ECS Fargate Service

aws-ecs-fargate-service

Full Fargate stack: cluster, task definition, service with ALB integration, autoscaling, and Cloud Map discovery. Works with Terraform and OpenTofu (>= 1.6), AWS provider >= 6.0, < 7.0.

What you get (and why it is worth paying for):

• The container definition is built from typed variables and jsonencoded once — no hand-rolled JSON, no task-definition drift between plans
• Private networking by default (no public IP), scoped security group using modern standalone rule resources, all-egress only where required
• Least-privilege IAM: execution role gets secret-read access to exactly the ARNs you inject; separate task role for application permissions
• Deployment circuit breaker with automatic rollback
• Target-tracking autoscaling (CPU and/or memory) with desired_count handed over to the scaler after first deploy (ignore_changes)
• Optional Cloud Map (A records) for east-west discovery
• Container Insights + retention-managed, optionally KMS-encrypted logs

Requirements

• Terraform or OpenTofu >= 1.6
• AWS provider >= 6.0, < 7.0
• An existing VPC + subnets; an existing ALB target group if you set load_balancer (pair with the aws-alb module); an existing Cloud Map private DNS namespace if you set service_discovery

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).