I've set up Terraform with ECS and created all my ECS task definitions. However, I'm facing some challenges in consolidating the Terraform task definitions with code deployments. To describe my current workflow, my code pipeline builds Docker images, tags them with the commit hash, and pushes them to ECR. It then creates a new task definition based on the latest version and only updates the image property in the container definitions for the updated containers. The issue I encounter is that the image tag in my Terraform file remains static, which means if I need to adjust something like CPU allocation for one of the containers, I have to apply changes with this static image. My question is whether there's a more efficient approach to store the task definition, perhaps in S3, as a source of truth that both Terraform and CodePipeline can reference? What's the best practice for handling ECS in this situation? Thanks in advance for your insights!
5 Answers
I won't get into a debate about infrastructure as code, but switching to the AWS CDK could simplify your workflow. With CDK, there’s no need for SSM parameters or manually generating task definitions. You just point to a Dockerfile and run `cdk deploy`, which automatically detects image changes and updates the task definition for you.
You don't need to modify the task definition in Terraform. Instead, consider keeping it as your source of truth within your pipeline. This way, the definition initializes from your pipeline, simplifying your process.
Using a Terraform data resource can be effective too. You can pull the latest image by date, and then the task definition can utilize that data’s output. This allows you to update things without seeing any drift from Terraform.
What I do is have my CI/CD process build and push images to ECR with two tags, one being "latest". My Terraform task definition then refers to the "latest" tag. This approach keeps my CI/CD separate from Terraform, reserving Terraform for infrastructure updates.
That might be your best bet. In my deployment setup, I export critical data from Terraform as SSM Parameters and utilize a Lambda function to generate the task definition. This way, I create an artifact that encompasses both the app spec and task definition, which is then submitted to the CodePipeline.
But what about hardcoded values like DB hosts? How do you manage that?