This example demonstrates the full range of container definition parameters available in the container-definition sub-module. It creates two container definitions: a comprehensive one with nearly every parameter set, and a minimal one.
What is created
A container definition with FireLens logging, health check, resource requirements, security options, environment variables, secrets, and mount points
A simple container definition with minimal configuration
CloudWatch log groups (managed by Terraform)
This example only creates container definition resources (CloudWatch log groups). It does not create a cluster, service, or task definition. Use these outputs with aws_ecs_task_definition or with the service module’s container_definitions argument.
Code Comprehensive Definition
Simple Definition
module "ecs_container_definition" { source = "terraform-aws-modules/ecs/aws//modules/container-definition" name = local . name command = [ "/usr/sbin/apache2" , "-D" , "FOREGROUND" ] cpu = 512 dependsOn = [{ containerName = "fluent-bit" condition = "START" }] disableNetworking = false dnsSearchDomains = [ "mydns.on.my.network" ] dnsServers = [ "172.20.0.11" ] dockerLabels = { "com.example.label" = "value" } dockerSecurityOptions = [ "no-new-privileges" ] entrypoint = [ "/usr/sbin/apache2" , "-D" , "FOREGROUND" ] environment = [ { name = "ENV_VAR_1" , value = "value1" }, { name = "ENV_VAR_2" , value = "value2" } ] environmentFiles = [{ type = "s3" value = "s3://my-bucket/my-env-file.env" }] essential = true firelensConfiguration = { type = "fluentbit" } healthCheck = { command = [ "CMD-SHELL" , "curl -f http://localhost: ${ local . container_port } /health || exit 1" ] } image = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50" interactive = false linuxParameters = { capabilities = { add = [] drop = [ "NET_RAW" ] } } enable_cloudwatch_logging = false logConfiguration = { logDriver = "awsfirelens" options = { Name = "firehose" region = local.region delivery_stream = "my-stream" log-driver-buffer-limit = "2097152" } } memory = 1024 memoryReservation = 100 mountPoints = [ { sourceVolume = "my-vol" , containerPath = "/var/www/my-vol" }, { sourceVolume = "ebs-volume" , containerPath = "/ebs/data" } ] portMappings = [{ name = local.container_name containerPort = local.container_port hostPort = local.container_port protocol = "tcp" }] privileged = false pseudoTerminal = false restartPolicy = { enabled = true ignoredExitCodes = [ 1 ] restartAttemptPeriod = 60 } readonlyRootFilesystem = true repositoryCredentials = { credentialsParameter = "arn:aws:secretsmanager:eu-west-1:123456789012:secret:my-repo-creds" } resourceRequirements = [{ type = "GPU" , value = "1" }] secrets = [{ name = "SECRET_ENV_VAR" valueFrom = "arn:aws:ssm:eu-west-1:123456789012:parameter/my-secret-env-var" }] startTimeout = 30 stopTimeout = 120 systemControls = [ { namespace = "network" , value = "ipv6" }, { namespace = "net.core.somaxconn" , value = "1024" } ] ulimits = [{ name = "nofile" , softLimit = 1024 , hardLimit = 2048 }] user = "65534" versionConsistency = "disabled" volumesFrom = [{ sourceContainer = "fluent-bit" , readOnly = false }] workingDirectory = "/var/www/html" tags = local . tags }
module "ecs_container_definition_simple" { source = "terraform-aws-modules/ecs/aws//modules/container-definition" image = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50" cpu = 256 memory = 512 essential = true readonlyRootFilesystem = false portMappings = [{ name = "app" protocol = "tcp" containerPort = 80 hostPort = 80 }] restartPolicy = { enabled = false } tags = local . tags }
Using the output To use container definition outputs in an aws_ecs_task_definition resource:
resource "aws_ecs_task_definition" "example" { family = "example" # Use jsonencode with a list wrapping the map output container_definitions = jsonencode ([ module . ecs_container_definition . container_definition ]) # Multiple containers: # container_definitions = jsonencode([ # module.app.container_definition, # module.sidecar.container_definition, # ]) }
Container Definition Inputs Full reference for all container definition parameters.
Logging Guide CloudWatch and FireLens logging configuration patterns.
