Skip to content

AdventielFr/terraform-aws-ecs-node

BranchesTags

Repository files navigation

AWS ECS Cluster Node Terraform module

The purpose of this module is to create an EC2 instances set that will make up the nodes of an ECS cluster.

Infrastructure components

AWS Auto scaling group

This terraform script created One AWS Auto scaling group used to ensure high availability of the instance group in the cluster

Name : {{environment}}-ecs-node-{{ecs_group_node}}-asg

Tags :

  • ECSGroup : {{ecs_group_node}}

  • Environment : {{environment}}

  • Name : {{environment}}-ecs-node-{{ecs_group_node}}

AWS EC2 Launch configuration

This terraform script created One AWS Launch configuration used to deploy an instance of the instance group in the cluster.

Name : {{environment}}-ecs-node-{{ecs_group_node}}-lc

AWS EC2 instances

This terraform script created Many AWS EC2 intances for the instance group in the cluster.

Name : {{environment}}-ecs-node-{{ecs_group_node}}

Tags :

  • ECSGroup : {{ecs_group_node}}

  • Environment : {{environment}}

  • Name : {{environment}}-ecs-node-{{ecs_group_node}}

AWS Cloudwatch log groups

This terraform script created Many AWS CloudWatch LogGroup can be used to monitor the instance group in the cluster

dmesg

Name : /aws/ecs/{{ecs_cluster_name}}/node/{{ecs_group_node}}/var/log/dmesg

Recover the contents of the /var/log/dmesg file of instances of the cluster instance group

audit.log

Name : /aws/ecs/{{ecs_cluster_name}}/node/{{ecs_group_node}}/var/log/audit.log

Recover the contents of the /var/log/audit.log file of instances of the cluster instance group

ecs-init

Name : /aws/ecs/{{ecs_cluster_name}}node/{{ecs_group_node}}/var/log/ecs-init.log

Recover the contents of the /var/log/ecs-init.log file of instances of the cluster instance group

ecs-restart

Name : /aws/ecs/{{ecs_cluster_name}}/node/{{ecs_group_node}}/var/log/ecs-restart.log

Recover the contents of the /var/log/ecs-restart.log file of instances of the cluster instance group

messages

Name : aws/ecs/{{ecs_cluster_name}}/node/{{ecs_group_node}}/var/log/message.log

Recover the contents of the /var/log/messages file of instances of the cluster instance group

AWS CloudWatch Alarm

This terraform script created Many AWS CloudWatch Alarm for the instance group in the cluster.

CPU alarm scale down

Name : * {{environment}}-ecs-{{ecs_group_node}}-cpu-alarm-scale-down

This alarm reduces the number of instances in the instance group when the cpu consumption is greater than a threshold.

CPU alarm scale up

Name : * {{environment}}-ecs-{{ecs_group_node}}-cpu-alarm-scale-up

This alarm increases the number of instances in the instance group when the cpu consumption is greater than a threshold.

Memory alarm scale down

Name : {{environment}}-ecs-{{ecs_group_node}}-memory-alarm-scale-down

This alarm reduces the number of instances in the instance group when the memory consumption is greater than a threshold.

Memory alarm scale up

Name : {{environment}}-ecs-{{ecs_group_node}}-memory-alarm-scale-up

This alarm increases the number of instances in the instance group when the memory consumption is greater than a threshold.

AWS S3 shared bucket ( optional )

This terraform script created One S3 Bucket. This bucket can be used to exchange data as a file between ECS service.

Name : {{environment}}-ecs-shared

AWS IAM Role and Policies

This terraform script created a set of role iam.

AWS IAM for EC2 cluster node

This IAM role is applied to differences in the instance group

Name : {{environment}}-ecs-node-{{ecs_group_node}}-role

AWS IAM for ECS service

This IAM role is applied to differences in the instance group

Name : {{environment}}-ecs-service-{{ecs_group_node}}-role

Inputs / Outputs

Requirements

No requirements.

