This Terraform module manages EC2 Instances and corresponding auto-scaling group for an existing ECS Cluster.
Includes least-privilege security group, dedicated IAM role, and SSM Session Manager. Optionally mounts a shared file system.
Requires:
- AWS Provider
- Terraform 0.12
- IAM Role
- IAM Instance Profile
- Security Group for EC2 Instances
- Allows 80/443 inbound from
load_balancer_sg_id
- Allows 80/443 outbound to
0.0.0.0/0
- Allows 2049 (NFS) outbound to the VPC's CIDR block
- Allows 80/443 inbound from
- EC2 Launch Configuration
- EC2 Autoscaling Group (Does NOT create scaling policies)
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_security_group_ids | Any additional security group IDs to associate to the instances | list |
[] |
no |
asg_max_size | The maximum size for the autoscaling group | string |
"10" |
no |
asg_min_size | The minimum size for the autoscaling group | string |
"3" |
no |
ecs_cluster_name | ECS Cluster Name | string |
n/a | yes |
efs_id | Automatically mounts EFS to /mnt/efs if an EFS ID is provided | string |
"" |
no |
instance_type | Instance Type for Autoscaling Group | string |
"m5.large" |
no |
load_balancer_sg_id | The security group ID associated to the load balancer (whitelisted for inbound traffic to ECS) | string |
n/a | yes |
prefix | Name Prefix | string |
"" |
no |
target_subnet_ids | The subnet IDs to launch instances into | list |
n/a | yes |
vpc_id | VPC ID | string |
n/a | yes |
Name | Description |
---|---|
autoscaling_group_arn | The ARN of the auto-scaling group created |
autoscaling_group_id | The ID of the auto-scaling group created |
base_ami_id | The base AMI used for the launch configurations |
iam_instance_profile | The IAM instance profile resource block for the instance profile attached to the instances |
iam_role | The IAM Role resource block for the IAM role |
launch_configuration_id | The ID of the launch configuration created |
launch_configuration_name | The name of the launch configuration created |
security_group | The security group resource block for the security group attached to the instances |