From 0abdbc47c9b9c0596867f054ca36c9d73eac62cf Mon Sep 17 00:00:00 2001 From: nitro Date: Mon, 22 Jun 2020 11:12:52 -0400 Subject: [PATCH] Flag to enable icmp rule (#56) Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> Co-authored-by: Matt Gowie --- README.md | 129 ++++++++++++++++++++++++++-------------------- docs/terraform.md | 129 ++++++++++++++++++++++++++-------------------- main.tf | 2 +- variables.tf | 6 +++ 4 files changed, 153 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index c01e67f..85e334c 100644 --- a/README.md +++ b/README.md @@ -216,70 +216,87 @@ Available targets: help/short This help short screen ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.42 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.42 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_security_group | Security group of the ALB | string | `` | no | -| assign_public_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | bool | `false` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| capacity_provider_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | object | `` | no | -| container_definition_json | The JSON of the task container definition | string | - | yes | -| container_port | The port on the container to allow via the ingress security group | number | `80` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| deployment_controller_type | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | string | `ECS` | no | -| deployment_maximum_percent | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | number | `200` | no | -| deployment_minimum_healthy_percent | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | number | `100` | no | -| desired_count | The number of instances of the task definition to place and keep running | number | `1` | no | -| ecs_cluster_arn | The ARN of the ECS cluster where service will be provisioned | string | - | yes | -| ecs_load_balancers | A list of load balancer config objects for the ECS service; see `load_balancer` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html | object | `` | no | -| enable_ecs_managed_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | bool | `false` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| health_check_grace_period_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | number | `0` | no | -| ignore_changes_task_definition | Whether to ignore changes in container definition and task definition in the ECS service | bool | `true` | no | -| launch_type | The launch type on which to run your service. Valid values are `EC2` and `FARGATE` | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| network_mode | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` | string | `awsvpc` | no | -| nlb_cidr_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | list(string) | `` | no | -| nlb_container_port | The port on the container to allow via the ingress security group | number | `80` | no | -| ordered_placement_strategy | Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5. See `ordered_placement_strategy` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#ordered_placement_strategy-1 | object | `` | no | -| permissions_boundary | A permissions boundary ARN to apply to the 3 roles that are created. | string | `` | no | -| platform_version | The platform version on which to run your service. Only applicable for launch_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | string | `LATEST` | no | -| propagate_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION | string | `null` | no | -| proxy_configuration | The proxy configuration details for the App Mesh proxy. See `proxy_configuration` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#proxy-configuration-arguments | object | `null` | no | -| scheduling_strategy | The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Note that Fargate tasks do not support the DAEMON scheduling strategy. | string | `REPLICA` | no | -| security_group_ids | Security group IDs to allow in Service `network_configuration` | list(string) | `` | no | -| service_placement_constraints | The rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#placement_constraints-1 | object | `` | no | -| service_registries | The service discovery registries for the service. The maximum number of service_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | object | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| subnet_ids | Subnet IDs | list(string) | - | yes | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| task_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `256` | no | -| task_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `512` | no | -| task_placement_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | object | `` | no | -| use_alb_security_group | A flag to enable/disable adding the ingress rule to the ALB security group | bool | `false` | no | -| use_nlb_cidr_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | bool | `false` | no | -| use_old_arn | A flag to enable/disable tagging the ecs resources that require the new arn format | bool | `false` | no | -| volumes | Task volume definitions as list of configuration objects | object | `` | no | -| vpc_id | The VPC ID where resources are created | string | - | yes | +|------|-------------|------|---------|:--------:| +| alb\_security\_group | Security group of the ALB | `string` | `""` | no | +| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| container\_definition\_json | The JSON of the task container definition | `string` | n/a | yes | +| container\_port | The port on the container to allow via the ingress security group | `number` | `80` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| deployment\_controller\_type | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | `string` | `"ECS"` | no | +| deployment\_maximum\_percent | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no | +| deployment\_minimum\_healthy\_percent | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no | +| desired\_count | The number of instances of the task definition to place and keep running | `number` | `1` | no | +| ecs\_cluster\_arn | The ARN of the ECS cluster where service will be provisioned | `string` | n/a | yes | +| ecs\_load\_balancers | A list of load balancer config objects for the ECS service; see `load_balancer` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html | 
list(object({
    container_name   = string
    container_port   = number
    elb_name         = string
    target_group_arn = string
  }))
| `[]` | no | +| enable\_ecs\_managed\_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | +| enable\_icmp\_rule | Specifies whether to enable ICMP on the security group | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | +| ignore\_changes\_task\_definition | Whether to ignore changes in container definition and task definition in the ECS service | `bool` | `true` | no | +| launch\_type | The launch type on which to run your service. Valid values are `EC2` and `FARGATE` | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| network\_mode | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` | `string` | `"awsvpc"` | no | +| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | +| nlb\_container\_port | The port on the container to allow via the ingress security group | `number` | `80` | no | +| ordered\_placement\_strategy | Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered\_placement\_strategy blocks is 5. See `ordered_placement_strategy` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#ordered_placement_strategy-1 | 
