diff --git a/main.tf b/main.tf
index 5e380de7..1b885684 100644
--- a/main.tf
+++ b/main.tf
@@ -85,6 +85,7 @@ module "service" {
   service_registries                 = lookup(each.value, "service_registries", {})
   timeouts                           = try(each.value.timeouts, {})
   triggers                           = try(each.value.triggers, {})
+  volume_configuration               = try(each.value.volume_configuration, {})
   wait_for_steady_state              = try(each.value.wait_for_steady_state, null)
 
   # Service IAM role
@@ -98,6 +99,16 @@ module "service" {
   iam_role_tags                 = try(each.value.iam_role_tags, {})
   iam_role_statements           = lookup(each.value, "iam_role_statements", {})
 
+  # ECS infrastructure IAM role
+  create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, false)
+  infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null)
+  infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null)
+  infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true)
+  infrastructure_iam_role_path = try(each.value.infrastructure_iam_role_path, null)
+  infrastructure_iam_role_description = try(each.value.infrastructure_iam_role_description, null)
+  infrastructure_iam_role_permissions_boundary = try(each.value.infrastructure_iam_role_permissions_boundary, null)
+  infrastructure_iam_role_tags = try(each.value.infrastructure_iam_role_tags, {})
+
   # Task definition
   create_task_definition        = try(each.value.create_task_definition, true)
   task_definition_arn           = lookup(each.value, "task_definition_arn", null)
diff --git a/modules/service/main.tf b/modules/service/main.tf
index aa660abd..19e5dad0 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1505,8 +1505,8 @@ resource "aws_security_group_rule" "this" {
 ############################################################################################
 
 locals {
-  needs_infrastructure_iam_role  = var.create_infrastructure_iam_role && var.volume_configuration != null
-  create_infrastructure_iam_role = var.create && local.needs_infrastructure_iam_role
+  needs_infrastructure_iam_role  = var.volume_configuration != null
+  create_infrastructure_iam_role = var.create && var.create_infrastructure_iam_role && local.needs_infrastructure_iam_role
   infrastructure_iam_role_name   = try(coalesce(var.infrastructure_iam_role_name, var.name), "")
 }
 
diff --git a/modules/service/variables.tf b/modules/service/variables.tf
index c516013b..31d3b619 100644
--- a/modules/service/variables.tf
+++ b/modules/service/variables.tf
@@ -673,7 +673,7 @@ variable "security_group_tags" {
 variable "create_infrastructure_iam_role" {
   description = "Determines whether the ECS infrastructure IAM role should be created"
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "infrastructure_iam_role_arn" {