From f647f2e0fc5bb3c138cdf7699fec24bcf8073cfe Mon Sep 17 00:00:00 2001 From: Rishang Date: Sat, 11 Jun 2022 17:24:48 +0530 Subject: [PATCH 01/19] chore: better environment variable format --- main.tf | 2 +- test/varfile.tfvars | 9 +++------ variables.tf | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/main.tf b/main.tf index 887ea2d..e8070a6 100644 --- a/main.tf +++ b/main.tf @@ -36,9 +36,9 @@ locals { dockerLabels = jsonencode(var.dockerLabels) dockerSecurityOptions = jsonencode(var.dockerSecurityOptions) entryPoint = jsonencode(var.entryPoint) - environment = jsonencode(var.environment) extraHosts = jsonencode(var.extraHosts) + environment = jsonencode(var.environment != {} ? [for k, v in var.environment : { "name" : k, "value" : v }] : []) healthCheck = replace(jsonencode(var.healthCheck), local.classes["digit"], "$1") links = jsonencode(var.links) diff --git a/test/varfile.tfvars b/test/varfile.tfvars index e2189d6..ba42650 100644 --- a/test/varfile.tfvars +++ b/test/varfile.tfvars @@ -1,9 +1,6 @@ -environment = [ - { - name = "AWS_DEFAULT_REGION" - value = "us-east-1" - }, -] +environment = { + "AWS_DEFAULT_REGION" = "us-east-1" +} family = "default" diff --git a/variables.tf b/variables.tf index b34b1f2..fab0d64 100644 --- a/variables.tf +++ b/variables.tf @@ -49,9 +49,9 @@ variable "entryPoint" { } variable "environment" { - default = [] + default = {} description = "The environment variables to pass to a container" - type = list(map(string)) + type = map(string) } variable "essential" { From 5fb903fcbfcc0db9e360a2c883406d8ec7a69c54 Mon Sep 17 00:00:00 2001 From: "Random._" Date: Mon, 13 Feb 2023 14:21:47 +0000 Subject: [PATCH 02/19] fix: network_mode default to awsvpc --- variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/variables.tf b/variables.tf index fab0d64..66b5dc7 100644 --- a/variables.tf +++ b/variables.tf @@ -145,7 +145,7 @@ variable "name" { } variable "network_mode" { - default = "bridge" + default = "awsvpc" description = "The Docker networking mode to use for the containers in the task" } @@ -164,7 +164,7 @@ variable "placement_constraints" { } variable "portMappings" { - default = [] + default = [{ containerPort = 80 }] description = "The list of port mappings for the container" type = list(any) } @@ -196,7 +196,7 @@ variable "repositoryCredentials" { } variable "requires_compatibilities" { - default = [] + default = ["FARGATE"] description = "The launch type required by the task" type = list(string) } From dcc8d08bc531f6dd1b48c36a4e211332d630dc72 Mon Sep 17 00:00:00 2001 From: "Random._" Date: Mon, 13 Feb 2023 14:22:17 +0000 Subject: [PATCH 03/19] fix: remove template_file resource --- .../outputs.tf | 2 +- main.tf | 83 +++++++++---------- 2 files changed, 42 insertions(+), 43 deletions(-) diff --git a/examples/terraform-task-definition-multiple-containers/outputs.tf b/examples/terraform-task-definition-multiple-containers/outputs.tf index e71ab8e..6a96923 100644 --- a/examples/terraform-task-definition-multiple-containers/outputs.tf +++ b/examples/terraform-task-definition-multiple-containers/outputs.tf @@ -1,3 +1,3 @@ output "container_definitions" { - value = "${module.merged.container_definitions}" + value = module.merged.container_definitions } diff --git a/main.tf b/main.tf index e8070a6..6003318 100644 --- a/main.tf +++ b/main.tf @@ -82,50 +82,49 @@ locals { digit = "/\"(-[[:digit:]]|[[:digit:]]+)\"/" } - container_definition = var.register_task_definition ? format("[%s]", data.template_file.container_definition.rendered) : format("%s", data.template_file.container_definition.rendered) + template_file = templatefile( + "${path.module}/templates/container-definition.json.tpl", + { + command = local.command == "[]" ? "null" : local.command + cpu = var.cpu == 0 ? "null" : var.cpu + disableNetworking = var.disableNetworking ? true : false + dnsSearchDomains = local.dnsSearchDomains == "[]" ? "null" : local.dnsSearchDomains + dnsServers = local.dnsServers == "[]" ? "null" : local.dnsServers + dockerLabels = local.dockerLabels == "{}" ? "null" : local.dockerLabels + dockerSecurityOptions = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions + entryPoint = local.entryPoint == "[]" ? "null" : local.entryPoint + environment = local.environment == "[]" ? "null" : local.environment + essential = var.essential ? true : false + extraHosts = local.extraHosts == "[]" ? "null" : local.extraHosts + healthCheck = local.healthCheck == "{}" ? "null" : local.healthCheck + hostname = var.hostname == "" ? "null" : var.hostname + image = var.image == "" ? "null" : var.image + interactive = var.interactive ? true : false + links = local.links == "[]" ? "null" : local.links + linuxParameters = local.linuxParameters == "{}" ? "null" : local.linuxParameters + logConfiguration = local.logConfiguration == "{}" ? "null" : local.logConfiguration + memory = var.memory == 0 ? "null" : var.memory + memoryReservation = var.memoryReservation == 0 ? "null" : var.memoryReservation + mountPoints = local.mountPoints == "[]" ? "null" : local.mountPoints + name = var.name == "" ? "null" : var.name + portMappings = local.portMappings == "[]" ? "null" : local.portMappings + privileged = var.privileged ? true : false + pseudoTerminal = var.pseudoTerminal ? true : false + readonlyRootFilesystem = var.readonlyRootFilesystem ? true : false + repositoryCredentials = local.repositoryCredentials == "{}" ? "null" : local.repositoryCredentials + resourceRequirements = local.resourceRequirements == "[]" ? "null" : local.resourceRequirements + secrets = local.secrets == "[]" ? "null" : local.secrets + systemControls = local.systemControls == "[]" ? "null" : local.systemControls + ulimits = local.ulimits == "[]" ? "null" : local.ulimits + user = var.user == "" ? "null" : var.user + volumesFrom = local.volumesFrom == "[]" ? "null" : local.volumesFrom + workingDirectory = var.workingDirectory == "" ? "null" : var.workingDirectory + } + ) - container_definitions = replace(local.container_definition, "/\"(null)\"/", "$1") -} + container_definition = var.register_task_definition ? format("[%s]", local.template_file) : format("%s", data.template_file) -data "template_file" "container_definition" { - template = file("${path.module}/templates/container-definition.json.tpl") - - vars = { - command = local.command == "[]" ? "null" : local.command - cpu = var.cpu == 0 ? "null" : var.cpu - disableNetworking = var.disableNetworking ? true : false - dnsSearchDomains = local.dnsSearchDomains == "[]" ? "null" : local.dnsSearchDomains - dnsServers = local.dnsServers == "[]" ? "null" : local.dnsServers - dockerLabels = local.dockerLabels == "{}" ? "null" : local.dockerLabels - dockerSecurityOptions = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions - entryPoint = local.entryPoint == "[]" ? "null" : local.entryPoint - environment = local.environment == "[]" ? "null" : local.environment - essential = var.essential ? true : false - extraHosts = local.extraHosts == "[]" ? "null" : local.extraHosts - healthCheck = local.healthCheck == "{}" ? "null" : local.healthCheck - hostname = var.hostname == "" ? "null" : var.hostname - image = var.image == "" ? "null" : var.image - interactive = var.interactive ? true : false - links = local.links == "[]" ? "null" : local.links - linuxParameters = local.linuxParameters == "{}" ? "null" : local.linuxParameters - logConfiguration = local.logConfiguration == "{}" ? "null" : local.logConfiguration - memory = var.memory == 0 ? "null" : var.memory - memoryReservation = var.memoryReservation == 0 ? "null" : var.memoryReservation - mountPoints = local.mountPoints == "[]" ? "null" : local.mountPoints - name = var.name == "" ? "null" : var.name - portMappings = local.portMappings == "[]" ? "null" : local.portMappings - privileged = var.privileged ? true : false - pseudoTerminal = var.pseudoTerminal ? true : false - readonlyRootFilesystem = var.readonlyRootFilesystem ? true : false - repositoryCredentials = local.repositoryCredentials == "{}" ? "null" : local.repositoryCredentials - resourceRequirements = local.resourceRequirements == "[]" ? "null" : local.resourceRequirements - secrets = local.secrets == "[]" ? "null" : local.secrets - systemControls = local.systemControls == "[]" ? "null" : local.systemControls - ulimits = local.ulimits == "[]" ? "null" : local.ulimits - user = var.user == "" ? "null" : var.user - volumesFrom = local.volumesFrom == "[]" ? "null" : local.volumesFrom - workingDirectory = var.workingDirectory == "" ? "null" : var.workingDirectory - } + container_definitions = replace(local.container_definition, "/\"(null)\"/", "$1") } resource "aws_ecs_task_definition" "ecs_task_definition" { From 8d668e4b21d1f8969ec07deadb9eedafd0d29143 Mon Sep 17 00:00:00 2001 From: "Random._" Date: Sat, 11 May 2024 23:14:53 +0530 Subject: [PATCH 04/19] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 6003318..2b311c8 100644 --- a/main.tf +++ b/main.tf @@ -122,7 +122,7 @@ locals { } ) - container_definition = var.register_task_definition ? format("[%s]", local.template_file) : format("%s", data.template_file) + container_definition = var.register_task_definition ? format("[%s]", local.template_file) : format("%s", local.template_file) container_definitions = replace(local.container_definition, "/\"(null)\"/", "$1") } From 865659d1529d45b3409cbd2ebf475ee33e2fe1d5 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Wed, 14 May 2025 09:39:10 +0000 Subject: [PATCH 05/19] add: runtime_platform --- main.tf | 9 +++++++++ variables.tf | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/main.tf b/main.tf index 2b311c8..ae78c1d 100644 --- a/main.tf +++ b/main.tf @@ -183,6 +183,15 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { } } } + + dynamic "runtime_platform" { + for_each = var.runtime_platform != null ? [var.runtime_platform] : [] + content { + cpu_architecture = runtime_platform.value.cpu_architecture + operating_system_family = runtime_platform.value.operating_system_family + } + } + tags = var.tags count = var.register_task_definition ? 1 : 0 diff --git a/variables.tf b/variables.tf index 66b5dc7..e258d4b 100644 --- a/variables.tf +++ b/variables.tf @@ -261,3 +261,16 @@ variable "workingDirectory" { default = "" description = "The working directory in which to run commands inside the container" } + +variable "runtime_platform" { + type = object({ + cpu_architecture = string + operating_system_family = string + }) + nullable = true + description = "The runtime platform" + default = { + cpu_architecture = "ARM64" + operating_system_family = "LINUX" + } +} \ No newline at end of file From 87ff9dd93e35212434a5822095be12a5ad658421 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Wed, 14 May 2025 09:40:52 +0000 Subject: [PATCH 06/19] fix --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index e258d4b..b3502b2 100644 --- a/variables.tf +++ b/variables.tf @@ -270,7 +270,7 @@ variable "runtime_platform" { nullable = true description = "The runtime platform" default = { - cpu_architecture = "ARM64" + cpu_architecture = "Linux/X86_64" operating_system_family = "LINUX" } } \ No newline at end of file From e69d49ba818d4668e5f7a7f1817defa03c99c2cc Mon Sep 17 00:00:00 2001 From: "Random._." Date: Wed, 14 May 2025 16:40:10 +0530 Subject: [PATCH 07/19] Update variables.tf --- variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index b3502b2..19a03b9 100644 --- a/variables.tf +++ b/variables.tf @@ -270,7 +270,7 @@ variable "runtime_platform" { nullable = true description = "The runtime platform" default = { - cpu_architecture = "Linux/X86_64" + cpu_architecture = "X86_64" operating_system_family = "LINUX" } -} \ No newline at end of file +} From db0bf5e755144ddef7c0c2f696328213cee502df Mon Sep 17 00:00:00 2001 From: "Random._." Date: Thu, 15 May 2025 09:38:54 +0000 Subject: [PATCH 08/19] add: envFrom for env values --- main.tf | 4 ++-- variables.tf | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index ae78c1d..e67e39d 100644 --- a/main.tf +++ b/main.tf @@ -38,7 +38,7 @@ locals { entryPoint = jsonencode(var.entryPoint) extraHosts = jsonencode(var.extraHosts) - environment = jsonencode(var.environment != {} ? [for k, v in var.environment : { "name" : k, "value" : v }] : []) + environments = jsonencode([for e in var.environments : e.valueFrom ? { name = e.name, valueFrom = e.value } : { name = e.name, value = e.value }]) healthCheck = replace(jsonencode(var.healthCheck), local.classes["digit"], "$1") links = jsonencode(var.links) @@ -93,7 +93,7 @@ locals { dockerLabels = local.dockerLabels == "{}" ? "null" : local.dockerLabels dockerSecurityOptions = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions entryPoint = local.entryPoint == "[]" ? "null" : local.entryPoint - environment = local.environment == "[]" ? "null" : local.environment + environment = local.environments == "[]" ? "null" : local.environments essential = var.essential ? true : false extraHosts = local.extraHosts == "[]" ? "null" : local.extraHosts healthCheck = local.healthCheck == "{}" ? "null" : local.healthCheck diff --git a/variables.tf b/variables.tf index 19a03b9..e4ce73f 100644 --- a/variables.tf +++ b/variables.tf @@ -48,10 +48,14 @@ variable "entryPoint" { type = list(string) } -variable "environment" { - default = {} +variable "environments" { + default = [] description = "The environment variables to pass to a container" - type = map(string) + type = list(object({ + name = string + value = string + valueFrom = optional(bool, false) + })) } variable "essential" { From 1554f93277baf9039b60f15d223e5b575bc458ee Mon Sep 17 00:00:00 2001 From: "Random._." Date: Thu, 15 May 2025 09:48:42 +0000 Subject: [PATCH 09/19] revert --- main.tf | 4 ++-- variables.tf | 14 +++++--------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index e67e39d..ae78c1d 100644 --- a/main.tf +++ b/main.tf @@ -38,7 +38,7 @@ locals { entryPoint = jsonencode(var.entryPoint) extraHosts = jsonencode(var.extraHosts) - environments = jsonencode([for e in var.environments : e.valueFrom ? { name = e.name, valueFrom = e.value } : { name = e.name, value = e.value }]) + environment = jsonencode(var.environment != {} ? [for k, v in var.environment : { "name" : k, "value" : v }] : []) healthCheck = replace(jsonencode(var.healthCheck), local.classes["digit"], "$1") links = jsonencode(var.links) @@ -93,7 +93,7 @@ locals { dockerLabels = local.dockerLabels == "{}" ? "null" : local.dockerLabels dockerSecurityOptions = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions entryPoint = local.entryPoint == "[]" ? "null" : local.entryPoint - environment = local.environments == "[]" ? "null" : local.environments + environment = local.environment == "[]" ? "null" : local.environment essential = var.essential ? true : false extraHosts = local.extraHosts == "[]" ? "null" : local.extraHosts healthCheck = local.healthCheck == "{}" ? "null" : local.healthCheck diff --git a/variables.tf b/variables.tf index e4ce73f..b3502b2 100644 --- a/variables.tf +++ b/variables.tf @@ -48,14 +48,10 @@ variable "entryPoint" { type = list(string) } -variable "environments" { - default = [] +variable "environment" { + default = {} description = "The environment variables to pass to a container" - type = list(object({ - name = string - value = string - valueFrom = optional(bool, false) - })) + type = map(string) } variable "essential" { @@ -274,7 +270,7 @@ variable "runtime_platform" { nullable = true description = "The runtime platform" default = { - cpu_architecture = "X86_64" + cpu_architecture = "Linux/X86_64" operating_system_family = "LINUX" } -} +} \ No newline at end of file From a4f2eac7a69aa898886623a4dbf1985d48129896 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Thu, 15 May 2025 09:51:36 +0000 Subject: [PATCH 10/19] fix: arch --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index b3502b2..245bb4e 100644 --- a/variables.tf +++ b/variables.tf @@ -270,7 +270,7 @@ variable "runtime_platform" { nullable = true description = "The runtime platform" default = { - cpu_architecture = "Linux/X86_64" + cpu_architecture = "X86_64" operating_system_family = "LINUX" } } \ No newline at end of file From 778aefe4c66439d5deeaf373848a5e38cee25a61 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Thu, 15 May 2025 22:06:16 +0530 Subject: [PATCH 11/19] Update main.tf --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index ae78c1d..fd07ccc 100644 --- a/main.tf +++ b/main.tf @@ -187,8 +187,8 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { dynamic "runtime_platform" { for_each = var.runtime_platform != null ? [var.runtime_platform] : [] content { - cpu_architecture = runtime_platform.value.cpu_architecture - operating_system_family = runtime_platform.value.operating_system_family + cpu_architecture = upper(runtime_platform.value.cpu_architecture) + operating_system_family = upper(runtime_platform.value.operating_system_family) } } From fbf338d4f7ad77639f98a9188d8bd459cdfe1030 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Mon, 26 May 2025 10:23:26 +0000 Subject: [PATCH 12/19] feat: track_latest --- main.tf | 10 ++++++---- variables.tf | 14 ++++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index fd07ccc..964d8a8 100644 --- a/main.tf +++ b/main.tf @@ -83,7 +83,7 @@ locals { } template_file = templatefile( - "${path.module}/templates/container-definition.json.tpl", + "${path.module}/templates/container-definition.json.tpl", { command = local.command == "[]" ? "null" : local.command cpu = var.cpu == 0 ? "null" : var.cpu @@ -135,6 +135,8 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { network_mode = var.network_mode pid_mode = var.pid_mode + track_latest = var.track_latest + # Fargate requires cpu and memory to be defined at the task level cpu = var.cpu memory = var.memory @@ -187,11 +189,11 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { dynamic "runtime_platform" { for_each = var.runtime_platform != null ? [var.runtime_platform] : [] content { - cpu_architecture = upper(runtime_platform.value.cpu_architecture) - operating_system_family = upper(runtime_platform.value.operating_system_family) + cpu_architecture = upper(runtime_platform.value.cpu_architecture) + operating_system_family = upper(runtime_platform.value.operating_system_family) } } - + tags = var.tags count = var.register_task_definition ? 