fix: Propagate support for EBS volumes to the root module (#223)

* Add missing support for EBS volumes.

The PR #205 failed to update the main module triggered when using the Terraform Registry as the module source.

* Set default to true

* Correct infra iam role logic.

Author: montaguethomas

main.tf

@@ -85,6 +85,7 @@ module "service" {
   service_registries                 = lookup(each.value, "service_registries", {})
   timeouts                           = try(each.value.timeouts, {})
   triggers                           = try(each.value.triggers, {})
+  volume_configuration               = try(each.value.volume_configuration, {})
   wait_for_steady_state              = try(each.value.wait_for_steady_state, null)
 
   # Service IAM role
@@ -98,6 +99,16 @@ module "service" {
   iam_role_tags                 = try(each.value.iam_role_tags, {})
   iam_role_statements           = lookup(each.value, "iam_role_statements", {})
 
+  # ECS infrastructure IAM role
+  create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, false)
+  infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null)
+  infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null)
+  infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true)
+  infrastructure_iam_role_path = try(each.value.infrastructure_iam_role_path, null)
+  infrastructure_iam_role_description = try(each.value.infrastructure_iam_role_description, null)
+  infrastructure_iam_role_permissions_boundary = try(each.value.infrastructure_iam_role_permissions_boundary, null)
+  infrastructure_iam_role_tags = try(each.value.infrastructure_iam_role_tags, {})
+
   # Task definition
   create_task_definition        = try(each.value.create_task_definition, true)
   task_definition_arn           = lookup(each.value, "task_definition_arn", null)

modules/service/main.tf

@@ -1505,8 +1505,8 @@ resource "aws_security_group_rule" "this" {
 ############################################################################################
 
 locals {
-  needs_infrastructure_iam_role  = var.create_infrastructure_iam_role && var.volume_configuration != null
-  create_infrastructure_iam_role = var.create && local.needs_infrastructure_iam_role
+  needs_infrastructure_iam_role  = var.volume_configuration != null
+  create_infrastructure_iam_role = var.create && var.create_infrastructure_iam_role && local.needs_infrastructure_iam_role
   infrastructure_iam_role_name   = try(coalesce(var.infrastructure_iam_role_name, var.name), "")
 }
 

modules/service/variables.tf

@@ -673,7 +673,7 @@ variable "security_group_tags" {
 variable "create_infrastructure_iam_role" {
   description = "Determines whether the ECS infrastructure IAM role should be created"
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "infrastructure_iam_role_arn" {