Terraform: aws_ecs_task_definition and continuous delivery to ecs

Created on 23 Mar 2017 · 7Comments · Source: hashicorp/terraform

With the task and container definition data sources I'm almost able to get our continuous delivery setup to play nicely with Terraform. We rebuild the docker image with a unique tag at every deployment. This means that after the CI service redeploys a service, the corresponding task definition's revision is incremented and the image field in a container definition changes.

I dont' seem to be able to create a setup where the task definition could be managed by Terraform in this scenario.

Terraform Version

v0.9.1

Affected Resource(s)

resource aws_ecs_task_definition

Terraform Configuration Files

# Simply specify the family to find the latest ACTIVE revision in that family.
data "aws_ecs_task_definition" "mongo" {
  task_definition = "${aws_ecs_task_definition.mongo.family}"
}
data "aws_ecs_container_definition" "mongo" {
  task_definition = "${data.aws_ecs_task_definition.mongo.id}"
  container_name  = "mongodb"
}

resource "aws_ecs_cluster" "foo" {
  name = "foo"
}

resource "aws_ecs_task_definition" "mongo" {
  family = "mongodb"
  container_definitions = <<DEFINITION
[
  {
    "cpu": 128,
    "environment": [{
      "name": "SECRET",
      "value": "KEY"
    }],
    "essential": true,
    "image": "${aws_ecs_container_definition.mongo.image}",
    "memory": 128,
    "memoryReservation": 64,
    "name": "mongodb"
  }
]
DEFINITION
}

resource "aws_ecs_service" "mongo" {
  name          = "mongo"
  cluster       = "${aws_ecs_cluster.foo.id}"
  desired_count = 2
  # Track the latest ACTIVE revision
  task_definition = "${aws_ecs_task_definition.mongo.family}:${max("${aws_ecs_task_definition.mongo.revision}", "${data.aws_ecs_task_definition.mongo.revision}")}"
}

The problem is then that after a CI deployment, terraform would like to create a new task definition. The task definition resource here points to an earlier revision and the image field is considered changed.

With the deprecated template resources, I was able to ignore changes to variables which solved this issue. One solution that comes to mind would be the ability to set revision of the aws_ecs_task_definition resource.

I'd be grateful for any and all insights.

bug provideaws

Source

dennari

👍16 🎉1

Most helpful comment

Hello @dennari,

i have the same issue in my project. Therefor I'm very interested in a nice solution here.
:+1:

awuetz on 24 Mar 2017

👍6

All 7 comments

Hello @dennari,

i have the same issue in my project. Therefor I'm very interested in a nice solution here.
:+1:

awuetz on 24 Mar 2017

👍6

Hi,
I've run into the same issue, here is my work around
I initially create the task definition in terraform but then ignore changes to it in my ecs_service resource.

  lifecycle {
    create_before_destroy = true
    ignore_changes        = ["task_definition"]
  }

If you need to change the task defintion in terraform, you can just remove, apply, then add again.
Not ideal, it would be better to have more granular control over the image tag.

hamstah on 28 Apr 2017

😕5 👍2

@hamstah 's solution is not really feasible if you have your ecs cluster config in a module, and if you're handing over the task definition template via variable into the module.

The lifecycle definition has to live in your module's aws_ecs_service and is not conditional (https://github.com/hashicorp/terraform/issues/3116), so you'd always have to ignore the task_definition changes for all components which are using this very ECS module.

derFunk on 31 May 2017

@hamstah - what would happen if some other part of the aws_ecs_service changes (say I am role). Would the task get overridden as well?

eugenemiretsky on 2 Mar 2018

I have this problem too. I want to force a redeployment of my service/task because I have updated the docker image:latest. The only way I can figure out is to use the CLI API or the web interface. Surely there must be (or should be) a terraform way to do this?

Why was this closed?