appreciate your support in solving this issue i have main.tf file like below
resource "aws_ecs_service" "nodejs-service" {
name = "nodejs-service"
cluster = aws_ecs_cluster.project_cluster.id
task_definition = aws_ecs_task_definition.nodejs.arn
launch_type = "FARGATE"
desired_count = 1
load_balancer {
target_group_arns = module.alb.target_group_arns
container_name = "${aws_ecs_task_definition.nodejs.family}"
container_port = 8080 # Specifying the container port
}
network_configuration {
subnets = var.vpc.public_subnets
assign_public_ip = true
}
}
module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 8.0"
name = var.namespace
load_balancer_type = "application"
vpc_id = var.vpc.vpc_id
subnets = var.vpc.public_subnets
security_groups = [var.sg.lb]
http_tcp_listeners = [
{
port = 80
protocol = "HTTP"
target_group_index = 0
}
]
target_groups = [
{ name_prefix = "nodejs-service"
backend_protocol = "HTTP"
backend_port = 8080
target_type = "instance"
}
]
}
i receive error
│ Error: Unsupported argument
│
│ on modules/ecs/main.tf line 58, in resource "aws_ecs_service" "nodejs-service":
│ 58: target_group_arns = module.alb.target_group_arns
│
│ An argument named "target_group_arns" is not expected here. Did you mean "target_group_arn"?
even if i changed target_groups on the service parameters to be target_group_arn i receive error "target_group_arn" is not defined
also with module.alb.target_groups[0] the same error appear with terraform plan
load_balancer {
target_group_arn = module.alb.target_groups[0]
container_name = "${aws_ecs_task_definition.nodejs.family}"
container_port = 8080 # Specifying the container port
}
Error:
│ Error: Unsupported attribute
│
│ on modules/ecs/main.tf line 58, in resource "aws_ecs_service" "nodejs-service":
58: target_group_arn = module.alb.target_groups[0]
├────────────────
│ module.alb is a object
This object does not have an attribute named "target_groups".
as per main.tf file how can i select the target group which is defined in alb module
Thanks,
tried: terraform plan and expected alb with target group pointing on nodejs-service container
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.27"
}
null = {
source = "hashicorp/null"
version = ">= 2.0"
}
}
}
The issue is not in the module, rather in the argument you are trying to use in the aws_ecs_service resource. You are currently setting it to target_group_arns while the argument is singular, i.e., target_group_arn [1]:
load_balancer {
target_group_arn = module.alb.target_group_arns[0]
container_name = "${aws_ecs_task_definition.nodejs.family}"
container_port = 8080 # Specifying the container port
}
The example is with the first of the target groups returned from the module, so make sure you are using the correct one.
[1] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#target_group_arn
output from the module alb is an array.
In your case it would be module.alb.target_group_arns[0]
Replace it with this code
load_balancer {
target_group_arns = module.alb.target_group_arns[0]
container_name = "${aws_ecs_task_definition.nodejs.family}"
container_port = 8080 # Specifying the container port
}
Related
I was latest terrfaorm version 1.3.3 and aws version "aws-cli/2.7.5 Python/3.9.11 Windows/10 exe/AMD64 prompt/off" and here is my script.
# Application load balancer
resource "aws_elb" "main" {
name = "constructor-io-elb-tf"
description = "Creating new ELB for the constructor-io"
subnets = aws_subnet.public.*.id
security_groups = [aws_security_group.lb.id]
}
# Creating a target group for http
resource "aws_alb_target_group" "tg" {
name = "constuctor-target-group-tf"
port = 80
provider = http
vpc_id = aws_vpc.main.id
target_type = "ip"
health_check {
healthy_threshold = "2"
unhealthy_threshold = 1
interval = "20"
protocol = http
matcher = "200"
timeout = "5"
health_check_path = var.health_check_path
}
}
# Redirecting all the traffic from ALB to target group
resource "aws_alb_listener" "listener" {
load_balancer_arn = aws.alb.main.id
port = var.app_port
protocol = http
default_action {
target_group_arn = aws_alb_target_group.tg.id
type = "forward"
}
}
Wehn I run "terraform apply it was saying,
│ Error: Invalid resource type
│
│ on alb.tf line 12, in resource "aws_lb_target_group" "tg":
│ 12: resource "aws_lb_target_group" "tg" {
│
│ The provider hashicorp/http does not support resource type "aws_lb_target_group".
