cn-terraform / terraform-aws-ecs-fargate Goto Github PK
View Code? Open in Web Editor NEWAWS ECS Fargate Terraform Module
Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-fargate
License: Apache License 2.0
AWS ECS Fargate Terraform Module
Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-fargate
License: Apache License 2.0
When attempting to use firelens with this module, I get the following error: ClientException: When awsfirelens log driver is specified in log configuration, a firelens configuration object must be configured in one of the containers.
How can we go around this?
It seems that firelens should be defined in the same container definition as the other container created with this module. However, I don't see any input options that enable this. Could you please help? It'd be much appreciated!
Last one.
I'm actually trying to create a scheduled task that runs my container from a cron expression. Do you have any hints or ideas how I can provision something like this?
I'm pretty new to terraform so any hint our example you can point me to would be highly appreciated.
When trying to modify the type of LB from internet-facing to internal, step creating a new LB new lb fails
Error: Error creating application Load Balancer: DuplicateLoadBalancerName: A load balancer with the same name "xxxxx-lb' exists, but with different settings
status code: 400
So we had to remove it manually via console
Looks like it tries to create an LB too fast before destruction is complete
Why do you provide an AWS provider config in all your modules? This makes it hard to implement, since usually there is already a provider config provided.
Please check https://www.terraform.io/docs/modules/index.html#when-to-write-a-module
Hey guys,
While using this template with nothing special, I am getting this error below (running plan). I believe there is an issue with how the modules are built.
Error: Invalid count argument
on .terraform/modules/nexus.ecs_fargate.ecs-alb/terraform-aws-ecs-alb-1.0.1/main.tf line 172, in resource "aws_lb_listener" "lb_https_listeners":
172: count = var.enable_https ? length(aws_lb_target_group.lb_https_tgs) : 0
The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.
Error: Invalid count argument
on .terraform/modules/nexus.ecs_fargate.ecs-fargate-service/terraform-aws-ecs-fargate-service-2.0.4/main.tf line 123, in resource "aws_security_group_rule" "ingress_through_https":
123: count = length(data.aws_lb_target_group.lb_https_target_groups)
The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.
Please let me know if you have a way around this.
Thanks.
Hi, I'm trying to use your module (see #2 ) and the example in the README is using the values created by the networking module wrong.
It shows the following snippet
…
public_subnets_ids = [ "${module.networking.public_subnets_ids}" ]
private_subnets_ids = [ "${module.networking.private_subnets_ids}" ]
…
Which did not work for me and gave me the error:
Error: Incorrect attribute value type
on .terraform/modules/ecs-fargate/jnonino-terraform-aws-ecs-fargate-4abc83f/load_balancing.tf line 8, in resource "aws_lb" "lb":
8: subnets = var.public_subnets_ids
Inappropriate value for attribute "subnets": incorrect set element type:
string required.
After assigning them to an output I realized that it is a list in a list.
Outputs:
subnets = [
[
"subnet-0e357963e91738337",
],
]
So I'm using this config now which is working.
module "networking" {
source = "jnonino/networking/aws"
version = "2.0.1"
# insert the 7 required variables here
availability_zones = var.availability_zones
name_preffix = "${var.name_preffix}"
private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19","192.168.160.0/19"]
public_subnets_cidrs_per_availability_zone = ["192.168.0.0/19", "192.168.32.0/19"]
profile = "${var.profile}"
region = "${var.region}"
vpc_cidr_block = "192.168.0.0/16"
}
module "ecs-fargate" {
source = "jnonino/ecs-fargate/aws"
version = "2.0.1"
# insert the 10 required variables here
name_preffix = "${var.name_preffix}"
profile = "${var.profile}"
region = "${var.region}"
vpc_id = "${module.networking.vpc_id}"
availability_zones = ["${var.availability_zones}"]
public_subnets_ids = module.networking.public_subnets_ids[0]
private_subnets_ids = module.networking.private_subnets_ids[0]
container_name = "${var.name_preffix}-task-test"
container_image = "${var.image}"
container_cpu = 256
container_memory = 512
container_memory_reservation = 512
essential = true
container_port = 3000
environment = [
{
name = "FOO"
value = "${var.foo}"
}, {
]
}
provider "aws" {
profile = "${var.profile}"
region = "${var.region}"
}
I am trying to use your "jnonino/ecs-fargate/aws" module with all default settings but as I try terraform plan, I get the following error:
============
Error: error validating provider credentials: error calling sts:GetCallerIdentity: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
on .terraform/modules/networking/jnonino-terraform-aws-networking-5cb82ad/main.tf line 4, in provider "aws":
4: provider "aws" {
=============
Can you help.
