Releases: cloudposse/terraform-aws-ecs-alb-service-task
Releases · cloudposse/terraform-aws-ecs-alb-service-task
v0.69.0
- No changes
v0.68.0
Accept map or list for policy arns @Nuru (#198)
what
- Accept both map (
task_policy_arns_map,task_exec_policy_arns_map) and list (task_policy_arns,task_exec_policy_arns) inputs for policy ARNs. Supersedes and closes #196. - Add
depends_onforecs_serviceresource toaws_iam_role_policy.ecs_service.
why
History
- Issue #167 is typical behavior when supplying a list of inputs to convert into resources. The solution to it is to provide a map of resources, so that changes are limited to what is necessary according to the change in inputs. Adding to or removing from the list, or changing the order of the list, no longer affects the list items that did not change, because each item is now referenced by the key in the map rather than its index in the list.
- PR #178 tried to fix #167 by using the input values as keys. However, this created issue #191, because the values (IAM Policy ARNs) are generated by the
terraform applyand are therefore not known atplantime, which is a requirement. - PR #194 fixed #198, but re-introduced #167, because it simply replaced the implicit "list index as key" with an explicit one in the case of list inputs.
- PR #195 used the values as keys, but this just recreated #191, so it was abandoned
- PR #196 used a little-used provider that tries to let us have it both ways: it gives us #167 if the values are unknown at plan time but works well if the values are known at plan time. Unfortunately, this can render a plan non-deterministic. Even more importantly, it does not give a user whose values are unknown at plan time a way to avoid #167.
This Solution
With the solution provided by this PR, any user can avoid #167 by providing a map whose keys are known at plan time, regardless of whether the values are known at plan time. Policy ARNs could be labeled by name, purpose, region, or whatever the user wants to avoid #167. Or, if the user doesn't care about #167, perhaps because they are only supplying a single Policy ARN, then they can just supply it in a list.
Contributors
Nuru
Assets 2
v0.67.1
🚀 Enhancements
Use map for task & task exec policy arns variables @joe-niland (#194)
what
- Replaced variables
task_policy_arnsandtask_exec_policy_arnswithtask_policy_arns_mapandtask_exec_policy_arns_maprespectively - Existing variables were moved to
variables-deprecated.tfand values will be internally converted to a map if variables are defined
why
- The for_each change implemented in 14008fc has the potential to cause the Terraform '"for_each" value depends on resource attributes that cannot be determined until apply' error.
- Modifying this input to use a map can circumvent this error
references
- closes #191
Contributors
joe-niland
Assets 2
v0.67.0
Add option to trigger a redeployment on apply @joe-niland (#193)
what
- Adds a variable to enable/disable triggering a new ECS service deployment on apply.
why
- In aws provider v4.40.0 an option was added to allow triggering a new ECS service deployment on apply.
- This is useful so the service can be updated to the latest service/task configuration without needing to take additional steps are applying the Terraform config.
references
- None
Contributors
joe-niland
Assets 2
v0.66.4
🚀 Enhancements
Task Role uses for-each instead of count @Benbentwo (#178)
what
- task role uses for each
why
- fixes: #167
Note:
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
🐛 Bug Fixes
Task Role uses for-each instead of count @Benbentwo (#178)
what
- task role uses for each
why
- fixes: #167
Note:
The outputs had to be changed to output a map as a single string, hence why they look complex, it's to keep backwards compatibility
Contributors
Benbentwo
Assets 2
v0.66.3
🚀 Enhancements
make `host_path` optional for fargate @Benbentwo (#176)
what
- Sets
host_pathas optional in bind_mount_volumes for fargate which it cannot be specified
why
- Fargate Volumes
references
- Closes #174
Contributors
Benbentwo
Assets 2
v0.66.2
Adding support for bind mount volume types @bfox1793 (#173)
what
- Adding support for a basic bind_mount volume type for tasks
why
- This is a supported feature of ECS. This update adds that support into the terraform module
references
- closes #172
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#171)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
bfox1793 and cloudpossebot
Assets 2
v0.66.1
🚀 Enhancements
Set bool inputs to type bool @nitrocode (#170)
what
- set bool type on applicable inputs
- bumped test version to latest in example module
why
ecs_service_enabledusedstringinstead ofbooltype
references
command