list(object({
    type  = string
    field = string
  }))
| `[]` | no | +| permissions\_boundary | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no | +| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | +| propagate\_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | +| proxy\_configuration | The proxy configuration details for the App Mesh proxy. See `proxy_configuration` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#proxy-configuration-arguments | 
object({
    type           = string
    container_name = string
    properties     = map(string)
  })
| `null` | no | +| scheduling\_strategy | The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Note that Fargate tasks do not support the DAEMON scheduling strategy. | `string` | `"REPLICA"` | no | +| security\_group\_ids | Security group IDs to allow in Service `network_configuration` | `list(string)` | `[]` | no | +| service\_placement\_constraints | The rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#placement_constraints-1 | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| subnet\_ids | Subnet IDs | `list(string)` | n/a | yes | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| task\_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `256` | no | +| task\_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `512` | no | +| task\_placement\_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| use\_alb\_security\_group | A flag to enable/disable adding the ingress rule to the ALB security group | `bool` | `false` | no | +| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | +| use\_old\_arn | A flag to enable/disable tagging the ecs resources that require the new arn format | `bool` | `false` | no | +| volumes | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
  }))
| `[]` | no | +| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| service_name | ECS Service name | -| service_role_arn | ECS Service role ARN | -| service_security_group_id | Security Group ID of the ECS task | -| task_definition_family | ECS task definition family | -| task_definition_revision | ECS task definition revision | -| task_exec_role_arn | ECS Task exec role ARN | -| task_exec_role_name | ECS Task role name | -| task_role_arn | ECS Task role ARN | -| task_role_id | ECS Task role id | -| task_role_name | ECS Task role name | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| service\_name | ECS Service name | +| service\_role\_arn | ECS Service role ARN | +| service\_security\_group\_id | Security Group ID of the ECS task | +| task\_definition\_family | ECS task definition family | +| task\_definition\_revision | ECS task definition revision | +| task\_exec\_role\_arn | ECS Task exec role ARN | +| task\_exec\_role\_name | ECS Task role name | +| task\_role\_arn | ECS Task role ARN | +| task\_role\_id | ECS Task role id | +| task\_role\_name | ECS Task role name | diff --git a/docs/terraform.md b/docs/terraform.md index 2c81e19..f253219 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,65 +1,82 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.42 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.42 | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_security_group | Security group of the ALB | string | `` | no | -| assign_public_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | bool | `false` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| capacity_provider_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | object | `` | no | -| container_definition_json | The JSON of the task container definition | string | - | yes | -| container_port | The port on the container to allow via the ingress security group | number | `80` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| deployment_controller_type | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | string | `ECS` | no | -| deployment_maximum_percent | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | number | `200` | no | -| deployment_minimum_healthy_percent | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | number | `100` | no | -| desired_count | The number of instances of the task definition to place and keep running | number | `1` | no | -| ecs_cluster_arn | The ARN of the ECS cluster where service will be provisioned | string | - | yes | -| ecs_load_balancers | A list of load balancer config objects for the ECS service; see `load_balancer` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html | object | `` | no | -| enable_ecs_managed_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | bool | `false` | no | -| enabled | Set to false to prevent the module from creating any resources | bool | `true` | no | -| health_check_grace_period_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | number | `0` | no | -| ignore_changes_task_definition | Whether to ignore changes in container definition and task definition in the ECS service | bool | `true` | no | -| launch_type | The launch type on which to run your service. Valid values are `EC2` and `FARGATE` | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| network_mode | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` | string | `awsvpc` | no | -| nlb_cidr_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | list(string) | `` | no | -| nlb_container_port | The port on the container to allow via the ingress security group | number | `80` | no | -| ordered_placement_strategy | Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered_placement_strategy blocks is 5. See `ordered_placement_strategy` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#ordered_placement_strategy-1 | object | `` | no | -| permissions_boundary | A permissions boundary ARN to apply to the 3 roles that are created. | string | `` | no | -| platform_version | The platform version on which to run your service. Only applicable for launch_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | string | `LATEST` | no | -| propagate_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION | string | `null` | no | -| proxy_configuration | The proxy configuration details for the App Mesh proxy. See `proxy_configuration` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#proxy-configuration-arguments | object | `null` | no | -| scheduling_strategy | The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Note that Fargate tasks do not support the DAEMON scheduling strategy. | string | `REPLICA` | no | -| security_group_ids | Security group IDs to allow in Service `network_configuration` | list(string) | `` | no | -| service_placement_constraints | The rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#placement_constraints-1 | object | `` | no | -| service_registries | The service discovery registries for the service. The