Terraform ECS Fargate
A set of Terraform templates used for provisioning web application stacks on AWS ECS Fargate.
The templates are designed to be customized. The optional components can be removed by simply deleting the .tf file.
The templates are used for managing infrastructure concerns and, as such, the templates deploy a default backend docker image. We recommend using the fargate CLI for managing application concerns like deploying your actual application images and environment variables on top of this infrastructure. The fargate CLI can be used to deploy applications from your laptop or in CI/CD pipelines.
Components
base
These components are shared by all environments.
| Name | Description | Optional |
|---|---|---|
| main.tf | AWS provider, output | |
| state.tf | S3 bucket backend for storing Terraform remote state | |
| ecr.tf | ECR repository for application (all environments share) |
env/dev
These components are for a specific environment. There should be a corresponding directory for each environmentthat is needed.
| Name | Description | Optional |
|---|---|---|
| main.tf | Terrform remote state, AWS provider, output | |
| ecs.tf | ECS Cluster, Service, Task Definition, ecsTaskExecutionRole, CloudWatch Log Group | |
| lb.tf | ALB, Target Group, S3 bucket for access logs | |
| nsg.tf | NSG for ALB and Task | |
| lb-http.tf | HTTP listener, NSG rule. Delete if HTTPS only | Yes |
| lb-https.tf | HTTPS listener, NSG rule. Delete if HTTP only | Yes |
| dashboard.tf | CloudWatch dashboard: CPU, memory, and HTTP-related metrics | Yes |
| role.tf | Application Role for container | Yes |
| cicd.tf | IAM user that can be used by CI/CD systems | Yes |
| autoscale-perf.tf | Performance-based auto scaling | Yes |
| autoscale-time.tf | Time-based auto scaling | Yes |
| logs-logzio.tf | Ship container logs to logz.io | Yes |
| secretsmanager.tf | Add a Secrets Manager secret with a CMK KMS key. Also gives app role and ECS task definition role access to read secrets from Secrets Manager | Yes |
| secrets-sidecar.tf | Adds a task definition configuration for deploying your app along with a sidecar container that writes your secrets manager secret to a file. Note that this is dependent upon opting in to secretsmanager.tf. |
Yes |
| ssm-parameters.tf | Add a CMK KMS key for use with SSM Parameter Store. Also gives ECS task definition role access to read secrets from parameter store. | Yes |
| ecs-event-stream.tf | Add an ECS event log dashboard | Yes |
Usage
Typically, the base Terraform will only need to be run once, and then should onlyneed changes very infrequently. After the base is built, each environment can be built.
# Move into the base directory
$ cd base
# Sets up Terraform to run
$ terraform init
# Executes the Terraform run
$ terraform apply
# Now, move into the dev environment
$ cd ../env/dev
# Sets up Terraform to run
$ terraform init
# Executes the Terraform run
$ terraform apply
Important (after initial terraform apply)
The generated base .tfstate is not stored in the remote state S3 bucket. Ensure the base .tfstate is checked into your infrastructure repo. The default Terraform .gitignore generated by GitHub will ignore all .tfstate files; you'll need to modify this!
fargate-create
Alternatively you can use the fargate-create CLI to scaffold new projects based on this template.
install
curl -s get-fargate-create.turnerlabs.io | sh
create an input vars file (terraform.tfvars)
# app/env to scaffold
app = "my-app"
environment = "dev"
internal = true
container_port = "8080"
replicas = "1"
health_check = "/health"
region = "us-east-1"
aws_profile = "default"
saml_role = "admin"
vpc = "vpc-123"
private_subnets = "subnet-123,subnet-456"
public_subnets = "subnet-789,subnet-012"
tags = {
application = "my-app"
environment = "dev"
team = "my-team"
customer = "my-customer"
contact-email = "me@example.com"
}
$ fargate-create -f terraform.tfvars
Additional Information
Install pre-commit hook that checks terraform code for formatting
ln -s ../../pre-commit.sh .git/hooks/pre-commit
-
背景 越来越多的公司已经熟知并运用“基础设施即代码”来构建和维护自己的云基础设施。目前也有许多的自动化构建工具协助用户通过脚本进行云资源的部署和生命周期的管理,如:Terraform、Ansible、Chef等。但是,在实施过程中,都遇到了如何获取镜像id、可用区、实例类型id,如何跟自己的脚本相结合而备受困扰? 请首先检查一下您的构建脚本,是否有imageId=centos_6u8_64_40G
-
AWS Lambda都是浮云,AWS Fargate才是王道——无服务器的未来,有我没你! - DockOne.io http://www.dockone.io/article/4656 通过 Fargate 开始使用 Amazon ECS - Amazon Elastic Container Service https://docs.aws.amazon.com/zh_cn/AmazonECS/
-
我正在尝试创建一个AWS Cloudwatch事件规则,以便在运行特定任务的容器成功完成运行时发送SNS电子邮件通知。我已经浏览了Terraform文档,但找不到一种动态注入taskArn的好方法: 例如,这里的文档示例提供了相同的硬编码<代码> 是否有一种模板文件方法可以动态插入我的ARN而无需硬编码?
-
重要提示:Terraform 所在的 HashiCorp 公司宣布,不允许中国境内使用该公司旗下的企业版的产品和软件(开源版本不受影响)。 Terraform 是一个安全和高效的用来构建、更改和合并基础架构的工具。采用 Go 语言开发。Terraform 可管理已有的流行的服务,并提供自定义解决方案。 Terraform 的关键特性: 架构就是代码 执行计划 资源图 变更自动化
-
我正在尝试转换这个应用程序,它在docker内部用firefox打开一个url,并用ffmpeg推到rtmp。https://github.com/aws-samples/amazon-chime-live-events。使用了相同的dockerfile并为fargate部署制作了一个docker compose。
-
A curated list of guides, development tools, and resources for Amazon Elastic Container Service (ECS). This list includes both community created content as well as content created by AWS. Do you prefe
-
ECS Deploy ecs-deploy simplifies deployments on Amazon ECS by providing a convinience CLI tool for complex actions, which are executed pretty often. Key Features support for complex task definitions (
-
自动化部署使用 Terraform 在 Digital Ocean 上创建服务器,然后 Ansible 在这些服务器上创建和管理测试网络。 安装 注意:请参阅集成 bash 脚本,它可以在一个新的 DO 液滴上运行,并将自动启动一个 4 节点的测试网络。脚本或多或少完成了下面描述的所有工作。 在 Linux 机器上安装 Terraform 和 Ansible。 创建一个带读写能力的 Digital