Adding firelens option to ECS

LeoDiazL · LeoDiazL · commit 22cca6436db7 · 2025-09-01T14:20:06.000-03:00
diff --git a/README.md b/README.md
@@ -454,6 +454,9 @@ The following inputs can be used as `step.with` keys
 | `aws_ecs_autoscaling_max_cpu`| String | Define autoscaling max cpu. |
 | `aws_ecs_cloudwatch_enable`| Boolean | Toggle cloudwatch for ECS. Default `false`. |
 | `aws_ecs_cloudwatch_lg_name`| String | Log group name. Will default to `aws_identifier` if none. |
+| `aws_ecs_cloudwatch_log_driver`| String | Log driver to use for the ECS task. (awslogs/awsfirelens) Defaults to `awslogs`. |
+| `aws_ecs_firelens_output_type`| String | Firelens type, one of `otlp`, `loki`, `cloudwatch`, `firehose`, `kinesis`, `es`, `splunk`, `http`, `kafka`, `syslog`. |
+| `aws_ecs_firelens_output_options`| String | Option definitions. Eg. `"{\"Host\":\"collector\",\"Port\":\"4317\"}"`. See [this example repo.](https://github.com/aws-samples/amazon-ecs-firelens-examples)|
 | `aws_ecs_cloudwatch_skip_destroy`| Boolean | Toggle deletion or not when destroying the stack. |
 | `aws_ecs_cloudwatch_retention_days`| String | Number of days to retain logs. 0 to never expire. Defaults to `14`. |
 | `aws_ecs_additional_tags`| JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ECS provisioned resources.|
diff --git a/action.yaml b/action.yaml
@@ -877,6 +877,15 @@ inputs:
   aws_ecs_cloudwatch_lg_name:
     description: "Log group name. Will default to aws_identifier if none."
     required: false
+  aws_ecs_cloudwatch_log_driver:
+    description: "Log driver to use for the ECS task."
+    required: false
+  aws_ecs_firelens_output_type:
+    description: "The type of output for FireLens."
+    required: false
+  aws_ecs_firelens_output_options:
+    description: "The options for the FireLens output."
+    required: false
   aws_ecs_cloudwatch_skip_destroy:
     description: "Toggle deletion or not when destroying the stack."
     required: false
@@ -1435,34 +1444,37 @@ runs:
         AWS_ECS_ENABLE: ${{ inputs.aws_ecs_enable }}
         AWS_ECS_SERVICE_NAME: ${{ inputs.aws_ecs_service_name }}
         AWS_ECS_CLUSTER_NAME: ${{ inputs.aws_ecs_cluster_name }}
-        AWS_ECS_SERVICE_LAUNCH_TYPE : ${{ inputs.aws_ecs_service_launch_type }}
-        AWS_ECS_TASK_TYPE : ${{ inputs.aws_ecs_task_type }}
+        AWS_ECS_SERVICE_LAUNCH_TYPE: ${{ inputs.aws_ecs_service_launch_type }}
+        AWS_ECS_TASK_TYPE: ${{ inputs.aws_ecs_task_type }}
         AWS_ECS_TASK_NAME: ${{ inputs.aws_ecs_task_name }}
         AWS_ECS_TASK_EXECUTION_ROLE: ${{ inputs.aws_ecs_task_execution_role }}
         AWS_ECS_TASK_JSON_DEFINITION_FILE: ${{ inputs.aws_ecs_task_json_definition_file }}
         AWS_ECS_TASK_NETWORK_MODE: ${{ inputs.aws_ecs_task_network_mode }}
         AWS_ECS_TASK_CPU: ${{ inputs.aws_ecs_task_cpu }}
         AWS_ECS_TASK_MEM: ${{ inputs.aws_ecs_task_mem }}
         AWS_ECS_CONTAINER_CPU: ${{ inputs.aws_ecs_container_cpu }}
-        AWS_ECS_CONTAINER_MEM: ${{ inputs.aws_ecs_container_cpu }}
+        AWS_ECS_CONTAINER_MEM: ${{ inputs.aws_ecs_container_mem }}
         AWS_ECS_NODE_COUNT: ${{ inputs.aws_ecs_node_count }}
         AWS_ECS_APP_IMAGE: ${{ inputs.aws_ecs_app_image }}
         AWS_ECS_SECURITY_GROUP_NAME: ${{ inputs.aws_ecs_security_group_name }}