terraform plan -var "ecs_service_enabled=false" -var-file=fixtures.us-east-2.tfvars
# aws_ecs_cluster.default will be created
+ resource "aws_ecs_cluster" "default" {
+ arn = (known after apply)
+ capacity_providers = (known after apply)
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task"
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ default_capacity_provider_strategy {
+ base = (known after apply)
+ capacity_provider = (known after apply)
+ weight = (known after apply)
}
+ setting {
+ name = (known after apply)
+ value = (known after apply)
}
}
# module.ecs_alb_service_task.aws_ecs_task_definition.default[0] will be created
+ resource "aws_ecs_task_definition" "default" {
+ arn = (known after apply)
+ container_definitions = jsonencode(
[
+ {
+ cpu = 256
+ environment = [
+ {
+ name = "false_boolean_var"
+ value = "false"
},
+ {
+ name = "integer_var"
+ value = "42"
},
+ {
+ name = "string_var"
+ value = "I am a string"
},
+ {
+ name = "true_boolean_var"
+ value = "true"
},
]
+ essential = true
+ image = "cloudposse/geodesic"
+ memory = 256
+ memoryReservation = 128
+ mountPoints = []
+ name = "geodesic"
+ portMappings = [
+ {
+ containerPort = 80
+ hostPort = 80
+ protocol = "tcp"
},
+ {
+ containerPort = 443
+ hostPort = 443
+ protocol = "udp"
},
]
+ readonlyRootFilesystem = false
+ volumesFrom = []
},
]
)
+ cpu = "256"
+ execution_role_arn = (known after apply)
+ family = "eg-test-ecs-alb-service-task"
+ id = (known after apply)
+ memory = "512"
+ network_mode = "awsvpc"
+ requires_compatibilities = [
+ "FARGATE",
]
+ revision = (known after apply)
+ skip_destroy = false
+ tags = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-ecs-alb-service-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ task_role_arn = (known after apply)
}
# module.ecs_alb_service_task.aws_iam_role.ecs_exec[0] will be created
+ resource "aws_iam_role" "ecs_exec" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-exec"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "exec"
+ "Name" = "eg-test-ecs-alb-service-task-exec"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role.ecs_task[0] will be created
+ resource "aws_iam_role" "ecs_task" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ecs-tasks.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "eg-test-ecs-alb-service-task-task"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "task"
+ "Name" = "eg-test-ecs-alb-service-task-task"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.ecs_alb_service_task.aws_iam_role_policy.ecs_exec[0] will be created
+ resource "aws_iam_role_policy" "ecs_exec" {
+ id = (known after apply)
+ name = "eg-test-ecs-alb-service-task-exec"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "ssm:GetParameters",
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:GetAuthorizationToken",
+ "ecr:BatchGetImage",
+ "ecr:BatchCheckLayerAvailability",
]
+ Effect = "Allow"
+ Resource = "*"
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ role = (known after apply)
}
# module.ecs_alb_service_task.aws_security_group.ecs_service[0] will be created
+ resource "aws_security_group" "ecs_service" {
+ arn = (known after apply)
+ description = "Allow ALL egress from ECS service"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "eg-test-ecs-alb-service-task-service"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "service"
+ "Name" = "eg-test-ecs-alb-service-task-service"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ vpc_id = (known afte...Contributors
nitrocode
Assets 2
v0.66.0
Add ecs_service_enabled @nitrocode (#169)
what
- Add ecs_service_enabled
why
- Create all the underlying resources but skip the ecs service. This is useful when creating a run-once task such as for db migrations.
references
N/A
Contributors
nitrocode
Assets 2
v0.65.0
BUG | Support Dynamic deployment_circuit_breaker for CODE_DEPLOY @lgants (#165)
what
- The
deployment_circuit_breakeroption is now a dynamic block with a conditional for thedeployment_controller_typevalue
why
- This PR fixes an issue when using
CODE_DEPLOYdeployment_circuit_breakeroption. - Previously, the
deployment_circuit_breakerwas always included as part of the module. However, the AWS DeploymentCircuitBreaker documentation states":
The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type that aren't behind a Classic Load Balancer.
Consequently, when using CODE_DEPLOY for deployment_circuit_breaker with this module, the state is consistently out of sync with the remote, which attempts to sync with the remote on every update.
references
- AWS DeploymentCircuitBreaker documentation: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeploymentCircuitBreaker.html
Contributors
lgants