From c9dc889a4b081105fb7567ca12a2d32ac36caa29 Mon Sep 17 00:00:00 2001 From: Michael Olson Date: Fri, 29 Nov 2024 15:37:41 -0500 Subject: [PATCH 1/8] feat: Allow task exec IAM policy to have an IAM path (#243) * allow a path on aws_iam_policy.task_exec * feat: allowing an IAM Path for task_exec policy * pre-commit * updated terraform-docs localy * fix: for wrappers pre-commit hook --- modules/service/README.md | 1 + modules/service/main.tf | 4 ++-- modules/service/variables.tf | 6 ++++++ wrappers/service/main.tf | 1 + 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/service/README.md b/modules/service/README.md index 799e9993..4faaf8f1 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -294,6 +294,7 @@ module "ecs_service" { | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [task\_definition\_arn](#input\_task\_definition\_arn) | Existing task definition ARN. Required when `create_task_definition` is `false` | `string` | `null` | no | | [task\_definition\_placement\_constraints](#input\_task\_definition\_placement\_constraints) | Configuration block for rules that are taken into consideration during task placement (up to max of 10). This is set at the task definition, see `placement_constraints` for setting at the service | `any` | `{}` | no | +| [task\_exec\_iam\_policy\_path](#input\_task\_exec\_iam\_policy\_path) | Path for the iam role | `string` | `null` | no | | [task\_exec\_iam\_role\_arn](#input\_task\_exec\_iam\_role\_arn) | Existing IAM role ARN | `string` | `null` | no | | [task\_exec\_iam\_role\_description](#input\_task\_exec\_iam\_role\_description) | Description of the role | `string` | `null` | no | | [task\_exec\_iam\_role\_max\_session\_duration](#input\_task\_exec\_iam\_role\_max\_session\_duration) | Maximum session duration (in seconds) for ECS task execution role. Default is 3600. | `number` | `null` | no | diff --git a/modules/service/main.tf b/modules/service/main.tf index 48434739..b7ecef9e 100644 --- a/modules/service/main.tf +++ b/modules/service/main.tf @@ -894,8 +894,8 @@ resource "aws_iam_policy" "task_exec" { name_prefix = var.task_exec_iam_role_use_name_prefix ? "${local.task_exec_iam_role_name}-" : null description = coalesce(var.task_exec_iam_role_description, "Task execution role IAM policy") policy = data.aws_iam_policy_document.task_exec[0].json - - tags = merge(var.tags, var.task_exec_iam_role_tags) + path = var.task_exec_iam_policy_path + tags = merge(var.tags, var.task_exec_iam_role_tags) } resource "aws_iam_role_policy_attachment" "task_exec" { diff --git a/modules/service/variables.tf b/modules/service/variables.tf index 1c542e15..9a55e989 100644 --- a/modules/service/variables.tf +++ b/modules/service/variables.tf @@ -468,6 +468,12 @@ variable "task_exec_iam_statements" { default = {} } +variable "task_exec_iam_policy_path" { + description = "Path for the iam role" + type = string + default = null +} + ################################################################################ # Tasks - IAM role # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf index 3dbd9e46..9a7d6aec 100644 --- a/wrappers/service/main.tf +++ b/wrappers/service/main.tf @@ -98,6 +98,7 @@ module "wrapper" { tags = try(each.value.tags, var.defaults.tags, {}) task_definition_arn = try(each.value.task_definition_arn, var.defaults.task_definition_arn, null) task_definition_placement_constraints = try(each.value.task_definition_placement_constraints, var.defaults.task_definition_placement_constraints, {}) + task_exec_iam_policy_path = try(each.value.task_exec_iam_policy_path, var.defaults.task_exec_iam_policy_path, null) task_exec_iam_role_arn = try(each.value.task_exec_iam_role_arn, var.defaults.task_exec_iam_role_arn, null) task_exec_iam_role_description = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null) task_exec_iam_role_max_session_duration = try(each.value.task_exec_iam_role_max_session_duration, var.defaults.task_exec_iam_role_max_session_duration, null) From a1049c092eb0f6682e3ef45b81d9da6aed10a4de Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 29 Nov 2024 20:38:12 +0000 Subject: [PATCH 2/8] chore(release): version 5.12.0 [skip ci] ## [5.12.0](https://github.com/terraform-aws-modules/terraform-aws-ecs/compare/v5.11.4...v5.12.0) (2024-11-29) ### Features * Allow task exec IAM policy to have an IAM path ([#243](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/243)) ([c9dc889](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/c9dc889a4b081105fb7567ca12a2d32ac36caa29)) ### Bug Fixes * Update CI workflow versions