cn-terraform / terraform-aws-ecs-fargate Goto Github PK

View Code? Open in Web Editor NEW

84.0 6.0 57.0 183 KB

AWS ECS Fargate Terraform Module

Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-fargate

License: Apache License 2.0

HCL 100.00%

terraform terraform-module aws amazon-web-services ecs-service ecs-fargate fargate

terraform-aws-ecs-fargate's People

Contributors

Stargazers

Watchers

terraform-aws-ecs-fargate's Issues

Unable to use this module with firelens

When attempting to use firelens with this module, I get the following error: ClientException: When awsfirelens log driver is specified in log configuration, a firelens configuration object must be configured in one of the containers. How can we go around this?

It seems that firelens should be defined in the same container definition as the other container created with this module. However, I don't see any input options that enable this. Could you please help? It'd be much appreciated!

Feature Request: Scheduled Tasks

Last one.

I'm actually trying to create a scheduled task that runs my container from a cron expression. Do you have any hints or ideas how I can provision something like this?

I'm pretty new to terraform so any hint our example you can point me to would be highly appreciated.

Changing type of LB from internet-facing to internal results in DuplicateLoadBalancerNam error

When trying to modify the type of LB from internet-facing to internal, step creating a new LB new lb fails

Error: Error creating application Load Balancer: DuplicateLoadBalancerName: A load balancer with the same name "xxxxx-lb' exists, but with different settings
status code: 400

So we had to remove it manually via console

Looks like it tries to create an LB too fast before destruction is complete

Provider config required?

Why do you provide an AWS provider config in all your modules? This makes it hard to implement, since usually there is already a provider config provided.

Please check https://www.terraform.io/docs/modules/index.html#when-to-write-a-module

Count issue when first creating an ecs cluster

Hey guys,
While using this template with nothing special, I am getting this error below (running plan). I believe there is an issue with how the modules are built.

Error: Invalid count argument

  on .terraform/modules/nexus.ecs_fargate.ecs-alb/terraform-aws-ecs-alb-1.0.1/main.tf line 172, in resource "aws_lb_listener" "lb_https_listeners":
 172:   count             = var.enable_https ? length(aws_lb_target_group.lb_https_tgs) : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.


Error: Invalid count argument

  on .terraform/modules/nexus.ecs_fargate.ecs-fargate-service/terraform-aws-ecs-fargate-service-2.0.4/main.tf line 123, in resource "aws_security_group_rule" "ingress_through_https":
 123:   count                    = length(data.aws_lb_target_group.lb_https_target_groups)

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

Please let me know if you have a way around this.
Thanks.

Reference to networking module in README.md is not working as expected

Hi, I'm trying to use your module (see #2 ) and the example in the README is using the values created by the networking module wrong.

It shows the following snippet

…
public_subnets_ids  = [ "${module.networking.public_subnets_ids}" ]
private_subnets_ids = [ "${module.networking.private_subnets_ids}" ]
…

Which did not work for me and gave me the error:

Error: Incorrect attribute value type
  on .terraform/modules/ecs-fargate/jnonino-terraform-aws-ecs-fargate-4abc83f/load_balancing.tf line 8, in resource "aws_lb" "lb":
   8:   subnets                          = var.public_subnets_ids

Inappropriate value for attribute "subnets": incorrect set element type:
string required.

After assigning them to an output I realized that it is a list in a list.

Outputs:

subnets = [
  [
    "subnet-0e357963e91738337",
  ],
]

So I'm using this config now which is working.

module "networking" {
  source  = "jnonino/networking/aws"
  version = "2.0.1"
  # insert the 7 required variables here
  availability_zones                          = var.availability_zones
  name_preffix                                = "${var.name_preffix}"
  private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19","192.168.160.0/19"]
  public_subnets_cidrs_per_availability_zone  = ["192.168.0.0/19", "192.168.32.0/19"]
  profile                                     = "${var.profile}"
  region                                      = "${var.region}"
  vpc_cidr_block                              = "192.168.0.0/16"

