Hiya,
I’m trying to set up a small Docker image to run in Fargate via Terrform, but I keep getting this strange error. Well, strange for me.
$ aws-vault exec foo -- terraform apply -auto-approve
data.template_file.container_definitions: Refreshing state...
data.aws_iam_policy_document.this: Refreshing state...
aws_ecs_cluster.this: Refreshing state... [id=arn:aws:ecs:eu-north-1:112233:cluster/test-123-ecs-service]
aws_iam_role.this: Refreshing state... [id=test-123-ecs-execution-role]
aws_iam_role_policy_attachment.this: Refreshing state... [id=test-123-ecs-execution-role-112233]
aws_ecs_task_definition.this: Refreshing state... [id=test-123-ecs-task-definition-family]
aws_ecs_service.this: Creating...
Error: InvalidParameterException: "test-123-ecs-service"
on main.tf line 26, in resource "aws_ecs_service" "this":
26: resource "aws_ecs_service" "this" {
How can the name test-123-ecs-service
be invalid?
The Terraform file looks like
terraform {
required_version = ">=0.12.20"
required_providers {
aws = ">=2.45.0"
template = ">=2.1.2"
}
backend "s3" {
key = "test-123/terraform.tfstate"
bucket = "112233"
dynamodb_table = "terraform-state-lock"
encrypt = true
}
}
variable "name" {
type = string
default = "test-123"
}
resource "aws_ecs_cluster" "this" {
name = "${var.name}-ecs-service"
}
resource "aws_ecs_service" "this" {
name = "${var.name}-ecs-service"
task_definition = aws_ecs_task_definition.this.arn
cluster = aws_ecs_cluster.this.id
launch_type = "FARGATE"
}
resource "aws_ecs_task_definition" "this" {
family = "${var.name}-ecs-task-definition-family"
container_definitions = data.template_file.container_definitions.rendered
cpu = "256"
memory = "512"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
execution_role_arn = aws_iam_role.this.arn
}
data "template_file" "container_definitions" {
template = file("${path.module}/container_definitions.json")
}
resource "aws_iam_role" "this" {
name = "${var.name}-ecs-execution-role"
assume_role_policy = data.aws_iam_policy_document.this.json
}
data "aws_iam_policy_document" "this" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = [
"ecs.amazonaws.com",
]
}
}
}
resource "aws_iam_role_policy_attachment" "this" {
role = aws_iam_role.this.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}