Add aws_ecs_container_definition data source

[nicolai86]

this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.

Right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service:

profile="${AWS_DEFAULT_PROFILE:-default}"
region=eu-west-1

service_name="ecs-service"
task_definition=$(aws --profile "$profile" ecs describe-task-definition --region "$region" --task-definition "$service_name")
current_tag=$(echo $task_definition | jq -r '.taskDefinition.containerDefinitions' | jq -r "map(.image | select(contains(\"my/image\"))) | first" | awk '{split($0,a,":"); printf a[2]}')

terraform apply \
  -var="current_tag=$current_tag" 

using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely:

resource "template_file" "mongo" {
  template = <<DEFINITION
[
  {
    "cpu": 128,
    "essential": true,
    "image": "mongo:${tag}",
    "memory": 128,
    "name": "mongodb"
  }
]
DEFINITION

  vars = {
    tag   = "${data.aws_ecs_container_definition.mongo.image_digest}"
  }
}

resource "aws_ecs_cluster" "default" {
  name = "terraformecstest1"
}

resource "aws_ecs_task_definition" "mongo" {
  family = "mongodb"
  container_definitions = "${template_file.mongo.rendered}"
}

resource "aws_ecs_service" "mongo" {
  name = "mongodb"
  cluster = "${aws_ecs_cluster.default.id}"
  task_definition = "${aws_ecs_task_definition.mongo.arn}"
  desired_count = 1
}

data "aws_ecs_container_definition" "mongo" {
  task_definition = "mongodb"
  container_name = "mongodb"
}

This works for task definitions containing multiple container definitions, too, since a aws_container_definition data source only tracks one container inside a task_definition.

[stack72]

Hi @nicolai86,

Please can you change this part of the docs :)

P.

[nicolai86]

You always find my doc copy pasta. love it. thank you @stack72 ❤️

[nicolai86]

@stack72 done!

[stack72]

Hi @nicolai86

This looks good :) Thanks for the work here!

Paul

[nareshov]

This seems to cause a dependency cycle error in my case:

data "template_file" "flower" {
    template = "${file("${path.module}/flower.json")}"

    vars = {
#        docker-image              = "${var.docker_image}"
        docker-image              = "${data.aws_ecs_container_definition.flower.image}"
        broker-url                = "${var.broker_url}"
        oauth2_proxy_docker_image = "${var.oauth2_proxy_docker_image}"
        oauth2_proxy_env_vars     = "${var.oauth2_proxy_env_vars}"
    }
}

resource "aws_ecs_task_definition" "flower" {
    family                = "${var.project_name}-${var.environment_name}-flower"
    container_definitions = "${data.template_file.flower.rendered}"
}

data "aws_ecs_container_definition" "flower" {
    task_definition = "${aws_ecs_task_definition.flower.id}"
    container_name  = "flower"
}


output "taskdef.arn" {
    value = "${aws_ecs_task_definition.flower.arn}"
}

flower.json:

[
  {
    "name"        : "flower",
    "hostname"    : "flower",
    "image"       : "${docker-image}",
    "cpu"         : 128,
    "memory"      : 256,
    "entryPoint"  : [],
    "essential"   : true,
    "volumesFrom" : [],
    "mountPoints" : [],
    "environment" : [
      {
        "name"  : "FLOWER_LOGGING",
        "value" : "INFO"
      }
    ],
    "command": [
      "--broker",
      "${broker-url}"
    ]
  }
...

The error I get is:

$ terraform plan
Error configuring: 1 error(s) occurred:

* Cycle: data.aws_ecs_container_definition.flower, data.template_file.flower, aws_ecs_task_definition.flower

Am I missing something?

EDIT:
forgot to mention:

$ terraform  -version
Terraform v0.7.0

Noticed the support for this in https://github.com/hashicorp/terraform/blob/master/CHANGELOG.md#070-august-2-2016

[nicolai86]

@nareshov the task definition id is set to the family attribute, so this should work for you:

resource "aws_ecs_task_definition" "flower" {
    family                = "${var.project_name}-${var.environment_name}-flower"
    container_definitions = "${data.template_file.flower.rendered}"
}

data "aws_ecs_container_definition" "flower" {
    task_definition = "${var.project_name}-${var.environment_name}-flower"
    container_name  = "flower"
}

[nicolai86]

the example above is actually missing that part, I'll correct it

[dene14]

How's that useful if service definition still refers to aws_ecs_task_definition, and every time you do CI deploy it changes task_definition revision referenced in the service, applying terraform later will switch service back to previous version?

[nicolai86]

My use case was to get the current image digest; I think you can easily include current revision here as well, change should be minimal

[dene14]

Terraform saves task definition reference in service definition in state file as [family:state], so it's more about aws_ecs_service resource...

[nicolai86]

Point taken. Luckily, this data source is only for the containers WITHIN a task definition

[inversion]

I'm having trouble using the exported environment attribute. @nicolai86 have you tried interpolating it? From the code it does not look like it is exported in the [{name: value}, ...] format that ECS uses in task definitions so we could need to map it from {name: value, ...} to [{name: value}, ...].

[nicolai86]

@inversion my use case was reading it easily, which is why I convert it to a map; not sure how you'd lookup values from an array of objects in HCL. Do you have an example for that?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.