Defauting to https when not using https
I assume it is looking for 443 specifically, based on error text
we didn't set neither lb_http_ports or lb_enable_http
We set port 8888 in container and elb listener .
[ { "containerPort": 8888 , "hostPort": 8888 , "protocol": "http" } ]
Module version 2.0.17
What combination of parameters do we need to use in order to use just HTTP?
Which combination is mandatory for HTTPS?
When trying this config we see errors :
Error: error creating ELBv2 Listener: ValidationError: A certificate must be specified for HTTPS listeners
status code: 400
on .terraform/modules/ecs-fargate.ecs-alb/terraform-aws-ecs-alb-1.0.2/main.tf line 171, in resource "aws_lb_listener" "lb_https_listeners":
171: resource "aws_lb_listener" "lb_https_listeners" {
Error: InvalidParameterException: The container prod-ecs-jmapper-container did not have a container port 443 defined. "prod-ecs-jmapper-service"
on .terraform/modules/ecs-fargate.ecs-fargate-service/terraform-aws-ecs-fargate-service-2.0.4/main.tf line 32, in resource "aws_ecs_service" "service":
32: resource "aws_ecs_service" "service" {
I'm trying to apply this to my AWS account, and getting an error. If someone has the same or similar issues and have already identified workarounds, I would like to know the detail.
$ aws-vault exec hisashi --no-session -- terraform apply
module.test.module.ecs-fargate-service.module.ecs-alb[0].data.aws_elb_service_account.default: Reading...
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Reading...
module.test.module.ecs-fargate-service.module.ecs-alb[0].data.aws_elb_service_account.default: Read complete after 0s [id=033677994240]
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Still reading... [10s elapsed]
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Still reading... [20s elapsed]
╷
│ Error: getting Caller Identity: RequestError: send request failed
│ caused by: Post "http://localstack:4566/": dial tcp: lookup localstack on 8.8.8.8:53: no such host
│
│ with module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current,
│ on .terraform/modules/test.ecs-fargate-service.ecs-alb.lb_logs_s3/main.tf line 47, in data "aws_caller_identity" "current":
│ 47: data "aws_caller_identity" "current" {}
│
$ terraform --version
Terraform v1.3.9
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v4.24.0
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/random v3.3.2
version = "2.0.9"
profile = "xxxxxxx"
region = "us-east-1"
When trying to comment out the section with the module, the following error is shown.
Provider configuration not present
To work with
module.ecs-fargate.module.ecs-fargate-service.aws_cloudwatch_metric_alarm.cpu_high
its original provider configuration at
module.ecs-fargate.module.ecs-fargate-service.provider.aws is required, but it
has been removed. This occurs when a provider configuration is removed while
objects created by that provider still exist in the state. Re-add the provider
configuration to destroy
module.ecs-fargate.module.ecs-fargate-service.aws_cloudwatch_metric_alarm.cpu_high,
after which you can remove the provider configuration again.
Would it be possible to add start_timeout support? Is there a reason for not having it as an input?
Thanks
Hi! Would it be possible to add containers
variable to the list of inputs for this module?
variable "containers" {
type = list(any)
description = "Container definitions to use for the task. If this is used, all other container options will be ignored."
default = []
}
I would like to be able pass in multiple container to the task definitions module.
Hi. I'm trying to use your module and I'm running into some issues. For example this one:
Error: ClientException: Tasks using the Fargate launch type do not support ipcMode.
status code: 400, request id: a68e7b4c-09f8-48a7-a6d3-80b1102b8c9c
on .terraform/modules/ecs-fargate/jnonino-terraform-aws-ecs-fargate-4abc83f/server.tf line 36, in resource "aws_ecs_task_definition" "td":
36: resource "aws_ecs_task_definition" "td" {
When I comment this line out I can start a container. https://github.com/jnonino/terraform-aws-ecs-fargate/blob/a82f375c4ba24b2a78441961701ee608c0f117d2/server.tf#L42
Hello,
I tried your module with the official "nginx:alpine" docker image.
I configured a new certificate and the route53 record but I am still unable to make it work properly:
If I keep the default configuration, I can't "tf apply" my config because it says my container has no 443 port openned.
So I adapted the module configuration as below:
module "test-fargate" {
source = "cn-terraform/ecs-fargate/aws"
version = "2.0.46"
name_prefix = "test"
vpc_id = module.test-network.vpc_id
container_image = "nginx:alpine"
container_name = "test"
public_subnets_ids = module.test-network.public_subnets_ids
private_subnets_ids = module.test-network.private_subnets_ids
default_certificate_arn = module.acm.acm_certificate_arn
port_mappings = [
{
containerPort = 80
hostPort = 80
protocol = "tcp"
}
]
lb_https_ports = {
default_http = {
listener_port = 443
target_group_port = 80
}
}
lb_target_group_health_check_matcher = "200-305"
lb_target_group_health_check_path = "/"
}
Now, I can terraform apply, but it doesn't work using HTTPS, I get this response from awselb/2.0:
503 Service Temporarily Unavailable.
It works using HTTP (80), but my goal is to auto-redirect 80 to 443 and make it works using HTTPS.
Do you have any suggestion ? Should I open the 443 port on my container ?
Regards,
Hi ,
I have two env vars that I pass to task definition.
So, every time I plan or apply it mentiones force replacement and highlights that it gonna recreate the variables (in plan show different order) . There are no changes in vars
I tried to declare values with = , : and etc to test if this matters - no difference
Also, in plan output some of values to be set to null or to be changed
I've been checking issues of others on the web and there seem to be some similar cases due to :
Have you seen such behavior?
# module.ecs-fargate.module.ecs-fargate-task-definition.aws_ecs_task_definition.td must be replaced
-/+ resource "aws_ecs_task_definition" "td" {
~ arn = "arn:aws:ecs:xx-xxx-1:xxxxxxxxxxxxx:task-definition/qa2-td:68" -> (known after apply)
~ container_definitions = jsonencode(
~ [ # forces replacement
~ {
+ command = null
cpu = xxxx
+ dependsOn = null
+ dnsServers = null
+ dockerLabels = null
+ entryPoint = null
~ environment = [
- {
- name = "CXX_XXX"
- value = "[[XX:xxxx-X/xxxx]]xxxxx/xxxxx.png"
},
{
name = "CYY_YYY"
value = "[[YY:YYYY-Y/YYY-YYYY]]YYYYY/xxxxx.txt""
},
+ {
+ name = "CYY_XXX"
+ value = "[[XX:xxxx-x/xxxx]]xxxxx/xxxxx.png"
},
]
~ protocol = "tcp" -> "HTTP"
~ mountPoints = [] -> null
+ firelensConfiguration = null
+ healthCheck = null
+ links = null
~ volumesFrom = [] -> null
- tags = {} -> null
Fargate module version : "2.0.17"
ECS service sub module verion in maintif version = "2.0.4"
Issues :
Autoscaling role changing on every apply
I found very similar thing in cn-terraform/terraform-aws-ecs-fargate-service#14
The Scaleup policy is ok. Scaledown policy always in alarm. In top, it " Fails to execute on policy.....arn" the scale down action
So ECS cluster grows, but can't shrink
I am getting following errors upon following instructions and module as is with out any structural changes (just filled in values required)
Error: Missing required argument
on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {
The argument "ecs_cluster_name" is required, but no definition was found.
Error: Missing required argument
on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {
The argument "subnets" is required, but no definition was found.
Error: Missing required argument
on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {
The argument "task_definition_arn" is required, but no definition was found.
Error: Missing required argument
on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {
The argument "ecs_cluster_arn" is required, but no definition was found.
Hi team,
I can't figure out how to resolve this error when I enable the logs on S3 :
Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue
I would be wonderful if you could also add the AWS Permissions required to execute the module.
