{"id":29943335,"url":"https://github.com/sourcefuse/terraform-aws-arc-backstage-ecs-app","last_synced_at":"2026-02-10T15:08:03.987Z","repository":{"id":148505260,"uuid":"620524520","full_name":"sourcefuse/terraform-aws-arc-backstage-ecs-app","owner":"sourcefuse","description":null,"archived":false,"fork":false,"pushed_at":"2024-08-01T09:21:24.000Z","size":172,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-08-01T05:55:58.117Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcefuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-28T21:17:46.000Z","updated_at":"2024-08-01T09:21:07.000Z","dependencies_parsed_at":"2023-05-20T10:15:28.251Z","dependency_job_id":"d20eaa49-6a62-4013-ab46-9e333475046b","html_url":"https://github.com/sourcefuse/terraform-aws-arc-backstage-ecs-app","commit_stats":null,"previous_names":["sourcefuse/terraform-aws-arc-backstage-ecs-app"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/sourcefuse/terraform-aws-arc-backstage-ecs-app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-backstage-ecs-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-backstage-ecs-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-backstage-ecs-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-backstage-ecs-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcefuse","download_url":"https://codeload.github.com/sourcefuse/terraform-aws-arc-backstage-ecs-app/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-backstage-ecs-app/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29303419,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T14:34:17.295Z","status":"ssl_error","status_checked_at":"2026-02-10T14:33:22.845Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-03T02:15:02.224Z","updated_at":"2026-02-10T15:08:03.982Z","avatar_url":"https://github.com/sourcefuse.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [arc-backstage-ecs-app](https://github.com/sourcefuse/arc-backstage-ecs-app)\n\n## Overview\n\nTerraform Module to run Backstage as an ECS app.\n\nUpstream dependencies:\n\n* PostgreSQL Database and Service Account. See the [Backstage Docs](https://backstage.io/docs/getting-started/configuration/) for more info. See our [ARC DB module](https://github.com/sourcefuse/terraform-aws-ref-arch-db) for the simplest set up.\n* ECS Cluster with an already configured HTTPS listener for an ALB. See our [ARC ECS module](https://github.com/sourcefuse/terraform-aws-refarch-ecs) for the simplest integration.\n* Route53 Zone for an A record for Backstage\n* Backstage image that can be pulled from ECR or DockerHub. Private DockerHub registries will require additional configuraiton.\n* Secret in secrets manager with the following properties.\n```json\n{\n  \"ENABLE_GITHUB_SYNC\": \"\u003c\u003cTo enable Github sync while bootstrap\u003e\u003e\",\n  \"POSTGRES_USER\": \"\u003c\u003cBackstage PostgreSQL service account username\u003e\u003e\",\n  \"POSTGRES_PASSWORD\": \"\u003c\u003cBackstage PostgreSQL account password\u003e\u003e\",\n  \"GITHUB_TOKEN\": \"\u003c\u003cGitHub PAT for API access\u003e\u003e\",\n  \"GITHUB_CLIENT_ID\": \"\u003c\u003cGitHub OAuth 2.0 client ID\u003e\u003e\",\n  \"GITHUB_CLIENT_SECRET\": \"\u003c\u003cGitHub OAuth 2.0 client ID\u003e\u003e\",\n  \"POSTGRES_HOST\": \"\u003c\u003cPostgreSQL Host\u003e\u003e\",\n  \"POSTGRES_PORT\": \"\u003c\u003cPostgreSQL Port\u003e\u003e\"\n}\n\n```\n![Example Architecture](./static/arc_backstage.png)\n## Usage\n**Note**: the example below is does not have a pinned version. Be sure to pin your version. Refer to the `example` folder for a working example version.\n```hcl\nmodule \"backstage\" {\n source                = \"git::https://github.com/sourcefuse/arc-backstage-ecs-app\"\n  alb_dns_name          = module.ecs.alb_dns_name\n  alb_zone_id           = module.ecs.alb_dns_zone_id\n  app_host_name         = var.app_host_name\n  cluster_id            = module.ecs.cluster_id\n  cluster_name          = module.ecs.cluster_name\n  environment           = var.environment\n  route_53_records      = [var.app_host_name]\n  lb_listener_arn       = module.ecs.alb_https_listener_arn\n  lb_security_group_ids = [module.ecs.alb_security_group_id]\n  route_53_zone_name    = var.route_53_zone_name\n  subnet_ids            = data.aws_subnets.private.ids\n  vpc_id                = data.aws_vpc.vpc.id\n  container_image       = var.container_image\n  tags                  = module.tags.tags\n}\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.3 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 4.60.