1 : 0 diff --git a/variables.tf b/variables.tf index 245bb4e..aeb12ef 100644 --- a/variables.tf +++ b/variables.tf @@ -264,13 +264,19 @@ variable "workingDirectory" { variable "runtime_platform" { type = object({ - cpu_architecture = string + cpu_architecture = string operating_system_family = string }) - nullable = true + nullable = true description = "The runtime platform" default = { - cpu_architecture = "X86_64" + cpu_architecture = "X86_64" operating_system_family = "LINUX" } -} \ No newline at end of file +} + +variable "track_latest" { + type = bool + default = false + description = "Whether should track latest ACTIVE task definition on AWS or the one created with the resource stored in state. Default is false. Useful in the event the task definition is modified outside of this resource." +} From 171ebe5b5788c728700844d81253f65010ba9002 Mon Sep 17 00:00:00 2001 From: "Random._." Date: Tue, 27 May 2025 13:14:01 +0000 Subject: [PATCH 13/19] feat: ecr support --- ecr.tf | 33 +++++++++++++++++++++++++++++++++ main.tf | 4 +++- outputs.tf | 3 +++ variables.tf | 32 +++++++++++++++++++++++++++++++- 4 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 ecr.tf diff --git a/ecr.tf b/ecr.tf new file mode 100644 index 0000000..006c17d --- /dev/null +++ b/ecr.tf @@ -0,0 +1,33 @@ +resource "aws_ecr_repository" "service" { + count = var.ecr_create_repo ? 1 : 0 + name = var.ecr_repo_name + + image_scanning_configuration { + scan_on_push = var.ecr_scan_on_push + } +} + +resource "aws_ecr_lifecycle_policy" "service" { + count = var.ecr_create_repo ? 1 : 0 + repository = aws_ecr_repository.service[0].name + + policy = < Date: Tue, 27 May 2025 13:19:55 +0000 Subject: [PATCH 14/19] fix: ecr url --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b74e9d5..3b7d0e0 100644 --- a/main.tf +++ b/main.tf @@ -82,7 +82,7 @@ locals { digit = "/\"(-[[:digit:]]|[[:digit:]]+)\"/" } - image = var.ecr_create_repo ? "${aws_ecr_repository.service[0].name}:${var.ecr_task_definition_tag}" : var.image + image = var.ecr_create_repo ? "${aws_ecr_repository.service[0].repository_url}:${var.ecr_task_definition_tag}" : var.image template_file = templatefile( "${path.module}/templates/container-definition.json.tpl", From 70c1aa4c258ca54bf47e4ed6d5779e773cd4462c Mon Sep 17 00:00:00 2001 From: "Random._." Date: Tue, 27 May 2025 13:48:50 +0000 Subject: [PATCH 15/19] feat: cloudwatch --- main.tf | 19 ++++++++++++++++++- variables.tf | 20 +++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 3b7d0e0..f3beabf 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,7 @@ # - 2. https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html # - 3. https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PortMapping.html # - 4. https://github.com/hashicorp/terraform/issues/17033 +data "aws_region" "current" {} locals { command = jsonencode(var.command) @@ -53,7 +54,16 @@ locals { "$1", ) - logConfiguration = jsonencode(var.logConfiguration) + cloudwatch_log_group_name = "/${var.cloudwatch_log_group_prefix}/ecs/${var.name}" + + logConfiguration = var.enable_cloudwatch ? jsonencode({ + logDriver = "awslogs" + options = { + awslogs-group = local.cloudwatch_log_group_name + awslogs-region = data.aws_region.current.name + awslogs-stream-prefix = "ecs" + } + }) : jsonencode(var.logConfiguration) mountPoints = replace( replace(jsonencode(var.mountPoints), "/\"1\"/", "true"), @@ -129,6 +139,13 @@ locals { container_definitions = replace(local.container_definition, "/\"(null)\"/", "$1") } +resource "aws_cloudwatch_log_group" "ecs_task_definition" { + count = var.enable_cloudwatch == true ? 1 : 0 + + name = "/${var.cloudwatch_log_group_prefix}/ecs/${var.name}" + retention_in_days = var.cloudwatch_log_retention_in_days +} + resource "aws_ecs_task_definition" "ecs_task_definition" { container_definitions = local.container_definitions execution_role_arn = var.execution_role_arn diff --git a/variables.tf b/variables.tf index 00c0d41..1dac9d4 100644 --- a/variables.tf +++ b/variables.tf @@ -309,4 +309,22 @@ variable "ecr_task_definition_tag" { type = string default = "latest" description = "Tag to use for the ECR task definition" -} \ No newline at end of file +} + +variable "enable_cloudwatch" { + type = bool + default = false + description = "Whether to enable CloudWatch logging if false, the value of variable `logConfiguration` will be used" +} + +variable "cloudwatch_log_group_prefix" { + type = string + default = "" + description = "The prefix for the CloudWatch log group name eg: /project/environment/app" +} + +variable "cloudwatch_log_retention_in_days" { + type = number + default = 30 + description = "The number of days to retain the CloudWatch log group" +} From 16cc31c647662a4243427d701e830af6f690496c Mon Sep 17 00:00:00 2001 From: Rishang Date: Mon, 23 Jun 2025 00:14:44 +0530 Subject: [PATCH 16/19] fix: ecr policy --- ecr.tf | 20 ++++++++++++++++---- main.tf | 4 ++-- variables.tf | 31 +++++++++++-------------------- 3 files changed, 29 insertions(+), 26 deletions(-) diff --git a/ecr.tf b/ecr.tf index 006c17d..8b2091f 100644 --- a/ecr.tf +++ b/ecr.tf @@ -1,9 +1,9 @@ resource "aws_ecr_repository" "service" { count = var.ecr_create_repo ? 1 : 0 - name = var.ecr_repo_name + name = var.ecr_config.repo_name image_scanning_configuration { - scan_on_push = var.ecr_scan_on_push + scan_on_push = var.ecr_config.scan_on_push } } @@ -16,12 +16,24 @@ resource "aws_ecr_lifecycle_policy" "service" { "rules": [ { "rulePriority": 1, - "description": "Expire images older than ${var.ecr_repo_remove_untagged_days} days", + "description": "Expire images older than ${var.ecr_config.repo_remove_untagged_days} days", "selection": { "tagStatus": "untagged", "countType": "sinceImagePushed", "countUnit": "days", - "countNumber": ${var.ecr_repo_remove_untagged_days} + "countNumber": ${var.ecr_config.repo_remove_untagged_days} + }, + "action": { + "type": "expire" + } + }, + { + "rulePriority": 2, + "description": "Maximum ${var.ecr_config.repo_max_images} images in the repository", + "selection": { + "tagStatus": "any", + "countType": "imageCountMoreThan", + "countNumber": ${var.ecr_config.repo_max_images} }, "action": { "type": "expire" diff --git a/main.tf b/main.tf index f3beabf..94e7530 100644 --- a/main.tf +++ b/main.tf @@ -60,7 +60,7 @@ locals { logDriver = "awslogs" options = { awslogs-group = local.cloudwatch_log_group_name - awslogs-region = data.aws_region.current.name + awslogs-region = data.aws_region.current.region