}



module "ecs-fargate" {
  source  = "jnonino/ecs-fargate/aws"
  version = "2.0.1"
  # insert the 10 required variables here
  name_preffix                 = "${var.name_preffix}"
  profile                      = "${var.profile}"
  region                       = "${var.region}"
  vpc_id                       = "${module.networking.vpc_id}"
  availability_zones           = ["${var.availability_zones}"]
  public_subnets_ids           = module.networking.public_subnets_ids[0]
  private_subnets_ids          = module.networking.private_subnets_ids[0]
  container_name               = "${var.name_preffix}-task-test"
  container_image              = "${var.image}"
  container_cpu                = 256
  container_memory             = 512
  container_memory_reservation = 512
  essential                    = true
  container_port               = 3000

  environment = [
    {
      name  = "FOO"
      value = "${var.foo}"
      }, {
      
  ]
}


provider "aws" {
  profile = "${var.profile}"
  region  = "${var.region}"
}

NoCredentialProviders: no valid providers in chain. Deprecated.

I am trying to use your "jnonino/ecs-fargate/aws" module with all default settings but as I try terraform plan, I get the following error:

============

Error: error validating provider credentials: error calling sts:GetCallerIdentity: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

on .terraform/modules/networking/jnonino-terraform-aws-networking-5cb82ad/main.tf line 4, in provider "aws":
4: provider "aws" {

=============
Can you help.

Defauting to https when not using https

Defauting to https when not using https
I assume it is looking for 443 specifically, based on error text
we didn't set neither lb_http_ports or lb_enable_http
We set port 8888 in container and elb listener .
[ { "containerPort": 8888 , "hostPort": 8888 , "protocol": "http" } ]
Module version 2.0.17

What combination of parameters do we need to use in order to use just HTTP?
Which combination is mandatory for HTTPS?

When trying this config we see errors : 
Error: error creating ELBv2 Listener: ValidationError: A certificate must be specified for HTTPS listeners
    status code: 400

  on .terraform/modules/ecs-fargate.ecs-alb/terraform-aws-ecs-alb-1.0.2/main.tf line 171, in resource "aws_lb_listener" "lb_https_listeners":
 171: resource "aws_lb_listener" "lb_https_listeners" {

Error: InvalidParameterException: The container prod-ecs-jmapper-container did not have a container port 443 defined. "prod-ecs-jmapper-service"

  on .terraform/modules/ecs-fargate.ecs-fargate-service/terraform-aws-ecs-fargate-service-2.0.4/main.tf line 32, in resource "aws_ecs_service" "service":
  32: resource "aws_ecs_service" "service" {

Error: getting Caller Identity: RequestError: send request failed

I'm trying to apply this to my AWS account, and getting an error. If someone has the same or similar issues and have already identified workarounds, I would like to know the detail.

$ aws-vault exec hisashi --no-session -- terraform apply
module.test.module.ecs-fargate-service.module.ecs-alb[0].data.aws_elb_service_account.default: Reading...
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Reading...
module.test.module.ecs-fargate-service.module.ecs-alb[0].data.aws_elb_service_account.default: Read complete after 0s [id=033677994240]
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Still reading... [10s elapsed]
module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current: Still reading... [20s elapsed]
╷
│ Error: getting Caller Identity: RequestError: send request failed
│ caused by: Post "http://localstack:4566/": dial tcp: lookup localstack on 8.8.8.8:53: no such host
│
│   with module.test.module.ecs-fargate-service.module.ecs-alb[0].module.lb_logs_s3[0].data.aws_caller_identity.current,
│   on .terraform/modules/test.ecs-fargate-service.ecs-alb.lb_logs_s3/main.tf line 47, in data "aws_caller_identity" "current":
│   47: data "aws_caller_identity" "current" {}
│

$ terraform --version
Terraform v1.3.9
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v4.24.0
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/random v3.3.2

Version 2.0.9 :

version = "2.0.9"

profile = "xxxxxxx"
region = "us-east-1"

When trying to comment out the section with the module, the following error is shown.

