Skip to content

arc-backstage-ecs-app

Overview

Terraform Module to run Backstage as an ECS app.

Upstream dependencies:

  • PostgreSQL Database and Service Account. See the Backstage Docs for more info. See our ARC DB module for the simplest set up.
  • ECS Cluster with an already configured HTTPS listener for an ALB. See our ARC ECS module for the simplest integration.
  • Route53 Zone for an A record for Backstage
  • Backstage image that can be pulled from ECR or DockerHub. Private DockerHub registries will require additional configuraiton.
  • Secret in secrets manager with the following properties. 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
    {
  "ENABLE_GITHUB_SYNC": "<<To enable Github sync while bootstrap>>",
  "POSTGRES_USER": "<<Backstage PostgreSQL service account username>>",
  "POSTGRES_PASSWORD": "<<Backstage PostgreSQL account password>>",
  "GITHUB_TOKEN": "<<GitHub PAT for API access>>",
  "GITHUB_CLIENT_ID": "<<GitHub OAuth 2.0 client ID>>",
  "GITHUB_CLIENT_SECRET": "<<GitHub OAuth 2.0 client ID>>",
  "POSTGRES_HOST": "<<PostgreSQL Host>>",
  "POSTGRES_PORT": "<<PostgreSQL Port>>"
}
    Example Architecture

Usage

Note: the example below is does not have a pinned version. Be sure to pin your version. Refer to the example folder for a working example version. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
module "backstage" {
 source                = "git::https://github.com/sourcefuse/arc-backstage-ecs-app"
  alb_dns_name          = module.ecs.alb_dns_name
  alb_zone_id           = module.ecs.alb_dns_zone_id
  app_host_name         = var.app_host_name
  cluster_id            = module.ecs.cluster_id
  cluster_name          = module.ecs.cluster_name
  environment           = var.environment
  route_53_records      = [var.app_host_name]
  lb_listener_arn       = module.ecs.alb_https_listener_arn
  lb_security_group_ids = [module.ecs.alb_security_group_id]
  route_53_zone_name    = var.route_53_zone_name
  subnet_ids            = data.aws_subnets.private.ids
  vpc_id                = data.aws_vpc.vpc.id
  container_image       = var.container_image
  tags                  = module.tags.tags
}

Requirements

Name Version
terraform ~> 1.3
aws ~> 4.0

Providers

Name Version
aws 4.60.0

Modules

Name Source Version
backstage_container_definition ./ecs-container-definition n/a
ecs_service_autoscaling git::https://github.com/cn-terraform/terraform-aws-ecs-service-autoscaling 1.0.6

Resources

Name Type
aws_ecs_service.this resource
aws_ecs_task_definition.this resource
aws_iam_policy.secrets_manager_read_policy resource
aws_iam_role.execution resource
aws_iam_role_policy_attachment.execution resource
aws_iam_role_policy_attachment.secrets_manager_read resource
aws_lb_listener_rule.forward resource
aws_lb_target_group.this resource
aws_route53_record.this resource
aws_security_group.this resource
aws_iam_policy_document.assume data source
aws_route53_zone.this data source
aws_secretsmanager_secret.backstage_private_key data source
aws_secretsmanager_secret.backstage_secret data source

Inputs

Name Description Type Default Required
alb_dns_name ALB DNS name to create A record for health check service string n/a yes
alb_zone_id ALB Route53 zone ID to create A record for health check service string n/a yes
app_host_name Host name to expose via Route53 string n/a yes
app_port_number Port number for the container to run under number 7007 no
backstage_environment Backstage environment string "production" no
cluster_id ID of the ECS cluster. string n/a yes
cluster_name Name of the ECS cluster. string n/a yes
container_image url for image being used to setup backstage string "spotify/backstage-cookiecutter" no
desired_count Number of ECS tasks to run for the service. number 3 no
egress_cidr_block ECS Tasks egress CIDR block string "0.0.0.0/0" no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string n/a yes
environment_variables (optional) List of additional environment variables 
list(object({
    name  = string
    value = string
  }))
 [] no
ephemeral_storage (optional) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB. string null no
execution_policy_attachment_arns The ARNs of the policies you want to apply list(string) 
[
  "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
]
 no
health_check_path_pattern Path pattern to match against the request URL. string "/" no
launch_type Launch type for the health check service. string "FARGATE" no
lb_listener_arn ARN of the load balancer listener. string n/a yes
lb_security_group_ids LB Security Group IDs for ingress access to the health check task definition. list(string) n/a yes
max_count Maximum number of ECS tasks to run for the service. number 6 no
min_count Minimum number of ECS tasks to run for the service. number 1 no
private_key_secret_name Name of the secret in AWS Secrets Manager that contains Backstage private key for GitHub authentication. The secret should be stored as plain text in ASM. string "arc/poc/backstage-private-key" no
route_53_private_zone Used with name field to get a private Hosted Zone bool false no
route_53_record_type Health check Route53 record type string "A" no
route_53_records List of A record domains to create for the health check service list(string) n/a yes
route_53_zone_name Route53 zone name used for looking up and creating an A record for the health check service string n/a yes
secret_list (optional) List of additional Secrets 
list(object({
    name      = string
    valueFrom = string
  }))
 [] no
secret_name Name of the secret in AWS Secrets Manager that contains Backstage secrets, such as POSTGRES_USER and POSTGRES_PASSWORD string "arc/poc/backstage" no
subnet_ids Subnet IDs to run health check task in list(string) n/a yes
tags Tags to assign the resources. map(string) {} no
task_definition_cpu Number of cpu units used by the task. If the requires_compatibilities is FARGATE this field is required. number 1024 no
task_definition_memory Amount (in MiB) of memory used by the task. If the requires_compatibilities is FARGATE this field is required. number 2048 no
vpc_id Id of the VPC where the resources will live string n/a yes

Outputs

No outputs.

Git commits

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

1
git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Authors

This project is authored by below people

  • SourceFuse ARC Team