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_backstage_container_definition\"\u003e\u003c/a\u003e [backstage\\_container\\_definition](#module\\_backstage\\_container\\_definition) | ./ecs-container-definition | n/a |\n| \u003ca name=\"module_ecs_service_autoscaling\"\u003e\u003c/a\u003e [ecs\\_service\\_autoscaling](#module\\_ecs\\_service\\_autoscaling) | git::https://github.com/cn-terraform/terraform-aws-ecs-service-autoscaling | 1.0.6 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_ecs_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |\n| [aws_ecs_task_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |\n| [aws_iam_policy.secrets_manager_read_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.secrets_manager_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_lb_listener_rule.forward](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule) | resource |\n| [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |\n| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |\n| [aws_secretsmanager_secret.backstage_private_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |\n| [aws_secretsmanager_secret.backstage_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_alb_dns_name\"\u003e\u003c/a\u003e [alb\\_dns\\_name](#input\\_alb\\_dns\\_name) | ALB DNS name to create A record for health check service | `string` | n/a | yes |\n| \u003ca name=\"input_alb_zone_id\"\u003e\u003c/a\u003e [alb\\_zone\\_id](#input\\_alb\\_zone\\_id) | ALB Route53 zone ID to create A record for health check service | `string` | n/a | yes |\n| \u003ca name=\"input_app_host_name\"\u003e\u003c/a\u003e [app\\_host\\_name](#input\\_app\\_host\\_name) | Host name to expose via Route53 | `string` | n/a | yes |\n| \u003ca name=\"input_app_port_number\"\u003e\u003c/a\u003e [app\\_port\\_number](#input\\_app\\_port\\_number) | Port number for the container to run under | `number` | `7007` | no |\n| \u003ca name=\"input_backstage_environment\"\u003e\u003c/a\u003e [backstage\\_environment](#input\\_backstage\\_environment) | Backstage environment | `string` | `\"production\"` | no |\n| \u003ca name=\"input_cluster_id\"\u003e\u003c/a\u003e [cluster\\_id](#input\\_cluster\\_id) | ID of the ECS cluster. | `string` | n/a | yes |\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | Name of the ECS cluster. | `string` | n/a | yes |\n| \u003ca name=\"input_container_image\"\u003e\u003c/a\u003e [container\\_image](#input\\_container\\_image) | url for image being used to setup backstage | `string` | `\"spotify/backstage-cookiecutter\"` | no |\n| \u003ca name=\"input_desired_count\"\u003e\u003c/a\u003e [desired\\_count](#input\\_desired\\_count) | Number of ECS tasks to run for the service. | `number` | `3` | no |\n| \u003ca name=\"input_egress_cidr_block\"\u003e\u003c/a\u003e [egress\\_cidr\\_block](#input\\_egress\\_cidr\\_block) | ECS Tasks egress CIDR block | `string` | `\"0.0.0.0/0\"` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | n/a | yes |\n| \u003ca name=\"input_environment_variables\"\u003e\u003c/a\u003e [environment\\_variables](#input\\_environment\\_variables) | (optional) List of additional environment variables | \u003cpre\u003elist(object({\u003cbr\u003e    name  = string\u003cbr\u003e    value = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_ephemeral_storage\"\u003e\u003c/a\u003e [ephemeral\\_storage](#input\\_ephemeral\\_storage) | (optional) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB. | `string` | `null` | no |\n| \u003ca name=\"input_execution_policy_attachment_arns\"\u003e\u003c/a\u003e [execution\\_policy\\_attachment\\_arns](#input\\_execution\\_policy\\_attachment\\_arns) | The ARNs of the policies you want to apply | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_health_check_path_pattern\"\u003e\u003c/a\u003e [health\\_check\\_path\\_pattern](#input\\_health\\_check\\_path\\_pattern) | Path pattern to match against the request URL. | `string` | `\"/\"` | no |\n| \u003ca name=\"input_launch_type\"\u003e\u003c/a\u003e [launch\\_type](#input\\_launch\\_type) | Launch type for the health check