From 7d40665a9caeae7519dac593596b52b0b0aee688 Mon Sep 17 00:00:00 2001 From: Paul Santus Date: Mon, 16 Sep 2024 14:36:04 +0200 Subject: [PATCH 1/3] feat: Add support for restartPolicy (#230) --- examples/complete/main.tf | 6 ++++++ examples/fargate/main.tf | 6 ++++++ modules/container-definition/README.md | 1 + modules/container-definition/main.tf | 1 + modules/container-definition/variables.tf | 16 ++++++++++++++++ modules/service/README.md | 6 ++++++ modules/service/main.tf | 1 + wrappers/container-definition/main.tf | 23 +++++++++++++---------- 8 files changed, 50 insertions(+), 10 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b7353bbd..aaf4ef82 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -102,6 +102,12 @@ module "ecs" { } } memory_reservation = 100 + + restart_policy = { + enabled = true + ignoredExitCodes = [1] + restartAttemptPeriod = 60 + } } } diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf index c263e0b8..6a1de4db 100644 --- a/examples/fargate/main.tf +++ b/examples/fargate/main.tf @@ -121,6 +121,12 @@ module "ecs_service" { } } + restart_policy = { + enabled = true + ignoredExitCodes = [1] + restartAttemptPeriod = 60 + } + # Not required for fluent-bit, just an example volumes_from = [{ sourceContainer = "fluent-bit" diff --git a/modules/container-definition/README.md b/modules/container-definition/README.md index ada38d25..6cb57126 100644 --- a/modules/container-definition/README.md +++ b/modules/container-definition/README.md @@ -178,6 +178,7 @@ No modules. | [readonly\_root\_filesystem](#input\_readonly\_root\_filesystem) | When this parameter is true, the container is given read-only access to its root file system | `bool` | `true` | no | | [repository\_credentials](#input\_repository\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `{}` | no | | [resource\_requirements](#input\_resource\_requirements) | The type and amount of a resource to assign to a container. The only supported resource is a GPU | 
list(object({
    type  = string
    value = string
  }))
| `[]` | no | +| [restart\_policy](#input\_restart\_policy) | Container restart policy; helps overcome transient failures faster and maintain task availability | 
object({
    enabled              = bool
    ignoredExitCodes     = optional(list(number))
    restartAttemptPeriod = optional(number)
  })
| 
{
  "enabled": false
}
| no | | [secrets](#input\_secrets) | The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the Amazon Elastic Container Service Developer Guide | 
list(object({
    name      = string
    valueFrom = string
  }))
| `[]` | no | | [service](#input\_service) | The name of the service that the container definition is associated with | `string` | `""` | no | | [start\_timeout](#input\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | diff --git a/modules/container-definition/main.tf b/modules/container-definition/main.tf index 682fc94c..8982d148 100644 --- a/modules/container-definition/main.tf +++ b/modules/container-definition/main.tf @@ -54,6 +54,7 @@ locals { portMappings = var.port_mappings privileged = local.is_not_windows ? var.privileged : null pseudoTerminal = var.pseudo_terminal + restartPolicy = var.restart_policy readonlyRootFilesystem = local.is_not_windows ? var.readonly_root_filesystem : null repositoryCredentials = length(var.repository_credentials) > 0 ? var.repository_credentials : null resourceRequirements = length(var.resource_requirements) > 0 ? var.resource_requirements : null diff --git a/modules/container-definition/variables.tf b/modules/container-definition/variables.tf index 0f88b9de..e43cc720 100644 --- a/modules/container-definition/variables.tf +++ b/modules/container-definition/variables.tf @@ -215,6 +215,22 @@ variable "resource_requirements" { default = [] } +variable "restart_policy" { + description = "Container restart policy; helps overcome transient failures faster and maintain task availability" + type = object({ + enabled = bool + ignoredExitCodes = optional(list(number)) + restartAttemptPeriod = optional(number) + }) + default = { + enabled = false + } + validation { + condition = var.restart_policy.restartAttemptPeriod == null ? true : (var.restart_policy.restartAttemptPeriod >= 60 && var.restart_policy.restartAttemptPeriod <= 1800) + error_message = "The restart attempt period must be between 60 and 1800 seconds." + } +} + variable "secrets" { description = "The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the Amazon Elastic Container Service Developer