用于 ECS 任务/容器的 Terraform AWS CloudWatch 日志组

Posted 2023-03-04

【中文标题】用于 ECS 任务/容器的 Terraform AWS CloudWatch 日志组

【英文标题】：Terraform AWS CloudWatch log group for ECS tasks/containers

【发布时间】：2020-04-28 07:03:18

【问题描述】：

我正在尝试使用 Terraform 创建 AWS ECS 任务，该任务会将日志放在 CloudWatch 上的特定日志组中。问题是容器定义在 JSON 文件中，我无法将 CloudWatch 组名称从 .tf 文件映射到该 .json 文件。

container_definition.json：

[
  
    "name": "supreme-task",
    "image": "xxxx50690yyyy.dkr.ecr.eu-central-1.amazonaws.com/supreme-task",
    "essential": true,
    "portMappings": [
      
        "containerPort": 5000,
        "hostPort": 5000
      
    ],
    "logConfiguration": 
      "logDriver": "awslogs",
      "options": 
        "awslogs-group": "supreme-task-group",  <- This needs to be taken from variable.tf file.
        "awslogs-region": "eu-central-1",
        "awslogs-stream-prefix": "streaming"
      
    
  
]

变量.tf：

variable "ecs_task_definition_name" 
  description = "Task definition name."
  type = string
  default = "supreme-task-def"


variable "task_role" 
  description = "Name of the task role."
  type = string
  default = "supreme-task-role"


variable "task_execution_role" 
  description = "Name of the task execution role."
  type = string
  default = "supreme-task-exec-role"


variable "cloudwatch_group" 
  description = "CloudWatch group name."
  type = string
  default = "supreme-task-group"

任务定义：

resource "aws_ecs_task_definition" "task_definition" 
  family = var.ecs_task_definition_name
  requires_compatibilities = ["FARGATE"]
  network_mode = "awsvpc"
  cpu = 1024
  memory = 4096
  container_definitions = file("modules/ecs-supreme-task/task-definition.json")
  execution_role_arn = aws_iam_role.task_execution_role.name
  task_role_arn = aws_iam_role.task_role.name

有没有办法做到这一点？或者也许这应该以不同的方式完成？

【问题讨论】：

您是否尝试过插值（通过将 JSON 内联在 HEREDOC 中）或使用 Terraform 的模板功能？

内联 JSON 插值工作，谢谢！ :)

您要自己回答吗？

不用，你可以的。

【参考方案1】：

通过关注@ydaetskcorR 的评论解决。

将容器定义作为内联参数。

container_definitions = <<DEFINITION
    [
      
        "name": "$var.repository_name",
        "image": "$var.repository_uri",
        "essential": true,
        "portMappings": [
          
            "containerPort": 5000,
            "hostPort": 5000
          
        ],
        "logConfiguration": 
          "logDriver": "awslogs",
          "options": 
            "awslogs-group": "$var.cloudwatch_group",
            "awslogs-region": "eu-central-1",
            "awslogs-stream-prefix": "ecs"
          
        
      
    ]
    DEFINITION

【参考方案2】：

如果您想将容器定义作为模板加载以避免内联 tf 文件中的内容，那么您可以：

1- 将容器定义创建为带有变量的模板文件，只需注意扩展名为 .tpl

container_definition.tpl

[
  
    "name": "supreme-task",
    "image": "xxxx50690yyyy.dkr.ecr.eu-central-1.amazonaws.com/supreme-task",
    "essential": true,
    "portMappings": [
      
        "containerPort": 5000,
        "hostPort": 5000
      
    ],
    "logConfiguration": 
      "logDriver": "awslogs",
      "options": 
        "awslogs-group": "$cloudwatch_group",
        "awslogs-region": "eu-central-1",
        "awslogs-stream-prefix": "streaming"
      
    
  
]

2- 然后将文件加载为模板并注入变量：

task_definition.tf

data template_file task_definition 
  template = file("$path.module/container_definition.tpl")

  vars = 
    cloudwatch_group = var.cloudwatch_group
  


resource "aws_ecs_task_definition" "task_definition" 
  family = var.ecs_task_definition_name
  requires_compatibilities = ["FARGATE"]
  network_mode = "awsvpc"
  cpu = 1024
  memory = 4096
  container_definitions = data.template_file.task_definition.rendered
  execution_role_arn = aws_iam_role.task_execution_role.name
  task_role_arn = aws_iam_role.task_role.name