Scaleway Serverless Container
Container namespace, deployed container, custom domain, and registry wiring.
Verification
Static-verifiedPassed: validated and lint-clean (provider-schema-validated for AWS/Azure/GCP; Terraform-language lint elsewhere).
Conformance
- Static validation (fmt · validate · tflint)
- No applicable security policies for this provider
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live test pending (no cloud run yet)
Last verified 2026-06-28 · how we verify
Documentation
scaleway-serverless-container
A Scaleway Serverless Container stack: a Containers namespace (with its private registry), a deployed container, and optional custom-domain bindings. Bring your own namespace or let the module create a dedicated one.
Status: static-validated, live-test pending. Validated with
tofu validate+tflint+checkovagainst thescaleway/scalewayprovider. Not yet applied against a live Scaleway project (live verify needs a pushed image), so it ships under live-test quarantine.
Design & secure defaults
- Private by default.
privacy = "private"requires a Scaleway auth token to invoke; flip to"public"only when anonymous access is intended. - HTTPS enforced.
http_option = "redirected"301-redirects plain HTTP to HTTPS so traffic is never served in the clear. - Strong isolation.
sandbox = "v2"runs the gVisor-isolated runtime. - Secrets stay secret.
secret_environment_variables(container and namespace) aresensitiveand never appear in plan output. - Cost-efficient scaling.
min_scale = 0scales to zero when idle; raise it to remove cold starts. A precondition enforcesmin_scale <= max_scale. - Pin what you ship. Supply
registry_sha256to bind the exact image digest and force a redeploy when it changes. - Safe deploy gating.
deployonly takes effect whenregistry_imageis set, and a precondition rejectsdeploy = truewithout an image. - Custom domains require
privacy = "public"(a precondition enforces this, since private containers are reachable only via their authenticated native endpoint) and a pre-existing CNAME to the native endpoint.
Usage
module "container" {
source = "github.com/ITfreak/iacbazaar//artifacts/terraform/scaleway-serverless-container"
name = "api"
registry_image = "rg.fr-par.scw.cloud/api-ns/app:1.0.0"
min_scale = 1
max_scale = 10
memory_limit = 512
cpu_limit = 280
secret_environment_variables = {
DATABASE_URL = var.database_url
}
}
See examples/basic for a complete configuration.
Key inputs
| Variable | Description | Default |
|---|---|---|
name | Container name + namespace prefix | required |
namespace_id | Deploy into an existing namespace | null (creates one) |
registry_image | Image to deploy | null |
registry_sha256 | Pin the image digest | null |
port | Listen port | 8080 |
protocol | http1 / h2c | http1 |
privacy | private / public | private |
http_option | redirected / enabled | redirected |
sandbox | v2 / v1 | v2 |
min_scale / max_scale | Scaling bounds | 0 / 5 |
memory_limit / cpu_limit | Per-instance MB / mvCPU | 256 / 140 |
timeout | Max request seconds | 300 |
scaling_option | One autoscaling threshold | null |
health_check | HTTP liveness probe (path, interval, failure_threshold) | null |
environment_variables / secret_environment_variables | Container env | {} |
custom_domains | Hostnames to bind | [] |
region / project_id | Placement | fr-par / provider default |
Outputs
container_id, container_name, container_status, endpoint (native public
URL), namespace_id, registry_endpoint, custom_domain_urls (map).
Provider
scaleway/scaleway >= 2.0, < 3.0. Requires Terraform/OpenTofu >= 1.6.
License
Commercial — LicenseRef-IaCBazaar-Commercial. See the IaC Bazaar terms.