terraform-aws-modules
diff --git a/‎.pre-commit-config.yaml
Lines changed: 2 additions & 2 deletions b/‎.pre-commit-config.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 2 additions & 2 deletions b/‎README.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/complete/README.md
Lines changed: 3 additions & 3 deletions b/‎examples/complete/README.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 21 additions & 7 deletions b/‎examples/complete/main.tf
Lines changed: 21 additions & 7 deletions
diff --git a/‎examples/complete/versions.tf
Lines changed: 2 additions & 2 deletions b/‎examples/complete/versions.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/ec2-autoscaling/README.md
Lines changed: 5 additions & 3 deletions b/‎examples/ec2-autoscaling/README.md
Lines changed: 5 additions & 3 deletions
diff --git a/‎examples/ec2-autoscaling/main.tf
Lines changed: 22 additions & 1 deletion b/‎examples/ec2-autoscaling/main.tf
Lines changed: 22 additions & 1 deletion
diff --git a/‎examples/ec2-autoscaling/outputs.tf
Lines changed: 7 additions & 6 deletions b/‎examples/ec2-autoscaling/outputs.tf
Lines changed: 7 additions & 6 deletions
diff --git a/‎examples/ec2-autoscaling/versions.tf
Lines changed: 2 additions & 2 deletions b/‎examples/ec2-autoscaling/versions.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/fargate/README.md
Lines changed: 3 additions & 4 deletions b/‎examples/fargate/README.md
Lines changed: 3 additions & 4 deletions
diff --git a/‎examples/fargate/main.tf
Lines changed: 27 additions & 25 deletions b/‎examples/fargate/main.tf
Lines changed: 27 additions & 25 deletions
diff --git a/‎examples/fargate/outputs.tf
Lines changed: 1 addition & 6 deletions b/‎examples/fargate/outputs.tf
Lines changed: 1 addition & 6 deletions
diff --git a/‎examples/fargate/versions.tf
Lines changed: 2 additions & 2 deletions b/‎examples/fargate/versions.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎main.tf
Lines changed: 13 additions & 1 deletion b/‎main.tf
Lines changed: 13 additions & 1 deletion
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
@@ -17,7 +17,7 @@ repos:
           - '--args=--only=terraform_documented_variables'
           - '--args=--only=terraform_typed_variables'
           - '--args=--only=terraform_module_pinned_source'
-          - '--args=--only=terraform_naming_convention'
+          # - '--args=--only=terraform_naming_convention' # Disabled due to container definition variables requiring camelCase
           - '--args=--only=terraform_required_version'
           - '--args=--only=terraform_required_providers'
           - '--args=--only=terraform_standard_module_structure'
 
@@ -159,8 +159,8 @@ module "ecs" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.77 |
 
 ## Providers
 
 
@@ -26,14 +26,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.77 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.66.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.77 |
 
 ## Modules
 
 
@@ -102,19 +102,33 @@ module "ecs" {
             }
           }
           memory_reservation = 100
+
+          restart_policy = {
+            enabled              = true
+            ignoredExitCodes     = [1]
+            restartAttemptPeriod = 60
+          }
         }
       }
 
       service_connect_configuration = {
         namespace = aws_service_discovery_http_namespace.this.arn
-        service = {
-          client_alias = {
-            port     = local.container_port
-            dns_name = local.container_name
+        service = [
+          {
+            client_alias = {
+              port     = local.container_port
+              dns_name = local.container_name
+            }
+
+            timeout = {
+              idle_timeout_seconds        = 20
+              per_request_timeout_seconds = 30
+            }
+
+            port_name      = local.container_name
+            discovery_name = local.container_name
           }
-          port_name      = local.container_name
-          discovery_name = local.container_name
-        }
+        ]
       }
 
       load_balancer = {
 
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.66.1"
+      version = ">= 5.77"
     }
   }
 }
@@ -26,14 +26,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.77 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.66.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.77 |
 
 ## Modules
 
@@ -74,6 +74,8 @@ No inputs.
 | <a name="output_service_iam_role_name"></a> [service\_iam\_role\_name](#output\_service\_iam\_role\_name) | Service IAM role name |
 | <a name="output_service_iam_role_unique_id"></a> [service\_iam\_role\_unique\_id](#output\_service\_iam\_role\_unique\_id) | Stable and unique string identifying the service IAM role |
 | <a name="output_service_id"></a> [service\_id](#output\_service\_id) | ARN that identifies the service |
+| <a name="output_service_infrastructure_iam_role_arn"></a> [service\_infrastructure\_iam\_role\_arn](#output\_service\_infrastructure\_iam\_role\_arn) | Infrastructure IAM role ARN |
+| <a name="output_service_infrastructure_iam_role_name"></a> [service\_infrastructure\_iam\_role\_name](#output\_service\_infrastructure\_iam\_role\_name) | Infrastructure IAM role name |
 | <a name="output_service_name"></a> [service\_name](#output\_service\_name) | Name of the service |
 | <a name="output_service_task_definition_arn"></a> [service\_task\_definition\_arn](#output\_service\_task\_definition\_arn) | Full ARN of the Task Definition (including both `family` and `revision`) |
 | <a name="output_service_task_definition_revision"></a> [service\_task\_definition\_revision](#output\_service\_task\_definition\_revision) | Revision of the task in a particular family |
 
