Skip to content

Terraform ECS Fargate advanced template

It's expected that users who choose to use Terraform over the equivalent CloudFormation template will have working knowledge of infrastructure as code using Terraform in AWS. Users should familiarize themselves with the official documentation before continuing:

Terraform template files can be found in the Downloads section of this article.

:::info{title='Note'} The template provides a blueprint for installation that you may use verbatim, but you may need to modify it to suit your own needs and rules governing your cloud infrastructure. :::

Created Resources

This template will create the following resources in your AWS account:

  • ECS Task Definition.
  • ECS Fargate Cluster.
  • S3 Bucket.
  • CloudWatch Log Group.
  • IAM Roles with permissions for the following:
    • Task Roles to your S3 bucket, ECS, EC2 and Secrets Manager (see "Task IAM Role" section).
    • Task Execution Roles to pull from ECR Public repositories (see "Task Execution IAM Role" section).


Edit the template

Users should inspect the template in a text editor and ensure the values are as expected before proceeding. In particular, the matillion_region environment variable should be edited to match the expected endpoint and region. Read Environment Variables for more information.


The template assumes you have certain resources already set up in your AWS stack. You'll also be required to provide details on these resources such as names, paths, and ARNs.

  • Subnet(s) within a customer private cloud with outbound access to the relevant data sources and destinations, as well as to ECR and to the Matillion CDC websocket endpoint.
  • Security group controlling ingress/egress within the subnets.
  • Secrets Manager entries for your Platform Key and database passwords.

User Access

Users are expected to have access to certain details and permissions:

  • Access to a valid Terraform installation.
  • Access to the Hub account and Data Loader.
  • CDC Agent environment variables (generated in Data Loader when creating a new agent).
  • Data Loader platform key (generated once per Data Loader account the first time you make an agent).
  • Access to AWS with the ability to create a stack on a billable account. You may require an administrator from your organization to either give access or perform this process with you.