Update example / Minor refactoring

sestrella · sestrella · commit f166ef8cd0a8 · 2024-12-01T10:34:32.000-05:00
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -21,6 +21,19 @@ locals {
   }
 }
 
+module "secrets_manager" {
+  for_each = {
+    BAR = "secret1"
+    FOO = "secret2"
+  }
+
+  source = "terraform-aws-modules/secrets-manager/aws"
+  version = "~> 1.3"
+
+  name_prefix   = each.key
+  secret_string = each.value
+}
+
 ################################################################################
 # Cluster
 ################################################################################
@@ -50,7 +63,7 @@ module "ecs" {
       cpu    = 1024
       memory = 4096
 
-      explicit_task_exec_secret_arns = true
+      explicit_task_exec_secret_arns = false
 
       # Container definition(s)
       container_definitions = {
@@ -72,6 +85,17 @@ module "ecs" {
           essential = true
           image     = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50"
 
+          secrets = [
+            {
+              name      = "FOO"
+              valueFrom = module.secrets_manager["FOO"].secret_arn
+            },
+            {
+              name      = "BAR"
+              valueFrom = module.secrets_manager["BAR"].secret_arn
+            }
+          ]
+
           health_check = {
             command = ["CMD-SHELL", "curl -f http://localhost:${local.container_port}/health || exit 1"]
           }
diff --git a/modules/container-definition/outputs.tf b/modules/container-definition/outputs.tf
@@ -7,6 +7,11 @@ output "container_definition" {
   value       = local.container_definition
 }
 
+output "secrets_arns" {
+  description = "The secrets ARNs for all containers defined"
+  value = [for v in try(local.container_definition.secrets, []): v.valueFrom]
+}
+
 ################################################################################
 # CloudWatch Log Group
 ################################################################################
diff --git a/modules/service/main.tf b/modules/service/main.tf
@@ -27,8 +27,8 @@ locals {
 
   create_service = var.create && var.create_service
 
-  container_definitions_secrets = flatten([for k, v in module.container_definition : v.container_definition.secrets])
-  task_exec_secret_arns         = var.explicit_task_exec_secret_arns ? [for v in local.container_definitions_secrets : v.valueFrom] : var.task_exec_secret_arns
+  secrets_arns          = flatten([for k, v in module.container_definition : v.secrets_arns])
+  task_exec_secret_arns = var.explicit_task_exec_secret_arns ? local.secrets_arns : var.task_exec_secret_arns
 }
 
 resource "aws_ecs_service" "this" {

Original file line number	Diff line number	Diff line change
`@@ -27,8 +27,8 @@ locals {`
`27`	`27`
`28`	`28`	`create_service = var.create && var.create_service`
`29`	`29`
`30`		`- container_definitions_secrets = flatten([for k, v in module.container_definition : v.container_definition.secrets])`
`31`		`- task_exec_secret_arns = var.explicit_task_exec_secret_arns ? [for v in local.container_definitions_secrets : v.valueFrom] : var.task_exec_secret_arns`
	`30`	`+ secrets_arns = flatten([for k, v in module.container_definition : v.secrets_arns])`
	`31`	`+ task_exec_secret_arns = var.explicit_task_exec_secret_arns ? local.secrets_arns : var.task_exec_secret_arns`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`resource "aws_ecs_service" "this" {`