Providers

Name Version
aws n/a
template n/a

Inputs

Name Description Type Default Required
alarm_cpu_scale_down_evaluation_periods The number of periods over which data is compared to the specified threshold for Alarm CPU scale down number 2 no
alarm_cpu_scale_down_period The CPU period of the instance group that triggers an increase in the number of instances in the instance group number 180 no
alarm_cpu_scale_down_threshold The CPU consumption threshold of the instance group that triggers the reduction of the number of instances in the instance group number 10 no
alarm_cpu_scale_up_evaluation_periods The number of periods over which data is compared to the specified threshold for Alarm CPU scale up number 2 no
alarm_cpu_scale_up_period The CPU period of the instance group that triggers an increase in the number of instances in the instance group number 180 no
alarm_cpu_scale_up_threshold The CPU consumption threshold of the instance group that triggers an increase in the number of instances in the instance group number 90 no
alarm_memory_scale_down_evaluation_periods The number of periods over which data is compared to the specified threshold for Alarm memory scale down number 2 no
alarm_memory_scale_down_period The memory period of the instance group that triggers an increase in the number of instances in the instance group number 180 no
alarm_memory_scale_down_threshold The memory consumption threshold of the instance group that triggers the reduction of the number of instances in the instance group number 10 no
alarm_memory_scale_up_evaluation_periods The number of periods over which data is compared to the specified threshold for Alarm memory scale up number 2 no
alarm_memory_scale_up_period The memory period of the instance group that triggers an increase in the number of instances in the instance group number 180 no
alarm_memory_scale_up_threshold The memory consumption threshold of the instance group that triggers an increase in the number of instances in the instance group number 90 no
alarm_policy_scale_down_cool_down For scale down, the amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start. number 300 no
alarm_policy_scale_up_cool_down For scale up, the amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start. number 300 no
alarm_scale_down_scaling_adjustment For Alarms scale down, the number of instances by which to scale. adjustment_type determines the interpretation of this number (e.g., as an absolute number or as a percentage of the existing Auto Scaling group size). A positive increment adds to the current capacity and a negative value removes from the current capacity. number -1 no
alarm_scale_up_scaling_adjustment For Alarms scale up, the number of instances by which to scale. adjustment_type determines the interpretation of this number (e.g., as an absolute number or as a percentage of the existing Auto Scaling group size). A positive increment adds to the current capacity and a negative value removes from the current capacity number 1 no
asg_desired The desired numbers of instances in the auto scaling group. number 1 no
asg_health_period Time (in seconds) after instance comes into service before checking health. number 180 no
asg_max The maximum numbers of instances in the auto scaling group. number 1 no
asg_min The minimum numbers of instances in the auto scaling group. number 1 no
aws_region The AWS region to deploy string n/a yes
cloudwatch_agent_metrics_collection_interval Specifies how often to collect the cpu metrics, overriding the global metrics_collection_interval specified in the agent section of the configuration file. If you set this value below 60 seconds, each metric is collected as a high-resolution metric. number 60 no
cloudwatch_agent_metrics_config Which metrics should we send to cloudwatch, the default is empty. If the value is empty then clouwatch agent is not installed .Setting this variable to advanced will send all the available metrics that are provided by the agent. You can find more information here https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file-wizard.html. The valids values are : / minimal /standard / advanced or custom. string "" no
cloudwatch_agent_metrics_cpu_resources Specifies that per-cpu metrics are to be collected. The only allowed value is *. If you include this field and value, per-cpu metrics are collected. string "\"resources\": [\"*\"]," no
cloudwatch_agent_metrics_custom_config_content The content of cloudwatch agent config if cloudwatch_agent_metrics_config = custom string "" no
cloudwatch_agent_metrics_disk_resources Specifies an array of disk mount points. This field limits CloudWatch to collect metrics from only the listed mount points. You can specify * as the value to collect metrics from all mount points. Defaults to the root / mountpount. list(string) 
[
  "/"
]
 no
ebs_delete_on_termination Whether the volume should be destroyed on instance termination (Default: false). See Preserving Amazon EBS Volumes on Instance Termination for more information. bool false no
ebs_kms_key_id AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. encrypted must be set to true when this is set. string "" no
ebs_optimized If true, the launched EC2 instance will be EBS-optimized. bool false no
ebs_volume_size The EBS size of volume for ESC data dir number 0 no
ebs_volume_type The type of volume. Can be 'standard', 'gp2', or 'io1'. string "standard" no
ecs_agent_loglevel The level to log at on stdout for esc agent. string "info" no
ecs_apparmor_capable Whether AppArmor is available on the container instance. bool false no
ecs_cloudwath_retention_in_days The Cloudwath retention days for all Cloudwath LogGroup created. number 7 no
ecs_cluster_name The name of the ECS cluster. string n/a yes
ecs_cni_plugins_path The path where the cni binary file is located. string "/amazon-ecs-cni-plugins" no
ecs_container_start_timeout Time duration to wait before giving up on starting a container. string "3m" no
ecs_container_stop_timeout Time duration to wait from when a task is stopped before its containers are forcefully killed if they do not exit normally on their own. string "30s" no
ecs_datadir The name of the persistent data directory on the container that is running the Amazon ECS container agent. The directory is used to save information about the cluster and the agent state. string "/data" no
ecs_disable_docker_health_check Whether to disable the Docker container health check for the ECS Agent. bool false no
ecs_disable_image_cleanup Whether to disable automated image cleanup for the Amazon ECS agent. For more information. bool false no
ecs_disable_privileged Whether launching privileged containers is disabled on the container instance. If this value is set to true, privileged containers are not permitted. bool false no
ecs_enable_container_metadata When true, the agent creates a file describing the container's metadata. The file can be located and consumed by using the container environment variable $ECS_CONTAINER_METADATA_FILE. bool true no
ecs_enable_spot_instance_draining Whether to enable Spot Instance draining for the container instance. bool false no
ecs_enable_task_eni Whether to enable task networking for tasks to be launched with their own network interface. bool false no
ecs_enable_task_iam_role Enables IAM roles for tasks for containers with the bridge and default network modes. bool false no
ecs_enable_task_iam_role_network_host Enables IAM roles for tasks for containers with the host network mode. This variable is only supported. bool false no
ecs_engine_task_cleanup_wait_duration Time duration to wait from when a task is stopped until the Docker container is removed. As this removes the Docker container data, be aware that if this value is set too low, you may not be able to inspect your stopped containers or view the logs before they are removed. The minimum duration is 1m; any value shorter than 1 minute is ignored. string "3h" no
ecs_group_node The instance group node (show tag EcsGroupNode). Use for placement strategy. string "default" no
ecs_http_proxy The hostname (or IP address) and port number of an HTTP proxy to use for the ECS agent to connect to the internet (for example, if your container instances do not have external network access through an Amazon VPC internet gateway or NAT gateway or instance). If this variable is set, you must also set the NO_PROXY variable to filter EC2 instance metadata and Docker daemon traffic from the proxy. string "" no
ecs_image_cleanup_interval The time interval between automated image cleanup cycles. If set to less than 10 minutes, the value is ignored. string "30m" no
ecs_image_minimum_cleanup_age The minimum time interval between when an image is pulled and when it can be considered for automated image cleanup. string "1h" no
ecs_image_pull_behavior The behavior used to customize the pull image process for your container instances. string "default" no
ecs_no_proxy The HTTP traffic that should not be forwarded to the specified HTTP_PROXY. You must specify 169.254.169.254,/var/run/docker.sock to filter EC2 instance metadata and Docker daemon traffic from the proxy. string "" no
ecs_num_images_delete_per_cycle The maximum number of images to delete in a single automated image cleanup cycle. If set to less than 1, the value is ignored. number 5 no
ecs_optimized_amis The map of region to ecs optimized AMI. By default the latest available will be chosen. map {} no
ecs_selinux_capable Whether SELinux is available on the container instance. bool false no
efs_mount_point The EFS volume mount point for EC2 instances. string "/mnt/efs" no
efs_volume The EFS volume to attach to ec2 instances. ( ex : fs-05a856xx) string "" no
enable_monitoring If true, the launched EC2 instance cluster node will have detailed monitoring enabled. bool true no
environment The logical name of the environment, will be used as prefix and in tags. string n/a yes
instance_security_groups The List of security group for ecs cluster node. list(string) [] no
instance_type Default AWS instance type. string "t2.small" no
key_name The name of AWS key pair string "" no
subnets The subnets where the instances will be deployed to. list(string) n/a yes
user_data The override the module embedded user data script. string "" no
vpc_cidr The CIDR for the VPC. string n/a yes
vpc_id The ID of the VPC. string n/a yes

Outputs

Name Description
aws_autoscaling_group_arn The ARN for this AutoScaling Group.
aws_autoscaling_group_id The autoscaling group id.
aws_autoscaling_group_name The name of the autoscale group.
aws_launch_template_id The ID of the launch template.
aws_launch_template_name The name of the launch template.
role_node_arn The ARN of IAM role ecs instance role
role_service_arn The ARN of IAM role ecs service role

Usage

resource "aws_ecs_cluster" "ecs_cluster" {
  name = "my-cluster"
  tags = {
    Environment = "eu-west-3"
  }
}


module "ecs_cluster_node" {
  source  = "git::https://github.com/AdventielFr/terraform-aws-ecs-node.git?ref=0.1.0"

  # deployment informations
  aws_region       = "eu-west-3"
  environment      = "stage"

  # cluster node informations
  ecs_cluster_name = "my-cluster"
  ecs_group_node   = "my-group-node"
  instance_type    = "t2.micro"

  # network informations
  vpc_id        = "vpc-09bcb8c4bdc12xxxx"
  vpc_cidr      = "10.0.0.0/16"
  subnets       = [
      "subnet-0a632ea35bfa2xxxx",
      "subnet-0c6f42baa5077xxxx"
  ]

  # auto scaling informations
  asg_min       = 2
  asg_max       = 3
  asg_desired   = 2

  # alarn informations
  # scale up <80% CPU used on group instances
  alarm_cpu_scale_up_threshold = 80
  # scale down >10% CPU used on group instances
  alarm_cpu_scale_up_threshold = 10

  # ecs.config informations ( show https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html )
  ecs_image_pull_behavior               = "always"
  ecs_enable_task_iam_role              = true
  ecs_enable_task_iam_role_network_host = true
  ecs_enable_task_iam_role              = true
  ecs_enable_task_iam_role_network_host = true
  ecs_agent_loglevel                    = "infoe

  # security group informations
  instance_security_groups = [
    data.terraform_remote_state.vpc.outputs.security_group_all_from_private,
    data.terraform_remote_state.vpc.outputs.security_group_all_from_public,
    data.terraform_remote_state.vpc.outputs.security_group_http_from_internet
  ]
}

About

aws terraform module : Elastic Container Service - Cluster Node

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 6

1.5.0 Latest
Jul 25, 2020
+ 5 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages