Skip to content

Latest commit

 

History

History
139 lines (121 loc) · 35.9 KB

README.md

File metadata and controls

139 lines (121 loc) · 35.9 KB

terraform-acuris-ecs-service

Test

An ECS service with an ALB target group, suitable for routing to from an ALB.

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a

Modules

Name Source Version
ecs_update_monitor mergermarket/ecs-update-monitor/acuris 2.3.5
service mergermarket/load-balanced-ecs-service-no-target-group/acuris 2.2.7
service_container_definition mergermarket/ecs-container-definition/acuris 2.2.0
taskdef mergermarket/task-definition-with-task-role/acuris 2.1.0

Resources

Name Type
aws_appautoscaling_policy.task_scaling_policy resource
aws_appautoscaling_scheduled_action.scale_back_up resource
aws_appautoscaling_scheduled_action.scale_down resource
aws_appautoscaling_target.ecs resource
aws_cloudwatch_log_group.stderr resource
aws_cloudwatch_log_group.stdout resource
aws_cloudwatch_log_subscription_filter.kinesis_log_stderr_stream resource
aws_cloudwatch_log_subscription_filter.kinesis_log_stdout_stream resource

Inputs

Name Description Type Default Required
add_datadog_feed Flag to control adding subscription filter to CW loggroup bool true no
allow_overnight_scaledown Allow service to be scaled down bool true no
application_environment Environment specific parameters passed to the container map(string) {} no
application_secrets A list of application specific secret names that can be found in aws secrets manager list(string) [] no
assume_role_policy A valid IAM policy for assuming roles - optional string "" no
common_application_environment Environment parameters passed to the container for all environments map(string) {} no
container_labels Additional docker labels to apply to the container. map(string) {} no
container_mountpoint Map containing 'sourceVolume', 'containerPath' and 'readOnly' (optional) to map a volume into a container. map(string) {} no
container_port_mappings JSON document containing an array of port mappings for the container defintion - if set port is ignored (optional). string "" no
cpu CPU unit reservation for the container string n/a yes
deployment_maximum_percent The maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). string "200" no
deployment_minimum_healthy_percent The minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). string "100" no
deployment_timeout Timeout to wait for the deployment to be finished [seconds]. number 600 no
desired_count The number of instances of the task definition to place and keep running. string "3" no
ecs_cluster The ECS cluster string "default" no
env Environment name any n/a yes
extra_hosts List of objects containing 'hostname' and 'ipAddress' used to add extra /etc/hosts to the container. list(object({'hostname': string 'ipAddress': string}) [] no
health_check_grace_period_seconds Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Default 0. string "0" no
image_id ECR image_id for the ecs container string "" no
is_test For testing only. Stops the call to AWS for sts bool false no
log_subscription_arn To enable logging to a kinesis stream string "" no
memory The memory reservation for the container in megabytes string n/a yes
multiple_target_group_arns Mutiple target group ARNs to allow connection to multiple loadbalancers list(any) [] no
name_suffix Set a suffix that will be applied to the name in order that a component can have multiple services per environment string "" no
network_configuration_security_groups needed for network_mode awsvpc list(any) [] no
network_configuration_subnets needed for network_mode awsvpc list(any) [] no
network_mode The Docker networking mode to use for the containers in the task string "bridge" no
nofile_soft_ulimit The soft ulimit for the number of files in container string "4096" no
overnight_scaledown_end_hour When to bring service back to full strength (Hour in UTC) string "06" no
overnight_scaledown_min_count Minimum task count overnight string "0" no
overnight_scaledown_start_hour From when a service can be scaled down (Hour in UTC) string "22" no
pack_and_distinct Enable distinct instance and task binpacking for better cluster utilisation. Enter 'true' for clusters with auto scaling groups. Enter 'false' for clusters with no ASG and instant counts less than or equal to desired tasks string "false" no
platform_config Platform configuration map(string) {} no
platform_secrets A list of common secret names for "the platform" that can be found in secrets manager list(string) [] no
port The port that container will be running on string n/a yes
privileged Gives the container privileged access to the host bool false no
release Metadata about the release map(string) n/a yes
scaling_metrics A list of maps defining the scaling of the services tasks - for more info see below list(any) [] no
secrets Secret credentials fetched using credstash map(string) {} no
stop_timeout The duration is seconds to wait before the container is forcefully killed. Default 30s, max 120s. string "none" no
target_group_arn The ALB target group for the service. string "" no
task_role_policy IAM policy document to apply to the tasks via a task role string "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:GetCallerIdentity\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n" no
taskdef_volume Map containing 'name' and 'host_path' used to add a volume mapping to the taskdef. map(string) {} no

Outputs

Name Description
full_service_name n/a
stderr_name n/a
stdout_name n/a
task_role_arn n/a
task_role_name n/a
taskdef_arn n/a

Scaling Metrics

Setting this variable to a lis tof maps. Each map defines a seperate scaling policy

Param Description
name (Required) Must be unique
metric (Required) Name of the metric to use for scaling - see below for allowed values
target_value (Required) Value of the above metric that scaling will maintain
disable_scale_in (Optional) Whether scale in by the target tracking policy is disabled. If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource.
scale_in_cooldown (Optional) Amount of time, in seconds, after a scale in activity completes before another scale in activity can start
scale_out_cooldown (Optional) Amount of time, in seconds, after a scale out activity completes before another scale out activity can start.

Allowed Metrics

  • ECSServiceAverageCPUUtilization
  • ECSServiceAverageMemoryUtilization
  • ALBRequestCountPerTarget

Example

  scaling_metrics = [
    {
      name               = "cpu"
      metric             = "ECSServiceAverageCPUUtilization"
      target_value       = 10
      disable_scale_in   = false
      scale_in_cooldown  = 180
      scale_out_cooldown = 90
    },
    {
      name               = "memory"
      metric             = "ECSServiceAverageMemoryUtilization"
      target_value       = 10
      disable_scale_in   = false
      scale_in_cooldown  = 180
      scale_out_cooldown = 90
    }
  ]