From d74d806d4cdf3eceebcd782d586836cf0248053b Mon Sep 17 00:00:00 2001
From: Thomas Montague <montague.thomas@gmail.com>
Date: Tue, 3 Sep 2024 15:40:21 -0500
Subject: [PATCH 1/5] Fix need infrastructure role check.

---
 modules/service/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index 889898fd..e1b6f489 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1505,7 +1505,7 @@ resource "aws_security_group_rule" "this" {
 ############################################################################################
 
 locals {
-  needs_infrastructure_iam_role  = var.volume_configuration != null
+  needs_infrastructure_iam_role  = length(var.volume_configuration) > 0
   create_infrastructure_iam_role = var.create && var.create_infrastructure_iam_role && local.needs_infrastructure_iam_role
   infrastructure_iam_role_name   = try(coalesce(var.infrastructure_iam_role_name, var.name), "")
 }

From 880b164bea12febe83f8b58c71057f63c96a0efe Mon Sep 17 00:00:00 2001
From: Thomas Montague <montague.thomas@gmail.com>
Date: Tue, 3 Sep 2024 16:14:01 -0500
Subject: [PATCH 2/5] try adjusting logic.

---
 modules/service/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index e1b6f489..bfebd40f 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -225,7 +225,7 @@ resource "aws_ecs_service" "this" {
         for_each = try([volume_configuration.value.managed_ebs_volume], [])
 
         content {
-          role_arn         = try(aws_iam_role.infrastructure_iam_role[0].arn, var.infrastructure_iam_role_arn)
+          role_arn         = local.infrastructure_iam_role_arn
           encrypted        = try(managed_ebs_volume.value.encrypted, null)
           file_system_type = try(managed_ebs_volume.value.file_system_type, null)
           iops             = try(managed_ebs_volume.value.iops, null)
@@ -1507,6 +1507,7 @@ resource "aws_security_group_rule" "this" {
 locals {
   needs_infrastructure_iam_role  = length(var.volume_configuration) > 0
   create_infrastructure_iam_role = var.create && var.create_infrastructure_iam_role && local.needs_infrastructure_iam_role
+  infrastructure_iam_role_arn    = local.needs_infrastructure_iam_role ? try(aws_iam_role.infrastructure_iam_role[0].arn, var.infrastructure_iam_role_arn) : null
   infrastructure_iam_role_name   = try(coalesce(var.infrastructure_iam_role_name, var.name), "")
 }
 

From f08eff51fdee5f3ad9f4e425cc6123725afa07d1 Mon Sep 17 00:00:00 2001
From: Thomas Montague <montague.thomas@gmail.com>
Date: Tue, 3 Sep 2024 16:16:45 -0500
Subject: [PATCH 3/5] explicit dep

---
 modules/service/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/service/main.tf b/modules/service/main.tf
index bfebd40f..6e00c077 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -254,7 +254,8 @@ resource "aws_ecs_service" "this" {
 
   depends_on = [
     aws_iam_role_policy_attachment.service,
-    aws_iam_role_policy_attachment.infrastructure_iam_role_ebs_policy
+    aws_iam_role_policy_attachment.infrastructure_iam_role_ebs_policy,
+    aws_iam_role.infrastructure_iam_role,
   ]
 
   lifecycle {

From f719bfca8b383983a30de73a6f2ac3f65b884a28 Mon Sep 17 00:00:00 2001
From: Thomas Montague <montague.thomas@gmail.com>
Date: Tue, 3 Sep 2024 16:23:37 -0500
Subject: [PATCH 4/5] forgot this default

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 1b885684..6261f433 100644
--- a/main.tf
+++ b/main.tf
@@ -100,7 +100,7 @@ module "service" {
   iam_role_statements           = lookup(each.value, "iam_role_statements", {})
 
   # ECS infrastructure IAM role
-  create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, false)
+  create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, true)
   infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null)
   infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null)
   infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true)

From 6003d172f2f32984d7fabe2ea49b1acaceee6653 Mon Sep 17 00:00:00 2001
From: Thomas Montague <montague.thomas@gmail.com>
Date: Tue, 3 Sep 2024 16:26:17 -0500
Subject: [PATCH 5/5] update example.

---
 examples/ec2-autoscaling/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/ec2-autoscaling/main.tf b/examples/ec2-autoscaling/main.tf
index 30bcb6ad..2fe2a62f 100644
--- a/examples/ec2-autoscaling/main.tf
+++ b/examples/ec2-autoscaling/main.tf
@@ -95,7 +95,6 @@ module "ecs_service" {
     }
   }
 
-  create_infrastructure_iam_role = true
   volume_configuration = {
     ebs-volume = {
       managed_ebs_volume = {