AWS Elastic Container Service (ECS) Task#

This module allows Terraform to manage AWS ECS Service for the Censys Cloud Connector.

Prerequisites#

Login Instructions#

Use the AWS CLI tool to configure a named profile. The AWS Terraform provider uses standard configuration and credential precedence.

Setup#

  1. Ensure you are in the root directory of the project.

  2. Source your environment variables.

    source .env

  3. Run poetry install to install the dependencies.

  4. Ensure your providers.yml file contains your cloud provider credentials.

    If you have not already done so, you can create a providers.yml file by running the following command:

    poetry run censys-cc config

  5. Change the working directory to the aws-ecs-task directory with the following command:

    cd ./terraform/aws-ecs-task

  6. Copy terraform.tfvars.example to terraform.tfvars and update the values to match your environment.

    cp terraform.tfvars.example terraform.tfvars

  7. Initialize the project with the following command:

    terraform init

  8. To see what resources will be created or updated, run the following command:

    terraform plan -var-file terraform.tfvars -out=censys-tfplan -input=false

  9. To create or update the resources, run the following command:

    terraform apply -input=false censys-tfplan

Cleanup#

To clean up the resources created by this module, run the following command:

terraform destroy -var-file terraform.tfvars

Requirements#

Name

Version

terraform

>= 0.13.1

aws

>= 4.7

Providers#

Name

Version

aws

4.51.0

random

3.4.3

Modules#

Name

Source

Version

ecs

terraform-aws-modules/ecs/aws

~> 3.0

eventbridge

terraform-aws-modules/eventbridge/aws

n/a

vpc

terraform-aws-modules/vpc/aws

n/a

Resources#

Name

Type

aws_cloudwatch_log_group.cloud_connector

resource

aws_ecs_task_definition.cloud_connector

resource

aws_iam_policy.cross_account

resource

aws_iam_policy.get_secret

resource

aws_iam_role.cc_task_exec_role

resource

aws_iam_role.cc_task_role

resource

aws_secretsmanager_secret.censys_api_key

resource

aws_secretsmanager_secret.providers

resource

aws_secretsmanager_secret_version.censys_api_key

resource

aws_secretsmanager_secret_version.providers

resource

random_pet.censys

resource

Inputs#

Name

Description

Type

Default

Required

aws_availability_zone

The AWS availability zones to use.

string

"us-east-1a"

no

aws_region

The AWS region to use.

string

"us-east-1"

no

censys_api_key

The Censys ASM API key

string

n/a

yes

image_tag

The tag of the Docker image to use for ECS.

string

"latest"

no

image_uri

The URI of the Docker image to use for ECS.

string

"gcr.io/censys-io/censys-cloud-connector"

no

logging_level

The logging level

string

"INFO"

no

providers_config

The path to the providers config file

string

"../../providers.yml"

no

role_name

The cross-account AWS IAM Role name.

string

"CensysCloudConnectorRole"

no

schedule_expression

Cloud Connector scan frequency.

string

"rate(4 hours)"

no

secrets_dir

The path to the secrets directory

string

"../../secrets"

no

task_cpu

The number of CPU units to allocate to the ECS task.

number

1024

no

task_memory

The amount of memory to allocate to the ECS task.

number

2048

no

Outputs#

Name

Description

eventbridge_bus_arn

The EventBridge Bus ARN

eventbridge_rule_arns

The EventBridge Rule ARNs

eventbridge_rule_ids

The EventBridge Rule IDs