INF-tf-ecs

Terraform module for setting up a ECS Cluster

NOTE: currently it's only possible to deploy the cluster on EC2 instances, which are created and provisioned by this module

NOTE: the EC2 deployment works with a autoscaling group, so some changes are not applied to the machines until they are recreated by the ASG

This project is internal open source and currently maintained by the INF.

Requirements

The following requirements are needed by this module:

• terraform (>= 0.12)

Providers

The following providers are used by this module:

• aws

• template

Required Inputs

The following input variables are required:

ami_id

Description: 'the ami id to use for the instances'

Type: string

desired_capacity

Description: the ASG desired_capacity of the EC2 machines (number of hosts which should be running)

Type: string

environment

Description: the environment this cluster is running in (e.g. 'testing')

Type: string

max_size

Description: the ASG max_size of the EC2 machines

Type: string

min_size

Description: the ASG min_size of the EC2 machines

Type: string

squad

Description: the owner of this cluster

Type: string

subnet_ids_cluster

Description: a list of subnet ids in which the ASG deploys to

Type: list(string)

vpc_id

Description: the VPC the ASG should be deployed in

Type: string

Optional Inputs

The following input variables are optional (have default values):

alb_instance_sgs

Description: SGs which are beeing added to the instances (DEPRECATED, use allow_to_sgs from now on)

Type: list(string)

Default: []

allow_to_sgs

Description: a new rule is beeing added to the provided list of security groups which allows the EC2 instances access to a specififed port, e.G. : ["${var.sg_name},6379"]

Type: list(string)

Default: []

availability_zones

Description: unused (DEPRECATED)

Type: list

Default:

[
  "a",
  "b",
  "c"
]

datadog_api_key

Description: if the datadog_api_key variable is set a single datadog agent task definition is deployed on every EC2 machine for metrics and log gathering

Type: string

Default: ""

docker_registry_config

Description: Set Docker registry authentication information used by ECS. In dependendcy of ecs_engine_auth_type set this map like: 1. for dockercfg: "repository" = "auth,email" 1. for docker "repository" = "username,password,email" 1. for jfrog "repository" = "token,username"

see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html

Type: map(string)

Default: {}

ecs_engine_auth_type

Description: Set Docker registry authentication type information used by ECS. Valid values are: - dockercfg - docker - jfrog

See:
  https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html

Type: string

Default: ""

health_check_type

Description: the ASG health_check_type of the EC2 machines

Type: string

Default: "ELB"

instance_ssh_cidr_blocks

Description: a list of CIDR blocks which are allowed ssh access, since it's internal no restriction is needed

Type: list(string)

Default:

[
  "0.0.0.0/0"
]

instance_tags

Description: Tags to be added to each EC2 instances part of the cluster. This must be a list like this [{ key = "InstallCW" value = "true" propagate_at_launch = true }, { key = "test" value = "Test2" propagate_at_launch = true }]

Type:

list(object({
    key                 = string
    value               = string
    propagate_at_launch = bool
  }))

Default: []

instance_type

Description: the EC2 instance type which shuld be spawend

Type: string

Default: "t2.small"

instance_volume_size

Description: the instance volume size

Type: string

Default: "64"

instance_volume_type

Description: the instance volume type

Type: string

Default: "gp2"

root_volume_size

Description: the instance root device volume size

Type: string

Default: "20"

root_volume_type

Description: the instance root device volume type

Type: string

Default: "gp2"

ssh_key_name

Description: the ssh_key_name which is used as the EC2 Key Name

Type: string

Default: ""

tags

Description: common tags to add to the ressources

Type: map(string)

Default: {}

Outputs

The following outputs are exported:

ecs_cluster_id

Description: id of the cluster

ecs_cluster_name

Description: name of the cluster

ecs_cluster_sg

Description: security group of the cluster

log_retention

Description: Log retention in days

Type: number

Default: 30

Usage

module "ecs" {
  source      = "github.com/ryte/INF-tf-ecs?ref=v0.2.6"
  tags        = local.common_tags
  environment = var.environment
  squad       = var.squad

  ami_id = data.terraform_remote_state.ami.ecs_optimized

  subnet_ids_cluster = data.terraform_remote_state.vpc.subnet_private

  instance_type    = "t2.medium"
  desired_capacity = 3
  max_size         = 5
  min_size         = 1
  root_volume_size = 20
  instance_ssh_cidr_blocks = var.instance_ssh_cidr_blocks

  allow_to_sgs = [
    "${data.terraform_remote_state.cache.authentication_redis_sg},6379"
  ]

  ssh_key_name = var.ssh_key_name

  // set tag for SSH key deployment via SSM
  instance_tags = [{
    key                 = "SSM-sshkeys-ecs"
    value               = "true"
    propagate_at_launch = true
  }]

  ecs_engine_auth_type = "dockercfg"

  docker_registry_config = {
    "ryte-docker.jfrog.io" = "<token>,<user>"
  }

  datadog_api_key = var.datadog_api_key

  vpc_id = data.terraform_remote_state.vpc.vpc_id
}

Authors

• Armin Grodon
• Markus Schmid

Changelog

• 0.2.7 - Add custom value for log retention
• 0.2.6 - Enable AWS ECS metadata file
• 0.2.5 - Enable Datadog to collect APM logs
• 0.2.4 - Removed deprecated null_data_source
• 0.2.3 - Add variable environment and squad instead of reading from tags
• 0.2.2 - Datadog enriched live containers view with process list
• 0.2.1 - Remove redis-cli from ECS hosts
• 0.2.0 - Upgrade to terraform 0.12.x
• 0.1.5 - Remove redis-cli from ECS hosts (backport)
• 0.1.4 - Extend root block device
• 0.1.3 - Fix Datadog-agent writing inside container
• 0.1.2 - Enable Dogstatsd non_local_traffic
• 0.1.1 - Datadog-agent enabled Dogstatsd
• 0.1.0 - Initial release.

License

This software is released under the MIT License (see LICENSE).