         AWS_ECS_ASSIGN_PUBLIC_IP: ${{ inputs.aws_ecs_assign_public_ip }}
         AWS_ECS_CONTAINER_PORT: ${{ inputs.aws_ecs_container_port }}
         AWS_ECS_LB_PORT: ${{ inputs.aws_ecs_lb_port }}
         AWS_ECS_LB_REDIRECT_ENABLE: ${{ inputs.aws_ecs_lb_redirect_enable }}
-        AWS_ECS_LB_CONTAINER_PATH : ${{ inputs.aws_ecs_lb_container_path }}
+        AWS_ECS_LB_CONTAINER_PATH: ${{ inputs.aws_ecs_lb_container_path }}
         AWS_ECS_LB_SSL_POLICY: ${{ inputs.aws_ecs_lb_ssl_policy }}
         AWS_ECS_AUTOSCALING_ENABLE: ${{ inputs.aws_ecs_autoscaling_enable }}
         AWS_ECS_AUTOSCALING_MAX_NODES: ${{ inputs.aws_ecs_autoscaling_max_nodes }}
         AWS_ECS_AUTOSCALING_MIN_NODES: ${{ inputs.aws_ecs_autoscaling_min_nodes }}
         AWS_ECS_AUTOSCALING_MAX_MEM: ${{ inputs.aws_ecs_autoscaling_max_mem }}
-        AWS_ECS_AUTOSCALING_MIN_MEM: ${{ inputs.aws_ecs_autoscaling_max_cpu }}
-        AWS_ECS_CLOUDWATCH_ENABLE : ${{ inputs.aws_ecs_cloudwatch_enable }}
-        AWS_ECS_CLOUDWATCH_LG_NAME : ${{ inputs.aws_ecs_cloudwatch_lg_name }}
-        AWS_ECS_CLOUDWATCH_SKIP_DESTROY : ${{ inputs.aws_ecs_cloudwatch_skip_destroy }}
-        AWS_ECS_CLOUDWATCH_RETENTION_DAYS : ${{ inputs.aws_ecs_cloudwatch_retention_days }}
+        AWS_ECS_AUTOSCALING_MAX_CPU: ${{ inputs.aws_ecs_autoscaling_max_cpu }}
+        AWS_ECS_CLOUDWATCH_ENABLE: ${{ inputs.aws_ecs_cloudwatch_enable }}
+        AWS_ECS_CLOUDWATCH_LG_NAME: ${{ inputs.aws_ecs_cloudwatch_lg_name }}
+        AWS_ECS_CLOUDWATCH_LOG_DRIVER: ${{ inputs.aws_ecs_cloudwatch_log_driver }}
+        AWS_ECS_FIRELENS_OUTPUT_TYPE: ${{ inputs.aws_ecs_firelens_output_type }}
+        AWS_ECS_FIRELENS_OUTPUT_OPTIONS: ${{ inputs.aws_ecs_firelens_output_options }}
+        AWS_ECS_CLOUDWATCH_SKIP_DESTROY: ${{ inputs.aws_ecs_cloudwatch_skip_destroy }}
+        AWS_ECS_CLOUDWATCH_RETENTION_DAYS: ${{ inputs.aws_ecs_cloudwatch_retention_days }}
         AWS_ECS_ADDITIONAL_TAGS: ${{ inputs.aws_ecs_additional_tags }}
        
         # ECR
diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh
@@ -341,6 +341,9 @@ if [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]]; then
   aws_ecs_autoscaling_max_cpu=$(generate_var aws_ecs_autoscaling_max_cpu $AWS_ECS_AUTOSCALING_MIN_MEM)
   aws_ecs_cloudwatch_enable=$(generate_var aws_ecs_cloudwatch_enable $AWS_ECS_CLOUDWATCH_ENABLE)
   aws_ecs_cloudwatch_lg_name=$(generate_var aws_ecs_cloudwatch_lg_name $AWS_ECS_CLOUDWATCH_LG_NAME)
+  aws_ecs_cloudwatch_log_driver=$(generate_var aws_ecs_cloudwatch_log_driver $AWS_ECS_CLOUDWATCH_LOG_DRIVER)
+  aws_ecs_firelens_output_type=$(generate_var aws_ecs_firelens_output_type $AWS_ECS_FIRELENS_OUTPUT_TYPE)
+  aws_ecs_firelens_output_options=$(generate_var aws_ecs_firelens_output_options $AWS_ECS_FIRELENS_OUTPUT_OPTIONS)
   aws_ecs_cloudwatch_skip_destroy=$(generate_var aws_ecs_cloudwatch_skip_destroy $AWS_ECS_CLOUDWATCH_SKIP_DESTROY)
   aws_ecs_cloudwatch_retention_days=$(generate_var aws_ecs_cloudwatch_retention_days $AWS_ECS_CLOUDWATCH_RETENTION_DAYS)
   aws_ecs_additional_tags=$(generate_var aws_ecs_additional_tags $AWS_ECS_ADDITIONAL_TAGS)
@@ -689,6 +692,9 @@ $aws_ecs_autoscaling_max_mem
 $aws_ecs_autoscaling_max_cpu
 $aws_ecs_cloudwatch_enable
 $aws_ecs_cloudwatch_lg_name
+$aws_ecs_cloudwatch_log_driver
+$aws_ecs_firelens_output_type
+$aws_ecs_firelens_output_options
 $aws_ecs_cloudwatch_skip_destroy
 $aws_ecs_cloudwatch_retention_days
 $aws_ecs_additional_tags
diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf
@@ -1487,6 +1487,24 @@ variable "aws_ecs_cloudwatch_lg_name" {
   default     = null
 }
 
+variable "aws_ecs_cloudwatch_log_driver" {
+  type        = string
+  description = "Log driver to use for the ECS task."
+  default     = "awslogs" # or "awsfirelens"
+}
+
+variable "aws_ecs_firelens_output_type" {
+  type        = string
+  description = "The type of output for FireLens."
+  default     = "otlp" # options: otlp, loki, cloudwatch, firehose, kinesis, es, splunk, http, kafka, syslog
+}
+
+variable "aws_ecs_firelens_output_options" {
+  type        = string
+  description = "The options for the FireLens output."
+  default     = "{}"
+}
+
 variable "aws_ecs_cloudwatch_skip_destroy" {
   type        = string
   description = "Toggle deletion or not when destroying the stack."
diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -491,6 +491,9 @@ module "aws_ecs" {
   aws_ecs_autoscaling_max_cpu        = var.aws_ecs_autoscaling_max_cpu
   aws_ecs_cloudwatch_enable          = var.aws_ecs_cloudwatch_enable
   aws_ecs_cloudwatch_lg_name         = var.aws_ecs_cloudwatch_enable ? ( var.aws_ecs_cloudwatch_lg_name != null ? var.aws_ecs_cloudwatch_lg_name : "${var.aws_resource_identifier}-ecs-logs" ) : null
+  aws_ecs_cloudwatch_log_driver      = var.aws_ecs_cloudwatch_log_driver
+  aws_ecs_firelens_output_type       = var.aws_ecs_firelens_output_type
+  aws_ecs_firelens_output_options    = var.aws_ecs_firelens_output_options
   aws_ecs_cloudwatch_skip_destroy    = var.aws_ecs_cloudwatch_skip_destroy
   aws_ecs_cloudwatch_retention_days  = var.aws_ecs_cloudwatch_retention_days
   aws_region_current_name            = module.vpc.aws_region_current_name
diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs.tf
@@ -26,40 +26,64 @@ locals {
 
 resource "aws_ecs_task_definition" "ecs_task" {
   count                    = length(local.aws_ecs_app_image)
-  family                   = var.aws_ecs_task_name  != "" ? local.aws_ecs_task_name[count.index] : "${local.aws_ecs_task_name[count.index]}${count.index}"
+  family                   = var.aws_ecs_task_name != "" ? local.aws_ecs_task_name[count.index] : "${local.aws_ecs_task_name[count.index]}${count.index}"
   network_mode             = local.aws_ecs_task_network_mode[count.index]
   requires_compatibilities = [local.aws_ecs_task_type[count.index]]
   cpu                      = local.aws_ecs_task_cpu[count.index]
   memory                   = local.aws_ecs_task_mem[count.index]
   execution_role_arn       = local.ecsTaskExecutionRole
-  container_definitions = sensitive(jsonencode([
-    {
-      "image": local.aws_ecs_app_image[count.index],
-      "cpu": local.aws_ecs_container_cpu[count.index],
-      "memory": local.aws_ecs_container_mem[count.index],
-      "name": var.aws_ecs_task_name != "" ? local.aws_ecs_task_name[count.index] : "${local.aws_ecs_task_name[count.index]}${count.index}",
-      "networkMode": "awsvpc",
-      "portMappings": [
-        {
-          "name": "port-${local.aws_ecs_container_port[count.index]}",
