用于 ECS 任务/容器的 Terraform AWS CloudWatch 日志组答案

【问题标题】：Terraform AWS CloudWatch log group for ECS tasks/containers用于 ECS 任务/容器的 Terraform AWS CloudWatch 日志组
【发布时间】：2020-04-28 07:03:18
【问题描述】：

我正在尝试使用 Terraform 创建 AWS ECS 任务，该任务会将日志放在 CloudWatch 上的特定日志组中。问题是容器定义在 JSON 文件中，我无法将 CloudWatch 组名称从 .tf 文件映射到该 .json 文件。

container_definition.json：

[
  {
    "name": "supreme-task",
    "image": "xxxx50690yyyy.dkr.ecr.eu-central-1.amazonaws.com/supreme-task",
    "essential": true,
    "portMappings": [
      {
        "containerPort": 5000,
        "hostPort": 5000
      }
    ],
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "supreme-task-group",  <- This needs to be taken from variable.tf file.
        "awslogs-region": "eu-central-1",
        "awslogs-stream-prefix": "streaming"
      }
    }
  }
]

变量.tf：


variable "ecs_task_definition_name" {
  description = "Task definition name."
  type = string
  default = "supreme-task-def"
}

variable "task_role" {
  description = "Name of the task role."
  type = string
  default = "supreme-task-role"
}

variable "task_execution_role" {
  description = "Name of the task execution role."
  type = string
  default = "supreme-task-exec-role"
}

variable "cloudwatch_group" {
  description = "CloudWatch group name."
  type = string
  default = "supreme-task-group"
}

任务定义：

resource "aws_ecs_task_definition" "task_definition" {
  family = var.ecs_task_definition_name
  requires_compatibilities = ["FARGATE"]
  network_mode = "awsvpc"
  cpu = 1024
  memory = 4096
  container_definitions = file("modules/ecs-supreme-task/task-definition.json")
  execution_role_arn = aws_iam_role.task_execution_role.name
  task_role_arn = aws_iam_role.task_role.name
}

有没有办法做到这一点？或者也许这应该以不同的方式完成？

【问题讨论】：

您是否尝试过插值（通过将 JSON 内联在 HEREDOC 中）或使用 Terraform 的模板功能？
内联 JSON 插值工作，谢谢！ :)
您要自己回答吗？
不用，你可以的。

标签： terraform amazon-ecs amazon-cloudwatch terraform-provider-aws

【解决方案1】：

通过关注@ydaetskcorR 的评论解决。

将容器定义作为内联参数。

container_definitions = <<DEFINITION
    [
      {
        "name": "${var.repository_name}",
        "image": "${var.repository_uri}",
        "essential": true,
        "portMappings": [
          {
            "containerPort": 5000,
            "hostPort": 5000
          }
        ],
        "logConfiguration": {
          "logDriver": "awslogs",
          "options": {
            "awslogs-group": "${var.cloudwatch_group}",
            "awslogs-region": "eu-central-1",
            "awslogs-stream-prefix": "ecs"
          }
        }
      }
    ]
    DEFINITION

【讨论】：

【解决方案2】：

如果您想将容器定义作为模板加载以避免内联 tf 文件中的内容，那么您可以：

1- 将容器定义创建为带有变量的模板文件，只需注意扩展名为 .tpl

container_definition.tpl

[
  {
    "name": "supreme-task",
    "image": "xxxx50690yyyy.dkr.ecr.eu-central-1.amazonaws.com/supreme-task",
    "essential": true,
    "portMappings": [
      {
        "containerPort": 5000,
        "hostPort": 5000
      }
    ],
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "${cloudwatch_group}",
        "awslogs-region": "eu-central-1",
        "awslogs-stream-prefix": "streaming"
      }
    }
  }
]

2- 然后将文件加载为模板并注入变量：

task_definition.tf

data template_file task_definition {
  template = file("${path.module}/container_definition.tpl")

  vars = {
    cloudwatch_group = var.cloudwatch_group
  }
}

resource "aws_ecs_task_definition" "task_definition" {
  family = var.ecs_task_definition_name
  requires_compatibilities = ["FARGATE"]
  network_mode = "awsvpc"
  cpu = 1024
  memory = 4096
  container_definitions = data.template_file.task_definition.rendered
  execution_role_arn = aws_iam_role.task_execution_role.name
  task_role_arn = aws_iam_role.task_role.name
}

【讨论】：