Consul Enterprise

    When you set up an instance of the mesh-task or module, set the parameter to a Consul Enterprise image. The following example instructs the mesh-task module to import Consul Enterprise version 1.12.0:

    1. module "my_task" {
    2.   source  = "hashicorp/consul-ecs/aws//modules/mesh-task"
    3.   version = "<latest version>"
    5.   consul_image = "hashicorp/consul-enterprise:1.12.0-ent"
    6. }

    Warning: Consul Enterprise is currently only fully supported when ACLs are enabled.

    Consul Enterprise . If running Consul on ECS with ACLs enabled, the license will be automatically pulled down from Consul servers.

    You can operate Consul Enterprise servers with Consul OSS (open source) clients as long as the features you are using do not require Consul Enterprise client support. Admin partitions and namespaces, for example, require Consul Enterprise clients and are not supported with Consul OSS.

    Consul on ECS supports the following Consul Enterprise features. If you are only using features that run on Consul servers, then you can use an OSS client in your service mesh tasks on ECS. If client support is required for any of the features, then you must use a Consul Enterprise client in your mesh-tasks.

    Consul on ECS supports admin partitions and when Consul Enterprise servers and clients are used. These features have the following requirements:

    • ACLs must be enabled.
    • ACL controller must run in the ECS cluster.
    • mesh-task must use a Consul Enterprise client image.
    • must use a Consul Enterprise client image.

    NOTE: The ACL controller does not delete admin partitions or namespaces once they are created.

    Each ACL controller manages a single admin partition. Consul on ECS supports one ACL controller per ECS cluster; therefore, the administrative boundary for admin partitions is one admin partition per ECS cluster.

    The following example demonstrates how to configure the ACL controller to enable admin partitions and manage an admin partition named my-partition. The consul_partition field is optional and if it is not provided when , will default to the default admin partition.

    1. module "acl_controller" {
    2.   source = "hashicorp/consul/aws-ecs//modules/acl-controller"
    4.   ...
    6.   consul_partition          = "my-partition"
    7. }

    The following example demonstrates how to create a mesh-task assigned to the admin partition named my-partition, in the my-namespace namespace.

    1. module "my_task" {
    2.   source = "hashicorp/consul/aws-ecs//modules/mesh-task"
    3.   family = "my_task"
    5.   ...
    7.   consul_image     = "hashicorp/consul-enterprise:<version>-ent"
    8.   consul_partition = "my-partition"
    9. }