Guide" type = list(object({ diff --git a/modules/service/README.md b/modules/service/README.md index 2101fd30..6f03ba6c 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -70,6 +70,12 @@ module "ecs_service" { } } memory_reservation = 100 + + restart_policy = { + enabled = true + ignoredExitCodes = [1] + restartAttemptPeriod = 60 + } } } diff --git a/modules/service/main.tf b/modules/service/main.tf index 48434739..6dcf0261 100644 --- a/modules/service/main.tf +++ b/modules/service/main.tf @@ -565,6 +565,7 @@ module "container_definition" { readonly_root_filesystem = try(each.value.readonly_root_filesystem, var.container_definition_defaults.readonly_root_filesystem, true) repository_credentials = try(each.value.repository_credentials, var.container_definition_defaults.repository_credentials, {}) resource_requirements = try(each.value.resource_requirements, var.container_definition_defaults.resource_requirements, []) + restart_policy = try(each.value.restart_policy, var.container_definition_defaults.restart_policy, { enabled = false }) secrets = try(each.value.secrets, var.container_definition_defaults.secrets, []) start_timeout = try(each.value.start_timeout, var.container_definition_defaults.start_timeout, 30) stop_timeout = try(each.value.stop_timeout, var.container_definition_defaults.stop_timeout, 120) diff --git a/wrappers/container-definition/main.tf b/wrappers/container-definition/main.tf index 7bcba25d..5f6c5d60 100644 --- a/wrappers/container-definition/main.tf +++ b/wrappers/container-definition/main.tf @@ -42,14 +42,17 @@ module "wrapper" { readonly_root_filesystem = try(each.value.readonly_root_filesystem, var.defaults.readonly_root_filesystem, true) repository_credentials = try(each.value.repository_credentials, var.defaults.repository_credentials, {}) resource_requirements = try(each.value.resource_requirements, var.defaults.resource_requirements, []) - secrets = try(each.value.secrets, var.defaults.secrets, []) - service = try(each.value.service, var.defaults.service, "") - start_timeout = try(each.value.start_timeout, var.defaults.start_timeout, 30) - stop_timeout = try(each.value.stop_timeout, var.defaults.stop_timeout, 120) - system_controls = try(each.value.system_controls, var.defaults.system_controls, []) - tags = try(each.value.tags, var.defaults.tags, {}) - ulimits = try(each.value.ulimits, var.defaults.ulimits, []) - user = try(each.value.user, var.defaults.user, null) - volumes_from = try(each.value.volumes_from, var.defaults.volumes_from, []) - working_directory = try(each.value.working_directory, var.defaults.working_directory, null) + restart_policy = try(each.value.restart_policy, var.defaults.restart_policy, { + enabled = false + }) + secrets = try(each.value.secrets, var.defaults.secrets, []) + service = try(each.value.service, var.defaults.service, "") + start_timeout = try(each.value.start_timeout, var.defaults.start_timeout, 30) + stop_timeout = try(each.value.stop_timeout, var.defaults.stop_timeout, 120) + system_controls = try(each.value.system_controls, var.defaults.system_controls, []) + tags = try(each.value.tags, var.defaults.tags, {}) + ulimits = try(each.value.ulimits, var.defaults.ulimits, []) + user = try(each.value.user, var.defaults.user, null) + volumes_from = try(each.value.volumes_from, var.defaults.volumes_from, []) + working_directory = try(each.value.working_directory, var.defaults.working_directory, null) } From 92c2b4f541b456fff4cb7601814370277fff5c19 Mon Sep 17 00:00:00 2001 From: Paul Santus Date: Mon, 16 Sep 2024 16:20:33 +0200 Subject: [PATCH 2/3] fix precommit error --- modules/service/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/service/README.md b/modules/service/README.md index 6f03ba6c..75984a02 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -70,7 +70,7 @@ module "ecs_service" { } } memory_reservation = 100 - + restart_policy = { enabled = true ignoredExitCodes = [1] From ea37cdb26e2dda6a040db4ec0d5857338d65b02e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 16 Sep 2024 09:54:18 -0500 Subject: [PATCH 3/3] fix: Correct defaults and remove redundant validation --- .pre-commit-config.yaml | 2 +- README.md | 6 +++--- examples/complete/README.md | 8 ++++---- examples/complete/versions.tf | 2 +- examples/ec2-autoscaling/README.md | 8 ++++---- examples/ec2-autoscaling/versions.tf | 2 +- examples/fargate/README.md | 8 ++++---- examples/fargate/versions.tf | 2 +- main.tf | 14 ++++++------- modules/cluster/README.md | 8 ++++---- modules/cluster/versions.tf | 2 +- modules/container-definition/README.md | 10 +++++----- modules/container-definition/variables.tf | 10 ++-------- modules/container-definition/versions.tf | 2 +- modules/service/README.md | 10 +++++----- modules/service/versions.tf | 2 +- versions.tf | 2 +- wrappers/cluster/versions.tf | 2 +- wrappers/container-definition/main.tf | 24 +++++++++++------------ wrappers/container-definition/versions.tf | 2 +- wrappers/service/main.tf | 4 ++-- wrappers/service/versions.tf | 2 +- wrappers/versions.tf | 2 +- 23 files changed, 63 insertions(+), 71 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b567c521..529e9d0e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.0 + rev: v1.96.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/README.md b/README.md index b2cbef86..21669808 100644 --- a/README.md +++ b/README.md @@ -154,13 +154,13 @@ module "ecs" { - [ECS Cluster w/ EC2 Autoscaling Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/ec2-autoscaling) - [ECS Cluster w/ Fargate Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/fargate) - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers @@ -225,7 +225,7 @@ No resources. | [task\_exec\_iam\_role\_arn](#output\_task\_exec\_iam\_role\_arn) | Task execution IAM role ARN | | [task\_exec\_iam\_role\_name](#output\_task\_exec\_iam\_role\_name) | Task execution IAM role name | | [task\_exec\_iam\_role\_unique\_id](#output\_task\_exec\_iam\_role\_unique\_id) | Stable and unique string identifying the task execution IAM role | - + ## Authors diff --git a/examples/complete/README.md b/examples/complete/README.md index edffba88..77bdb2a5 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,19 +21,19 @@ $ terraform apply Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources. - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -68,7 +68,7 @@ No inputs. | [cluster\_id](#output\_cluster\_id) | ID that identifies the cluster | | [cluster\_name](#output\_cluster\_name) | Name that identifies the cluster | | [services](#output\_services) | Map of services created and their attributes | - + ## License diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index dc999065..790c7ad1 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/examples/ec2-autoscaling/README.md b/examples/ec2-autoscaling/README.md index 1ca87e47..33b6e5f3 100644 --- a/examples/ec2-autoscaling/README.md +++ b/examples/ec2-autoscaling/README.md @@ -21,19 +21,19 @@ $ terraform apply Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources. - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -88,7 +88,7 @@ No inputs. | [service\_tasks\_iam\_role\_arn](#output\_service\_tasks\_iam\_role\_arn) | Tasks IAM role ARN | | [service\_tasks\_iam\_role\_name](#output\_service\_tasks\_iam\_role\_name) | Tasks IAM role name | | [service\_tasks\_iam\_role\_unique\_id](#output\_service\_tasks\_iam\_role\_unique\_id) | Stable and unique string identifying the tasks IAM role | - + ## License diff --git a/examples/ec2-autoscaling/versions.tf b/examples/ec2-autoscaling/versions.tf index dc999065..790c7ad1 100644 --- a/examples/ec2-autoscaling/versions.tf +++ b/examples/ec2-autoscaling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/examples/fargate/README.md b/examples/fargate/README.md index 183616e9..19ed8cf3 100644 --- a/examples/fargate/README.md +++ b/examples/fargate/README.md @@ -21,19 +21,19 @@ $ terraform apply Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources. - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -91,7 +91,7 @@ No inputs. | [service\_tasks\_iam\_role\_name](#output\_service\_tasks\_iam\_role\_name) | Tasks IAM role name | | [service\_tasks\_iam\_role\_unique\_id](#output\_service\_tasks\_iam\_role\_unique\_id) | Stable and unique string identifying the tasks IAM role | | [task\_definition\_run\_task\_command](#output\_task\_definition\_run\_task\_command) | awscli command to run the standalone task | - + ## License diff --git a/examples/fargate/versions.tf b/examples/fargate/versions.tf index dc999065..790c7ad1 100644 --- a/examples/fargate/versions.tf +++ b/examples/fargate/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/main.tf b/main.tf index 6261f433..682251d7 100644 --- a/main.tf +++ b/main.tf @@ -100,14 +100,14 @@ module "service" { iam_role_statements = lookup(each.value, "iam_role_statements", {}) # ECS infrastructure IAM role - create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, true) - infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null) - infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null) - infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true) - infrastructure_iam_role_path = try(each.value.infrastructure_iam_role_path, null) - infrastructure_iam_role_description = try(each.value.infrastructure_iam_role_description, null) + create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, true) + infrastructure_iam_role_arn = try(each.value.infrastructure_iam_role_arn, null) + infrastructure_iam_role_name = try(each.value.infrastructure_iam_role_name, null) + infrastructure_iam_role_use_name_prefix = try(each.value.infrastructure_iam_role_use_name_prefix, true) + infrastructure_iam_role_path = try(each.value.infrastructure_iam_role_path, null) + infrastructure_iam_role_description = try(each.value.infrastructure_iam_role_description, null) infrastructure_iam_role_permissions_boundary = try(each.value.infrastructure_iam_role_permissions_boundary, null) - infrastructure_iam_role_tags = try(each.value.infrastructure_iam_role_tags, {}) + infrastructure_iam_role_tags = try(each.value.infrastructure_iam_role_tags, {}) # Task definition create_task_definition = try(each.value.create_task_definition, true) diff --git a/modules/cluster/README.md b/modules/cluster/README.md index 5f1d8289..6fb44c8b 100644 --- a/modules/cluster/README.md +++ b/modules/cluster/README.md @@ -131,19 +131,19 @@ module "ecs_cluster" { - [ECS Cluster w/ EC2 Autoscaling Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/ec2-autoscaling) - [ECS Cluster w/ Fargate Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/fargate) - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -209,7 +209,7 @@ No modules. | [task\_exec\_iam\_role\_arn](#output\_task\_exec\_iam\_role\_arn) | Task execution IAM role ARN | | [task\_exec\_iam\_role\_name](#output\_task\_exec\_iam\_role\_name) | Task execution IAM role name | | [task\_exec\_iam\_role\_unique\_id](#output\_task\_exec\_iam\_role\_unique\_id) | Stable and unique string identifying the task execution IAM role | - + ## License diff --git a/modules/cluster/versions.tf b/modules/cluster/versions.tf index dc999065..790c7ad1 100644 --- a/modules/cluster/versions.tf +++ b/modules/cluster/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/modules/container-definition/README.md b/modules/container-definition/README.md index 6164eb0d..6a014789 100644 --- a/modules/container-definition/README.md +++ b/modules/container-definition/README.md @@ -110,19 +110,19 @@ module "example_ecs_container_definition" { - [ECS Cluster w/ EC2 Autoscaling Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/ec2-autoscaling) - [ECS Cluster w/ Fargate Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/fargate) - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -178,7 +178,7 @@ No modules. | [readonly\_root\_filesystem](#input\_readonly\_root\_filesystem) | When this parameter is true, the container is given read-only access to its root file system | `bool` | `true` | no | | [repository\_credentials](#input\_repository\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `{}` | no | | [resource\_requirements](#input\_resource\_requirements) | The type and amount of a resource to assign to a container. The only supported resource is a GPU | 
list(object({
    type  = string
    value = string
  }))
| `[]` | no | -| [restart\_policy](#input\_restart\_policy) | Container restart policy; helps overcome transient failures faster and maintain task availability | 
object({
    enabled              = bool
    ignoredExitCodes     = optional(list(number))
    restartAttemptPeriod = optional(number)
  })
| 
{
  "enabled": false
}
| no | +| [restart\_policy](#input\_restart\_policy) | Container restart policy; helps overcome transient failures faster and maintain task availability | 
object({
    enabled              = optional(bool)
    ignoredExitCodes     = optional(list(number))
    restartAttemptPeriod = optional(number)
  })
| `null` | no | | [secrets](#input\_secrets) | The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the Amazon Elastic Container Service Developer Guide | 
list(object({
    name      = string
    valueFrom = string
  }))