Provider configuration not present

To work with
module.ecs-fargate.module.ecs-fargate-service.aws_cloudwatch_metric_alarm.cpu_high
its original provider configuration at
module.ecs-fargate.module.ecs-fargate-service.provider.aws is required, but it
has been removed. This occurs when a provider configuration is removed while
objects created by that provider still exist in the state. Re-add the provider
configuration to destroy
module.ecs-fargate.module.ecs-fargate-service.aws_cloudwatch_metric_alarm.cpu_high,
after which you can remove the provider configuration again.

Add start_timeout support

Would it be possible to add start_timeout support? Is there a reason for not having it as an input?
Thanks

add containers variable to the input list

Hi! Would it be possible to add containers variable to the list of inputs for this module?

variable "containers" {
  type        = list(any)
  description = "Container definitions to use for the task. If this is used, all other container options will be ignored."
  default     = []
}

I would like to be able pass in multiple container to the task definitions module.

Tasks using the Fargate launch type do not support ipcMode.

Hi. I'm trying to use your module and I'm running into some issues. For example this one:

Error: ClientException: Tasks using the Fargate launch type do not support ipcMode.
	status code: 400, request id: a68e7b4c-09f8-48a7-a6d3-80b1102b8c9c

  on .terraform/modules/ecs-fargate/jnonino-terraform-aws-ecs-fargate-4abc83f/server.tf line 36, in resource "aws_ecs_task_definition" "td":
  36: resource "aws_ecs_task_definition" "td" {

When I comment this line out I can start a container. https://github.com/jnonino/terraform-aws-ecs-fargate/blob/a82f375c4ba24b2a78441961701ee608c0f117d2/server.tf#L42

Unable to make it works using HTTPS with a container port configured on 80

Hello,

I tried your module with the official "nginx:alpine" docker image.
I configured a new certificate and the route53 record but I am still unable to make it work properly:

If I keep the default configuration, I can't "tf apply" my config because it says my container has no 443 port openned.
So I adapted the module configuration as below:

module "test-fargate" {
  source  = "cn-terraform/ecs-fargate/aws"
  version = "2.0.46"
  name_prefix         = "test"
  vpc_id              = module.test-network.vpc_id
  container_image     = "nginx:alpine"
  container_name      = "test"
  public_subnets_ids  = module.test-network.public_subnets_ids
  private_subnets_ids = module.test-network.private_subnets_ids
  default_certificate_arn = module.acm.acm_certificate_arn
  port_mappings       = [
    {
      containerPort = 80
      hostPort = 80
      protocol      = "tcp"
    }
  ]
  lb_https_ports      =  {
    default_http = {
      listener_port     = 443
      target_group_port = 80
    }
  }
  lb_target_group_health_check_matcher = "200-305"
  lb_target_group_health_check_path = "/"
}

Now, I can terraform apply, but it doesn't work using HTTPS, I get this response from awselb/2.0:
503 Service Temporarily Unavailable.

It works using HTTP (80), but my goal is to auto-redirect 80 to 443 and make it works using HTTPS.

Do you have any suggestion ? Should I open the 443 port on my container ?

Regards,

Env variables trigger task definition to recreate on every apply

Hi ,

I have two env vars that I pass to task definition.
So, every time I plan or apply it mentiones force replacement and highlights that it gonna recreate the variables (in plan show different order) . There are no changes in vars
I tried to declare values with = , : and etc to test if this matters - no difference

hashicorp/terraform#23780

Also, in plan output some of values to be set to null or to be changed

I've been checking issues of others on the web and there seem to be some similar cases due to :

empty spaces around vars
vars order / formatting

Have you seen such behavior?

  # module.ecs-fargate.module.ecs-fargate-task-definition.aws_ecs_task_definition.td must be replaced
-/+ resource "aws_ecs_task_definition" "td" {
      ~ arn                      = "arn:aws:ecs:xx-xxx-1:xxxxxxxxxxxxx:task-definition/qa2-td:68" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [ # forces replacement
              ~ {
                  + command                = null
                    cpu                    = xxxx
                  + dependsOn              = null
                  + dnsServers             = null
                  + dockerLabels           = null
                  + entryPoint             = null
                  ~ environment            = [
                      - {
                          - name  = "CXX_XXX"
                          - value = "[[XX:xxxx-X/xxxx]]xxxxx/xxxxx.png"
                        },
                        {
                            name  = "CYY_YYY"
                            value = "[[YY:YYYY-Y/YYY-YYYY]]YYYYY/xxxxx.txt""
                        },
                      + {
                          + name  = "CYY_XXX"
                          + value = "[[XX:xxxx-x/xxxx]]xxxxx/xxxxx.png"
                        },
                    ]