-          "containerPort": tonumber(local.aws_ecs_container_port[count.index]),
-          "hostPort": tonumber(local.aws_ecs_container_port[count.index]),
-          "protocol": "tcp",
-          "appProtocol": "http"
-        }
-      ],
-      "environment": local.env_repo_vars
-      "logConfiguration": var.aws_ecs_cloudwatch_enable ? {
-        "logDriver": "awslogs",
-        "options": {
-          "awslogs-create-group": "true",
-          "awslogs-region": var.aws_region_current_name,
-          "awslogs-group": var.aws_ecs_cloudwatch_lg_name,
-          "awslogs-stream-prefix": aws_ecs_cluster.cluster.name
+
+  container_definitions = sensitive(jsonencode(
+    compact([ # compact removes null entries
+      {
+        "name": var.aws_ecs_task_name != "" ? local.aws_ecs_task_name[count.index] : "${local.aws_ecs_task_name[count.index]}${count.index}",
+        "image": local.aws_ecs_app_image[count.index],
+        "cpu": local.aws_ecs_container_cpu[count.index],
+        "memory": local.aws_ecs_container_mem[count.index],
+        "networkMode": "awsvpc",
+        "portMappings": [
+          {
+            "containerPort": tonumber(local.aws_ecs_container_port[count.index]),
+            "hostPort": tonumber(local.aws_ecs_container_port[count.index]),
+            "protocol": "tcp"
+          }
+        ],
+        "environment": local.env_repo_vars,
+
+        # === Log configuration ===
+        "logConfiguration": (
+          var.aws_ecs_cloudwatch_enable && var.aws_ecs_cloudwatch_log_driver == "awslogs" ?
+          {
+            "logDriver": "awslogs",
+            "options": {
+              "awslogs-create-group": "true",
+              "awslogs-region": var.aws_region_current_name,
+              "awslogs-group": var.aws_ecs_cloudwatch_lg_name,
+              "awslogs-stream-prefix": aws_ecs_cluster.cluster.name
+            }
+          } :
+          var.aws_ecs_cloudwatch_enable && var.aws_ecs_cloudwatch_log_driver == "awsfirelens" ?
+          {
+            "logDriver": "awsfirelens",
+            "options": merge(
+              { "Name": var.aws_ecs_firelens_output_type },
+              jsondecode(var.aws_ecs_firelens_output_options)
+            )
+          } : null
+        )
+      },
+
+      # === FireLens sidecar ===
+      var.aws_ecs_cloudwatch_enable && var.aws_ecs_cloudwatch_log_driver == "awsfirelens" ? {
+        "name": "log_router",
+        "image": "public.ecr.aws/aws-observability/aws-for-fluent-bit:latest",
+        "essential": true,
+        "firelensConfiguration": {
+          "type": "fluentbit"
         }
       } : null
-    }
-  ]))
+    ])
+  ))
 }
 
 resource "aws_ecs_task_definition" "ecs_task_from_json" {
diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf
@@ -25,6 +25,9 @@ variable "aws_ecs_autoscaling_min_nodes" {}
 variable "aws_ecs_autoscaling_max_mem" {}
 variable "aws_ecs_autoscaling_max_cpu" {}
 variable "aws_ecs_cloudwatch_enable" {}
+variable "aws_ecs_cloudwatch_log_driver" {}
+variable "aws_ecs_firelens_output_type" {}
+variable "aws_ecs_firelens_output_options" {}
 variable "aws_ecs_cloudwatch_lg_name" {}
 variable "aws_ecs_cloudwatch_skip_destroy" {}
 variable "aws_ecs_cloudwatch_retention_days" {}
