terraform-aws-ecs icon indicating copy to clipboard operation
terraform-aws-ecs copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Trying to get AWS to create log groups fails with Log driver awslogs option 'awslogs-group' should not be null or empty.

Open barnabyibis opened this issue 8 months ago β€’ 4 comments

Description

After successfully deploying an ECS cluster, I wanted to prevent TF creating the log groups so they weren't deleted after each image upgrade.

Noting the description of the container-definition module,

variable "create_cloudwatch_log_group" {
  description = "Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled"
  type        = bool
  default     = true
}

I set this to 'false'.

I got an error Error: creating ECS Task Definition (): ClientException: Log driver awslogs option 'awslogs-group' should not be null or empty. I believe this occurs due to the try clause resolving as an empty string in

  log_configuration = merge(
    { for k, v in {
      logDriver = "awslogs",
      options = {
        awslogs-region        = data.aws_region.current.name,
        awslogs-group         = try(aws_cloudwatch_log_group.this[0].name, ""),
        awslogs-stream-prefix = "ecs"
      },
    } : k => v if var.enable_cloudwatch_logging },

I imagine the solution would be to use the local value log_group_name = try(coalesce(var.cloudwatch_log_group_name, "/aws/ecs/${var.service}/${var.name}"), "")

as in awslogs-group = try(aws_cloudwatch_log_group.this[0].name, local.log_group_name),

Versions

  • Module version [Required]: 5.11.1
  • Terraform version: Terraform v1.8.1 on windows_amd64
  • Provider version(s):
  • provider registry.terraform.io/hashicorp/archive v2.4.2
  • provider registry.terraform.io/hashicorp/aws v5.46.0
  • provider registry.terraform.io/hashicorp/local v2.5.1

Reproduction Code [Required]

# Container definition(s) container_definition_defaults = { readonly_root_filesystem = false enable_cloudwatch_logging = true create_cloudwatch_log_group = false # Avoids deletion during upgrade : "Determines whether a log group is created by this module. If not, AWS will automatically create one if logging is enabled" cloudwatch_log_group_retention_in_days = 5 dns_search_domains = ["${each.value.subnets[0].env}.${var.dns_domain}"] # Maps to ECS container definition option dnsSearchDomains } container_definitions = {for container_name, container in each.value.container_details : container_name => { image = one([for img in data.aws_ecr_image.component_images : "${split("@",img.image_uri)[0]}:${container.image_tag}" if strcontains(img.repository_name, each.value.image_repo) && img.image_tag == container.image_tag ]) port_mappings = [ { name = container_name containerPort = container.container_port protocol = "tcp" } ] memory_reservation = parseint(format("%.0f",container.mem_res_mult * data.aws_ec2_instance_type.defined[each.value.instance_type].memory_size),10) environment = local.environment_variables cloudwatch_log_group_name = "/aws/ecs/${var.cluster_name}/${each.key}" } }

Steps to reproduce the behavior:

No N/A See intro

Expected behavior

Set enable_cloudwatch_logging = true create_cloudwatch_log_group = false and AWS creates the log for you (which won't be deleted when the Task is destroyed during an upgrade)

Actual behavior

'Apply' fails with quoted error

Terminal Output Screenshot(s)

Additional context

barnabyibis avatar Jun 19 '24 05:06 barnabyibis