Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/geekcell/terraform-aws-ecs-container-definition
Terraform module to provision an AWS ECS Container Definition.
https://github.com/geekcell/terraform-aws-ecs-container-definition
aws container container-definition ecs terraform terraform-module
Last synced: 3 days ago
JSON representation
Terraform module to provision an AWS ECS Container Definition.
- Host: GitHub
- URL: https://github.com/geekcell/terraform-aws-ecs-container-definition
- Owner: geekcell
- License: apache-2.0
- Created: 2023-01-18T13:23:49.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-06-28T10:43:39.000Z (over 1 year ago)
- Last Synced: 2024-08-23T14:47:25.573Z (about 1 month ago)
- Topics: aws, container, container-definition, ecs, terraform, terraform-module
- Language: Go
- Homepage: https://www.geekcell.io
- Size: 80.1 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://www.geekcell.io/)
### Code Quality
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/blob/master/LICENSE)
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/releases)
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/actions/workflows/release.yaml)
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/actions/workflows/validate.yaml)
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/actions/workflows/linter.yaml)
[](https://github.com/geekcell/terraform-aws-ecs-container-definition/actions/workflows/test.yaml)
### Security
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=INFRASTRUCTURE+SECURITY)
#### Cloud
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+AWS+V1.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+AWS+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+AZURE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+AZURE+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+GCP+V1.1)
##### Container
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+KUBERNETES+V1.6)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+EKS+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+GKE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=CIS+KUBERNETES+V1.5)
#### Data protection
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=SOC2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=PCI-DSS+V3.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=PCI-DSS+V3.2.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=ISO27001)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=NIST-800-53)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=HIPAA)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-ecs-container-definition&benchmark=FEDRAMP+%28MODERATE%29)
# Terraform AWS ECS Container Definition
This module is used to generate a container definition for use in an AWS ECS task definition.
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [command](#input\_command) | The command that is passed to the container. | `list(string)` | `null` | no |
| [cpu](#input\_cpu) | The number of cpu units reserved for the container. | `number` | `0` | no |
| [depend\_on](#input\_depend\_on) | The dependencies defined for container startup and shutdown. | `map(string)` | `{}` | no |
| [disable\_networking](#input\_disable\_networking) | When this parameter is true, networking is disabled within the container. | `bool` | `null` | no |
| [dns\_search\_domains](#input\_dns\_search\_domains) | A list of DNS search domains that are presented to the container. | `list(string)` | `null` | no |
| [dns\_servers](#input\_dns\_servers) | A list of DNS servers that are presented to the container. | `list(string)` | `null` | no |
| [docker\_labels](#input\_docker\_labels) | A key/value map of labels to add to the container. | `map(string)` | `null` | no |
| [docker\_security\_options](#input\_docker\_security\_options) | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | `list(string)` | `null` | no |
| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container. | `list(string)` | `null` | no |
| [environment](#input\_environment) | The environment variables to pass to a container. | `map(string)` | `{}` | no |
| [environment\_files](#input\_environment\_files) | The environment files to pass to a container. | `list(string)` | `[]` | no |
| [essential](#input\_essential) | Whether this container is essential to the task. If the container fails or stops for any reason, all other containers that are part of the task are stopped. | `bool` | `true` | no |
| [extra\_hosts](#input\_extra\_hosts) | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. | `map(string)` | `{}` | no |
| [firelens\_configuration](#input\_firelens\_configuration) | The FireLens configuration for the container. |
object({
type = string
options = optional(map(string))
}) | `null` | no |
| [healthcheck](#input\_healthcheck) | The container health check command and associated configuration parameters for the container. | object({
command = list(string)
interval = optional(number)
retries = optional(number)
start_period = optional(number)
timeout = optional(number)
}) | `null` | no |
| [hostname](#input\_hostname) | The hostname to use for your container. | `string` | `null` | no |
| [image](#input\_image) | The image used to start the container. | `string` | n/a | yes |
| [interactive](#input\_interactive) | When this parameter is true, the container is given read-only access to its root file system. | `bool` | `null` | no |
| [links](#input\_links) | Links to other containers. | `list(string)` | `null` | no |
| [linux\_parameters](#input\_linux\_parameters) | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. | object({
init_process_enabled = optional(bool)
shared_memory_size = optional(number)
max_swap = optional(number)
swappiness = optional(number)
capabilities = optional(object({
add = optional(list(string))
drop = optional(list(string))
