Skip to content

arc-backstage-ecs-app

Overview

Terraform Module to run Backstage as an ECS app.

Upstream dependencies:

  • PostgreSQL Database and Service Account. See the Backstage Docs for more info. See our ARC DB module for the simplest set up.
  • ECS Cluster with an already configured HTTPS listener for an ALB. See our ARC ECS module for the simplest integration.
  • Route53 Zone for an A record for Backstage
  • Backstage image that can be pulled from ECR or DockerHub. Private DockerHub registries will require additional configuraiton.
  • Secret in secrets manager with the following properties. 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
    {
  "ENABLE_GITHUB_SYNC": "<<To enable Github sync while bootstrap>>",
  "POSTGRES_USER": "<<Backstage PostgreSQL service account username>>",
  "POSTGRES_PASSWORD": "<<Backstage PostgreSQL account password>>",
  "GITHUB_TOKEN": "<<GitHub PAT for API access>>",
  "GITHUB_CLIENT_ID": "<<GitHub OAuth 2.0 client ID>>",
  "GITHUB_CLIENT_SECRET": "<<GitHub OAuth 2.0 client ID>>",
  "POSTGRES_HOST": "<<PostgreSQL Host>>",
  "POSTGRES_PORT": "<<PostgreSQL Port>>"
}
    Example Architecture

Usage

Note: the example below is does not have a pinned version. Be sure to pin your version. Refer to the example folder for a working example version. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
module "backstage" {
 source                = "git::https://github.com/sourcefuse/arc-backstage-ecs-app"
  alb_dns_name          = module.ecs.alb_dns_name
  alb_zone_id           = module.ecs.alb_dns_zone_id
  app_host_name         = var.app_host_name
  cluster_id            = module.ecs.cluster_id
  cluster_name          = module.ecs.cluster_name
  environment           = var.environment
  route_53_records      = [var.app_host_name]
  lb_listener_arn       = module.ecs.alb_https_listener_arn
  lb_security_group_ids = [module.ecs.alb_security_group_id]
  route_53_zone_name    = var.route_53_zone_name
  subnet_ids            = data.aws_subnets.private.ids
  vpc_id                = data.aws_vpc.vpc.id
  container_image       = var.container_image
  tags                  = module.tags.tags
}

Requirements

Name Version
terraform ~> 1.3
aws ~> 4.0

Providers

Name Version
aws 4.60.0

Modules

Name Source Version
backstage_container_definition ./ecs-container-definition n/a
ecs_service_autoscaling git::https://github.com/cn-terraform/terraform-aws-ecs-service-autoscaling 1.0.6

Resources

Name Type
aws_ecs_service.this resource
aws_ecs_task_definition.this resource
aws_iam_policy.secrets_manager_read_policy resource
aws_iam_role.execution resource
aws_iam_role_policy_attachment.execution resource
aws_iam_role_policy_attachment.secrets_manager_read resource
aws_lb_listener_rule.forward resource
aws_lb_target_group.this resource
aws_route53_record.this resource
aws_security_group.this resource
aws_iam_policy_document.assume data source
aws_route53_zone.this data source
aws_secretsmanager_secret.backstage_private_key data source
aws_secretsmanager_secret.backstage_secret data source

Inputs

Name Description Type Default Required
alb_dns_name ALB DNS name to create A record for health check service string n/a yes
alb_zone_id ALB Route53 zone ID to create A record for health check service string n/a yes
app_host_name Host name to expose via Route53 string n/a yes
app_port_number Port number for the container to run under number 7007 no
backstage_environment Backstage environment string "production" no
cluster_id ID of the ECS cluster. string n/a yes
cluster_name Name of the ECS cluster. string n/a yes
container_image url for image being used to setup backstage string "spotify/backstage-cookiecutter" no
desired_count Number of ECS tasks to run for the service. number 3 no
egress_cidr_block ECS Tasks egress CIDR block string "0.0.0.0/0" no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string n/a yes
execution_policy_attachment_arns The ARNs of the policies you want to apply list(string) 
[
  "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
]
 no
health_check_path_pattern Path pattern to match against the request URL. string "/" no
launch_type Launch type for the health check service. string "FARGATE" no
lb_listener_arn ARN of the load balancer listener. string n/a yes
lb_security_group_ids LB Security Group IDs for ingress access to the health check task definition. list(string) n/a yes
max_count Maximum number of ECS tasks to run for the service. number 6 no
min_count Minimum number of ECS tasks to run for the service. number 1 no
private_key_secret_name Name of the secret in AWS Secrets Manager that contains Backstage private key for GitHub authentication. The secret should be stored as plain text in ASM. string "arc/poc/backstage-private-key" no
route_53_private_zone Used with name field to get a private Hosted Zone bool false no
route_53_record_type Health check Route53 record type string "A" no
route_53_records List of A record domains to create for the health check service list(string) n/a yes
route_53_zone_name Route53 zone name used for looking up and creating an A record for the health check service string n/a yes
secret_name Name of the secret in AWS Secrets Manager that contains Backstage secrets, such as POSTGRES_USER and POSTGRES_PASSWORD string "arc/poc/backstage" no
subnet_ids Subnet IDs to run health check task in list(string) n/a yes
tags Tags to assign the resources. map(string) {} no
task_definition_cpu Number of cpu units used by the task. If the requires_compatibilities is FARGATE this field is required. number 1024 no
task_definition_memory Amount (in MiB) of memory used by the task. If the requires_compatibilities is FARGATE this field is required. number 2048 no
vpc_id Id of the VPC where the resources will live string n/a yes

Outputs

No outputs.

Git commits

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

1
git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Authors

This project is authored by below people

  • SourceFuse ARC Team