terraform-aws-fargate icon indicating copy to clipboard operation
terraform-aws-fargate copied to clipboard

Published 20 hours ago β€’ verified publisher icon strvcom

Allow to provide task_definition_template_vars

Open Overbryd opened this issue 5 years ago β€’ 3 comments

This pull request adds task_definition_template_vars (map(string)) to the service definition. Doing so, we can pass / or overwrite template variables of the task definition template file.

I needed this to inject secrets and other environment variables into my task definition.

Example:

  services = {
    api = {
      task_definition = "fargate/backend.json"
      task_definition_template_vars = {
        aws_ssm_database_url = aws_ssm_parameter.aws_ssm_database_url.arn
        aws_ssm_secret_key_base = aws_ssm_parameter.aws_ssm_secret_key_base.arn
        aws_ssm_guardian_secret_key = aws_ssm_parameter.aws_ssm_guardian_secret_key.arn
        public_dns = "<redacted>"
      }

And in fargate/backend.json:

[
  {
    "portMappings": [
      {
        "hostPort": ${container_port},
        "protocol": "tcp",
        "containerPort": ${container_port}
      }
    ],
    "image": "${repository_url}:latest",
    "name": "${container_name}",
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "${log_group}",
        "awslogs-region": "${region}",
        "awslogs-stream-prefix": "ecs"
      }
    },
    "environment": [
      { "name": "PUBLIC_DNS", "value": "${public_dns}" }
    ],
    "secrets": [
      { "name": "DATABASE_URL", "valueFrom": "${aws_ssm_database_url}" },
      { "name": "SECRET_KEY_BASE", "valueFrom": "${aws_ssm_secret_key_base}" },
      { "name": "GUARDIAN_SECRET_KEY", "valueFrom": "${aws_ssm_guardian_secret_key}" }
    ]
  }
]

Overbryd avatar Oct 24 '19 14:10 Overbryd

Hey @Overbryd, thank you for opening this PR, looks very interesting. I'll have a proper look later next week since I'm kinda busy with other projects at the moment.

jlsan92 avatar Oct 25 '19 12:10 jlsan92

Hey @jlsan92 @Overbryd quick question. I saw the other PR got merged, but I didn't understand if with the other feature is enough to use the SSM parameters, or this is required aswell. Just with the other PR I don't understand how those values would be put into the task definition JSON.

Thanks again for this amazing work

ivanmb avatar Nov 06 '19 20:11 ivanmb

Hey @ivanmb, thanks for reaching out.

This PR is not necessary to use SSM params. You could add the params ARN to your Task Definition and use them right away. The bad thing is that they would need to be hardcoded into the file.

Certainly, this PR solves that but I believe that adding "open" variables into the module (by using built-in merge function) is not a good idea. Even I feel that the current approach of the Task Definition templating is not good either. The module should ingest a pre-generated JSON file instead of making one thru templating.

I will try to come up with a PR by the end of the week to solve this πŸ™Stay tuned πŸ’ͺ

jlsan92 avatar Nov 06 '19 21:11 jlsan92