awsvpc: Network Configuration is not valid for the given networkMode of this task definition

Question

My task definition:

resource "aws_ecs_task_definition" "datadog" {
  family        = "${var.environment}-datadog-agent-task"
  task_role_arn = "arn:aws:iam::xxxxxxxx:role/datadog-role"

  container_definitions = <<EOF
[
  {
    "name": "${var.environment}-${var.datadog-identifier}",
    "network_mode" : "awsvpc",
    "image": "datadog/agent:latest",
    "portMappings": [
      {
...

My service defintion:

resource "aws_ecs_service" "datadog" {
  name            = "${var.environment}-${var.datadog-identifier}-datadog-ecs-service"
  cluster         = "${var.cluster}"
  task_definition = "${aws_ecs_task_definition.datadog.arn}"

  network_configuration {
    subnets = flatten(["${var.private_subnet_ids}"])
  }

  # This allows running one for every instance
  scheduling_strategy = "DAEMON"
}

I get the following error -

InvalidParameterException: Network Configuration is not valid for the given networkMode of this task definition

Is there something I am missing here? Looking at the Terraform docs and GitHub issues this should have worked. Is it related to running Datadog as a daemon?

Answer 1

You need to set the aws_ecs_task_definition's network_mode to awsvpc if you are defining the network_configuration of the service that uses that task definition.

This is mentioned in the documentation for the network_configuration parameter of the aws_ecs_service resource:

network_configuration - (Optional) The network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own Elastic Network Interface, and it is not supported for other network modes.

In your case you've added the network_mode parameter to the container definition instead of the task definition (a task is a collection of n containers and are grouped together to share some resources). The container definition schema doesn't allow for a network_mode parameter.