This is a highly-opinionated ECS Service module for the Synapse Platform. It currently does NOT support blue-green deploys, autoscaling, customizing container sizes, or sidecar containers. It is also overly restrictive with the task role permissions.
Currently we're aware of a bug occurring when trying to change container ports. If you change the container port, the service will not be able to start up due to an association bug between the load balancer target group health check and the ECS service. To correctly update the container port, you must first destroy the service, then update the container port, then re-create the service manually. This is a known issue with Terraform and AWS.
You can do this by commenting out the entire module, running a terraform apply, then uncommenting the module and running a terraform apply again after you've updated the container port.
| Name | Version |
|---|---|
| aws | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| Name | Source | Version |
|---|---|---|
| database | ./rds_cluster | n/a |
| service_container_definition | cloudposse/ecs-container-definition/aws | 0.60.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.service | resource |
| aws_ecs_service.this | resource |
| aws_ecs_task_definition.service | resource |
| aws_iam_role.ecs_task_execution_role | resource |
| aws_iam_role.ecs_task_role | resource |
| aws_iam_role_policy_attachment.cognito | resource |
| aws_iam_role_policy_attachment.ecs_task_execution_role | resource |
| aws_iam_role_policy_attachment.s3 | resource |
| aws_iam_role_policy_attachment.secrets_manager | resource |
| aws_iam_role_policy_attachment.ses | resource |
| aws_lb_listener_rule.this | resource |
| aws_lb_target_group.this | resource |
| aws_security_group.ecs_task | resource |
| aws_security_group_rule.ecs_task_alb_access | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_ecs_role_policy | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alb_security_group_id | Security Group ID for the ALB | string |
n/a | yes |
| assign_public_ip | Whether or not to assign a public IP to the task | bool |
false |
no |
| azs | Availability zones | list(string) |
n/a | yes |
| cluster_arn | ECS cluster to deploy into | string |
n/a | yes |
| command | Container startup command (Use null if container_definitions is set) | list(string) |
n/a | yes |
| container_definitions | A list of valid container definitions provided as a single valid JSON document. By default, this module will generate a container definition for you. If you need to provide your own or have multiple, you can do so here. | string |
null |
no |
| container_image | Image tag of the Docker container to use for this service (Use null if container_definitions is set) | string |
n/a | yes |
| container_port | Port exposed by the container | number |
n/a | yes |
| container_secrets | The Secrets to Pass to the container. (Do not use if container_definitions is set) | list(object({ |
[] |
no |
| db_instance_class | Size of instances within the RDS cluster | string |
"db.t4g.medium" |
no |
| db_instance_count | How many RDS instances to create | number |
1 |
no |
| db_name | Name of the postgres database to create, if creating an RDS cluster | string |
"main" |
no |
| ecs_desired_count | How many tasks to launch in ECS service | number |
1 |
no |
| environment_variables | The environment variables to pass to the container. This is a list of maps. (Do not use if container_definitions is set) | list(object({ |
[] |
no |
| health_check_path | Path to use for health checks | string |
n/a | yes |
| host_port | Port exposed by the host (Do not use if container_definitions is set) | number |
null |
no |
| hostname | Hostname to use for listener rule | string |
n/a | yes |
| listener_arn | ALB listener ARN to add listener rule to | string |
n/a | yes |
| load_balancer_container_name | Container name to use for load balancer target group forwarder | string |
null |
no |
| service_name | Service directory in the application git repo | string |
n/a | yes |
| subnets | List of subnet names the service will reside on. | list(string) |
n/a | yes |
| task_cpu | Task CPU | number |
1024 |
no |
| task_memory | Task memory | number |
2048 |
no |
| use_database_cluster | Whether or not we should create a DB cluster and inject the database connection string into the container | bool |
n/a | yes |
| vpc_id | VPC to deploy into | string |
n/a | yes |
| Name | Description |
|---|---|
| log_group_name | n/a |