{"id":19129405,"url":"https://github.com/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app","last_synced_at":"2026-04-14T07:33:49.315Z","repository":{"id":252307178,"uuid":"795229495","full_name":"launchbynttdata/tf-aws-module_collection-ecs_appmesh_app","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-07T16:56:48.000Z","size":315,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-22T16:55:42.253Z","etag":null,"topics":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-02T20:56:56.000Z","updated_at":"2025-01-14T14:32:40.000Z","dependencies_parsed_at":"2024-08-08T23:29:28.551Z","dependency_job_id":"1ff350e7-bfec-4ba3-8462-c1d3c00cadb3","html_url":"https://github.com/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app","commit_stats":null,"previous_names":["launchbynttdata/tf-aws-module_collection-ecs_appmesh_app"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31787011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-14T02:24:21.117Z","status":"ssl_error","status_checked_at":"2026-04-14T02:24:20.627Z","response_time":153,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","infrastructure-as-code","platform-automation","reference","terraform"],"created_at":"2024-11-09T06:07:24.756Z","updated_at":"2026-04-14T07:33:49.283Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-aws-module_collection-ecs_appmesh_app\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nThis terraform module creates a ECS App (ecs service) with App Mesh enabled. The following resources are created\n- Virtual Node\n- Virtual Service\n- ECS Task Definition\n- ECS Service\n- Task Role and Task Exec role for ECS Task\n- Security Group for ECS Service\n- Private Cert for TLS in Virtual Node\n- Virtual Gateway route (optional if ingress is needed)\n- Service Discovery Service\n\n### Dependencies\nThis module is dependent on `ecs_appmesh_platform` and `ecs_appmesh_ingress` modules. Those modules must be provisioned beforehand for this module to be provisioned\n\n## Usage\nA sample variable file [tfvars](sample-tfvars/app_w_tls_enabled.tfvars) is provided to test this module. User needs to follow the below steps to execute this module\n1. Update the tfvars file to manually enter values for all fields marked within `\u003c\u003e` to make the variable file usable\n2. Create a file `provider.tf` with the below contents\n   ```\n    provider \"aws\" {\n      profile = \"\u003cprofile_name\u003e\"\n      region  = \"\u003cregion_name\u003e\"\n    }\n    ```\n   If using `SSO`, make sure you are logged in `aws sso login --profile \u003cprofile_name\u003e`\n3. Make sure terraform binary is installed on your local. Use command `type terraform` to find the installation location. If you are using `asdf`, you can run `asfd install` and it will install the correct terraform version for you. `.tool-version` contains all the dependencies.\n4. Run the `terraform` to provision infrastructure on AWS\n    ```\n    # Initialize\n    terraform init\n    # Plan\n    terraform plan -var-file example.tfvars\n    # Apply (this is create the actual infrastructure)\n    terraform apply -var-file example.tfvars -auto-approve\n   ```\n\n## Known Issues\n\n1. Doesn't currently support creating `gateway routes` for multiple ports open in ECS Task. Gateway route will be created for the first port only.\n2. If the application port (var.app_ports) changes, then we need to destroy the module and recreate again. As we get an error while updating the virtual node listener that an existing gateway route is using the listener.\n   ```shell\n      Error: updating App Mesh Virtual Node (c3599c26-dbee-41d6-81ca-21018ff9bba4): BadRequestException: 1 Virtual Node listener(s) cannot be removed because they are targeted by existing Gateway Routes through Virtual Service provider. Listing up to 5 PortMappings: [(Port: 8080, Protocol: HTTP)]\n   ```\n\n## Pre-Commit hooks\n\n[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.\n\n`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:\n\n- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).\n- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).\n- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.\nfooters other than BREAKING CHANGE: \u003cdescription\u003e may be provided and follow a convention similar to git trailer format.