awslogs-stream-prefix = "ecs" } }) : jsonencode(var.logConfiguration) @@ -92,7 +92,7 @@ locals { digit = "/\"(-[[:digit:]]|[[:digit:]]+)\"/" } - image = var.ecr_create_repo ? "${aws_ecr_repository.service[0].repository_url}:${var.ecr_task_definition_tag}" : var.image + image = var.ecr_create_repo ? "${aws_ecr_repository.service[0].repository_url}:${var.ecr_config.task_definition_tag}" : var.image template_file = templatefile( "${path.module}/templates/container-definition.json.tpl", diff --git a/variables.tf b/variables.tf index 1dac9d4..8275cc2 100644 --- a/variables.tf +++ b/variables.tf @@ -288,27 +288,18 @@ variable "ecr_create_repo" { description = "Enable ECR repository creation" } -variable "ecr_scan_on_push" { - type = bool - default = false - description = "Enable ECR repository scanning on push" -} - -variable "ecr_repo_name" { - type = string - description = "Name of the ECR repository" -} - -variable "ecr_repo_remove_untagged_days" { - type = number - default = 7 - description = "Number of days to keep untagged images" -} +variable "ecr_config" { + type = object({ + scan_on_push = optional(bool, false) + repo_name = optional(string, "") + repo_remove_untagged_days = optional(number, 7) + task_definition_tag = optional(string, "latest") + repo_max_images = optional(number, 10) + }) -variable "ecr_task_definition_tag" { - type = string - default = "latest" - description = "Tag to use for the ECR task definition" + nullable = true + default = null + description = "ECR repository configuration" } variable "enable_cloudwatch" { From b79dbbe3a52b83a39cf85fb0d325539f3e29959f Mon Sep 17 00:00:00 2001 From: Rishang Date: Mon, 23 Jun 2025 00:17:06 +0530 Subject: [PATCH 17/19] fmt --- variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index 8275cc2..fb8b59d 100644 --- a/variables.tf +++ b/variables.tf @@ -290,10 +290,10 @@ variable "ecr_create_repo" { variable "ecr_config" { type = object({ - scan_on_push = optional(bool, false) repo_name = optional(string, "") - repo_remove_untagged_days = optional(number, 7) task_definition_tag = optional(string, "latest") + repo_remove_untagged_days = optional(number, 7) + scan_on_push = optional(bool, false) repo_max_images = optional(number, 10) }) From d9a819a2c72074a1eecc1fb6639c4ff553f3ef0e Mon Sep 17 00:00:00 2001 From: Rishang Date: Mon, 23 Jun 2025 00:49:02 +0530 Subject: [PATCH 18/19] add: docs --- .terraform-docs.yaml | 69 +++++++++++ README.md | 268 +++++++++++++++++++++---------------------- Taskfile.yml | 10 ++ example.tfvars | 57 +++++++++ src/example.tfvars | 0 variables.tf | 2 +- 6 files changed, 268 insertions(+), 138 deletions(-) create mode 100644 .terraform-docs.yaml create mode 100644 Taskfile.yml create mode 100644 example.tfvars create mode 100644 src/example.tfvars diff --git a/.terraform-docs.yaml b/.terraform-docs.yaml new file mode 100644 index 0000000..95cc671 --- /dev/null +++ b/.terraform-docs.yaml @@ -0,0 +1,69 @@ +formatter: "markdown" +header-from: main.tf + +sort: + enabled: true + by: required + +content: |- + {{ .Header }} + + ![GitHub release](https://img.shields.io/github/release/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) ![GitHub](https://img.shields.io/github/license/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) + + > A Terraform module for creating Amazon [ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html) + + ## NOTICE + + **THIS MODULE IS NOT COMPATIBLE WITH VERSIONS OF TERRAFORM LESS THAN v0.12.x. PLEASE REFER TO THE OFFICIAL [DOCUMENTATION](https://www.terraform.io/upgrade-guides/0-12.html) FOR UPGRADING TO THE LATEST VERSION OF TERRAFORM.** + + ## Contents + + - [Motivation](#motivation) + - [Use Cases](#use-cases) + - [Requirements](#requirements) + - [Usage](#usage) + - [Multiple Container Definitions](#multiple-container-definitions) + - [Inputs](#inputs) + - [Outputs](#outputs) + - [Testing](#testing) + - [License](#license) + + ## Motivation + + The purpose of this module is to generate a valid Amazon [ECS Task Definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html) dynamically. A task definition is required to run Docker containers in Amazon ECS. A task definition contains a list of [container definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definitions) received by the Docker daemon to create a container instance. + + ### Use Cases + + - Have Terraform generate valid task definitions dynamically + - Update the ECS task definition and trigger new [service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) deployments automatically (see [examples/ecs_update_service.tf](examples/ecs_update_service.tf)) + + ## Requirements + + - [Terraform](https://www.terraform.io/downloads.html) + - [Go](https://golang.org/dl/) (for testing) + ## Usage + + {{ .Providers }} + + {{ .Outputs }} + + ## available tfvar inputs + + ```hcl + # null are required inputs, + # others are optional default values + + {{ include "example.tfvars" }} + ``` + + {{ .Inputs }} + + --- + README.md created by: `terraform-docs` + +output: + file: "./README.md" + template: |- + + {{ .Content }} + diff --git a/README.md b/README.md index 6cb8a29..93f6bc1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ + + + ![GitHub release](https://img.shields.io/github/release/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) ![GitHub](https://img.shields.io/github/license/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) > A Terraform module for creating Amazon [ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html) @@ -31,155 +34,146 @@ The purpose of this module is to generate a valid Amazon [ECS Task Definition](h - [Terraform](https://www.terraform.io/downloads.html) - [Go](https://golang.org/dl/) (for testing) - ## Usage -This module uses the same parameters as the [`ContainerDefinition`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) object. Given the following Terraform configuration: - -```hcl -provider "aws" {} - -module "mongo-task-definition" { - source = "github.com/mongodb/terraform-aws-ecs-task-definition" - - family = "mongo" - image = "mongo:3.6" - memory = 512 - name = "mongo" - - portMappings = [ - { - containerPort = 27017 - }, - ] -} -``` - -Invoking the