Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── elastic_container_services (directory)
│   ├── services (directory)
│   ├── ├── ec2 (directory)
│   ├── ├── ├── provider.tf
│   ├── ├── ├── service.tf

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

This assumes you have already:

• Created an Elastic Container Service (ECS) Cluster using Terraform
• Created an Elastic Container Service (ECS) EC2 Task Definition using Terraform
• Created a Security Group using Terraform or List Security Groups using Terraform that will allow you to SSH onto the EC2 instance on port 22
• Register an EC2 Instance in Elastic Container Service (ECS) Cluster using Terraform
• Created a Load Balancer Target Group using Terraform or List Load Balancer Target Groups using Terraform
• Created a Virtual Private Cloud (VPC) Subnet using Terraform or List Virtual Private Cloud (VPC) Subnets using Terraform
• Create an IAM Role using Terraform that allows AmazonEC2ContainerServiceforEC2Role 

An ECS deployment can be:

• EC2 - apps run in EC2 instance
• FARGATE - serverless (no EC2 instances)

services.tf could have something like this.

resource "aws_ecs_service" "ecs-flask-ec2-service" {
  name            = "flask-ec2-service"
  launch_type     = "EC2"
  cluster         = aws_ecs_cluster.my-ecs-cluster.id
  task_definition = aws_ecs_task_definition.flask-ec2-task-definition.id
  desired_count   = 1

   load_balancer {
     target_group_arn = aws_lb_target_group.ecs-application-load-balancer-target-group.arn
     container_name   = aws_ecs_task_definition.flask-task-definition.id
     container_port   = 80
  }

  network_configuration {
    subnets         = [data.aws_subnets.subnets.ids[0],data.aws_subnets.subnets.ids[1]]
    security_groups = [data.aws_security_group.ecs-security-group.id]
  }

  lifecycle {
    ignore_changes = [task_definition, desired_count]
  }

} 

You may need to reissue the terraform init command.

~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!

The terraform plan command can be used to see what Terraform will try to do.

~]$ terraform plan
Terraform will perform the following actions:

  # aws_ecs_service.ecs-flask-ec2-service will be created
  + resource "aws_ecs_service" "ecs-flask-ec2-service" {
      + cluster                            = "arn:aws:ecs:us-east-2:123456789012:cluster/poc-ecs-cluster"
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "EC2"
      + name                               = "flask-ec2-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = "flask"
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "flask"
          + container_port   = 80
          + target_group_arn = "arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/ecs-target-group/94d249d96f071434"
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = [
              + "sg-0e01a484310ec2f8e",
            ]
          + subnets          = [
              + "subnet-000368eea6348dcd8",
              + "subnet-00a2efcf89006a953",
            ]
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

The terraform apply command can be used to create or update the Service.

terraform apply -auto-approve

And the Service should be listed in the AWS ECS console.

Underneath the hood, if you were to SSH onto the EC2 instance, there may be Docker containers running that ultimately produce the app.

[ec2-user@ip-10-29-19-83 ~]$ docker container ls
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                    PORTS     NAMES
59736f1599b3   tiangolo/uwsgi-nginx-flask:python3.11   "/entrypoint.sh /sta…"   41 minutes ago   Up 41 minutes                       ecs-flask-container-a6f3e3c983c9c0cf7f00
a440c869c89d   amazon/amazon-ecs-pause:0.1.0           "/pause"                 42 minutes ago   Up 42 minutes                       ecs-flask-internalecspause-da8cbebec0b497f6bc01
e89a9261d759   amazon/amazon-ecs-agent:latest          "/agent"                 47 minutes ago   Up 47 minutes (healthy)             ecs-agent