Nullstone

Appearance

app/aws/ecs

cluster-namespace - connection

Connection Type: cluster-namespace/aws/ecs

region - string

The region where the ECS Container resides.

service_name - string [optional]

The name of the service in ECS. This is usually unique from the application name to prevent collisions in AWS.

This value will be blank if the module contains only a task.

task_arn - string

The AWS ARN of the task definition (including family and revision) for the application.

Format: arn:aws:ecs:[region]:[account-id]:task-definition/[family]:[revision]

app_security_group_id - string

The ID of the security group attached to the app.

image_repo_url - string

The image repository URL where the service pulls its images.

Format: [account-id]:dkr.ecr.[region].amazonaws.com/[image-repo-name]

image_pusher - object

An AWS IAM user and access keys that have explicit access to push images to the image repository.

Format 

value = {
    name       = aws_iam_user.image_pusher.name
    access_key = aws_iam_access_key.image_pusher.id
    secret_key = aws_iam_access_key.image_pusher.secret
}

Required IAM permissions 

[ecr-repository-arn]
    ecr:GetDownloadUrlForLayer
    ecr:BatchGetImage
    ecr:BatchCheckLayerAvailability
    ecr:PutImage
    ecr:InitiateLayerUpload
    ecr:UploadLayerPart
    ecr:CompleteLayerUpload**
*
    ecr:GetAuthorizationToken

main_container_name - string

The name of the container definition for the main service container.

An ECS service consists of a service containing a single task definition. Since a task definition can contain one or many container definitions, main_container_name identifies the primary container. This is used by the Nullstone CLI to upgrade the image tag when deploying new versions.

deployer - object

An AWS IAM user and access keys with explicit access to deploy new versions.

Format 

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

Required IAM permissions 

[execution-role-arn]
    iam:PassRole
[task-role-arn]
    iam:PassRole
*
    ecs:DescribeTaskDefinition
    ecs:RegisterTaskDefinition
    ecs:DeregisterTaskDefinition
    elasticloadbalancing:Describe*
* <condition ecs:cluster=cluster-arn>
    ecs:DescribeServices
    ecs:UpdateService
    ecs:*Tasks
    ecs:ExecuteCommand

log_provider - string

The name of the log provider.

For AWS, this is typically cloudwatch.

log_group_name - string

The name of the Log Group where logs are stored.

log_reader - object

An AWS IAM user and access keys with explicit access to read logs.

Prebuilt Module

Format 

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

Required IAM permissions 

[log-group-arn]
    logs:Get*
    logs:List*
    logs:StartQuery
    logs:StopQuery
    logs:TestMetricFilter
    logs:Filter*

Copyright @ 2020-2024 Nullstone