commands defined below creates an ECS task definition with the following [`containerDefinitions`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RegisterTaskDefinition.html#ECS-RegisterTaskDefinition-request-containerDefinitions): - - $ terraform init - $ terraform apply - -```json -[ - { - "command": null, - "cpu": null, - "disableNetworking": false, - "dnsSearchDomains": null, - "dnsServers": null, - "dockerLabels": null, - "dockerSecurityOptions": null, - "entryPoint": null, - "environment": null, - "essential": true, - "extraHosts": null, - "healthCheck": null, - "hostname": null, - "image": "mongo:3.6", - "interactive": false, - "links": null, - "linuxParameters": null, - "logConfiguration": null, - "memory": 512, - "memoryReservation": null, - "mountPoints": null, - "name": "mongo", - "portMappings": [{"containerPort":27017}], - "privileged": false, - "pseudoTerminal": false, - "readonlyRootFilesystem": false, - "repositoryCredentials": null, - "resourceRequirements": null, - "secrets": null, - "systemControls": null, - "ulimits": null, - "user": null, - "volumesFrom": null, - "workingDirectory": null - } -] -``` - -### Multiple Container Definitions - -By default, this module creates a task definition with a single container definition. To create a task definition with multiple container definitions, refer to the documentation of the [`merge`](modules/merge) module. - - ## Providers | Name | Version | |------|---------| -| aws | n/a | -| template | n/a | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:-----:| -| command | The command that is passed to the container | `list(string)` | `[]` | no | -| cpu | The number of cpu units reserved for the container | `number` | `0` | no | -| disableNetworking | When this parameter is true, networking is disabled within the container | `bool` | `false` | no | -| dnsSearchDomains | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no | -| dnsServers | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no | -| dockerLabels | A key/value map of labels to add to the container | `map(string)` | `{}` | no | -| dockerSecurityOptions | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no | -| entryPoint | The entry point that is passed to the container | `list(string)` | `[]` | no | -| environment | The environment variables to pass to a container | `list(map(string))` | `[]` | no | -| essential | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no | -| execution\_role\_arn | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no | -| extraHosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | `list(string)` | `[]` | no | -| family | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes | -| healthCheck | The health check command and associated configuration parameters for the container | `any` | `{}` | no | -| hostname | The hostname to use for your container | `string` | `""` | no | -| image | The image used to start a container | `string` | `""` | no | -| interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no | -| ipc\_mode | The IPC resource namespace to use for the containers in the task | `string` | `"host"` | no | -| links | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no | -| linuxParameters | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no | -| logConfiguration | The log configuration specification for the container | `any` | `{}` | no | -| memory | The hard limit (in MiB) of memory to present to the container | `number` | `0` | no | -| memoryReservation | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no | -| mountPoints | The mount points for data volumes in your container | `list(any)` | `[]` | no | -| name | The name of a container | `string` | `""` | no | -| network\_mode | The Docker networking mode to use for the containers in the task | `string` | `"bridge"` | no | -| pid\_mode | The process namespace to use for the containers in the task | `string` | `"host"` | no | -| placement\_constraints | An array of placement constraint objects to use for the task | `list(string)` | `[]` | no | -| portMappings | The list of port mappings for the container | `list(any)` | `[]` | no | -| privileged | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no | -| pseudoTerminal | When this parameter is true, a TTY is allocated | `bool` | `false` | no | -| readonlyRootFilesystem | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no | -| register\_task\_definition | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no | -| repositoryCredentials | The private repository authentication credentials to use | `map(string)` | `{}` | no | -| requires\_compatibilities | The launch type required by the task | `list(string)` | `[]` | no | -| resourceRequirements | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no | -| secrets | The secrets to pass to the container | `list(map(string))` | `[]` | no | -| systemControls | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no | -| tags | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no | -| task\_role\_arn | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no | -| ulimits | A list of ulimits to set in the container | `list(any)` | `[]` | no | -| user | The user name to use inside the container | `string` | `""` | no | -| volumes | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no | -| volumesFrom | Data volumes to mount from another container | `list(object)` | `[]` | no | -| workingDirectory | The working directory in which to run commands inside the container | `string` | `""` | no | +| [aws](#provider\_aws) | n/a | ## Outputs | Name | Description | |------|-------------| -| arn | The full Amazon Resource Name (ARN) of the task definition | -| container\_definitions | A list of container definitions in JSON format that describe the different containers that make up your task | -| family | The family of your task definition, used as the definition name | -| revision | The revision of the task in a particular family | - - +| [arn](#output\_arn) | The full Amazon Resource Name (ARN) of the task definition | +| [container\_definitions](#output\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task | +| [ecr\_repo\_name](#output\_ecr\_repo\_name) | n/a | +| [family](#output\_family) | The family of your task definition, used as the definition name | +| [revision](#output\_revision) | The revision of the task in a particular family | -## Testing +## available tfvar inputs -This module uses [Terratest](https://github.com/gruntwork-io/terratest), a Go library maintained by [Gruntwork](https://gruntwork.io/), to write automated tests for your infrastructure code. To invoke tests, run the following commands: - - $ go test -v ./... +```hcl +# null are required inputs, +# others are optional default values + +cloudwatch_log_group_prefix = "" +cloudwatch_log_retention_in_days = 30 +command = [] +cpu = 256 +disableNetworking = false +dnsSearchDomains = [] +dnsServers = [] +dockerLabels = {} +dockerSecurityOptions = [] +ecr_config = null +ecr_create_repo = false +enable_cloudwatch = false +entryPoint = [] +environment = {} +essential = true +execution_role_arn = "" +extraHosts = [] +family = null +healthCheck = {} +hostname = "" +image = "null" +interactive = false +ipc_mode = null +links = [] +linuxParameters = {} +logConfiguration = {} +memory = 512 +memoryReservation = 0 +mountPoints = [] +name = "" +network_mode = "awsvpc" +pid_mode = null +placement_constraints = [] +portMappings = [{ + containerPort = 80 +}] +privileged = false +pseudoTerminal = false +readonlyRootFilesystem = false +register_task_definition = true +repositoryCredentials = {} +requires_compatibilities = ["FARGATE"] +resourceRequirements = [] +runtime_platform = { + cpu_architecture = "X86_64" + operating_system_family = "LINUX" +} +secrets = [] +systemControls = [] +tags = {} +task_role_arn = "" +track_latest = false +ulimits = [] +user = "" +volumes = [] +volumesFrom = [] +workingDirectory = "" +``` -## License +## Inputs -[Apache License 2.0](LICENSE) +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [family](#input\_family) | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes | +| [cloudwatch\_log\_group\_prefix](#input\_cloudwatch\_log\_group\_prefix) | The prefix for the CloudWatch log group name eg: /project/environment/app | `string` | `""` | no | +| [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | The number of days to retain the CloudWatch log group | `number` | `30` | no | +| [command](#input\_command) | The command that is passed to the container | `list(string)` | `[]` | no | +| [cpu](#input\_cpu) | The number of cpu units reserved for the container | `number` | `256` | no | +| [disableNetworking](#input\_disableNetworking) | When this parameter is true, networking is disabled within the container | `bool` | `false` | no | +| [dnsSearchDomains](#input\_dnsSearchDomains) | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no | +| [dnsServers](#input\_dnsServers) | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no | +| [dockerLabels](#input\_dockerLabels) | A key/value map of labels to add to the container | `map(string)` | `{}` | no | +| [dockerSecurityOptions](#input\_dockerSecurityOptions) | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no | +| [ecr\_config](#input\_ecr\_config) | ECR repository configuration | 
object({
    repo_name                 = optional(string, "")
    task_definition_tag       = optional(string, "latest")
    repo_remove_untagged_days = optional(number, 7)
    scan_on_push              = optional(bool, false)
    repo_max_images           = optional(number, 10)
  })
| `null` | no | +| [ecr\_create\_repo](#input\_ecr\_create\_repo) | Enable ECR repository creation | `bool` | `false` | no | +| [enable\_cloudwatch](#input\_enable\_cloudwatch) | Whether to enable CloudWatch logging if false, the value of variable `logConfiguration` will be used | `bool` | `false` | no | +| [entryPoint](#input\_entryPoint) | The entry point that is passed to the container | `list(string)` | `[]` | no | +| [environment](#input\_environment) | The environment variables to pass to a container | `map(string)` | `{}` | no | +| [essential](#input\_essential) | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no | +| [execution\_role\_arn](#input\_execution\_role\_arn) | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no | +| [extraHosts](#input\_extraHosts) | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | 
list(object({
    ipAddress = string
    hostname  = string
  }))
| `[]` | no | +| [healthCheck](#input\_healthCheck) | The health check command and associated configuration parameters for the container | `any` | `{}` | no | +| [hostname](#input\_hostname) | The hostname to use for your container | `string` | `""` | no | +| [image](#input\_image) | The image used to start a container | `string` | `"null"` | no | +| [interactive](#input\_interactive) | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no | +| [ipc\_mode](#input\_ipc\_mode) | The IPC resource namespace to use for the containers in the task | `any` | `null` | no | +| [links](#input\_links) | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no | +| [linuxParameters](#input\_linuxParameters) | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no | +| [logConfiguration](#input\_logConfiguration) | The log configuration specification for the container | `any` | `{}` | no | +| [memory](#input\_memory) | The hard limit (in MiB) of memory to present to the container | `number` | `512` | no | +| [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no | +| [mountPoints](#input\_mountPoints) | The mount points for data volumes in your container | `list(any)` | `[]` | no | +| [name](#input\_name) | The name of a container | `string` | `""` | no | +| [network\_mode](#input\_network\_mode) | The Docker networking mode to use for the containers in the task | `string` | `"awsvpc"` | no | +| [pid\_mode](#input\_pid\_mode) | The process namespace to use for the containers in the task | `any` | `null` | no | +| [placement\_constraints](#input\_placement\_constraints) | An array of placement constraint objects to use for the task | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| [portMappings](#input\_portMappings) | The list of port mappings for the container | `list(any)` | 
[
  {
    "containerPort": 80
  }
]