}))
devices = optional(list(object({
host_path = string
container_path = optional(string)
permissions = optional(list(string))
})), [])
tmpfs = optional(list(object({
container_path = string
size = number
mount_options = optional(list(string))
})), [])
}) | `null` | no |
| [log\_configuration](#input\_log\_configuration) | The log configuration specification for the container. | object({
log_driver = optional(string)
options = optional(map(string))
secret_options = optional(map(string))
}) | `null` | no |
| [memory](#input\_memory) | The hard limit (in MiB) of memory to present to the container. | `number` | `null` | no |
| [memory\_reservation](#input\_memory\_reservation) | The soft limit (in MiB) of memory to reserve for the container. | `number` | `null` | no |
| [mount\_points](#input\_mount\_points) | The mount points for data volumes in your container. | list(object({
source_volume = string
container_path = string
read_only = optional(bool, false)
})) | `[]` | no |
| [name](#input\_name) | The name of the container. | `string` | n/a | yes |
| [port\_mappings](#input\_port\_mappings) | The list of port mappings for the container. | list(object({
app_protocol = optional(string)
container_port_range = optional(string)
container_port = optional(number)
host_port = optional(number)
protocol = optional(string, "tcp")
})) | `[]` | no |
| [privileged](#input\_privileged) | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). | `bool` | `null` | no |
| [pseudo\_terminal](#input\_pseudo\_terminal) | When this parameter is true, a TTY is allocated. | `bool` | `null` | no |
| [readonly\_root\_filesystem](#input\_readonly\_root\_filesystem) | When this parameter is true, the container is given read-only access to its root file system. | `bool` | `null` | no |
| [repository\_credentials](#input\_repository\_credentials) | The private repository authentication credentials to use. | `string` | `null` | no |
| [resource\_requirements](#input\_resource\_requirements) | The type and amount of a resource to assign to a container. | `map(string)` | `{}` | no |
| [secrets](#input\_secrets) | The secrets to pass to the container. | `map(string)` | `{}` | no |
| [start\_timeout](#input\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container. | `number` | `null` | no |
| [stop\_timeout](#input\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. | `number` | `null` | no |
| [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container. | `map(string)` | `{}` | no |
| [ulimits](#input\_ulimits) | A list of ulimits to set in the container. | map(object({
hard_limit = number
soft_limit = number
})) | `{}` | no |
| [user](#input\_user) | The user to use inside the container. | `string` | `null` | no |
| [volumes\_from](#input\_volumes\_from) | Data volumes to mount from another container. | map(object({
read_only = optional(bool, false)
})) | `{}` | no |
| [working\_directory](#input\_working\_directory) | The working directory in which to run commands inside the container. | `string` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [hcl](#output\_hcl) | Rendered container definition as HCL object. |
| [json](#output\_json) | Rendered container definition as JSON output. |
## Providers
| Name | Version |
|------|---------|
| [jq](#provider\_jq) | 0.2.1 |
## Resources
- data source.jq_query.main (main.tf#114)
# Examples
### Min
```hcl
module "basic-example" {
source = "../../"
name = var.name
image = "nginx:1.23-alpine"
}
```
### Full
```hcl
module "full" {
source = "../../"
name = var.name
image = "nginx:latest"
essential = true
command = ["sleep", "1000"]
entrypoint = ["/bin/sh", "-c"]
user = "root"
interactive = false
pseudo_terminal = false
cpu = 256
memory = 512
memory_reservation = 1024
working_directory = "/tmp"
readonly_root_filesystem = true
port_mappings = [
{
container_port = 80
host_port = 80
protocol = "tcp"
},
{
container_port = 443
host_port = 443
protocol = "tcp"
}
]
links = ["app"]
mount_points = [
{
container_path = "/tmp"
source_volume = "tmp"
read_only = false
}
]
volumes_from = {
app = { read_only = true }
}
dns_search_domains = ["example.com"]
dns_servers = ["10.0.0.1"]
hostname = "nginx"
extra_hosts = {
"local.host" = "127.0.0.1"
"loopback" = "127.0.0.1"
}
privileged = true
disable_networking = false
ulimits = {
nofile = {
soft_limit = 1024
hard_limit = 2048
}
nproc = {
soft_limit = 1024
hard_limit = 2048
}
}
docker_security_options = ["label:type:container_t"]
system_controls = {
"net.ipv4.tcp_syncookies" = 1
"net.core.somaxconn" = 1024
}
linux_parameters = {
init_process_enabled = true
shared_memory_size = 1024
max_swap = 1024
swappiness = 50
capabilities = {
add = ["SYS_TIME"]
drop = ["MKNOD"]
}
devices = [
{
host_path = "/dev/null"
container_path = "/dev/null"
permissions = ["read", "write"]
}
]
tmpfs = [
{
size = 1024
container_path = "/tmp"
mount_options = ["rw", "noexec", "nosuid", "nodev"]
}
]
}
environment_files = ["s3://bucket/key/to/file.env"]
environment = {
APP_ENV = "dev"
APP_DEBUG = false
}
secrets = {
DATABASE_USER = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:DB_PASS::"
APP_SECRET = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:APP_SECRET::"
}
docker_labels = {
"com.example.foo" = "bar"
"com.example.baz" = "qux"
}
start_timeout = 60
stop_timeout = 60
depend_on = {
redis = "HEALTHY"
}
healthcheck = {
command = ["CMD-SHELL", "curl -f http://localhost/ || exit 1"]
interval = 30
retries = 3
start_period = 0
timeout = 5
}
resource_requirements = {
GPU = 256
InferenceAccelerator = "eia1.medium"
}
repository_credentials = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter"
log_configuration = {
log_driver = "awsfirelens"
options = {
endpoint = "https://example.com"
}
secret_options = {
apiKey = "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter:apiKey::"
}
}
}
```