feat: Add support for service connect tls settings (#216)

* add dynamic tls block for service connect service

* set aws_pca_authority_arn to required

* also apply fix to ecs service without ignore_task_def

* formatting

---------

Co-authored-by: Kevin Ouellet <[email protected]>

Author: kevouellet

modules/service/main.tf

@@ -177,6 +177,24 @@ resource "aws_ecs_service" "this" {
             }
           }
 
+          dynamic "tls" {
+            for_each = try([service.value.tls], [])
+
+            content {
+
+              dynamic "issuer_cert_authority" {
+                for_each = tls.value.issuer_cert_authority
+
+                content {
+                  aws_pca_authority_arn = issuer_cert_authority.value.aws_pca_authority_arn
+                }
+              }
+
+              kms_key  = try(tls.value.kms_key, null)
+              role_arn = try(tls.value.role_arn, null)
+            }
+          }
+
           discovery_name        = try(service.value.discovery_name, null)
           ingress_port_override = try(service.value.ingress_port_override, null)
           port_name             = service.value.port_name
@@ -399,6 +417,24 @@ resource "aws_ecs_service" "ignore_task_definition" {
             }
           }
 
+          dynamic "tls" {
+            for_each = try([service.value.tls], [])
+
+            content {
+
+              dynamic "issuer_cert_authority" {
+                for_each = tls.value.issuer_cert_authority
+
+                content {
+                  aws_pca_authority_arn = issuer_cert_authority.value.aws_pca_authority_arn
+                }
+              }
+
+              kms_key  = try(tls.value.kms_key, null)
+              role_arn = try(tls.value.role_arn, null)
+            }
+          }
+
           discovery_name        = try(service.value.discovery_name, null)
           ingress_port_override = try(service.value.ingress_port_override, null)
           port_name             = service.value.port_name