            ~ protocol      = "tcp" -> "HTTP"
             ~ mountPoints            = [] -> null
                  + firelensConfiguration  = null
                  + healthCheck            = null
                  + links                  = null
               ~ volumesFrom            = [] -> null
                     - tags                     = {} -> null

Autoscaling role changing on every apply

Fargate module version : "2.0.17"
ECS service sub module verion in maintif version = "2.0.4"

Issues :

Autoscaling role changing on every apply
I found very similar thing in cn-terraform/terraform-aws-ecs-fargate-service#14
The Scaleup policy is ok. Scaledown policy always in alarm. In top, it " Fails to execute on policy.....arn" the scale down action

So ECS cluster grows, but can't shrink

Broken reference of variables

I am getting following errors upon following instructions and module as is with out any structural changes (just filled in values required)
Error: Missing required argument

on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {

The argument "ecs_cluster_name" is required, but no definition was found.

Error: Missing required argument

on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {

The argument "subnets" is required, but no definition was found.

Error: Missing required argument

on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {

The argument "task_definition_arn" is required, but no definition was found.

Error: Missing required argument

on main.tf line 14, in module "ecs-fargate":
14: module "ecs-fargate" {

The argument "ecs_cluster_arn" is required, but no definition was found.

failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue

Hi team,

I can't figure out how to resolve this error when I enable the logs on S3 :
Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue

I would be wonderful if you could also add the AWS Permissions required to execute the module.

module "ecs-fargate" {
    source  = "cn-terraform/ecs-fargate/aws"
    
    version = "2.0.41"
    name_prefix        = "test"
    
    vpc_id              = module.vpc.vpc_id
    container_image     = "${docker_registry_image.test-tf-ecr-dk-samplenodejs.name}"
    container_name = "test"
    public_subnets_ids  = module.vpc.public_subnets_ids
    private_subnets_ids = module.vpc.private_subnets_ids
    enable_s3_logs = true
    lb_https_ports = {}
    lb_http_ports = {
        "default_http": {
            "listener_port": 80,
            "target_group_port": 80,
            "type": "forward"
        }
    }
}

terraform apply error :

module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].random_string.random: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].random_string.random: Creation complete after 0s [id=wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket.logs: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket.logs: Creation complete after 3s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_server_side_encryption_configuration.logs[0]: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].data.aws_iam_policy_document.logs_access_policy_document: Reading...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_acl.logs: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].data.aws_iam_policy_document.logs_access_policy_document: Read complete after 0s [id=1766990919]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb: Modifying... [id=arn:aws:elasticloadbalancing:us-east-1:265192744256:loadbalancer/app/test-lb/ffd7fd026d909527]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_policy.logs_access_policy: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_server_side_encryption_configuration.logs[0]: Creation complete after 0s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_acl.logs: Creation complete after 0s [id=test-lb-logs-wopuocg,log-delivery-write]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_policy.logs_access_policy: Creation complete after 0s [id=test-lb-logs-wopuocg]
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_public_access_block.logs_block_public_access[0]: Creating...
module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.module.lb_logs_s3[0].aws_s3_bucket_public_access_block.logs_block_public_access[0]: Creation complete after 1s [id=test-lb-logs-wopuocg]
╷
│ Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue
│       status code: 400, request id: d29a65d3-9a07-430a-b61e-599d1a165793
│ 
│   with module.ecs-fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb,
│   on .terraform/modules/ecs-fargate.ecs-fargate-service.ecs-alb/main.tf line 26, in resource "aws_lb" "lb":
│   26: resource "aws_lb" "lb" {
│

Regards
Ed

Feature request: Add "enable" flag

Objective: In some use cases users may not want any resources to be created ( essentially - skip the module ). This feature could be controlled by setting the enable = false flag.

