Is AWS ECS with Terraform broken?

Question

I am trying to spin up an ECS cluster with Terraform, but can not make EC2 instances register as container instances in the cluster.

I first tried with the verified module from Terraform, but this seems out dated (ecs-instance-profile has wrong path).

Then I tried with another module from anrim, but still no container instances. Here is the script I used:

provider "aws" {
  region = "us-east-1"
}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.21.0"

  name               = "ecs-alb-single-svc"
  cidr               = "10.10.10.0/24"
  azs                = ["us-east-1a", "us-east-1b", "us-east-1c"]
  private_subnets    = ["10.10.10.0/27", "10.10.10.32/27", "10.10.10.64/27"]
  public_subnets     = ["10.10.10.96/27", "10.10.10.128/27", "10.10.10.160/27"]

  tags = {
    Owner       = "user"
    Environment = "me"
  }
}

module "ecs_cluster" {
  source = "../../modules/cluster"

  name        = "ecs-alb-single-svc"
  vpc_id      = module.vpc.vpc_id
  vpc_subnets = module.vpc.private_subnets

  tags = {
    Owner       = "user"
    Environment = "me"
  }
}

I then created a new ecs cluster (from the aws console) on the same VPC and carefully compared the differences in resources. I managed to find some small differences, fixed them and tried again. But still no container instances!

A fork of the module is available here.

Answer 1

Can you see instances being created in the autoscaling group? If so, I'd suggest SSHing to one of them (either directly or using a bastion host, eg. see this module) and checking ECS agent logs. In my experience those problems are usually related to IAM policies, and that's pretty visible in logs but YMMV.