No Container Instances were found in your cluster

When I apply my terraform file I get no error. but the ecs service doesn’t work. I defiend IAM correctly I think. I try to make it work a lot but nothing helps.

Why I get this error from ecs service and how do I fix it? I try to solve this for three days but I can’t findout why! please help.

service nginx-ecs-service was unable to place a task because no container instance met all of its requirements. Reason: No Container Instances were found in your cluster.

Here my terraform file:

provider "aws" {

  access_key = "xxx"

  secret_key = "xxx"

  region     = "us-east-2"

}

locals {

  name        = "myapp"

  environment = "prod"

  key = "myapp"

  # This is the convention we use to know what belongs to each other

  ec2_resources_name = "${local.name}-${local.environment}"

}

resource "aws_iam_server_certificate" "lb_cert" {

  name              = "lb_cert"

  certificate_body  = "${file("./www.romili.com/cert.pem")}"

  private_key       = "${file("./www.example.com/privkey.pem")}"

  certificate_chain = "${file("./www.example.com/chain.pem")}"

}

data "aws_iam_policy_document" "ecs-service-policy" {

  statement {

    actions = ["sts:AssumeRole"]

    principals {

      type        = "Service"

      identifiers = ["ecs.amazonaws.com"]

    }

  }

}

data "aws_iam_policy_document" "ecs-instance-policy" {

  statement {

    actions = ["sts:AssumeRole"]

    principals {

      type        = "Service"

      identifiers = ["ec2.amazonaws.com"]

    }

  }

}

data "aws_ecs_task_definition" "nginx-image" {

  depends_on      = ["aws_ecs_task_definition.nginx-image"]

  task_definition = "${aws_ecs_task_definition.nginx-image.family}"

}

data "aws_ami" "amazon_linux_ecs" {

  most_recent = true

  owners = ["amazon"]

  filter {

    name   = "name"

    values = ["amzn-ami-*-amazon-ecs-optimized"]

  }

  filter {

    name   = "owner-alias"

    values = ["amazon"]

  }

}

resource "aws_iam_role" "ecs-service-role" {

  name               = "ecs-service-role"

  path               = "/ecs/"

  assume_role_policy = "${data.aws_iam_policy_document.ecs-service-policy.json}"

}

resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment" {

  role       = "${aws_iam_role.ecs-service-role.name}"

  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"

}

resource "aws_iam_role" "ecs-instance-role" {

  name               = "ecs-instance-role"

  path               = "/"

  assume_role_policy = "${data.aws_iam_policy_document.ecs-instance-policy.json}"

}

resource "aws_security_group" "bastion-sg" {

  name   = "bastion-security-group"

  vpc_id = "${module.vpc.vpc_id}"

  ingress {

    protocol    = "tcp"

    from_port   = 22

    to_port     = 22

    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {

    protocol    = -1

    from_port   = 0

    to_port     = 0

    cidr_blocks = ["0.0.0.0/0"]

  }

}

resource "aws_instance" "bastion" {

  depends_on = ["aws_security_group.bastion-sg"]

  ami                         = "ami-0d5d9d301c853a04a"

  key_name                    = "${local.key}"

  instance_type               = "t2.micro"

  vpc_security_group_ids      = ["${aws_security_group.bastion-sg.id}"]

  associate_public_ip_address = true

  subnet_id = "${element(module.vpc.public_subnets, 0)}"

  tags = {

    Name = "bastion"

  }

}

# VPC Definition

module "vpc" {

  source  = "terraform-aws-modules/vpc/aws"

  version = "~> 2.0"

  name = "my-vpc"

  cidr = "10.1.0.0/16"

  azs = ["us-east-2a", "us-east-2b", "us-east-2c"]

  private_subnets = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"]

  public_subnets  = ["10.1.101.0/24", "10.1.102.0/24", "10.1.103.0/24"]

  single_nat_gateway   = true

  enable_nat_gateway   = true

  enable_vpn_gateway   = false

  enable_dns_hostnames = true

  public_subnet_tags = {

    Name = "public"

  }

  private_subnet_tags = {

    Name = "private"

  }

  public_route_table_tags = {

    Name = "public-RT"

  }

  private_route_table_tags = {

    Name = "private-RT"

  }

  tags = {

    Environment = local.environment

    Name        = local.name

  }

}

# ------------

resource "aws_ecs_cluster" "public-ecs-cluster" {

  name = "${local.name}-${local.environment}"

  lifecycle {

    create_before_destroy = true

  }

}

resource "aws_security_group" "ecs-vpc-secgroup" {

  name        = "ecs-vpc-secgroup"

  description = "ecs-vpc-secgroup"

  vpc_id      = "${module.vpc.vpc_id}"

  ingress {

    from_port   = 0

    to_port     = 65535

    protocol    = "tcp"

    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {

    from_port   = 0

    to_port     = 0

    protocol    = "-1"

    cidr_blocks = ["0.0.0.0/0"]

  }

  tags = {

    Name = "ecs-security-group"

  }

}

resource "aws_lb" "nginx-ecs-alb" {

  name               = "nginx-ecs-alb"

  internal           = false

  load_balancer_type = "application"

  subnets            = module.vpc.public_subnets

  security_groups    = ["${aws_security_group.ecs-vpc-secgroup.id}"]

