Add full support for volumes and container timeouts (#16)

Author: marcincuber

README.md

@@ -28,7 +28,7 @@ resource "aws_ecs_cluster" "cluster" {
 
 module "ecs-farage" {
   source = "umotif-public/ecs-fargate/aws"
-  version = "~> 1.3.0"
+  version = "~> 1.4.0"
 
   name_prefix        = "ecs-fargate-example"
   vpc_id             = "vpc-abasdasd132"
@@ -64,6 +64,7 @@ Module is to be used with Terraform > 0.12.
 
 * [ECS Fargate](https://github.com/umotif-public/terraform-aws-ecs-fargate/tree/master/examples/core)
 * [ECS Fargate Spot](https://github.com/umotif-public/terraform-aws-ecs-fargate/tree/master/examples/fargate-spot)
+* [ECS Fargate with EFS](https://github.com/umotif-public/terraform-aws-ecs-fargate/tree/master/examples/fargate-efs)
 
 ## Authors
 
@@ -124,6 +125,9 @@ No requirements.
 | task\_definition\_memory | The soft limit (in MiB) of memory to reserve for the task. | `number` | `512` | no |
 | task\_health\_check | An optional healthcheck definition for the task | `object({ command = list(string), interval = number, timeout = number, retries = number, startPeriod = number })` | `null` | no |
 | task\_host\_port | The port number on the container instance to reserve for your container. | `number` | `0` | no |
+| task\_mount\_points | The mount points for data volumes in your container. Each object inside the list requires "sourceVolume", "containerPath" and "readOnly". For more information see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html | `list(object({ sourceVolume = string, containerPath = string, readOnly = bool }))` | `null` | no |
+| task\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container. If this parameter is not specified, the default value of 3 minutes is used (fargate). | `number` | `null` | no |
+| task\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used. | `number` | `null` | no |
 | volume | (Optional) A set of volume blocks that containers in your task may use. This is a list of maps, where each map should contain "name", "host\_path", "docker\_volume\_configuration" and "efs\_volume\_configuration". Full set of options can be found at https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html | `list` | `[]` | no |
 | vpc\_id | The VPC ID. | `string` | n/a | yes |
 

examples/core/main.tf

@@ -110,6 +110,8 @@ module "fargate" {
     path = "/"
   }
 
+  task_stop_timeout = 90
+
   ### To use task credentials, below paramaters are required
   # create_repository_credentials_iam_policy = false
   # repository_credentials                   = aws_secretsmanager_secret.task_credentials.arn

examples/fargate-efs/main.tf

@@ -0,0 +1,149 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+#####
+# VPC and subnets
+#####
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2.21"
+
+  name = "simple-vpc"
+
+  cidr = "10.0.0.0/16"
+
+  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = false
+}
+
+#####
+# ALB
+#####
+module "alb" {
+  source  = "umotif-public/alb/aws"
+  version = "~> 1.0"
+
+  name_prefix        = "alb-example"
+  load_balancer_type = "application"
+  internal           = false
+  vpc_id             = module.vpc.vpc_id
+  subnets            = module.vpc.public_subnets
+}
+
+resource "aws_lb_listener" "alb_80" {
+  load_balancer_arn = module.alb.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = module.fargate.target_group_arn
+  }
+}
+
+#####
+# Security Group Config
+#####
+resource "aws_security_group_rule" "alb_ingress_80" {
+  security_group_id = module.alb.security_group_id
+  type              = "ingress"
+  protocol          = "tcp"
+  from_port         = 80
+  to_port           = 80
+  cidr_blocks       = ["0.0.0.0/0"]
+  ipv6_cidr_blocks  = ["::/0"]
+}
+
+resource "aws_security_group_rule" "task_ingress_80" {
+  security_group_id        = module.fargate.service_sg_id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = 80
+  to_port                  = 80
+  source_security_group_id = module.alb.security_group_id
+}
+
+#####
+# EFS
+#####
+resource "aws_efs_file_system" "efs" {
+  creation_token = "efs-html"
+
+  tags = {
+    Name = "efs-html"
+  }
+}
+
+#####
+# ECS cluster and fargate
+#####
+resource "aws_ecs_cluster" "cluster" {
+  name               = "ecs-spot-test"
+  capacity_providers = ["FARGATE_SPOT", "FARGATE"]
+
+  default_capacity_provider_strategy {
+    capacity_provider = "FARGATE_SPOT"
+  }
+
+  setting {
+    name  = "containerInsights"
+    value = "disabled"
+  }
+}
+
+module "fargate" {
+  source = "../../"
+
+  name_prefix        = "ecs-fargate-example"
+  vpc_id             = module.vpc.vpc_id
+  private_subnet_ids = module.vpc.public_subnets
+  lb_arn             = module.alb.arn
+  cluster_id         = aws_ecs_cluster.cluster.id
+
+  platform_version = "1.4.0"
+
+  task_container_image   = "marcincuber/2048-game:latest"
+  task_definition_cpu    = 256
+  task_definition_memory = 512
+
+  task_container_port             = 80
+  task_container_assign_public_ip = true
+
+  health_check = {
+    port = "traffic-port"
+    path = "/"
+  }
+
+  capacity_provider_strategy = [
+    {
+      capacity_provider = "FARGATE_SPOT",
+      weight            = 100
+    }
+  ]
+
+  task_stop_timeout = 90
+
+  task_mount_points = [
+    {
+      "sourceVolume"  = aws_efs_file_system.efs.creation_token,
+      "containerPath" = "/usr/share/nginx/html",
+      "readOnly"      = true
+    }
+  ]
+
+  volume = [
+    {
+      name = "efs-html",
+      efs_volume_configuration = [
+        {
+          "file_system_id" : aws_efs_file_system.efs.id,
+          "root_directory" : "/usr/share/nginx"
+        }
+      ]
+    }
+  ]
+}

main.tf

@@ -181,6 +181,15 @@ resource "aws_ecs_task_definition" "task" {
   %{if var.task_container_cpu != null~}
   "cpu": ${var.task_container_cpu},
   %{~endif}
+  %{if var.task_start_timeout != null~}
+  "startTimeout": ${var.task_start_timeout},
+  %{~endif}
+  %{if var.task_stop_timeout != null~}
+  "stopTimeout": ${var.task_stop_timeout},
+  %{~endif}
+  %{if var.task_mount_points != null~}
+  "mountPoints": ${jsonencode(var.task_mount_points)},
+  %{~endif}
   "environment": ${jsonencode(local.task_environment)}
 }]
 EOF

variables.tf

@@ -234,3 +234,22 @@ variable "task_container_working_directory" {
   default     = ""
   type        = string
 }
+
+variable "task_start_timeout" {
+  type        = number
+  description = "Time duration (in seconds) to wait before giving up on resolving dependencies for a container. If this parameter is not specified, the default value of 3 minutes is used (fargate)."
+  default     = null
+}
+
+variable "task_stop_timeout" {
+  type        = number
+  description = "Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own. The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used."
+  default     = null
+}
+
+variable "task_mount_points" {
+  description = "The mount points for data volumes in your container. Each object inside the list requires \"sourceVolume\", \"containerPath\" and \"readOnly\". For more information see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html "
+  type        = list(object({ sourceVolume = string, containerPath = string, readOnly = bool }))
+  default     = null
+}
+