\n- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)\n- **chore**: a commit of the type `chore` adds changes that don't modify src or test files\n- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)\n- **docs**: a commit of the type `docs` adds documentation only changes\n- **perf**: a commit of the type `perf` adds code change that improves performance\n- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature\n- **revert**: a commit of the type `revert` reverts a previous commit\n- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)\n- **test**: a commit of the type `test` adds missing tests or correcting existing tests\n\nBase configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)\n\nIf you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.\n\n`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS\n\nIn order for `pre-commit` hooks to work properly\n\n- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.\n- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below\n\n```\npre-commit install --hook-type commit-msg\n```\n\n## To test the resource group module locally\n\n1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.\n\n```\nmake configure\n```\n\nThis adds in several files and directories that are ignored by `git`. They expose many new Make targets.\n\n2. The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.\n\n`make configure` command will bring down `aws_env.sh` file on local workstation. Developer would need to modify this file, replace the environment variable values with relevant values.\n\nThese environment variables are used by `terratest` integration suit.\n\nThen run this make target to set the environment variables on developer workstation.\n\n```\nmake env\n```\n\n3. The first target you care about is `check`.\n\n**Pre-requisites**\nBefore running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `aws` specific. If primitive/segment under development uses any other cloud provider than AWS, this section may not be relevant.\n\n- A file named `provider.tf` with contents below\n\n```\nprovider \"aws\" {\n  profile = \"\u003cprofile_name\u003e\"\n  region  = \"\u003cregion_name\u003e\"\n}\n```\n\n- A file named `terraform.tfvars` which contains key value pair of variables used.\n\nNote that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.\n\nAfter creating these files, for running tests associated with the primitive/segment, run\n\n```\nmake check\n```\n\nIf `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.\n\n`make check` target\n\n- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.\n- runs `conftests`. `conftests` make sure `policy` checks are successful.\n- runs `terratest`. This is integration test suit.\n- runs `opa` tests\n\n# Know Issues\nCurrently, the `encrypt at transit` is not supported in terraform. There is an open issue for this logged with Hashicorp - https://github.com/hashicorp/terraform-provider-aws/pull/26987\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n\n## Providers\n\nNo providers.\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_resource_names\"\u003e\u003c/a\u003e [resource\\_names](#module\\_resource\\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~\u003e 2.0 |\n| \u003ca name=\"module_sds\"\u003e\u003c/a\u003e [sds](#module\\_sds) | terraform.registry.launch.nttdata.com/module_primitive/service_discovery_service/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_private_cert\"\u003e\u003c/a\u003e [private\\_cert](#module\\_private\\_cert) | terraform.registry.launch.nttdata.com/module_primitive/acm_private_cert/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_virtual_router\"\u003e\u003c/a\u003e [virtual\\_router](#module\\_virtual\\_router) | terraform.registry.launch.nttdata.com/module_primitive/virtual_router/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_virtual_route\"\u003e\u003c/a\u003e [virtual\\_route](#module\\_virtual\\_route) | terraform.registry.launch.nttdata.com/module_primitive/appmesh_route/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_virtual_node\"\u003e\u003c/a\u003e [virtual\\_node](#module\\_virtual\\_node) | terraform.registry.launch.nttdata.com/module_primitive/virtual_node/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_virtual_service\"\u003e\u003c/a\u003e [virtual\\_service](#module\\_virtual\\_service) | terraform.registry.launch.nttdata.com/module_primitive/virtual_service/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_gateway_route\"\u003e\u003c/a\u003e [gateway\\_route](#module\\_gateway\\_route) | terraform.registry.launch.nttdata.com/module_primitive/appmesh_gateway_route/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_ecs_task_execution_policy\"\u003e\u003c/a\u003e [ecs\\_task\\_execution\\_policy](#module\\_ecs\\_task\\_execution\\_policy) | cloudposse/iam-policy/aws | ~\u003e 0.4.0 |\n| \u003ca name=\"module_ecs_task_policy\"\u003e\u003c/a\u003e [ecs\\_task\\_policy](#module\\_ecs\\_task\\_policy) | cloudposse/iam-policy/aws | ~\u003e 0.4.0 |\n| \u003ca name=\"module_container_definitions\"\u003e\u003c/a\u003e [container\\_definitions](#module\\_container\\_definitions) | git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git | tags/0.59.0 |\n| \u003ca name=\"module_sg_ecs_service\"\u003e\u003c/a\u003e [sg\\_ecs\\_service](#module\\_sg\\_ecs\\_service) | terraform-aws-modules/security-group/aws | ~\u003e 4.17.1 |\n| \u003ca name=\"module_app_ecs_service\"\u003e\u003c/a\u003e [app\\_ecs\\_service](#module\\_app\\_ecs\\_service) | cloudposse/ecs-alb-service-task/aws | ~\u003e 0.76.0 |\n| \u003ca name=\"module_autoscaling_target\"\u003e\u003c/a\u003e [autoscaling\\_target](#module\\_autoscaling\\_target) | terraform.registry.launch.nttdata.com/module_primitive/autoscaling_target/aws | ~\u003e 1.0 |\n| \u003ca name=\"module_autoscaling_policies\"\u003e\u003c/a\u003e [autoscaling\\_policies](#module\\_autoscaling\\_policies) | terraform.registry.launch.nttdata.com/module_primitive/autoscaling_policy/aws | ~\u003e 1.0 |\n\n## Resources\n\nNo resources.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_logical_product_family\"\u003e\u003c/a\u003e [logical\\_product\\_family](#input\\_logical\\_product\\_family) | (Required) Name of the product family for which the resource is created.\u003cbr\u003e    Example: org\\_name, department\\_name. | `string` | `\"launch\"` | no |\n| \u003ca name=\"input_logical_product_service\"\u003e\u003c/a\u003e [logical\\_product\\_service](#input\\_logical\\_product\\_service) | (Required) Name of the product service for which the resource is created.\u003cbr\u003e    For example, backend, frontend, middleware etc. | `string` | `\"backend\"` | no |\n| \u003ca name=\"input_class_env\"\u003e\u003c/a\u003e [class\\_env](#input\\_class\\_env) | (Required) Environment where resource is going to be deployed. For example. dev, qa, uat | `string` | `\"dev\"` | no |\n| \u003ca name=\"input_instance_env\"\u003e\u003c/a\u003e [instance\\_env](#input\\_instance\\_env) | Number that represents the instance of the environment. | `number` | `0` | no |\n| \u003ca name=\"input_instance_resource\"\u003e\u003c/a\u003e [instance\\_resource](#input\\_instance\\_resource) | Number that represents the instance of the resource. | `number` | `0` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | AWS Region in which the infra needs to be provisioned | `string` | `\"us-east-2\"` | no |\n| \u003ca name=\"input_resource_names_map\"\u003e\u003c/a\u003e [resource\\_names\\_map](#input\\_resource\\_names\\_map) | A map of key to resource\\_name that will be used by tf-launch-module\\_library-resource\\_name to generate resource names | \u003cpre\u003emap(object(\u003cbr\u003e    {\u003cbr\u003e      name       = string\u003cbr\u003e      max_length = optional(number, 60)\u003cbr\u003e    }\u003cbr\u003e  ))\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"acm\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"acm\"\u003cbr\u003e  },\u003cbr\u003e  \"app_ecs_sg\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"appsg\"\u003cbr\u003e  },\u003cbr\u003e  \"ecs_app\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"svc\"\u003cbr\u003e  },\u003cbr\u003e  \"ecs_td\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"td\"\u003cbr\u003e  },\u003cbr\u003e  \"gateway_route\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"gwroute\"\u003cbr\u003e  },\u003cbr\u003e  \"router_route\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"vroute\"\u003cbr\u003e  },\u003cbr\u003e  \"service_discovery_service\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"vsvc\"\u003cbr\u003e  },\u003cbr\u003e  \"task_exec_policy\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"execplcy\"\u003cbr\u003e  },\u003cbr\u003e  \"task_exec_role\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"execrole\"\u003cbr\u003e  },\u003cbr\u003e  \"task_policy\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"taskplcy\"\u003cbr\u003e  },\u003cbr\u003e  \"task_role\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"taskrole\"\u003cbr\u003e  },\u003cbr\u003e  \"virtual_node\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"vnode\"\u003cbr\u003e  },\u003cbr\u003e  \"virtual_router\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"vrouter\"\u003cbr\u003e  },\u003cbr\u003e  \"virtual_service\": {\u003cbr\u003e    \"max_length\": 60,\u003cbr\u003e    \"name\": \"vsvc\"\u003cbr\u003e  }\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | The VPC ID of the VPC where infrastructure will be provisioned | `string` | n/a | yes |\n| \u003ca name=\"input_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#input\\_private\\_subnets) | List of private subnets | `list(string)` | n/a | yes |\n| \u003ca name=\"input_namespace_name\"\u003e\u003c/a\u003e [namespace\\_name](#input\\_namespace\\_name) | Namespace name of the CloudMap namespace which the Virtual Node references. | `string` | n/a | yes |\n| \u003ca name=\"input_namespace_id\"\u003e\u003c/a\u003e [namespace\\_id](#input\\_namespace\\_id) | ID of the CloudMap namespace in which SDS to be created. | `string` | n/a | yes |\n| \u003ca name=\"input_app_mesh_id\"\u003e\u003c/a\u003e [app\\_mesh\\_id](#input\\_app\\_mesh\\_id) | Id/Name of the App Mesh | `string` | n/a | yes |\n| \u003ca name=\"input_virtual_gateway_name\"\u003e\u003c/a\u003e [virtual\\_gateway\\_name](#input\\_virtual\\_gateway\\_name) | Name of the Virtual gateway in which gateway route will be created | `string` | n/a | yes |\n| \u003ca name=\"input_private_ca_arn\"\u003e\u003c/a\u003e [private\\_ca\\_arn](#input\\_private\\_ca\\_arn) | ARN of the Private CA. This is used to sign private certificates used in App Mesh. Required when TLS is enabled in App Mesh | `string` | `\"\"` | no |\n| \u003ca name=\"input_tls_enforce\"\u003e\u003c/a\u003e [tls\\_enforce](#input\\_tls\\_enforce) | Whether to enforce TLS in App Mesh Virtual Service/Node | `bool` | `true` | no |\n| \u003ca name=\"input_enable_virtual_router\"\u003e\u003c/a\u003e [enable\\_virtual\\_router](#input\\_enable\\_virtual\\_router) | Whether to create a Virtual Router and route traffic to virtual Node via it | `bool` | `true` | no |\n| \u003ca name=\"input_router_retry_policy\"\u003e\u003c/a\u003e [router\\_retry\\_policy](#input\\_router\\_retry\\_policy) | Rules for retry policies to be applied to this route | \u003cpre\u003eobject({\u003cbr\u003e    http_retry_events = list(string)\u003cbr\u003e    max_retries       = number\u003cbr\u003e    per_entry_timeout = object({\u003cbr\u003e      unit  = string\u003cbr\u003e      value = number\u003cbr\u003e    })\u003cbr\u003e    tcp_retry_events = list(string)\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_app_ports\"\u003e\u003c/a\u003e [app\\_ports](#input\\_app\\_ports) | The port(s) at which the application is running, used as listeners in Virtual Node. | `list(number)` | n/a | yes |\n| \u003ca name=\"input_virtual_node_app_health_check_path\"\u003e\u003c/a\u003e [virtual\\_node\\_app\\_health\\_check\\_path](#input\\_virtual\\_node\\_app\\_health\\_check\\_path) | Path in the app for Virtual Node to perform health check.\u003cbr\u003e    If empty, then no health check is configured on the Virtual Node\u003cbr\u003e    Note: Virtual node just logs the health check output to envoy proxy logs, but doesn't evict\u003cbr\u003e    the unhealthy containers. | `string` | `\"/\"` | no |\n| \u003ca name=\"input_idle_duration\"\u003e\u003c/a\u003e [idle\\_duration](#input\\_idle\\_duration) | Idle duration for all the listeners | \u003cpre\u003eobject({\u003cbr\u003e    unit  = string\u003cbr\u003e    value = number\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_per_request_timeout\"\u003e\u003c/a\u003e [per\\_request\\_timeout](#input\\_per\\_request\\_timeout) | Per Request timeout for all the listeners | \u003cpre\u003eobject({\u003cbr\u003e    unit  = string\u003cbr\u003e    value = number\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_print_container_json\"\u003e\u003c/a\u003e [print\\_container\\_json](#input\\_print\\_container\\_json) | Print the container JSON object as output. Useful for debugging | `bool` | `false` | no |\n| \u003ca name=\"input_ecs_cluster_arn\"\u003e\u003c/a\u003e [ecs\\_cluster\\_arn](#input\\_ecs\\_cluster\\_arn) | (Required) ARN of the ECS Fargate cluster in which the service is to be deployed | `string` | n/a | yes |\n| \u003ca name=\"input_app_image_tag\"\u003e\u003c/a\u003e [app\\_image\\_tag](#input\\_app\\_image\\_tag) | (Required) The docker image of the application in the format \u003cdocker\\_image\u003e:\u003ctag\u003e | `string` | n/a | yes |\n| \u003ca name=\"input_app_environment\"\u003e\u003c/a\u003e [app\\_environment](#input\\_app\\_environment) | Environment variables to be injected into the application containers | `map(string)` | `{}` | no |\n| \u003ca name=\"input_app_secrets\"\u003e\u003c/a\u003e [app\\_secrets](#input\\_app\\_secrets) | Secrets to be injected into the application containers. Map of secret Manager ARNs | `map(string)` | `{}` | no |\n| \u003ca name=\"input_autoscaling_enabled\"\u003e\u003c/a\u003e [autoscaling\\_enabled](#input\\_autoscaling\\_enabled) | Flag to determine if auto scaling is enabled for the application | `bool` | `false` | no |\n| \u003ca name=\"input_min_capacity\"\u003e\u003c/a\u003e [min\\_capacity](#input\\_min\\_capacity) | Min capacity of the scalable target. | `number` | `1` | no |\n| \u003ca name=\"input_max_capacity\"\u003e\u003c/a\u003e [max\\_capacity](#input\\_max\\_capacity) | Max capacity of the scalable target. | `number` | `4` | no |\n| \u003ca name=\"input_autoscaling_policies\"\u003e\u003c/a\u003e [autoscaling\\_policies](#input\\_autoscaling\\_policies) | A map of autoscaling policies to be created for this ECS Service\u003cbr\u003e    The `predefined_metric_type` must be ECSServiceAverageCPUUtilization or ECSServiceAverageMemoryUtilization\u003cbr\u003e    `target_value` is the threshold for the metric at which the auto-scaling will be triggerred.\u003cbr\u003e    `scale_in_cooldown` and `scale_out_cooldown` respectively are amount of time, in seconds, after a scale in activity\u003cbr\u003e      completes before another scale in activity can start. | \u003cpre\u003emap(object({\u003cbr\u003e    predefined_metric_type = string\u003cbr\u003e    target_value           = string\u003cbr\u003e    scale_in_cooldown      = optional(string, 60)\u003cbr\u003e    scale_out_cooldown     = optional(string, 60)\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_app_health_check_path\"\u003e\u003c/a\u003e [app\\_health\\_check\\_path](#input\\_app\\_health\\_check\\_path) | A path of the health endpoint inside the container for Container level health check. Example. `/health`.\u003cbr\u003e    The complete health check would be http://localhost:\u003ccontainer\\_port\u003e/health\u003cbr\u003e    By default is no health check configured | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_health_check_options\"\u003e\u003c/a\u003e [app\\_health\\_check\\_options](#input\\_app\\_health\\_check\\_options) | Health Check options for the app container. Applicable only when the app\\_health\\_check\\_path is configured | \u003cpre\u003eobject({\u003cbr\u003e    retries     = number\u003cbr\u003e    timeout     = number\u003cbr\u003e    interval    = number\u003cbr\u003e    startPeriod = number\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"interval\": 5,\u003cbr\u003e  \"retries\": 3,\u003cbr\u003e  \"startPeriod\": 300,\u003cbr\u003e  \"timeout\": 2\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_ecs_security_group\"\u003e\u003c/a\u003e [ecs\\_security\\_group](#input\\_ecs\\_security\\_group) | Security group for the  ECS application. Must allow the ingress from the virtual gateway on app port | \u003cpre\u003eobject({\u003cbr\u003e    ingress_rules            = optional(list(string))\u003cbr\u003e    ingress_cidr_blocks      = optional(list(string))\u003cbr\u003e    ingress_with_cidr_blocks = optional(list(map(string)))\u003cbr\u003e    egress_rules             = optional(list(string))\u003cbr\u003e    egress_cidr_blocks       = optional(list(string))\u003cbr\u003e    egress_with_cidr_blocks  = optional(list(map(string)))\u003cbr\u003e    ingress_with_sg          = optional(list(map(string)))\u003cbr\u003e    egress_with_sg           = optional(list(map(string)))\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_ecs_exec_role_custom_policy_json\"\u003e\u003c/a\u003e [ecs\\_exec\\_role\\_custom\\_policy\\_json](#input\\_ecs\\_exec\\_role\\_custom\\_policy\\_json) | Custom policy to attach to ecs task execution role. Document must be valid json. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ecs_role_custom_policy_json\"\u003e\u003c/a\u003e [ecs\\_role\\_custom\\_policy\\_json](#input\\_ecs\\_role\\_custom\\_policy\\_json) | Custom policy to attach to ecs task role. Document must be valid json. | `string` | `\"\"` | no |\n| \u003ca name=\"input_envoy_proxy_image\"\u003e\u003c/a\u003e [envoy\\_proxy\\_image](#input\\_envoy\\_proxy\\_image) | Optional docker image of the envoy proxy in the format `\u003cdocker_image\u003e:\u003ctag\u003e`\u003cbr\u003e    Default is `840364872350.dkr.ecr.us-east-2.amazonaws.com/aws-appmesh-envoy:v1.25.4.0-prod` | `string` | `\"\"` | no |\n| \u003ca name=\"input_ignore_changes_task_definition\"\u003e\u003c/a\u003e [ignore\\_changes\\_task\\_definition](#input\\_ignore\\_changes\\_task\\_definition) | Lifecycle ignore policy for task definition. If true, terraform won't detect changes when task\\_definition is changed outside of terraform | `bool` | `false` | no |\n| \u003ca name=\"input_assign_public_ip\"\u003e\u003c/a\u003e [assign\\_public\\_ip](#input\\_assign\\_public\\_ip) | If true, public IP will be assigned to this service task, else private IP | `bool` | `false` | no |\n| \u003ca name=\"input_ignore_changes_desired_count\"\u003e\u003c/a\u003e [ignore\\_changes\\_desired\\_count](#input\\_ignore\\_changes\\_desired\\_count) | Lifecycle ignore policy for desired\\_count. If true, terraform won't detect changes when desired\\_count is changed outside of terraform | `bool` | `false` | no |\n| \u003ca name=\"input_task_cpu\"\u003e\u003c/a\u003e [task\\_cpu](#input\\_task\\_cpu) | Amount of CPU to be allocated to the task | `number` | `512` | no |\n| \u003ca name=\"input_task_memory\"\u003e\u003c/a\u003e [task\\_memory](#input\\_task\\_memory) | Amount of Memory to be allocated to the task | `number` | `1024` | no |\n| \u003ca name=\"input_health_check_grace_period_seconds\"\u003e\u003c/a\u003e [health\\_check\\_grace\\_period\\_seconds](#input\\_health\\_check\\_grace\\_period\\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |\n| \u003ca name=\"input_deployment_minimum_healthy_percent\"\u003e\u003c/a\u003e [deployment\\_minimum\\_healthy\\_percent](#input\\_deployment\\_minimum\\_healthy\\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no |\n| \u003ca name=\"input_deployment_maximum_percent\"\u003e\u003c/a\u003e [deployment\\_maximum\\_percent](#input\\_deployment\\_maximum\\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no |\n| \u003ca name=\"input_desired_count\"\u003e\u003c/a\u003e [desired\\_count](#input\\_desired\\_count) | The number of instances of the task definition to place and keep running | `number` | `1` | no |\n| \u003ca name=\"input_deployment_controller_type\"\u003e\u003c/a\u003e [deployment\\_controller\\_type](#input\\_deployment\\_controller\\_type) | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | `string` | `\"ECS\"` | no |\n| \u003ca name=\"input_wait_for_steady_state\"\u003e\u003c/a\u003e [wait\\_for\\_steady\\_state](#input\\_wait\\_for\\_steady\\_state) | If true, it will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing | `bool` | `false` | no |\n| \u003ca name=\"input_redeploy_on_apply\"\u003e\u003c/a\u003e [redeploy\\_on\\_apply](#input\\_redeploy\\_on\\_apply) | Redeploys the service everytime a terraform apply is executed. force\\_new\\_deployment should also be true for this flag to work | `bool` | `false` | no |\n| \u003ca name=\"input_force_new_deployment\"\u003e\u003c/a\u003e [force\\_new\\_deployment](#input\\_force\\_new\\_deployment) | Enable to force a new task deployment of the service when terraform apply is executed. | `bool` | `false` | no |\n| \u003ca name=\"input_create_gateway_route\"\u003e\u003c/a\u003e [create\\_gateway\\_route](#input\\_create\\_gateway\\_route) | Whether to create an ingress Virtual Gateway route into the ECS application. Default is true\u003cbr\u003e    Ingress route can be created in two ways:\u003cbr\u003e    - Path matching: The incoming request is checked for a particular path prefix (example: `/app1`) and based on this,\u003cbr\u003e      routed to the respective backend virtual service. If this routing is selected, var.match\\_path\\_prefix