| `[]` | no | | [service](#input\_service) | The name of the service that the container definition is associated with | `string` | `""` | no | | [start\_timeout](#input\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | @@ -197,7 +197,7 @@ No modules. | [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | ARN of CloudWatch log group created | | [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of CloudWatch log group created | | [container\_definition](#output\_container\_definition) | Container definition | - + ## License diff --git a/modules/container-definition/variables.tf b/modules/container-definition/variables.tf index e43cc720..a1349ba2 100644 --- a/modules/container-definition/variables.tf +++ b/modules/container-definition/variables.tf @@ -218,17 +218,11 @@ variable "resource_requirements" { variable "restart_policy" { description = "Container restart policy; helps overcome transient failures faster and maintain task availability" type = object({ - enabled = bool + enabled = optional(bool) ignoredExitCodes = optional(list(number)) restartAttemptPeriod = optional(number) }) - default = { - enabled = false - } - validation { - condition = var.restart_policy.restartAttemptPeriod == null ? true : (var.restart_policy.restartAttemptPeriod >= 60 && var.restart_policy.restartAttemptPeriod <= 1800) - error_message = "The restart attempt period must be between 60 and 1800 seconds." - } + default = null } variable "secrets" { diff --git a/modules/container-definition/versions.tf b/modules/container-definition/versions.tf index dc999065..790c7ad1 100644 --- a/modules/container-definition/versions.tf +++ b/modules/container-definition/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/modules/service/README.md b/modules/service/README.md index 2513d353..f99d3131 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -167,19 +167,19 @@ module "ecs_service" { - [ECS Cluster w/ EC2 Autoscaling Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/ec2-autoscaling) - [ECS Cluster w/ Fargate Capacity Provider](https://github.com/terraform-aws-modules/terraform-aws-ecs/tree/master/examples/fargate) - + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 5.59 | +| [aws](#requirement\_aws) | >= 5.63 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.59 | +| [aws](#provider\_aws) | >= 5.63 | ## Modules @@ -243,7 +243,7 @@ module "ecs_service" { | [cpu](#input\_cpu) | Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required | `number` | `1024` | no | | [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no | | [create\_iam\_role](#input\_create\_iam\_role) | Determines whether the ECS service IAM role should be created | `bool` | `true` | no | -| [create\_infrastructure\_iam\_role](#input\_create\_infrastructure\_iam\_role) | Determines whether the ECS infrastructure IAM role should be created | `bool` | `false` | no | +| [create\_infrastructure\_iam\_role](#input\_create\_infrastructure\_iam\_role) | Determines whether the ECS infrastructure IAM role should be created | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `true` | no | | [create\_service](#input\_create\_service) | Determines whether service resource will be created (set to `false` in case you want to create task definition only) | `bool` | `true` | no | | [create\_task\_definition](#input\_create\_task\_definition) | Determines whether to create a task definition or use existing/provided | `bool` | `true` | no | @@ -371,7 +371,7 @@ module "ecs_service" { | [tasks\_iam\_role\_arn](#output\_tasks\_iam\_role\_arn) | Tasks IAM role ARN | | [tasks\_iam\_role\_name](#output\_tasks\_iam\_role\_name) | Tasks IAM role name | | [tasks\_iam\_role\_unique\_id](#output\_tasks\_iam\_role\_unique\_id) | Stable and unique string identifying the tasks IAM role | - + ## License diff --git a/modules/service/versions.tf b/modules/service/versions.tf index dc999065..790c7ad1 100644 --- a/modules/service/versions.tf +++ b/modules/service/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/versions.tf b/versions.tf index dc999065..790c7ad1 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/wrappers/cluster/versions.tf b/wrappers/cluster/versions.tf index dc999065..790c7ad1 100644 --- a/wrappers/cluster/versions.tf +++ b/wrappers/cluster/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/wrappers/container-definition/main.tf b/wrappers/container-definition/main.tf index 5f6c5d60..e5644f81 100644 --- a/wrappers/container-definition/main.tf +++ b/wrappers/container-definition/main.tf @@ -42,17 +42,15 @@ module "wrapper" { readonly_root_filesystem = try(each.value.readonly_root_filesystem, var.defaults.readonly_root_filesystem, true) repository_credentials = try(each.value.repository_credentials, var.defaults.repository_credentials, {}) resource_requirements = try(each.value.resource_requirements, var.defaults.resource_requirements, []) - restart_policy = try(each.value.restart_policy, var.defaults.restart_policy, { - enabled = false - }) - secrets = try(each.value.secrets, var.defaults.secrets, []) - service = try(each.value.service, var.defaults.service, "") - start_timeout = try(each.value.start_timeout, var.defaults.start_timeout, 30) - stop_timeout = try(each.value.stop_timeout, var.defaults.stop_timeout, 120) - system_controls = try(each.value.system_controls, var.defaults.system_controls, []) - tags = try(each.value.tags, var.defaults.tags, {}) - ulimits = try(each.value.ulimits, var.defaults.ulimits, []) - user = try(each.value.user, var.defaults.user, null) - volumes_from = try(each.value.volumes_from, var.defaults.volumes_from, []) - working_directory = try(each.value.working_directory, var.defaults.working_directory, null) + restart_policy = try(each.value.restart_policy, var.defaults.restart_policy, null) + secrets = try(each.value.secrets, var.defaults.secrets, []) + service = try(each.value.service, var.defaults.service, "") + start_timeout = try(each.value.start_timeout, var.defaults.start_timeout, 30) + stop_timeout = try(each.value.stop_timeout, var.defaults.stop_timeout, 120) + system_controls = try(each.value.system_controls, var.defaults.system_controls, []) + tags = try(each.value.tags, var.defaults.tags, {}) + ulimits = try(each.value.ulimits, var.defaults.ulimits, []) + user = try(each.value.user, var.defaults.user, null) + volumes_from = try(each.value.volumes_from, var.defaults.volumes_from, []) + working_directory = try(each.value.working_directory, var.defaults.working_directory, null) } diff --git a/wrappers/container-definition/versions.tf b/wrappers/container-definition/versions.tf index dc999065..790c7ad1 100644 --- a/wrappers/container-definition/versions.tf +++ b/wrappers/container-definition/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf index aaf8941a..2d367a7b 100644 --- a/wrappers/service/main.tf +++ b/wrappers/service/main.tf @@ -35,7 +35,7 @@ module "wrapper" { cpu = try(each.value.cpu, var.defaults.cpu, 1024) create = try(each.value.create, var.defaults.create, true) create_iam_role = try(each.value.create_iam_role, var.defaults.create_iam_role, true) - create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, var.defaults.create_infrastructure_iam_role, false) + create_infrastructure_iam_role = try(each.value.create_infrastructure_iam_role, var.defaults.create_infrastructure_iam_role, true) create_security_group = try(each.value.create_security_group, var.defaults.create_security_group, true) create_service = try(each.value.create_service, var.defaults.create_service, true) create_task_definition = try(each.value.create_task_definition, var.defaults.create_task_definition, true) @@ -118,7 +118,6 @@ module "wrapper" { task_exec_iam_statements = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {}) task_exec_secret_arns = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"]) task_exec_ssm_param_arns = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"]) - task_tags = try(each.value.task_tags, var.defaults.task_tags, {}) tasks_iam_role_arn = try(each.value.tasks_iam_role_arn, var.defaults.tasks_iam_role_arn, null) tasks_iam_role_description = try(each.value.tasks_iam_role_description, var.defaults.tasks_iam_role_description, null) tasks_iam_role_name = try(each.value.tasks_iam_role_name, var.defaults.tasks_iam_role_name, null) @@ -128,6 +127,7 @@ module "wrapper" { tasks_iam_role_statements = try(each.value.tasks_iam_role_statements, var.defaults.tasks_iam_role_statements, {}) tasks_iam_role_tags = try(each.value.tasks_iam_role_tags, var.defaults.tasks_iam_role_tags, {}) tasks_iam_role_use_name_prefix = try(each.value.tasks_iam_role_use_name_prefix, var.defaults.tasks_iam_role_use_name_prefix, true) + task_tags = try(each.value.task_tags, var.defaults.task_tags, {}) timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) triggers = try(each.value.triggers, var.defaults.triggers, {}) volume = try(each.value.volume, var.defaults.volume, {}) diff --git a/wrappers/service/versions.tf b/wrappers/service/versions.tf index dc999065..790c7ad1 100644 --- a/wrappers/service/versions.tf +++ b/wrappers/service/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } } diff --git a/wrappers/versions.tf b/wrappers/versions.tf index dc999065..790c7ad1 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.59" + version = ">= 5.63" } } }