驚くほど簡単にAWSでDocker環境ができてしまいます。 Terraformの基本的な話は割愛します。

設定内容（例）

EC2

ポイントはiam_instance_profileとuser_dataです。

resource "aws_instance" "testInstance" {
    ami = "${data.aws_ami.amazon_linux.id}"
    instance_type = "t2.micro"
    key_name = ${var.key_name}
    vpc_security_group_ids = [
      "${aws_security_group.hoge.id}",
      "${aws_security_group.hogehoge.id}"
    ]
    subnet_id = "${aws_subnet.public-c.id}"
    associate_public_ip_address = "true"
    iam_instance_profile = "instance_role"
    root_block_device = {
      volume_type = "gp2"
      volume_size = "8"
    }
    tags {
        Name = "testInstance"
    }
    user_data = "${file("userdata.sh")}"
}

userdata

ECSクラスターと関連付けます。

#!/bin/bash
echo ECS_CLUSTER=hogehoge >> /etc/ecs/ecs.config

ECS

resource "aws_ecs_cluster" "hogehoge" {
  name = "hogehoge"
}

resource "aws_ecs_task_definition" "hogehoge" {
  network_mode = "bridge"
  family = "hogehoge"
  container_definitions = "${file("task-definitions/hogehoge.json")}"
}

resource "aws_ecs_service" "hogehoge" {
  name = "hogehoge"
  cluster = "${aws_ecs_cluster.hogehoge.id}"
  task_definition = "${aws_ecs_task_definition.hogehoge.arn}"
  desired_count = 1
}

container_definitions

[
  {
    "name": "hogehoge",
    "image": "hoge/hogehoge",
    "cpu": 10,
    "memory": 400,
    "essential": true,
    "portMappings": [
        {
            "hostPort": 114514,
            "containerPort": 114514,
            "protocol": "tcp"
        }
    ],
    "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
            "awslogs-group": "hogehoge",
            "awslogs-region": "ap-northeast-1",
            "awslogs-stream-prefix": "hogehoge"
        }
    }
  }
]

IAM role

resource "aws_iam_instance_profile" "instance_role" {
    name = "instance_role"
    roles = ["${aws_iam_role.instance_role.name}"]
}

resource "aws_iam_role" "instance_role" {
    name = "instance_role"
    assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

resource "aws_iam_role_policy" "instance_role_policy" {
    name = "instance_role_policy"
    role = "${aws_iam_role.instance_role.id}"
    policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ecs:*",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

CloudWatchLogs

ECSでLogDriverにawslogsを指定した場合、LogGroupを設定している必要がある。

resource "aws_cloudwatch_log_group" "hogehoge" {
  name = "hogehoge"
}