eg-test-ecs-alb-service-task"
+ id = (known after apply)
+ memory = "512"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ task_role_arn = (known after apply)
}
# module.ecs_alb_service_task.aws_iam_role.ecs_exec[0] will be created
+ resource "aws_iam_role" "ecs_exec" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-exec"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role.ecs_task[0] will be created
+ resource "aws_iam_role" "ecs_task" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-task"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role_policy.ecs_exec[0] will be created
+ resource "aws_iam_role_policy" "ecs_exec" {
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task-exec"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "ssm:GetParameters",
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:GetAuthorizationToken",
+ "ecr:BatchGetImage",
+ "ecr:BatchCheckLayerAvailability",
]
+ Effect = "Allow"
+ Resource = "*"
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ role = (known after apply)
}
# module.ecs_alb_service_task.aws_security_group.ecs_service[0] will be created
+ resource "aws_security_group" "ecs_service" {
+ arn = (known after apply)
+ description = "Allow ALL egress from ECS service"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "eg-test-ecs-alb-service-task-service"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.ecs_alb_service_task.aws_security_group_rule.allow_all_egress[0] will be created
+ resource "aws_security_group_rule" "allow_all_egress" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "Allow all outbound traffic to any IPv4 address"
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
# module.subnets.data.aws_vpc.default[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_vpc" "default" {
+ arn = (known after apply)
+ cidr_block = (known after apply)
+ cidr_block_associations = (known after apply)
+ default = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = (known after apply)
+ id = (known after apply)
+ instance_tenancy = (known after apply)
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ state = (known after apply)
+ tags = (known after apply)
+ timeouts {
+ read = (known after apply)
}
}
# module.subnets.aws_eip.default[0] will be created
+ resource "aws_eip" "default" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc = true
}
# module.subnets.aws_eip.default[1] will be created
+ resource "aws_eip" "default" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc = true
}
# module.subnets.aws_nat_gateway.default[0] will be created
+ resource "aws_nat_gateway" "default" {
+ allocation_id = (known after apply)
+ connectivity_type = "public"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
# module.subnets.aws_nat_gateway.default[1] will be created
+ resource "aws_nat_gateway" "default" {
+ allocation_id = (known after apply)
+ connectivity_type = "public"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "nat"
+ "Name" = "eg-test-ecs-alb-service-task-nat-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
# module.subnets.aws_network_acl.private[0] will be created
+ resource "aws_network_acl" "private" {
+ arn = (known after apply)
+ egress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_network_acl.public[0] will be created
+ resource "aws_network_acl" "public" {
+ arn = (known after apply)
+ egress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ action = "allow"
+ cidr_block = "0.0.0.0/0"
+ from_port = 0
+ icmp_code = null
+ icmp_type = null
+ ipv6_cidr_block = ""
+ protocol = "-1"
+ rule_no = 100
+ to_port = 0
},
]
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route.default[0] will be created
+ resource "aws_route" "default" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route.default[1] will be created
+ resource "aws_route" "default" {
+ destination_cidr_block = "0.0.0.0/0"
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route.public[0] will be created
+ resource "aws_route" "public" {
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "2m"
+ delete = "5m"
}
}
# module.subnets.aws_route_table.private[0] will be created
+ resource "aws_route_table" "private" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table.private[1] will be created
+ resource "aws_route_table" "private" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table.public[0] will be created
+ resource "aws_route_table" "public" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_route_table_association.private[0] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.private[1] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnets.aws_subnet.private[0] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.0.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.private[1] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.32.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ tags_all = {
+ "Attributes" = "private"