to latest ([#236](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/236)) ([fd0f0ec](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/fd0f0ecd7fd3a85d8d738320d37a22644b5f129a)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed8bdd9d..684c5f42 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [5.12.0](https://github.com/terraform-aws-modules/terraform-aws-ecs/compare/v5.11.4...v5.12.0) (2024-11-29) + + +### Features + +* Allow task exec IAM policy to have an IAM path ([#243](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/243)) ([c9dc889](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/c9dc889a4b081105fb7567ca12a2d32ac36caa29)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#236](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/236)) ([fd0f0ec](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/fd0f0ecd7fd3a85d8d738320d37a22644b5f129a)) + ## [5.11.4](https://github.com/terraform-aws-modules/terraform-aws-ecs/compare/v5.11.3...v5.11.4) (2024-08-07) From 803cd3b9d101a1b0834a44f173d6fd4af10d6283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Garc=C3=A9s?= Date: Sat, 14 Dec 2024 01:31:02 +0100 Subject: [PATCH 3/8] docs: Create_service false for stand alone task on Fargate Sample (#249) --- examples/fargate/main.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf index c263e0b8..7cae2e0c 100644 --- a/examples/fargate/main.tf +++ b/examples/fargate/main.tf @@ -185,8 +185,9 @@ module "ecs_task_definition" { source = "../../modules/service" # Service - name = "${local.name}-standalone" - cluster_arn = module.ecs_cluster.arn + name = "${local.name}-standalone" + cluster_arn = module.ecs_cluster.arn + create_service = false # Task Definition volume = { From de602af12a4ebb5b11e66ecc8dd0d6ad810c5894 Mon Sep 17 00:00:00 2001 From: keisukematsuda19921106 Date: Thu, 6 Mar 2025 16:57:50 +0900 Subject: [PATCH 4/8] feat: Add support for availability zone rebalancing (#262) --- main.tf | 1 + modules/service/README.md | 1 + modules/service/main.tf | 4 ++++ modules/service/variables.tf | 6 ++++++ 4 files changed, 12 insertions(+) diff --git a/main.tf b/main.tf index 5e380de7..b7aa2cd2 100644 --- a/main.tf +++ b/main.tf @@ -59,6 +59,7 @@ module "service" { # Service ignore_task_definition_changes = try(each.value.ignore_task_definition_changes, false) alarms = try(each.value.alarms, {}) + availability_zone_rebalancing = try(each.value.availability_zone_rebalancing, "DISABLED") capacity_provider_strategy = try(each.value.capacity_provider_strategy, {}) cluster_arn = module.cluster.arn deployment_circuit_breaker = try(each.value.deployment_circuit_breaker, {}) diff --git a/modules/service/README.md b/modules/service/README.md index 4faaf8f1..327e4101 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -227,6 +227,7 @@ module "ecs_service" { | [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of tasks to run in your service | `number` | `1` | no | | [autoscaling\_policies](#input\_autoscaling\_policies) | Map of autoscaling policies to create for the service | `any` | 
{
  "cpu": {
    "policy_type": "TargetTrackingScaling",
    "target_tracking_scaling_policy_configuration": {
      "predefined_metric_specification": {
        "predefined_metric_type": "ECSServiceAverageCPUUtilization"
      }
    }
  },
  "memory": {
    "policy_type": "TargetTrackingScaling",
    "target_tracking_scaling_policy_configuration": {
      "predefined_metric_specification": {
        "predefined_metric_type": "ECSServiceAverageMemoryUtilization"
      }
    }
  }
}
| no | | [autoscaling\_scheduled\_actions](#input\_autoscaling\_scheduled\_actions) | Map of autoscaling scheduled actions to create for the service | `any` | `{}` | no | +| [availability\_zone\_rebalancing](#input\_availability\_zone\_rebalancing) | Specifies whether to enable availability zone rebalancing | `string` | `DISABLED` | no | | [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more | `any` | `{}` | no | | [cluster\_arn](#input\_cluster\_arn) | ARN of the ECS cluster where the resources will be provisioned | `string` | `""` | no | | [container\_definition\_defaults](#input\_container\_definition\_defaults) | A map of default values for [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) created by `container_definitions` | `any` | `{}` | no | diff --git a/modules/service/main.tf b/modules/service/main.tf index b7ecef9e..09d987a2 100644 --- a/modules/service/main.tf +++ b/modules/service/main.tf @@ -41,6 +41,8 @@ resource "aws_ecs_service" "this" { } } + availability_zone_rebalancing = var.availability_zone_rebalancing + dynamic "capacity_provider_strategy" { # Set by task set if deployment controller is external for_each = { for k, v in var.capacity_provider_strategy : k => v if !local.is_external_deployment } @@ -229,6 +231,8 @@ resource "aws_ecs_service" "ignore_task_definition" { } } + availability_zone_rebalancing = var.availability_zone_rebalancing + dynamic "capacity_provider_strategy" { # Set by task set if deployment controller is external for_each = { for k, v in var.capacity_provider_strategy : k => v if !local.is_external_deployment } diff --git a/modules/service/variables.tf b/modules/service/variables.tf index 9a55e989..ad1edf38 100644 --- a/modules/service/variables.tf +++ b/modules/service/variables.tf @@ -32,6 +32,12 @@ variable "alarms" { default = {} } +variable "availability_zone_rebalancing" { + description = "Specifies whether to enable availability zone rebalancing" + type = string + default = "DISABLED" +} + variable "capacity_provider_strategy" { description = "Capacity provider strategies to use for the service. Can be one or more" type = any From d30f35254f08c3c694e10ae7bf776e84d0772416 Mon Sep 17 00:00:00 2001 From: keisukematsuda19921106 Date: Thu, 6 Mar 2025 19:50:24 +0900 Subject: [PATCH 5/8] fix: precommit error --- modules/service/README.md | 2 +- wrappers/service/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/service/README.md b/modules/service/README.md index 327e4101..a0e55d8d 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -227,7 +227,7 @@ module "ecs_service" { | [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of tasks to run in your service | `number` | `1` | no | | [autoscaling\_policies](#input\_autoscaling\_policies) | Map of autoscaling policies to create for the service | `any` | 
{
  "cpu": {
    "policy_type": "TargetTrackingScaling",
    "target_tracking_scaling_policy_configuration": {
      "predefined_metric_specification": {
        "predefined_metric_type": "ECSServiceAverageCPUUtilization"
      }
    }
  },
  "memory": {
    "policy_type": "TargetTrackingScaling",
    "target_tracking_scaling_policy_configuration": {
      "predefined_metric_specification": {
        "predefined_metric_type": "ECSServiceAverageMemoryUtilization"
      }
    }
  }
}
| no | | [autoscaling\_scheduled\_actions](#input\_autoscaling\_scheduled\_actions) | Map of autoscaling scheduled actions to create for the service | `any` | `{}` | no | -| [availability\_zone\_rebalancing](#input\_availability\_zone\_rebalancing) | Specifies whether to enable availability zone rebalancing | `string` | `DISABLED` | no | +| [availability\_zone\_rebalancing](#input\_availability\_zone\_rebalancing) | Specifies whether to enable availability zone rebalancing | `string` | `"DISABLED"` | no | | [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more | `any` | `{}` | no | | [cluster\_arn](#input\_cluster\_arn) | ARN of the ECS cluster where the resources will be provisioned | `string` | `""` | no | | [container\_definition\_defaults](#input\_container\_definition\_defaults) | A map of default values for [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) created by `container_definitions` | `any` | `{}` | no | diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf index 9a7d6aec..65e10360 100644 --- a/wrappers/service/main.tf +++ b/wrappers/service/main.tf @@ -28,6 +28,7 @@ module "wrapper" { } }) autoscaling_scheduled_actions = try(each.value.autoscaling_scheduled_actions, var.defaults.autoscaling_scheduled_actions, {}) + availability_zone_rebalancing = try(each.value.availability_zone_rebalancing, var.defaults.availability_zone_rebalancing, "DISABLED") capacity_provider_strategy = try(each.value.capacity_provider_strategy, var.defaults.capacity_provider_strategy, {}) cluster_arn = try(each.value.cluster_arn, var.defaults.cluster_arn, "") container_definition_defaults = try(each.value.container_definition_defaults, var.defaults.container_definition_defaults, {}) From 61fa333753966955f209c91bc7944a5dac1923a9 Mon Sep 17 00:00:00 2001 From: keisukematsuda19921106 Date: Thu, 6 Mar 2025 19:52:58 +0900 Subject: [PATCH 6/8] fix: add examples --- examples/complete/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b7353bbd..ac485819 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -137,7 +137,8 @@ module "ecs" { } ] - subnet_ids = module.vpc.private_subnets + subnet_ids = module.vpc.private_subnets + availability_zone_rebalancing = "ENABLED" security_group_rules = { alb_ingress_3000 = { type = "ingress" From 