Terraform module to create step function to schedule fargate task.
terrafrom module config example:
module "ecs_task_security_group" {
source = "git::https://github.com/mbelousov7/aws-security-group.git"
vpc_id = var.vpc_id
ingress_rules = var.security_group.ingress_rules
egress_rules = var.security_group.egress_rules
labels = local.labels
}
module "ecs_task_definition" {
source = "git::https://github.com/mbelousov7/aws-ecs-task-definition.git"
aws_region = var.region
container_name = var.container_name
container_image = var.container_image
task_cpu = var.task_cpu
task_memory = var.task_memory
task_role_policy_arns = local.cloudteam_policy_arns
task_role_policy_statements = var.task_role_policy_statements
labels = local.labels
}
module "ecs_task_sfn" {
source = "../.."
alarm_topic_arn = var.alarm_topic_arn
environment_type = "DEVELOPMENT"
region = var.region
region_description = "US East (N. Virginia)"
asset_id = "012345"
task_security_group_id = module.ecs_task_security_group.id
task_iam_role_arn = module.ecs_task_definition.task_role_arn
task_definition_arn = module.ecs_task_definition.task_definition_arn
sfn_event_role_policy_arns = local.cloudteam_policy_arns
sfn_role_policy_arns = local.cloudteam_policy_arns
account_number = var.account_number
task_subnet_ids = var.subnet_ids
sfn_event_schedule_expression = "rate(5 minutes)"
labels = local.labels
}
more info see examples/test
terraform run example
cd examples/test
export TF_VAR_ENV="exampletest"
terraform init
terraform plan
No requirements.
Name | Version |
---|---|
aws | n/a |
time | n/a |
No modules.
Name | Type |
---|---|
aws_cloudwatch_event_rule.step_function_event | resource |
aws_cloudwatch_event_target.step_function_event | resource |
aws_cloudwatch_log_group.default | resource |
aws_ecs_cluster.ecs_cluster | resource |
aws_iam_role.sfn_iam_role | resource |
aws_iam_role.step_function_event_role | resource |
aws_iam_role_policy.sfn_event_role_policy | resource |
aws_iam_role_policy.sfn_iam_role | resource |
aws_iam_role_policy.sfn_role_policy | resource |
aws_iam_role_policy.sfn_role_policy_logs | resource |
aws_iam_role_policy_attachment.sfn_iam_role | resource |
aws_iam_role_policy_attachment.step_function_event_iam_role | resource |
aws_sfn_state_machine.step_function_custom | resource |
aws_sfn_state_machine.step_function_default | resource |
time_sleep.wait_30_seconds | resource |
aws_iam_policy_document.sfn_iam | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
account_number | n/a | string |
n/a | yes |
alarm_config | n/a | string |
"" |
no |
alarm_topic_arn | n/a | string |
n/a | yes |
asset_id | n/a | string |
n/a | yes |
aws_ecs_cluster_containerInsights | option to enabled | disabled CloudWatch Container Insights for a cluster | string |
"enabled" |
no |
ecs_cluster_arn | provide value if ecs_cluster_new == false | string |
null |
no |
ecs_cluster_name | optionally define a custom value for the ecs cluster name and tag=Name parameter in aws_ecs_cluster. By default, it is defined as a construction from var.labels |
string |
"default" |
no |
ecs_cluster_new | optionally set to false, then no new ecs cluster will be created | bool |
true |
no |
environment_type | n/a | string |
n/a | yes |
event_input | Input payload passed into the sfn by the event | string |
null |
no |
labels | Minimum required map of labels(tags) for creating aws resources | object({ |
n/a | yes |
permissions_boundary | A permissions boundary ARN to apply to the roles that are created. | string |
"" |
no |
region | n/a | string |
"us-east-1" |
no |
region_description | n/a | string |
n/a | yes |
retry_config | n/a | map |
{ |
no |
sfn_custom_definition | n/a | string |
"null" |
no |
sfn_custom_json_file | n/a | string |
null |
no |
sfn_event_role_policy_arns | A list of IAM Policy ARNs to attach to the generated sfn event role. | list(string) |
[] |
no |
sfn_event_schedule_expression | n/a | string |
n/a | yes |
sfn_log_group_enabled | define is it necessary or not to store sfn logs in cloudwatch log group | bool |
true |
no |
sfn_log_group_retention_in_days | n/a | number |
7 |
no |
sfn_role_policy_arns | A list of IAM Policy ARNs to attach to the generated sfn role. | list(string) |
[] |
no |
sfn_role_policy_statements | A map of zero or multiple role policies statements which will be attached to sfn role(in addition to default) |
map(any) |
{} |
no |
sfn_type | define custom if you need to use custom sfn.json file | string |
"default" |
no |
tags | Additional tags | map(string) |
{} |
no |
task_definition_arn | define task name to run by step function | string |
n/a | yes |
task_iam_role_arn | define task iam role name to run by step function | string |
n/a | yes |
task_security_group_id | n/a | string |
n/a | yes |
task_subnet_ids | n/a | list(string) |
n/a | yes |
No outputs.