Skip to content
S3 Files Workloads

ECS Fargate — Terraform Example

Progress checklist

What this example does

Section titled “What this example does”

This example provisions:

  • An S3 bucket (versioning + SSE-S3 enabled)
  • An S3 Files file system and mount targets in each provided subnet
  • IAM roles (file system role + ECS task execution role)
  • Security groups (compute → mount target on NFS port 2049)
  • A CloudWatch log group for the ECS task
  • An ECS task definition with s3filesVolumeConfiguration (registered via local-exec)
  • An ECS service running one Fargate task on the existing cluster

  1. Confirm prerequisites.

    RequirementMinimum version
    Terraform1.5
    AWS provider6.40
    AWS CLI2.34.26 (called via local-exec during terraform apply)

    Confirm the CLI version:

    Terminal window
    aws --version

    You also need an existing ECS cluster to deploy into. Confirm it exists:

    Terminal window
    aws ecs describe-clusters \
      --clusters <your-cluster-name> \
      --region ap-southeast-6 \
      --query 'clusters[0].status' \
      --output text

    Expected output: ACTIVE

  2. Clone the example.

    Terminal window
    git clone https://github.com/jajera/terraform-aws-s3-files.git
    cd terraform-aws-s3-files/examples/ecs
    • Directoryexamples/ecs/
      • main.tf
      • terraform.tfvars.example
      • terraform.tfvars (you create this)

  3. Create terraform.tfvars.

    Terminal window
    cp terraform.tfvars.example terraform.tfvars

    Edit terraform.tfvars:

    vpc_id           = "vpc-0123456789abcdef0"
    subnet_ids       = ["subnet-aaaaaaaaaaaaaaaaa", "subnet-bbbbbbbbbbbbbbbbb"]
    ecs_cluster_name = "my-cluster"
    

    # Optional overrides (defaults shown):
    # aws_region         = "ap-southeast-6"
    # container_image    = "public.ecr.aws/amazonlinux/amazonlinux:2023"
    # log_retention_days = 7
    # bucket_name        = null   # auto-generated: s3files-demo-<random>
    # bucket_force_destroy = true
    VariableDefaultRequiredDescription
    vpc_idyesVPC for mount targets and ECS tasks
    subnet_idsyesSubnets for mount targets and Fargate task ENIs
    ecs_cluster_nameyesName of an existing ECS cluster
    aws_regionap-southeast-6noAWS region
    container_imagepublic.ecr.aws/amazonlinux/amazonlinux:2023noContainer image for the demo task
    log_retention_days7noCloudWatch log retention period in days
    bucket_nameauto-generatednoLeave null to use s3files-demo-<random>
    bucket_force_destroytruenoAllow destroy even when bucket contains objects

  4. Initialise and apply.

    Terminal window
    terraform init
    terraform plan
    terraform apply

    When apply finishes, note the outputs:

    Terminal window
    terraform output

    Key outputs:

    OutputDescription
    ecs_service_nameECS service name
    task_definition_familyECS task definition family name
    log_groupCloudWatch log group (/ecs/<prefix>-s3files)
    file_system_idS3 Files file system ID
    bucket_nameBacking S3 bucket name

  5. Confirm the ECS service is running.

    Terminal window
    aws ecs describe-services \
      --cluster "$(terraform output -raw ecs_service_name | cut -d- -f1-3)" \
      --services "$(terraform output -raw ecs_service_name)" \
      --region ap-southeast-6 \
      --query 'services[0].{status:status,running:runningCount,desired:desiredCount}'

    Wait until runningCount equals desiredCount (1). This can take 2–3 minutes while the mount target becomes available and the container starts.

  6. Verify via CloudWatch Logs.

    Terminal window
    aws logs tail \
      "$(terraform output -raw log_group)" \
      --follow \
      --region ap-southeast-6

    Expected output includes:

    ====S3Files-df====
    Filesystem      Size  Used Avail Use% Mounted on
    ...              ...   ...   ...  ...  /mnt/s3files
    ====listing====
    total 0
    ====done====

    Press Ctrl+C to stop tailing.

  7. Tear down.

    Terminal window
    terraform destroy