| no | +| [privileged](#input\_privileged) | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no | +| [pseudoTerminal](#input\_pseudoTerminal) | When this parameter is true, a TTY is allocated | `bool` | `false` | no | +| [readonlyRootFilesystem](#input\_readonlyRootFilesystem) | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no | +| [register\_task\_definition](#input\_register\_task\_definition) | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no | +| [repositoryCredentials](#input\_repositoryCredentials) | The private repository authentication credentials to use | `map(string)` | `{}` | no | +| [requires\_compatibilities](#input\_requires\_compatibilities) | The launch type required by the task (FARGATE, FARGATE\_SPOT, EC2) | `list(string)` | 
[
  "FARGATE"
]
| no | +| [resourceRequirements](#input\_resourceRequirements) | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no | +| [runtime\_platform](#input\_runtime\_platform) | The runtime platform | 
object({
    cpu_architecture        = string
    operating_system_family = string
  })
| 
{
  "cpu_architecture": "X86_64",
  "operating_system_family": "LINUX"
}
| no | +| [secrets](#input\_secrets) | The secrets to pass to the container | `list(map(string))` | `[]` | no | +| [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no | +| [tags](#input\_tags) | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no | +| [track\_latest](#input\_track\_latest) | Whether should track latest ACTIVE task definition on AWS or the one created with the resource stored in state. Default is false. Useful in the event the task definition is modified outside of this resource. | `bool` | `false` | no | +| [ulimits](#input\_ulimits) | A list of ulimits to set in the container | `list(any)` | `[]` | no | +| [user](#input\_user) | The user name to use inside the container | `string` | `""` | no | +| [volumes](#input\_volumes) | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no | +| [volumesFrom](#input\_volumesFrom) | Data volumes to mount from another container | 
list(object({
    readOnly        = bool
    sourceContainer = string
  }))
| `[]` | no | +| [workingDirectory](#input\_workingDirectory) | The working directory in which to run commands inside the container | `string` | `""` | no | + +--- +README.md created by: `terraform-docs` + \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..f8c3200 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,10 @@ +version: "3" + +tasks: + docs: + dir: ./ + desc: Generate documentation for all modules + cmds: + - tfvar . > example.tfvars + - terraform-docs markdown . + - terraform fmt -recursive diff --git a/example.tfvars b/example.tfvars new file mode 100644 index 0000000..c8749e7 --- /dev/null +++ b/example.tfvars @@ -0,0 +1,57 @@ +cloudwatch_log_group_prefix = "" +cloudwatch_log_retention_in_days = 30 +command = [] +cpu = 256 +disableNetworking = false +dnsSearchDomains = [] +dnsServers = [] +dockerLabels = {} +dockerSecurityOptions = [] +ecr_config = null +ecr_create_repo = false +enable_cloudwatch = false +entryPoint = [] +environment = {} +essential = true +execution_role_arn = "" +extraHosts = [] +family = null +healthCheck = {} +hostname = "" +image = "null" +interactive = false +ipc_mode = null +links = [] +linuxParameters = {} +logConfiguration = {} +memory = 512 +memoryReservation = 0 +mountPoints = [] +name = "" +network_mode = "awsvpc" +pid_mode = null +placement_constraints = [] +portMappings = [{ + containerPort = 80 +}] +privileged = false +pseudoTerminal = false +readonlyRootFilesystem = false +register_task_definition = true +repositoryCredentials = {} +requires_compatibilities = ["FARGATE"] +resourceRequirements = [] +runtime_platform = { + cpu_architecture = "X86_64" + operating_system_family = "LINUX" +} +secrets = [] +systemControls = [] +tags = {} +task_role_arn = "" +track_latest = false +ulimits = [] +user = "" +volumes = [] +volumesFrom = [] +workingDirectory = "" diff --git a/src/example.tfvars b/src/example.tfvars new file mode 100644 index 0000000..e69de29 diff --git a/variables.tf b/variables.tf index fb8b59d..f964241 100644 --- a/variables.tf +++ b/variables.tf @@ -197,7 +197,7 @@ variable "repositoryCredentials" { variable "requires_compatibilities" { default = ["FARGATE"] - description = "The launch type required by the task" + description = "The launch type required by the task (FARGATE, FARGATE_SPOT, EC2)" type = list(string) } From 37470034eb3f52f9c75d537949231ed13c01eaf4 Mon Sep 17 00:00:00 2001 From: Rishang Date: Mon, 23 Jun 2025 00:52:11 +0530 Subject: [PATCH 19/19] docs: ecr output cloudwatch name --- README.md | 3 ++- outputs.tf | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 93f6bc1..7ae09d1 100644 --- a/README.md +++ b/README.md @@ -47,8 +47,9 @@ The purpose of this module is to generate a valid Amazon [ECS Task Definition](h | Name | Description | |------|-------------| | [arn](#output\_arn) | The full Amazon Resource Name (ARN) of the task definition | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | The name of the CloudWatch log group created if enable\_cloudwatch is true | | [container\_definitions](#output\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task | -| [ecr\_repo\_name](#output\_ecr\_repo\_name) | n/a | +| [ecr\_repo\_name](#output\_ecr\_repo\_name) | The name of the ECR repository created if ecr\_create\_repo is true | | [family](#output\_family) | The family of your task definition, used as the definition name | | [revision](#output\_revision) | The revision of the task in a particular family | diff --git a/outputs.tf b/outputs.tf index 15e12b8..db7a249 100644 --- a/outputs.tf +++ b/outputs.tf @@ -19,5 +19,11 @@ output "revision" { } output "ecr_repo_name" { - value = var.ecr_create_repo == true ? aws_ecr_repository.service[0].name : null + description = "The name of the ECR repository created if ecr_create_repo is true" + value = var.ecr_create_repo == true ? aws_ecr_repository.service[0].name : null +} + +output "cloudwatch_log_group_name" { + description = "The name of the CloudWatch log group created if enable_cloudwatch is true" + value = var.enable_cloudwatch ? aws_cloudwatch_log_group.ecs_task_definition[0].name : null }