maximum number of service_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | object | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| subnet_ids | Subnet IDs | list(string) | - | yes | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| task_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `256` | no | -| task_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `512` | no | -| task_placement_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | object | `` | no | -| use_alb_security_group | A flag to enable/disable adding the ingress rule to the ALB security group | bool | `false` | no | -| use_nlb_cidr_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | bool | `false` | no | -| use_old_arn | A flag to enable/disable tagging the ecs resources that require the new arn format | bool | `false` | no | -| volumes | Task volume definitions as list of configuration objects | object | `` | no | -| vpc_id | The VPC ID where resources are created | string | - | yes | +|------|-------------|------|---------|:--------:| +| alb\_security\_group | Security group of the ALB | `string` | `""` | no | +| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| container\_definition\_json | The JSON of the task container definition | `string` | n/a | yes | +| container\_port | The port on the container to allow via the ingress security group | `number` | `80` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| deployment\_controller\_type | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | `string` | `"ECS"` | no | +| deployment\_maximum\_percent | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no | +| deployment\_minimum\_healthy\_percent | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no | +| desired\_count | The number of instances of the task definition to place and keep running | `number` | `1` | no | +| ecs\_cluster\_arn | The ARN of the ECS cluster where service will be provisioned | `string` | n/a | yes | +| ecs\_load\_balancers | A list of load balancer config objects for the ECS service; see `load_balancer` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html | 
list(object({
    container_name   = string
    container_port   = number
    elb_name         = string
    target_group_arn = string
  }))
| `[]` | no | +| enable\_ecs\_managed\_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | +| enable\_icmp\_rule | Specifies whether to enable ICMP on the security group | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources | `bool` | `true` | no | +| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | +| ignore\_changes\_task\_definition | Whether to ignore changes in container definition and task definition in the ECS service | `bool` | `true` | no | +| launch\_type | The launch type on which to run your service. Valid values are `EC2` and `FARGATE` | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| network\_mode | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` | `string` | `"awsvpc"` | no | +| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | +| nlb\_container\_port | The port on the container to allow via the ingress security group | `number` | `80` | no | +| ordered\_placement\_strategy | Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered\_placement\_strategy blocks is 5. See `ordered_placement_strategy` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#ordered_placement_strategy-1 | 
list(object({
    type  = string
    field = string
  }))
| `[]` | no | +| permissions\_boundary | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no | +| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | +| propagate\_tags | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | +| proxy\_configuration | The proxy configuration details for the App Mesh proxy. See `proxy_configuration` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#proxy-configuration-arguments | 
object({
    type           = string
    container_name = string
    properties     = map(string)
  })
| `null` | no | +| scheduling\_strategy | The scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Note that Fargate tasks do not support the DAEMON scheduling strategy. | `string` | `"REPLICA"` | no | +| security\_group\_ids | Security group IDs to allow in Service `network_configuration` | `list(string)` | `[]` | no | +| service\_placement\_constraints | The rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#placement_constraints-1 | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| subnet\_ids | Subnet IDs | `list(string)` | n/a | yes | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| task\_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `256` | no | +| task\_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `512` | no | +| task\_placement\_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| use\_alb\_security\_group | A flag to enable/disable adding the ingress rule to the ALB security group | `bool` | `false` | no | +| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | +| use\_old\_arn | A flag to enable/disable tagging the ecs resources that require the new arn format | `bool` | `false` | no | +| volumes | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
  }))
| `[]` | no | +| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| service_name | ECS Service name | -| service_role_arn | ECS Service role ARN | -| service_security_group_id | Security Group ID of the ECS task | -| task_definition_family | ECS task definition family | -| task_definition_revision | ECS task definition revision | -| task_exec_role_arn | ECS Task exec role ARN | -| task_exec_role_name | ECS Task role name | -| task_role_arn | ECS Task role ARN | -| task_role_id | ECS Task role id | -| task_role_name | ECS Task role name | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| service\_name | ECS Service name | +| service\_role\_arn | ECS Service role ARN | +| service\_security\_group\_id | Security Group ID of the ECS task | +| task\_definition\_family | ECS task definition family | +| task\_definition\_revision | ECS task definition revision | +| task\_exec\_role\_arn | ECS Task exec role ARN | +| task\_exec\_role\_name | ECS Task role name | +| task\_role\_arn | ECS Task role ARN | +| task\_role\_id | ECS Task role id | +| task\_role\_name | ECS Task role name | diff --git a/main.tf b/main.tf index 9bbfe55..f3b331d 100644 --- a/main.tf +++ b/main.tf @@ -218,7 +218,7 @@ resource "aws_security_group_rule" "allow_all_egress" { } resource "aws_security_group_rule" "allow_icmp_ingress" { - count = var.enabled ? 1 : 0 + count = var.enabled && var.enable_icmp_rule ? 1 : 0 description = "Enables ping command from anywhere, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-ping" type = "ingress" from_port = 8 diff --git a/variables.tf b/variables.tf index d7ce78b..65691bc 100644 --- a/variables.tf +++ b/variables.tf @@ -237,6 +237,12 @@ variable "enable_ecs_managed_tags" { default = false } +variable "enable_icmp_rule" { + type = bool + description = "Specifies whether to enable ICMP on the security group" + default = true +} + variable "capacity_provider_strategies" { type = list(object({ capacity_provider = string