is mandatory\u003cbr\u003e    - Hostname matching: The incoming request is checked for a particular HostName header (example: `app1.demo.com`\u003cbr\u003e      and based on which is routed to the respective backend virtual service. If this routing is selected,\u003cbr\u003e      either var.match\\_hostname\\_exact or var.match\\_hostname\\_regex is mandatory | `bool` | `true` | no |\n| \u003ca name=\"input_match_path_prefix\"\u003e\u003c/a\u003e [match\\_path\\_prefix](#input\\_match\\_path\\_prefix) | Gateway route match path prefix. Default is `/`. Conflicts with var.match\\_path\\_exact and var.match\\_path\\_regex\u003cbr\u003e\u003cbr\u003e    This is the path prefix to match the incoming request in the ingress url. For example, if the match\\_path\\_prefix = /test/,\u003cbr\u003e    then the request /test/a/b/test.html will be forwarded to the backend as /a/b/test.html | `string` | `\"/\"` | no |\n| \u003ca name=\"input_rewrite_prefix\"\u003e\u003c/a\u003e [rewrite\\_prefix](#input\\_rewrite\\_prefix) | Rewrite the prefix before sending the request to the backend. The supplied prefix will be prepended\u003cbr\u003e    For example if the rewrite\\_prefix = /test/, then the request /a/b/test.html will be forwarded to the backend\u003cbr\u003e    as /test/a/b/test.html | `string` | `\"\"` | no |\n| \u003ca name=\"input_match_hostname_exact\"\u003e\u003c/a\u003e [match\\_hostname\\_exact](#input\\_match\\_hostname\\_exact) | Gateway route match exact hostname. Conflicts with var.match\\_hostname\\_suffix | `string` | `null` | no |\n| \u003ca name=\"input_match_hostname_suffix\"\u003e\u003c/a\u003e [match\\_hostname\\_suffix](#input\\_match\\_hostname\\_suffix) | Gateway route match hostname suffix. Specified ending characters of the host name to match on.\u003cbr\u003e    Conflicts with var.match\\_hostname\\_exact\u003cbr\u003e    Example: *.abc.com | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Map of tags to be associated with the resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_opentelemetry_config_file_contents\"\u003e\u003c/a\u003e [opentelemetry\\_config\\_file\\_contents](#input\\_opentelemetry\\_config\\_file\\_contents) | OpenTelemetry Configuration file contents | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_mounts\"\u003e\u003c/a\u003e [app\\_mounts](#input\\_app\\_mounts) | Mount points for the application container | \u003cpre\u003elist(object({\u003cbr\u003e    containerPath = string\u003cbr\u003e    readOnly      = optional(bool, false)\u003cbr\u003e    sourceVolume  = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_bind_mount_volumes\"\u003e\u003c/a\u003e [bind\\_mount\\_volumes](#input\\_bind\\_mount\\_volumes) | Extra bind mount volumes to be created for this task | `list(object({ name = string }))` | `[]` | no |\n| \u003ca name=\"input_extra_containers\"\u003e\u003c/a\u003e [extra\\_containers](#input\\_extra\\_containers) | Specifications for containers to be launched in ECS for this task alongside the main app and envoy proxy containers | \u003cpre\u003elist(object({\u003cbr\u003e    name                     = string\u003cbr\u003e    image_tag                = string\u003cbr\u003e    command                  = optional(list(string), [])\u003cbr\u003e    essential                = optional(bool, false)\u003cbr\u003e    cpu                      = optional(number, 0)\u003cbr\u003e    memory                   = optional(number, null)\u003cbr\u003e    memory_reservation       = optional(number, null)\u003cbr\u003e    readonly_root_filesystem = optional(bool, false)\u003cbr\u003e    environment              = optional(map(string), null)\u003cbr\u003e    secrets                  = optional(map(string), null)\u003cbr\u003e    mount_points = optional(list(object({\u003cbr\u003e      containerPath = optional(string)\u003cbr\u003e      readOnly      = optional(bool, false)\u003cbr\u003e      sourceVolume  = optional(string)\u003cbr\u003e    })), [])\u003cbr\u003e    port_mappings = optional(list(object({\u003cbr\u003e      containerPort = number\u003cbr\u003e      hostPort      = optional(number)\u003cbr\u003e      protocol      = optional(string, \"tcp\")\u003cbr\u003e    })), [])\u003cbr\u003e    healthcheck = optional(object({\u003cbr\u003e      retries     = number\u003cbr\u003e      command     = list(string)\u003cbr\u003e      timeout     = number\u003cbr\u003e      interval    = number\u003cbr\u003e      startPeriod = number\u003cbr\u003e    }), null)\u003cbr\u003e    user = optional(string, null)\u003cbr\u003e    depends_on = optional(list(object({\u003cbr\u003e      containerName = string\u003cbr\u003e      condition     = string\u003cbr\u003e    })), [])\u003cbr\u003e    log_configuration = optional(object({\u003cbr\u003e      logDriver = optional(string, \"awslogs\")\u003cbr\u003e      options = object({\u003cbr\u003e        awslogs-group         = string\u003cbr\u003e        awslogs-region        = string\u003cbr\u003e        awslogs-create-group  = optional(string, \"true\")\u003cbr\u003e        awslogs-stream-prefix = string\u003cbr\u003e      })\u003cbr\u003e    }), null)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_app_depends_on_extra\"\u003e\u003c/a\u003e [app\\_depends\\_on\\_extra](#input\\_app\\_depends\\_on\\_extra) | Extra containers on which the main app should depend in order to start | \u003cpre\u003elist(object({\u003cbr\u003e    containerName = string\u003cbr\u003e    condition     = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_resource_names\"\u003e\u003c/a\u003e [resource\\_names](#output\\_resource\\_names) | A map of resource\\_name\\_types to generated resource names used in this module |\n| \u003ca name=\"output_ecs_sg_id\"\u003e\u003c/a\u003e [ecs\\_sg\\_id](#output\\_ecs\\_sg\\_id) | The ID of the ECS Security Group |\n| \u003ca name=\"output_virtual_node_id\"\u003e\u003c/a\u003e [virtual\\_node\\_id](#output\\_virtual\\_node\\_id) | ID of the Virtual Node created for the application |\n| \u003ca name=\"output_virtual_service_id\"\u003e\u003c/a\u003e [virtual\\_service\\_id](#output\\_virtual\\_service\\_id) | ID of the Virtual Service created for the application |\n| \u003ca name=\"output_virtual_node_arn\"\u003e\u003c/a\u003e [virtual\\_node\\_arn](#output\\_virtual\\_node\\_arn) | ARN of the Virtual Node created for the application |\n| \u003ca name=\"output_virtual_service_arn\"\u003e\u003c/a\u003e [virtual\\_service\\_arn](#output\\_virtual\\_service\\_arn) | ARN of the Virtual Service created for the application |\n| \u003ca name=\"output_task_definition_name\"\u003e\u003c/a\u003e [task\\_definition\\_name](#output\\_task\\_definition\\_name) | Task Definition family of the ECS App |\n| \u003ca name=\"output_task_definition_version\"\u003e\u003c/a\u003e [task\\_definition\\_version](#output\\_task\\_definition\\_version) | Task Definition revision of the ECS App |\n| \u003ca name=\"output_task_role_arn\"\u003e\u003c/a\u003e [task\\_role\\_arn](#output\\_task\\_role\\_arn) | Task Exec role ARN of the ECS App |\n| \u003ca name=\"output_task_exec_role_arn\"\u003e\u003c/a\u003e [task\\_exec\\_role\\_arn](#output\\_task\\_exec\\_role\\_arn) | Task role ARN of the ECS App |\n| \u003ca name=\"output_virtual_gateway_route_arn\"\u003e\u003c/a\u003e [virtual\\_gateway\\_route\\_arn](#output\\_virtual\\_gateway\\_route\\_arn) | ARN of the Virtual Gateway route for the application |\n| \u003ca name=\"output_virtual_gateway_route_id\"\u003e\u003c/a\u003e [virtual\\_gateway\\_route\\_id](#output\\_virtual\\_gateway\\_route\\_id) | ID of the Virtual Gateway route for the application |\n| \u003ca name=\"output_virtual_router_id\"\u003e\u003c/a\u003e [virtual\\_router\\_id](#output\\_virtual\\_router\\_id) | ID of the Virtual Router (if enabled) |\n| \u003ca name=\"output_virtual_router_arn\"\u003e\u003c/a\u003e [virtual\\_router\\_arn](#output\\_virtual\\_router\\_arn) | ARN of the Virtual Router (if enabled) |\n| \u003ca name=\"output_virtual_router_name\"\u003e\u003c/a\u003e [virtual\\_router\\_name](#output\\_virtual\\_router\\_name) | Name of the Virtual Router (if enabled) |\n| \u003ca name=\"output_virtual_router_route_arn\"\u003e\u003c/a\u003e [virtual\\_router\\_route\\_arn](#output\\_virtual\\_router\\_route\\_arn) | ARN of the Virtual Router route (if enabled) |\n| \u003ca name=\"output_virtual_router_route_id\"\u003e\u003c/a\u003e [virtual\\_router\\_route\\_id](#output\\_virtual\\_router\\_route\\_id) | ID of the Virtual Router route (if enabled) |\n| \u003ca name=\"output_container_json\"\u003e\u003c/a\u003e [container\\_json](#output\\_container\\_json) | Container json for the ECS Task Definition |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_collection-ecs_appmesh_app/lists"}