}

resource "aws_alb_target_group" "nginx-ecs-tg" {

  name     = "nginx-ecs-tg"

  port     = "80"

  protocol = "HTTP"

  vpc_id   = "${module.vpc.vpc_id}"

  health_check {

    healthy_threshold   = 3

    unhealthy_threshold = 10

    timeout             = 5

    interval            = 10

    path                = "/"

  }

  depends_on = ["aws_lb.nginx-ecs-alb"]

}

resource "aws_alb_listener" "alb_listener" {

  load_balancer_arn = "${aws_lb.nginx-ecs-alb.arn}"

  port              = "80"

  protocol          = "HTTP"

  default_action {

    target_group_arn = "${aws_alb_target_group.nginx-ecs-tg.arn}"

    type             = "forward"

  }

}

resource "aws_cloudwatch_log_group" "nginx-image" {

  name              = "nginx-image"

  retention_in_days = 1

}

resource "aws_ecs_task_definition" "nginx-image" {

  family                = "nginx-server"

  network_mode          = "bridge"

  container_definitions = <<DEFINITION

    [

      {

        "name": "nginx-web",

        "image": "nginx:latest",

        "essential": true,

        "portMappings": [

          {

            "containerPort": 80,

            "hostPort": 0,

            "protocol": "tcp"

          }

        ],

        "cpu": 0,

        "memory": 300,

        "logConfiguration": {

          "logDriver": "awslogs",

          "options": {

            "awslogs-region": "us-east-2",

            "awslogs-group": "nginx-image",

            "awslogs-stream-prefix": "log-ecs"

          }

        }

      }

    ]

    DEFINITION

}

resource "aws_iam_instance_profile" "ecs-instance-profile" {

    name = "ecs-instance-profile"

    path = "/"

    role = "${aws_iam_role.ecs-instance-role.name}"

}

resource "aws_launch_configuration" "ecs-launch-configuration" {

  name = "ecs-launch-configuration"

  image_id = data.aws_ami.amazon_linux_ecs.id

  instance_type = "t2.micro"

  # iam_instance_profile = "${aws_iam_instance_profile.ecs-instance-profile.id}" # "ecsInstanceRole"

  iam_instance_profile = aws_iam_instance_profile.ecs-instance-profile.id 

  root_block_device {

    volume_type           = "standard"

    volume_size           = 35

    delete_on_termination = true

  }

  security_groups = ["${aws_security_group.ecs-vpc-secgroup.id}"]

  # associate_public_ip_address = "true"

  key_name  = "${local.key}"

  user_data = <<-EOF

                                      #!/bin/bash

                                      {

                                        echo "ECS_CLUSTER=${aws_ecs_cluster.public-ecs-cluster.name}"

                                      } >> /etc/ecs/ecs.config

                                      start ecs

                                      echo "Done"

                                    EOF

}

resource "aws_autoscaling_group" "ecs-autoscaling-group" {

  name                      = "ecs-autoscaling-group"

  health_check_type         = "EC2"

  min_size                  = 0

  max_size                  = 1

  desired_capacity          = 0

  wait_for_capacity_timeout = 0

  # vpc_zone_identifier  = ["subnet-5c66053a", "subnet-9cd1a2d4"]

  vpc_zone_identifier = module.vpc.public_subnets

  launch_configuration = "${aws_launch_configuration.ecs-launch-configuration.name}"

  default_cooldown     = "300"

  lifecycle {

    create_before_destroy = true

  }

  tags = [

    {

      key                 = "Environment"

      value               = "prod"

      propagate_at_launch = true

    },

    {

      key                 = "Cluster"

      value               = "ecs-prod"

      propagate_at_launch = true

    },

  ]

}

resource "aws_autoscaling_policy" "ecs-scale" {

  name                      = "ecs-scale-policy"

  policy_type               = "TargetTrackingScaling"

  autoscaling_group_name    = "${aws_autoscaling_group.ecs-autoscaling-group.name}"

  estimated_instance_warmup = 60

  target_tracking_configuration {

    predefined_metric_specification {

      predefined_metric_type = "ASGAverageCPUUtilization"

    }

    target_value = "70"

  }

}

resource "aws_ecs_service" "nginx-ecs-service" {

  name     = "nginx-ecs-service"

  # iam_role = "${aws_iam_role.ecs-service-role.name}"

  cluster  = "${aws_ecs_cluster.public-ecs-cluster.id}"

  # task_definition = "${aws_ecs_task_definition.nginx-image.family}:${max("${aws_ecs_task_definition.nginx-image.revision}", "${aws_ecs_task_definition.nginx-image.revision}")}"

  task_definition = aws_ecs_task_definition.nginx-image.arn

  launch_type = "EC2"

  desired_count = 1

  deployment_maximum_percent         = 100

  deployment_minimum_healthy_percent = 0

  load_balancer {

    target_group_arn = "${aws_alb_target_group.nginx-ecs-tg.arn}"

    container_name   = "nginx-web"

    container_port   = 80

  }

  depends_on = ["aws_ecs_task_definition.nginx-image"] #, "aws_ecs_cluster.public-ecs-cluster", "aws_iam_role.ecs-service-role", "aws_alb_target_group.nginx-ecs-tg"]

}