app/aws/ecs
cluster-namespace - connection
Connection Type: cluster-namespace/aws/ecs
region - string
The region where the ECS Container resides.
service_name - string [optional]
The name of the service in ECS. This is usually unique from the application name to prevent collisions in AWS.
This value will be blank if the module contains only a task.
task_arn - string
The AWS ARN of the task definition (including family and revision) for the application.
Format: arn:aws:ecs:[region]:[account-id]:task-definition/[family]:[revision]
app_security_group_id - string
The ID of the security group attached to the app.
image_repo_url - string
The image repository URL where the service pulls its images.
Format: [account-id]:dkr.ecr.[region].amazonaws.com/[image-repo-name]
image_pusher - object
An AWS IAM user and access keys that have explicit access to push images to the image repository.
Format
value = {
name = aws_iam_user.image_pusher.name
access_key = aws_iam_access_key.image_pusher.id
secret_key = aws_iam_access_key.image_pusher.secret
}value = {
name = aws_iam_user.image_pusher.name
access_key = aws_iam_access_key.image_pusher.id
secret_key = aws_iam_access_key.image_pusher.secret
}Required IAM permissions
[ecr-repository-arn]
ecr:GetDownloadUrlForLayer
ecr:BatchGetImage
ecr:BatchCheckLayerAvailability
ecr:PutImage
ecr:InitiateLayerUpload
ecr:UploadLayerPart
ecr:CompleteLayerUpload**
*
ecr:GetAuthorizationToken[ecr-repository-arn]
ecr:GetDownloadUrlForLayer
ecr:BatchGetImage
ecr:BatchCheckLayerAvailability
ecr:PutImage
ecr:InitiateLayerUpload
ecr:UploadLayerPart
ecr:CompleteLayerUpload**
*
ecr:GetAuthorizationTokenmain_container_name - string
The name of the container definition for the main service container.
An ECS service consists of a service containing a single task definition. Since a task definition can contain one or many container definitions, main_container_name identifies the primary container. This is used by the Nullstone CLI to upgrade the image tag when deploying new versions.
deployer - object
An AWS IAM user and access keys with explicit access to deploy new versions.
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[execution-role-arn]
iam:PassRole
[task-role-arn]
iam:PassRole
*
ecs:DescribeTaskDefinition
ecs:RegisterTaskDefinition
ecs:DeregisterTaskDefinition
elasticloadbalancing:Describe*
* <condition ecs:cluster=cluster-arn>
ecs:DescribeServices
ecs:UpdateService
ecs:*Tasks
ecs:ExecuteCommand[execution-role-arn]
iam:PassRole
[task-role-arn]
iam:PassRole
*
ecs:DescribeTaskDefinition
ecs:RegisterTaskDefinition
ecs:DeregisterTaskDefinition
elasticloadbalancing:Describe*
* <condition ecs:cluster=cluster-arn>
ecs:DescribeServices
ecs:UpdateService
ecs:*Tasks
ecs:ExecuteCommandlog_provider - string
The name of the log provider.
For AWS, this is typically cloudwatch.
log_group_name - string
The name of the Log Group where logs are stored.
log_reader - object
An AWS IAM user and access keys with explicit access to read logs.
Prebuilt Module
- GitHub: github.com/nullstone-modules/terraform-aws-logs
- Terraform:
source = nullstone-modules/logs/aws
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[log-group-arn]
logs:Get*
logs:List*
logs:StartQuery
logs:StopQuery
logs:TestMetricFilter
logs:Filter*[log-group-arn]
logs:Get*
logs:List*
logs:StartQuery
logs:StopQuery
logs:TestMetricFilter
logs:Filter*