Question, Multiple services in one cluster

Hi, maybe someone can help me with this, i am tyring to use this module but i need to deploy 2 services in the same cluster, I am using this tf file, do you know if is possible with this module?
thanks, sorry for the noob question

`module "base-network" {
source = "cn-terraform/networking/aws"
name_prefix = "test-networking"
vpc_cidr_block = "192.168.0.0/16"
availability_zones = ["us-east-1a", "us-east-1b"]
public_subnets_cidrs_per_availability_zone = ["192.168.0.0/19", "192.168.32.0/19"]
private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19", "192.168.160.0/19"]
}

module "test" {
source = "../../"
name_prefix = "test"
vpc_id = module.base-network.vpc_id
container_image = "nginx"
container_name = "test"
container_cpu = 256
container_memory = 512
container_memory_reservation = 512
enable_s3_logs = "false"
lb_target_group_health_check_path = "/"
port_mappings = [
{
"containerPort": 443,
"hostPort": 443,
"protocol": "tcp"
},
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
public_subnets_ids = module.base-network.public_subnets_ids
private_subnets_ids = module.base-network.private_subnets_ids
default_certificate_arn = "arn:aws:acm:us-east-1***************************"
}
`

Hoping for improvements...

I attempted integration of your module/project with our existing infrastructure. I was able to get a complete terraform plan/apply but it seems the configuration is incomplete. I'm including a link to gist of my ECS task-description: https://gist.github.com/Jaff/65ef1e87d0552a17880cbe25991c2ca7

Error on creating ecs-fargate with mount_point is null

Error: Invalid function argument

  on .terraform/modules/sonar.ecs_fargate.td.container_definition/main.tf line 17, in locals:
  17:   mount_points = length(var.mount_points) > 0 ? [
    |----------------
    | var.mount_points is null

Clarification : Availability zone setting

Hi,
I notice that in new version of a module 2.0.17, you don't have availability_zones

Does module derive availability zones from the private subnet?
And how lb_enable_cross_zone_load_balancing corresponds with this?

Trying to migrate from 2.0.9 version to 2.0.17

BRs,
Vlad

Upgrade to TF 0.13

Opening an issue in case the author missed terraform 0.13 release :)

Alarm on low cpu after cluster creation

There is a bug after creation of a cluster -> alarm is always triggered (low cpu)

There should be a way to define alarms on module input level
Or way to disable them
Way to control this better

As alarms are used extensively for autoscaling inside fargate, this looks important.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions

.github/workflows/pipeline.yml

actions/checkout v4

actions/checkout v4

terraform

main.tf

cn-terraform/ecs-cluster/aws 1.0.11

cn-terraform/ecs-fargate-service/aws 2.0.42

cn-terraform/ecs-fargate-task-definition/aws 1.0.36

versions.tf

aws >= 4

hashicorp/terraform >= 0.13

Check this box to trigger a request for Renovate to run again on this repository

Changing submodule variables

Hi,

I've been using the module and everything bootstraps like a charm out of the box.
Though, I have difficulties settings some of the related submodule settings.

Do you have any examples of changing lb_target_group "deregistration delay" or LB timeout values from inside your top module implementation?

And in general, how do you advise to alter the related module features which are not available as input?

Thanks and Regards,
Vlad

Support - Fargate for Windows

Customer is asking when Terraform module will support Fargate tasks based on Windows.

Need help in ecs fargate terraform code with task schedular

Hi,

I'm really appreciate the way the terraform code is written for ecs fargate,,,
here i have some confusion to use for my requirement as below

I need help in terraform code to create task scheduler in ecs type fargate with schedule expression as my task runs once in 24 hrs.
i have my existing iam role and policies with me and i want to use those role and custom and standard policy as task role and ecs task execution role and deploy the schedule task in ecs.

could you please help to this code

Many thanks

cn-terraform / terraform-aws-ecs-fargate Goto Github PK

terraform-aws-ecs-fargate's People

Contributors

Stargazers

Watchers

Forkers

terraform-aws-ecs-fargate's Issues

Detected dependencies

Recommend Projects

Recommend Topics

Recommend Org