I also tried with "aws_alb_target_group" and upgraded using "terraform init -upgrade"
Nothing works.
Please make sure you read the documentation properly prior to running any configuration [1]. Terraform is complaining here because it expects the http provider. Other than that there are more errors. You need to change the code to be the following:
resource "aws_alb_target_group" "tg" {
name = "constuctor-target-group-tf"
port = 80
vpc_id = aws_vpc.main.id
target_type = "ip"
health_check {
healthy_threshold = "2"
unhealthy_threshold = 1
interval = "20"
protocol = "HTTP" # <---- it has to be with quotes and uppercase
matcher = "200"
timeout = "5"
health_check_path = var.health_check_path
}
}
# Redirecting all the traffic from ALB to target group
resource "aws_alb_listener" "listener" {
load_balancer_arn = aws.alb.main.id
port = var.app_port
protocol = "HTTP" # <---- it has to be with quotes and uppercase
default_action {
target_group_arn = aws_alb_target_group.tg.id
type = "forward"
}
}
[1] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group#protocol
The configuration for your target group are incorrect. Following your example, you should configure it like this:
resource "aws_alb_target_group" "tg" {
name = "constuctor-target-group-tf"
port = "80"
protocol = "HTTP"
vpc_id = aws_vpc.main.id
target_type = "ip"
health_check {
healthy_threshold = "2"
unhealthy_threshold = 1
interval = "20"
protocol = "HTTP"
matcher = "200"
timeout = "5"
health_check_path = var.health_check_path
}
}
And the listener:
resource "aws_alb_listener" "listener" {
load_balancer_arn = aws.alb.main.id
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_alb_target_group.my_lb_target_group.arn
}
}
If you still have any doubts, feel free to contact me.
I tried to create an EC2 instance. When I don't set security group, it's good, but when set security group it failed with the following message:
│ Error: creating EC2 Instance: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty
│ status code: 400, request id: 2935799e-2364-4676-ba02-457740336cd1
│
│ with aws_instance.my_first_instance,
│ on main.tf line 44, in resource "aws_instance" "my_first_instance":
│ 44: resource "aws_instance" "my_first_instance" {
The code is
variable "ecs_cluster_name" {
type = string
default = "production"
}
data "aws_ami" "ecs_ami" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-ecs-hvm-2.0.202*-x86_64-ebs"]
}
}
output "ami_name" {
value = data.aws_ami.ecs_ami.name
description = "the name of ecs ami"
}
output "security_group_id" {
value = aws_security_group.default.id
description = "id of security group"
}
resource "aws_security_group" "default" {
name = "terraform_Security_group"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "my_first_instance" {
ami = data.aws_ami.ecs_ami.id
instance_type = "t2.micro"
# security_groups = ["sg-06e91dae98b2c44c6"]
security_groups = [aws_security_group.default.id]
user_data = <<-EOF
#!/bin/bash
echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config
EOF
}
You should be using vpc_security_group_ids:
vpc_security_group_ids = [aws_security_group.default.id]
I'm trying to create an ECS service using Terraform. I have some modules defined to create some necessary resources (like the alb, vpc, subnets, etc). All of those have been created successfully, but the aws_ecs_service is not being created.
This is the Terraform code I'm using:
terraform {
required_version = ">= 0.13"
}
resource "aws_ecs_task_definition" "main" {
family = "task-definition"
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = var.fargate_cpu
memory = var.fargate_memory
container_definitions = jsonencode([
{
name = "container-definition"
image = var.container_image
cpu = var.fargate_cpu
memory = var.fargate_memory
command = ["python3", "manage.py", "runserver", "0.0.0.0:8000"]
port_mappings = [
{
container_port = var.app_port
host_port = var.app_port
}
]
logConfiguration = {
logDriver = "awslogs"
options = {
awslogs-group = "/ecs/task-definition"
awslogs-region = var.aws_region
awslogs-stream-prefix = "ecs"
}
}
}
])
}
module "load_balancer" {
source = "../alb"
vpc_id = var.vpc_id
app_port = var.app_port
public_subnets_ids = var.public_subnets_ids
health_check_path = "/"
}
resource "aws_ecs_service" "main" {
name = "testing-service"
cluster = var.ecs_cluster_id
task_definition = aws_ecs_task_definition.main.arn
desired_count = 1
launch_type = "FARGATE"
network_configuration {
security_groups = [module.load_balancer.sg_id]
subnets = var.private_subnet_ids
assign_public_ip = true
}
load_balancer {
target_group_arn = module.load_balancer.alb_tg_arn
container_name = "container-definition"
container_port = var.app_port
}
depends_on = [
module.load_balancer
]
}
I'm fully aware that fragment of code is not enough to reproduce the problem, but I have not been able to make a smaller example reproducing the problem. If you need the rest of the files, I can create a public repo or something like with the rest of the code.
