From 09909bf42db974ea66f44b4ec52e30135712bf4e Mon Sep 17 00:00:00 2001 From: Thomas Montague Date: Tue, 3 Sep 2024 15:04:26 -0500 Subject: [PATCH 1/3] Add missing support for EBS volumes. The PR https://github.com/terraform-aws-modules/terraform-aws-ecs/pull/205 failed to update the main module triggered when using the Terraform Registry as the module source. --- main.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/main.tf b/main.tf index 5e380de7..1b885684 100644 --- a/main.tf +++ b/main.tf @@ -85,6 +85,7 @@ module "service" { service_registries = lookup(each.value, "service_registries", {}) timeouts = try(each.value.timeouts, {}) triggers = try(each.value.triggers, {}) + volume_configuration = try(each.value.volume_configuration, {}) wait_for_steady_state = try(each.value.wait_for_steady_state, null) # Service IAM role @@ -98,6 +99,16 @@ module "service" { iam_role_tags = try(each.value.iam_role_tags, {}) iam_role_statements = lookup(each.value, "iam_role_statements", {}) + # ECS infrastructure IAM role + create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, false) + infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null) + infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null) + infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true) + infrastructure_iam_role_path = try(each.value.infrastructure_iam_role_path, null) + infrastructure_iam_role_description = try(each.value.infrastructure_iam_role_description, null) + infrastructure_iam_role_permissions_boundary = try(each.value.infrastructure_iam_role_permissions_boundary, null) + infrastructure_iam_role_tags = try(each.value.infrastructure_iam_role_tags, {}) + # Task definition create_task_definition = try(each.value.create_task_definition, true) task_definition_arn = lookup(each.value, "task_definition_arn", null) From 9234a35fc35ebed9c77987ba1f1758750d776627 Mon Sep 17 00:00:00 2001 From: Thomas Montague Date: Tue, 3 Sep 2024 15:28:21 -0500 Subject: [PATCH 2/3] Set default to true --- modules/service/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/service/variables.tf b/modules/service/variables.tf index c516013b..31d3b619 100644 --- a/modules/service/variables.tf +++ b/modules/service/variables.tf @@ -673,7 +673,7 @@ variable "security_group_tags" { variable "create_infrastructure_iam_role" { description = "Determines whether the ECS infrastructure IAM role should be created" type = bool - default = false + default = true } variable "infrastructure_iam_role_arn" { From fbf53a7ad229f50c3e8e1187e4baa11cacb0c764 Mon Sep 17 00:00:00 2001 From: Thomas Montague Date: Tue, 3 Sep 2024 15:29:11 -0500 Subject: [PATCH 3/3] Correct infra iam role logic. --- modules/service/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/service/main.tf b/modules/service/main.tf index aa660abd..19e5dad0 100644 --- a/modules/service/main.tf +++ b/modules/service/main.tf @@ -1505,8 +1505,8 @@ resource "aws_security_group_rule" "this" { ############################################################################################ locals { - needs_infrastructure_iam_role = var.create_infrastructure_iam_role && var.volume_configuration != null - create_infrastructure_iam_role = var.create && local.needs_infrastructure_iam_role + needs_infrastructure_iam_role = var.volume_configuration != null + create_infrastructure_iam_role = var.create && var.create_infrastructure_iam_role && local.needs_infrastructure_iam_role infrastructure_iam_role_name = try(coalesce(var.infrastructure_iam_role_name, var.name), "") }