@@ -36,6 +36,7 @@ module "ecs_cluster" {
     # On-demand instances
     ex_1 = {
       auto_scaling_group_arn         = module.autoscaling["ex_1"].autoscaling_group_arn
+      managed_draining               = "ENABLED"
       managed_termination_protection = "ENABLED"
 
       managed_scaling = {
@@ -53,6 +54,7 @@ module "ecs_cluster" {
     # Spot instances
     ex_2 = {
       auto_scaling_group_arn         = module.autoscaling["ex_2"].autoscaling_group_arn
+      managed_draining               = "ENABLED"
       managed_termination_protection = "ENABLED"
 
       managed_scaling = {
@@ -93,8 +95,23 @@ module "ecs_service" {
     }
   }
 
+  volume_configuration = {
+    ebs-volume = {
+      managed_ebs_volume = {
+        encrypted        = true
+        file_system_type = "xfs"
+        size_in_gb       = 5
+        volume_type      = "gp3"
+      }
+    }
+  }
+
   volume = {
-    my-vol = {}
+    my-vol = {},
+    ebs-volume = {
+      name                = "ebs-volume"
+      configure_at_launch = true
+    }
   }
 
   # Container definition(s)
@@ -113,6 +130,10 @@ module "ecs_service" {
         {
           sourceVolume  = "my-vol",
           containerPath = "/var/www/my-vol"
+        },
+        {
+          containerPath = "/ebs/data"
+          sourceVolume  = "ebs-volume"
         }
       ]
 
 
@@ -131,11 +131,12 @@ output "service_autoscaling_scheduled_actions" {
   value       = module.ecs_service.autoscaling_scheduled_actions
 }
 
-################################################################################
-# Application Load Balancer
-################################################################################
+output "service_infrastructure_iam_role_arn" {
+  description = "Infrastructure IAM role ARN"
+  value       = module.ecs_service.infrastructure_iam_role_arn
+}
 
-output "alb_dns_name" {
-  description = "The DNS name of the load balancer"
-  value       = module.alb.dns_name
+output "service_infrastructure_iam_role_name" {
+  description = "Infrastructure IAM role name"
+  value       = module.ecs_service.infrastructure_iam_role_name
 }
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.66.1"
+      version = ">= 5.77"
     }
   }
 }
@@ -26,14 +26,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.77 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.66.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.77 |
 
 ## Modules
 
@@ -78,7 +78,6 @@ No inputs.
 | <a name="output_service_security_group_id"></a> [service\_security\_group\_id](#output\_service\_security\_group\_id) | ID of the security group |
 | <a name="output_service_task_definition_arn"></a> [service\_task\_definition\_arn](#output\_service\_task\_definition\_arn) | Full ARN of the Task Definition (including both `family` and `revision`) |
 | <a name="output_service_task_definition_family"></a> [service\_task\_definition\_family](#output\_service\_task\_definition\_family) | The unique name of the task definition |
-| <a name="output_service_task_definition_family_revision"></a> [service\_task\_definition\_family\_revision](#output\_service\_task\_definition\_family\_revision) | The family and revision (family:revision) of the task definition |
 | <a name="output_service_task_definition_revision"></a> [service\_task\_definition\_revision](#output\_service\_task\_definition\_revision) | Revision of the task in a particular family |
 | <a name="output_service_task_exec_iam_role_arn"></a> [service\_task\_exec\_iam\_role\_arn](#output\_service\_task\_exec\_iam\_role\_arn) | Task execution IAM role ARN |
 | <a name="output_service_task_exec_iam_role_name"></a> [service\_task\_exec\_iam\_role\_name](#output\_service\_task\_exec\_iam\_role\_name) | Task execution IAM role name |
 
@@ -121,6 +121,12 @@ module "ecs_service" {
         }
       }
 
+      restart_policy = {
+        enabled              = true
+        ignoredExitCodes     = [1]
+        restartAttemptPeriod = 60
+      }
+
       # Not required for fluent-bit, just an example
       volumes_from = [{
         sourceContainer = "fluent-bit"
@@ -133,14 +139,16 @@ module "ecs_service" {
 
   service_connect_configuration = {
     namespace = aws_service_discovery_http_namespace.this.arn
-    service = {
-      client_alias = {
-        port     = local.container_port
-        dns_name = local.container_name
+    service = [
+      {
+        client_alias = {
+          port     = local.container_port
+          dns_name = local.container_name
+        }
+        port_name      = local.container_name
+        discovery_name = local.container_name
       }
-      port_name      = local.container_name
-      discovery_name = local.container_name
-    }
+    ]
   }
 