The error I'm getting is:
╷
│ Error: error creating testing-service service: error waiting for ECS service (testing-service) creation: InvalidParameterException: The container container-definition did not have a container port 8000 defined.
│
│ with module.service.aws_ecs_service.main,
│ on service/main.tf line 47, in resource "aws_ecs_service" "main":
│ 47: resource "aws_ecs_service" "main"
Update
Taking a look at the generated resources, I have seen that the port mapping has not been generated! Even though I have it specified in the terraform code:
That's a screenshot from the task definition created by that code.
You have a typo in your container definition. Instead of this:
port_mappings = [
{
container_port = var.app_port
host_port = var.app_port
}
]
You should have:
portMappings = [
{
containerPort = var.app_port
hostPort = var.app_port
}
]
I am new to terraform and trying to make an instance of AWS (t2.nano) by the image below.
this is my tf file:
provider "aws" {
profile = "default"
region = "us-west-2"
}
resource "aws_s3_bucket" "prod_tf_course" {
bucket = "tf-course-20210607"
acl = "private"
}
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "group_web"{
name = "prod_web"
description = "allow standard http and https ports inbound and everithing outbound"
ingress{
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress{
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
"Terraform" : "true"
}
}
resource "aws_instance" "prod_web"{
ami = "ami-05105e44227712eb6"
instance_type ="t2.nano"
vpc_security_group_ids = [
aws_security_group.prod_web.id
]
tags = {
"Terraform" : "true"
}
}
When I run the command terraform plan, its produces the following error:
$ terraform plan
╷
│ Error: Reference to undeclared resource
│
│ on prod.tf line 50, in resource "aws_instance" "prod_web":
│ 50: aws_security_group.prod_web.id
│
│ A managed resource "aws_security_group" "prod_web" has not been declared in
│ the root module.
╵
if someone can help me fix it , i will be so happy.
It should be:
vpc_security_group_ids = [
aws_security_group.group_web.id
]
as your aws_security_group is called group_web, not prod_web.
I am trying to use ALB module value in http_listener_rule resource. I found only one way to do this that is by using this syntax: “${module.alb.http_tcp_listener_arns}” in resource
But this is throwing the following error: Inappropriate value for attribute “listener_arn”: string required.
The following error occurs:
Error: Incorrect attribute value type
on main.tf line 197, in resource "aws_lb_listener_rule" "host_based_routing":
197: listener_arn = "${module.alb.http_tcp_listener_arns}"
├────────────────
│ module.alb.http_tcp_listener_arns is empty tuple
Inappropriate value for attribute "listener_arn": string required.
resource "aws_lb_listener_rule" "host_based_routing" {
listener_arn = "${module.alb.http_tcp_listener_arns}"
priority = 99
action {
type = "forward"
target_group_arn = "${module.alb.target_group_arns}"
}
condition {
host_header {
values = ["example.com"]
}
}
}
module "alb" {
source = "git#github.com:terraform-aws-modules/terraform-aws-alb.git?ref=v6.0.0"
name = "demo-alb"
load_balancer_type = "application"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
security_groups = [module.security_group_asg.security_group_id]
target_groups = [
{
name = "target-group"
backend_protocol = "HTTP"
backend_port = 80
target_type = "instance"
health_check = {
enabled = true
interval = 110
path = "/drupal"
port = "traffic-port"
healthy_threshold = 3
unhealthy_threshold = 3
timeout = 100
protocol = "HTTP"
matcher = "200-399"
}
}
]
}
module.alb.http_tcp_listener_arns is a list of ARNs, so you have to specify individual ARN for your host_based_routing. If you have only one, then you can try:
listener_arn = module.alb.http_tcp_listener_arns[0]