module "ecs-fargate" {
source = "cn-terraform/ecs-fargate/aws"
version = "2.0.41"
name_prefix = "test"
vpc_id = module.vpc.vpc_id
container_image = "${docker_registry_image.test-tf-ecr-dk-samplenodejs.name}"
container_name = "test"
public_subnets_ids = module.vpc.public_subnets_ids
private_subnets_ids = module.vpc.private_subnets_ids
enable_s3_logs = true
lb_https_ports = {}
lb_http_ports = {
"default_http": {
"listener_port": 80,
"target_group_port": 80,
"type": "forward"
}
}
}
terraform apply error :
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].random_string.random: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].random_string.random: Creation complete after 0s [id=wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket.logs: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket.logs: Creation complete after 3s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_server_side_encryption_configuration.logs[0]: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].data.aws_iam_policy_document.logs_access_policy_document: Reading...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_acl.logs: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].data.aws_iam_policy_document.logs_access_policy_document: Read complete after 0s [id=1766990919]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb: Modifying... [id=arn:aws:elasticloadbalancing:us-east-1:265192744256:loadbalancer/app/test-lb/ffd7fd026d909527]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_policy.logs_access_policy: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_server_side_encryption_configuration.logs[0]: Creation complete after 0s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_acl.logs: Creation complete after 0s [id=test-lb-logs-wopuocg,log-delivery-write]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_policy.logs_access_policy: Creation complete after 0s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_public_access_block.logs_block_public_access[0]: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_public_access_block.logs_block_public_access[0]: Creation complete after 1s [id=test-lb-logs-wopuocg]
╷
│ Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue
│ status code: 400, request id: d29a65d3-9a07-430a-b61e-599d1a165793
│
│ with module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb,
│ on .terraform/modules/ecs-fargate.ecs-fargate-service.ecs-alb/main.tf line 26, in resource "aws_lb" "lb":
│ 26: resource "aws_lb" "lb" {
│
Regards
Ed
Objective: In some use cases users may not want any resources to be created ( essentially - skip the module ). This feature could be controlled by setting the enable = false
flag.
Hi, maybe someone can help me with this, i am tyring to use this module but i need to deploy 2 services in the same cluster, I am using this tf file, do you know if is possible with this module?
thanks, sorry for the noob question
`module "base-network" {
source = "cn-terraform/networking/aws"
name_prefix = "test-networking"
vpc_cidr_block = "192.168.0.0/16"
availability_zones = ["us-east-1a", "us-east-1b"]
public_subnets_cidrs_per_availability_zone = ["192.168.0.0/19", "192.168.32.0/19"]
private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19", "192.168.160.0/19"]
}
module "test" {
source = "../../"
name_prefix = "test"
vpc_id = module.base-network.vpc_id
container_image = "nginx"
container_name = "test"
container_cpu = 256
container_memory = 512
container_memory_reservation = 512
enable_s3_logs = "false"
lb_target_group_health_check_path = "/"
port_mappings = [
{
"containerPort": 443,
"hostPort": 443,
"protocol": "tcp"
},
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
public_subnets_ids = module.base-network.public_subnets_ids
private_subnets_ids = module.base-network.private_subnets_ids
default_certificate_arn = "arn:aws:acm:us-east-1***************************"
}
`
I attempted integration of your module/project with our existing infrastructure. I was able to get a complete terraform plan/apply but it seems the configuration is incomplete. I'm including a link to gist of my ECS task-description: https://gist.github.com/Jaff/65ef1e87d0552a17880cbe25991c2ca7
Error: Invalid function argument
on .terraform/modules/sonar.ecs_fargate.td.container_definition/main.tf line 17, in locals:
17: mount_points = length(var.mount_points) > 0 ? [
|----------------
| var.mount_points is null
Hi,
I notice that in new version of a module 2.0.17, you don't have availability_zones
Does module derive availability zones from the private subnet?
And how lb_enable_cross_zone_load_balancing corresponds with this?
Trying to migrate from 2.0.9 version to 2.0.17
BRs,
Vlad
Opening an issue in case the author missed terraform 0.13 release :)
There is a bug after creation of a cluster -> alarm is always triggered (low cpu)
As alarms are used extensively for autoscaling inside fargate, this looks important.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/pipeline.yml
actions/checkout v4
actions/checkout v4
main.tf
cn-terraform/ecs-cluster/aws 1.0.11
cn-terraform/ecs-fargate-service/aws 2.0.42
cn-terraform/ecs-fargate-task-definition/aws 1.0.36
versions.tf
aws >= 4
hashicorp/terraform >= 0.13
Hi,
I've been using the module and everything bootstraps like a charm out of the box.
Though, I have difficulties settings some of the related submodule settings.
Do you have any examples of changing lb_target_group "deregistration delay" or LB timeout values from inside your top module implementation?
And in general, how do you advise to alter the related module features which are not available as input?
Thanks and Regards,
Vlad
Customer is asking when Terraform module will support Fargate tasks based on Windows.
Hi,
I'm really appreciate the way the terraform code is written for ecs fargate,,,
here i have some confusion to use for my requirement as below
I need help in terraform code to create task scheduler in ecs type fargate with schedule expression as my task runs once in 24 hrs.
i have my existing iam role and policies with me and i want to use those role and custom and standard policy as task role and ecs task execution role and deploy the schedule task in ecs.
could you please help to this code
Many thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.