   load_balancer = {
@@ -152,21 +160,18 @@ module "ecs_service" {
   }
 
   subnet_ids = module.vpc.private_subnets
-  security_group_rules = {
+  security_group_ingress_rules = {
     alb_ingress_3000 = {
-      type                     = "ingress"
-      from_port                = local.container_port
-      to_port                  = local.container_port
-      protocol                 = "tcp"
-      description              = "Service port"
-      source_security_group_id = module.alb.security_group_id
+      description                  = "Service port"
+      from_port                    = local.container_port
+      ip_protocol                  = "tcp"
+      referenced_security_group_id = module.alb.security_group_id
     }
+  }
+  security_group_egress_rules = {
     egress_all = {
-      type        = "egress"
-      from_port   = 0
-      to_port     = 0
-      protocol    = "-1"
-      cidr_blocks = ["0.0.0.0/0"]
+      ip_protocol = "-1"
+      cidr_ipv4   = "0.0.0.0/0"
     }
   }
 
@@ -218,13 +223,10 @@ module "ecs_task_definition" {
 
   subnet_ids = module.vpc.private_subnets
 
-  security_group_rules = {
+  security_group_egress_rules = {
     egress_all = {
-      type        = "egress"
-      from_port   = 0
-      to_port     = 0
-      protocol    = "-1"
-      cidr_blocks = ["0.0.0.0/0"]
+      ip_protocol = "-1"
+      cidr_ipv4   = "0.0.0.0/0"
     }
   }
 
 
@@ -76,11 +76,6 @@ output "service_task_definition_family" {
   value       = module.ecs_service.task_definition_family
 }
 
-output "service_task_definition_family_revision" {
-  description = "The family and revision (family:revision) of the task definition"
-  value       = module.ecs_service.task_definition_family_revision
-}
-
 output "service_task_exec_iam_role_name" {
   description = "Task execution IAM role name"
   value       = module.ecs_service.task_exec_iam_role_name
@@ -159,7 +154,7 @@ output "task_definition_run_task_command" {
   description = "awscli command to run the standalone task"
   value       = <<EOT
     aws ecs run-task --cluster ${module.ecs_cluster.name} \
-      --task-definition ${module.ecs_task_definition.task_definition_family_revision} \
+      --task-definition ${module.ecs_task_definition.task_definition_family}:${module.ecs_task_definition.task_definition_revision} \
       --network-configuration "awsvpcConfiguration={subnets=[${join(",", module.vpc.private_subnets)}],securityGroups=[${module.ecs_task_definition.security_group_id}]}" \
       --region ${local.region}
   EOT
 
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.66.1"
+      version = ">= 5.77"
     }
   }
 }
@@ -86,6 +86,7 @@ module "service" {
   service_registries                 = lookup(each.value, "service_registries", {})
   timeouts                           = try(each.value.timeouts, {})
   triggers                           = try(each.value.triggers, {})
+  volume_configuration               = try(each.value.volume_configuration, {})
   wait_for_steady_state              = try(each.value.wait_for_steady_state, null)
 
   # Service IAM role
@@ -99,6 +100,16 @@ module "service" {
   iam_role_tags                 = try(each.value.iam_role_tags, {})
   iam_role_statements           = lookup(each.value, "iam_role_statements", {})
 
+  # ECS infrastructure IAM role
+  create_infrastructure_iam_role               = try(each.value.create_infrastructure_iam_role, true)
+  infrastructure_iam_role_arn                  = try(each.value.infrastructure_iam_role_arn, null)
+  infrastructure_iam_role_name                 = try(each.value.infrastructure_iam_role_name, null)
+  infrastructure_iam_role_use_name_prefix      = try(each.value.infrastructure_iam_role_use_name_prefix, true)
+  infrastructure_iam_role_path                 = try(each.value.infrastructure_iam_role_path, null)
+  infrastructure_iam_role_description          = try(each.value.infrastructure_iam_role_description, null)
+  infrastructure_iam_role_permissions_boundary = try(each.value.infrastructure_iam_role_permissions_boundary, null)
+  infrastructure_iam_role_tags                 = try(each.value.infrastructure_iam_role_tags, {})
+
   # Task definition
   create_task_definition        = try(each.value.create_task_definition, true)
   task_definition_arn           = lookup(each.value, "task_definition_arn", null)
@@ -190,7 +201,8 @@ module "service" {
   security_group_name            = try(each.value.security_group_name, null)
   security_group_use_name_prefix = try(each.value.security_group_use_name_prefix, true)
   security_group_description     = try(each.value.security_group_description, null)
-  security_group_rules           = lookup(each.value, "security_group_rules", {})
+  security_group_ingress_rules   = lookup(each.value, "security_group_ingress_rules", {})
+  security_group_egress_rules    = lookup(each.value, "security_group_egress_rules", {})
   security_group_tags            = try(each.value.security_group_tags, {})
 
   tags = merge(var.tags, try(each.value.tags, {}))
Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 1.0"`
	`2`	`+ required_version = ">= 1.3.10"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 4.66.1"`
	`7`	`+ version = ">= 5.77"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`