service. | `string` | `\"FARGATE\"` | no |\n| \u003ca name=\"input_lb_listener_arn\"\u003e\u003c/a\u003e [lb\\_listener\\_arn](#input\\_lb\\_listener\\_arn) | ARN of the load balancer listener. | `string` | n/a | yes |\n| \u003ca name=\"input_lb_security_group_ids\"\u003e\u003c/a\u003e [lb\\_security\\_group\\_ids](#input\\_lb\\_security\\_group\\_ids) | LB Security Group IDs for ingress access to the health check task definition. | `list(string)` | n/a | yes |\n| \u003ca name=\"input_max_count\"\u003e\u003c/a\u003e [max\\_count](#input\\_max\\_count) | Maximum number of ECS tasks to run for the service. | `number` | `6` | no |\n| \u003ca name=\"input_min_count\"\u003e\u003c/a\u003e [min\\_count](#input\\_min\\_count) | Minimum number of ECS tasks to run for the service. | `number` | `1` | no |\n| \u003ca name=\"input_private_key_secret_name\"\u003e\u003c/a\u003e [private\\_key\\_secret\\_name](#input\\_private\\_key\\_secret\\_name) | Name of the secret in AWS Secrets Manager that contains Backstage private key for GitHub authentication. The secret should be stored as plain text in ASM. | `string` | `\"arc/poc/backstage-private-key\"` | no |\n| \u003ca name=\"input_route_53_private_zone\"\u003e\u003c/a\u003e [route\\_53\\_private\\_zone](#input\\_route\\_53\\_private\\_zone) | Used with `name` field to get a private Hosted Zone | `bool` | `false` | no |\n| \u003ca name=\"input_route_53_record_type\"\u003e\u003c/a\u003e [route\\_53\\_record\\_type](#input\\_route\\_53\\_record\\_type) | Health check Route53 record type | `string` | `\"A\"` | no |\n| \u003ca name=\"input_route_53_records\"\u003e\u003c/a\u003e [route\\_53\\_records](#input\\_route\\_53\\_records) | List of A record domains to create for the health check service | `list(string)` | n/a | yes |\n| \u003ca name=\"input_route_53_zone_name\"\u003e\u003c/a\u003e [route\\_53\\_zone\\_name](#input\\_route\\_53\\_zone\\_name) | Route53 zone name used for looking up and creating an `A` record for the health check service | `string` | n/a | yes |\n| \u003ca name=\"input_secret_list\"\u003e\u003c/a\u003e [secret\\_list](#input\\_secret\\_list) | (optional) List of additional Secrets | \u003cpre\u003elist(object({\u003cbr\u003e    name      = string\u003cbr\u003e    valueFrom = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_secret_name\"\u003e\u003c/a\u003e [secret\\_name](#input\\_secret\\_name) | Name of the secret in AWS Secrets Manager that contains Backstage secrets, such as POSTGRES\\_USER and POSTGRES\\_PASSWORD | `string` | `\"arc/poc/backstage\"` | no |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | Subnet IDs to run health check task in | `list(string)` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags to assign the resources. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_task_definition_cpu\"\u003e\u003c/a\u003e [task\\_definition\\_cpu](#input\\_task\\_definition\\_cpu) | Number of cpu units used by the task. If the requires\\_compatibilities is FARGATE this field is required. | `number` | `1024` | no |\n| \u003ca name=\"input_task_definition_memory\"\u003e\u003c/a\u003e [task\\_definition\\_memory](#input\\_task\\_definition\\_memory) | Amount (in MiB) of memory used by the task. If the requires\\_compatibilities is FARGATE this field is required. | `number` | `2048` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | Id of the VPC where the resources will live | `string` | n/a | yes |\n\n## Outputs\n\nNo outputs.\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n### Git commits\n\nwhile Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch\n\nFor Example\n\n```sh\ngit commit -m \"your commit message #major\"\n```\nBy specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly\n\n## Development\n\n### Prerequisites\n\n- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)\n- [terraform-docs](https://github.com/segmentio/terraform-docs)\n- [pre-commit](https://pre-commit.com/#install)\n\n### Configurations\n\n- Configure pre-commit hooks\n```sh\npre-commit install\n```\n\n\n## Authors\n\nThis project is authored by below people\n\n- SourceFuse ARC Team\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-backstage-ecs-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-backstage-ecs-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-backstage-ecs-app/lists"}