Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── cloudwatch (directory)
│   ├── log_groups.tf
│   ├── provider.tf
├── elastic_container_services (directory)
│   ├── provider.tf
│   ├── task_definition.tf

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

This assumes you have already created an Elastic Container Service (ECS) Cluster using Terraform

log_groups.tf could have the following to create a Cloudwatch log group named ecs_log_group.

resource "aws_cloudwatch_log_group" "ecs_log_group" {
  name = "ecs_log_group"

  tags = {
   Name = "ecs_log_group"
  }
}

In the cloudwatch directory, you may need to reissue the terraform init command.

~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!

The terraform plan command can be used to see what Terraform will try to do.

~]$ terraform plan
Terraform will perform the following actions:

  # aws_cloudwatch_log_group.my_log_group will be created
  + resource "aws_cloudwatch_log_group" "my_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "my_log_group"
      + name_prefix       = (known after apply)
      + retention_in_days = 0
      + skip_destroy      = false
      + tags              = {
          + "Name" = "my_log_group"
        }
      + tags_all          = {
          + "Name" = "my_log_group"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

The terraform apply command can be used to create the log group.

terraform apply -auto-approve

task_definitions.tf could have something like this, where logConfigurations included the name of your Cloudwatch log group, which is ecs_log_group in this example.

resource "aws_ecs_task_definition" "flask-ec2-task-definition" {
  family                   = "flask"
  network_mode             = "awsvpc"
  requires_compatibilities = ["EC2"]
  cpu                      = 1024
  memory                   = 2048

  container_definitions = <<DEFINITION
  [
    {
      "name": "flask-container",
      "cpu": 10,
      "memory": 512,
      "image": "tiangolo/uwsgi-nginx-flask:python3.11",
      "portMappings": [
        {
          "containerPort": 3000,
          "hostPort": 3000
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-create-group": "true",
          "awslogs-group": "ecs_log_group",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "ecs_logs"
        }
      }
    }
  ]
  DEFINITION
}

In the cloudwatch directory, you may need to reissue the terraform init command.

~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!

The terraform plan command can be used to see what Terraform will try to do.

terraform plan

The terraform apply command can be used to create or update the Task Definition.

terraform apply -auto-approve