00cc6b6accc233705db91ba4f6bd18594d2adc83 Mon Sep 17 00:00:00 2001 From: Seth Eliot Date: Fri, 7 Mar 2025 12:44:57 -0800 Subject: [PATCH 7/8] docs: Add ALB endpoint to example outputs (#256) * Add ALB endpoint to outputs - this makes it easier to test for successful deployment * fix trailing whitespace * update README to conform with conventions * Add ALB endpoint to outputs - this makes it easier to test for successful deployment * EOF fix * updates in response to bryantbiggs review * docs updates to go with CR feedback --------- Co-authored-by: Seth Eliot --- examples/complete/README.md | 1 + examples/complete/outputs.tf | 9 +++++++++ examples/ec2-autoscaling/README.md | 1 + examples/ec2-autoscaling/outputs.tf | 9 +++++++++ 4 files changed, 20 insertions(+) diff --git a/examples/complete/README.md b/examples/complete/README.md index 3f105953..9d20e63d 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -62,6 +62,7 @@ No inputs. | Name | Description | |------|-------------| +| [alb\_dns\_name](#output\_alb\_dns\_name) | The DNS name of the load balancer | | [cluster\_arn](#output\_cluster\_arn) | ARN that identifies the cluster | | [cluster\_autoscaling\_capacity\_providers](#output\_cluster\_autoscaling\_capacity\_providers) | Map of capacity providers created and their attributes | | [cluster\_capacity\_providers](#output\_cluster\_capacity\_providers) | Map of cluster capacity providers attributes | diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 35031694..dd0cdd27 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -35,3 +35,12 @@ output "services" { description = "Map of services created and their attributes" value = module.ecs.services } + +################################################################################ +# Application Load Balancer +################################################################################ + +output "alb_dns_name" { + description = "The DNS name of the load balancer" + value = module.alb.dns_name +} diff --git a/examples/ec2-autoscaling/README.md b/examples/ec2-autoscaling/README.md index c7a04afc..ff7a998d 100644 --- a/examples/ec2-autoscaling/README.md +++ b/examples/ec2-autoscaling/README.md @@ -61,6 +61,7 @@ No inputs. | Name | Description | |------|-------------| +| [alb\_dns\_name](#output\_alb\_dns\_name) | The DNS name of the load balancer | | [cluster\_arn](#output\_cluster\_arn) | ARN that identifies the cluster | | [cluster\_autoscaling\_capacity\_providers](#output\_cluster\_autoscaling\_capacity\_providers) | Map of capacity providers created and their attributes | | [cluster\_capacity\_providers](#output\_cluster\_capacity\_providers) | Map of cluster capacity providers attributes | diff --git a/examples/ec2-autoscaling/outputs.tf b/examples/ec2-autoscaling/outputs.tf index 2f6f85a7..80903ad5 100644 --- a/examples/ec2-autoscaling/outputs.tf +++ b/examples/ec2-autoscaling/outputs.tf @@ -130,3 +130,12 @@ output "service_autoscaling_scheduled_actions" { description = "Map of autoscaling scheduled actions and their attributes" value = module.ecs_service.autoscaling_scheduled_actions } + +################################################################################ +# Application Load Balancer +################################################################################ + +output "alb_dns_name" { + description = "The DNS name of the load balancer" + value = module.alb.dns_name +} From b401c84a7616b74e1f9d7968291abbeda3232572 Mon Sep 17 00:00:00 2001 From: keisukematsuda19921106 Date: Thu, 20 Mar 2025 10:49:11 +0900 Subject: [PATCH 8/8] revert CHANGELOG.md --- CHANGELOG.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 684c5f42..ed8bdd9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,18 +2,6 @@ All notable changes to this project will be documented in this file. -## [5.12.0](https://github.com/terraform-aws-modules/terraform-aws-ecs/compare/v5.11.4...v5.12.0) (2024-11-29) - - -### Features - -* Allow task exec IAM policy to have an IAM path ([#243](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/243)) ([c9dc889](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/c9dc889a4b081105fb7567ca12a2d32ac36caa29)) - - -### Bug Fixes - -* Update CI workflow versions to latest ([#236](https://github.com/terraform-aws-modules/terraform-aws-ecs/issues/236)) ([fd0f0ec](https://github.com/terraform-aws-modules/terraform-aws-ecs/commit/fd0f0ecd7fd3a85d8d738320d37a22644b5f129a)) - ## [5.11.4](https://github.com/terraform-aws-modules/terraform-aws-ecs/compare/v5.11.3...v5.11.4) (2024-08-07)