+ "Name" = "eg-test-ecs-alb-service-task-private-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "private"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.public[0] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.96.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2a"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.subnets.aws_subnet.public[1] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.16.128.0/19"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ tags_all = {
+ "Attributes" = "public"
+ "Name" = "eg-test-ecs-alb-service-task-public-use2b"
+ "Namespace" = "eg"
+ "Stage" = "test"
+ "cpco.io/subnet/type" = "public"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default[0] will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "Default Security Group"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "Default Security Group"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.default[0] will be created
+ resource "aws_internet_gateway" "default" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_vpc.default[0] will be created
+ resource "aws_vpc" "default" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = true
+ cidr_block = "172.16.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = false
+ enable_classiclink_dns_support = false
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
}
Plan: 30 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ container_definition_json = jsonencode(
[
+ {
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
},
]
)
+ container_definition_json_map = jsonencode(
{
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
}
)
+ ecs_cluster_arn = (known after apply)
+ ecs_cluster_id = (known after apply)
+ ecs_exec_role_policy_id = (known after apply)
+ ecs_exec_role_policy_name = "eg-test-ecs-alb-service-task-exec"
+ private_subnet_cidrs = [
+ "172.16.0.0/19",
+ "172.16.32.0/19",
]
+ public_subnet_cidrs = [
+ "172.16.96.0/19",
+ "172.16.128.0/19",
]
+ service_security_group_id = (known after apply)
+ task_definition_family = "eg-test-ecs-alb-service-task"
+ task_definition_revision = (known after apply)
+ task_exec_role_arn = (known after apply)
+ task_exec_role_name = "eg-test-ecs-alb-service-task-exec"
+ task_role_arn = (known after apply)
+ task_role_id = (known after apply)
+ task_role_name = "eg-test-ecs-alb-service-task-task"
+ vpc_cidr = "172.16.0.0/16"
╷
│ Warning: Argument is deprecated
│
│ with module.subnets.aws_route.nat_instance,
│ on .terraform/modules/subnets/nat-instance.tf line 130, in resource "aws_route" "nat_instance":
│ 130: instance_id = element(aws_instance.nat_instance.*.id, count.index)
│
│ Use network_interface_id instead
terraform-aws-ecs-alb-service-task
- v0.66.0
Published by cloudpossebot about 2 years ago
what
- Add ecs_service_enabled
why
- Create all the underlying resources but skip the ecs service. This is useful when creating a run-once task such as for db migrations.
references
N/A
terraform-aws-ecs-alb-service-task
- v0.65.0
Published by cloudpossebot about 2 years ago
what
- The
deployment_circuit_breakeroption is now a dynamic block with a conditional for thedeployment_controller_typevalue
why
- This PR fixes an issue when using
CODE_DEPLOYdeployment_circuit_breakeroption. - Previously, the
deployment_circuit_breakerwas always included as part of the module. However, the AWS DeploymentCircuitBreaker documentation states":
The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type that aren't behind a Classic Load Balancer.
Consequently, when using CODE_DEPLOY for deployment_circuit_breaker with this module, the state is consistently out of sync with the remote, which attempts to sync with the remote on every update.
references
- AWS DeploymentCircuitBreaker documentation: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeploymentCircuitBreaker.html
terraform-aws-ecs-alb-service-task
- v0.64.1
Published by cloudpossebot over 2 years ago
what
- Currently we can only add
Docker/EFSvolumes to the ECS task definition. With this PR added support to addFSx Windows file servervolumes to the ECS task definitions.
why
- We need to deploy ECS task which runs on Windows EC2 instances and be able to access FSx volumes and with this PR it's possible to configure that now.
references
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
terraform-aws-ecs-alb-service-task
- v0.64.0
Published by cloudpossebot over 2 years ago
what
- Enable / Disable tangs on roles
why
- in some restricted environments tags on roles are not allowed when using compliance rules like https://tugboatlogic.com/ TugBoat or others.
references
terraform-aws-ecs-alb-service-task
- v0.63.1
Published by cloudpossebot over 2 years ago
🚀 Enhancements
what
- Update child attribute volume_configuration to
efs_volume_configurationanddocker_volume_configuration
why
- In
main.tfwhen iterating over the volumes it is looking forefs_volume_configurationanddocker_volume_configurationinstead of justvolume_configuration.
** Without this change, configuration is always omitted.