Created
July 10, 2021 20:25
-
-
Save KyMidd/81c87c249e34cb9ddf43d5f2346fc6a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "Ue1TiGitHubBuilders" { | |
source = "./modules/ecs_on_fargate" | |
ecs_name = "ResourceGroupName" # Name to use for customizing resources, permits deploying this module multiple times with different names | |
image_ecr_url = "url_of_ECR" # URL of the container repo where image is stored | |
task_environment_variables = [ # List of maps of environment variables to pass to container when it's spun up | |
{ name : "ENV1", value : "env_value1" }, # Remember these are clear-text in the console and via CLI | |
{ name : "ENV2", value : "env_value2" } | |
] | |
task_secret_environment_variables = [ #Use this secret block for secrets, passkeys, etc. | |
{ name : "SECRET", valueFrom : "secrets_manager_secret_arn" } # Note we're using 'valueFrom' here, which accepts a secrets manager ARN rather than plain-text secret | |
] | |
execution_iam_access = { | |
secrets = [ | |
"secrets_manager_secret_arn" # ARN of secret to grant access to | |
] | |
kms_cmk = [ | |
data.aws_secretsmanager_secret.kms_cmk_arn.kms_key_id # For secret encrypted with CMK, find CMK ARN and grant access | |
] | |
s3_buckets = [ | |
"s3_bucket_arn" # S3 bucket ARN to grant access to | |
] | |
} | |
task_role_arn = "arn_of_task_role" # This role is used by the container that's launched | |
service_subnets = [ # A list of subnets to put the fargate and container into | |
var.subnet1_id, | |
var.subnet2_id, | |
] | |
service_sg = [ # A list of SGs to assign to the container | |
var.sg_id, | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment