From 3f73600770ada120739ee959fd9926dc1977d285 Mon Sep 17 00:00:00 2001
From: xshot9011 <40098197+xshot9011@users.noreply.github.com>
Date: Wed, 23 Nov 2022 15:53:33 +0700
Subject: [PATCH] fix: policy-non-exist-and-naming (#29)
* (update): fix naming and for_each problem
* (update): README, CHANGELOG
---
CHANGELOG.md | 12 ++++
README.md | 182 +++++++++++++++++++++++++--------------------------
locals.tf | 10 ++-
main.tf | 7 +-
4 files changed, 111 insertions(+), 100 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5a40170..814dc7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
# Change Log
+## [v1.1.9] - 2022-11-23
+
+### Changed
+
+- Update meta-argument to count on resource `aws_iam_role_policy_attachment.task_role`
+- Update resource `aws_lb_target_group.this` to auto substr if service name is longer than 29
+
+### Removed
+
+- Remove local `service_name_tmp`
+- Remove local `ecs_task_role_policy_arns` (change to count)
+
## [v1.1.8] - 2022-11-17
### Changed
diff --git a/README.md b/README.md
index 3cd3012..771d230 100644
--- a/README.md
+++ b/README.md
@@ -1,111 +1,111 @@
## Requirements
-| Name | Version |
-|---------------------------------------------------------------------------|----------|
+| Name | Version |
+|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 4.00 |
-| [random](#requirement\_random) | >= 2.3.0 |
+| [aws](#requirement\_aws) | >= 4.00 |
+| [random](#requirement\_random) | >= 2.3.0 |
## Providers
-| Name | Version |
-|------------------------------------------------------------|---------|
-| [aws](#provider\_aws) | 4.39.0 |
-| [random](#provider\_random) | 3.4.3 |
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 4.39.0 |
+| [random](#provider\_random) | 3.4.3 |
## Modules
-| Name | Source | Version |
-|------------------------------------------------------------------------------------|----------------------------|---------|
-| [secret\_kms\_key](#module\_secret\_kms\_key) | oozou/kms-key/aws | 1.0.0 |
-| [step\_alarm](#module\_step\_alarm) | oozou/cloudwatch-alarm/aws | 1.0.0 |
+| Name | Source | Version |
+|------|--------|---------|
+| [secret\_kms\_key](#module\_secret\_kms\_key) | oozou/kms-key/aws | 1.0.0 |
+| [step\_alarm](#module\_step\_alarm) | oozou/cloudwatch-alarm/aws | 1.0.0 |
## Resources
-| Name | Type |
-|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
-| [aws_appautoscaling_policy.step_scaling_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
-| [aws_appautoscaling_policy.target_tracking_scaling_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
-| [aws_appautoscaling_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource |
-| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_ecs_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
-| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.task_execution_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_lb_listener_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule) | resource |
-| [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
-| [aws_secretsmanager_secret.service_json_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
-| [aws_secretsmanager_secret.service_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
-| [aws_secretsmanager_secret_version.service_json_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
-| [aws_secretsmanager_secret_version.service_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
-| [aws_service_discovery_service.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource |
-| [random_string.service_secret_random_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.task_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.task_execution_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_role.get_ecs_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
-| [aws_iam_role.get_ecs_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| Name | Type |
+|------|------|
+| [aws_appautoscaling_policy.step_scaling_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
+| [aws_appautoscaling_policy.target_tracking_scaling_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
+| [aws_appautoscaling_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource |
+| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_ecs_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
+| [aws_ecs_task_definition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
+| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.task_execution_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_lb_listener_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule) | resource |
+| [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
+| [aws_secretsmanager_secret.service_json_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret.service_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.service_json_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [aws_secretsmanager_secret_version.service_secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [aws_service_discovery_service.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource |
+| [random_string.service_secret_random_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.task_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.task_execution_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_role.get_ecs_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
+| [aws_iam_role.get_ecs_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
-| Name | Description | Type | Default | Required |
-|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|:--------:|
-| [additional\_ecs\_task\_execution\_role\_policy\_arns](#input\_additional\_ecs\_task\_execution\_role\_policy\_arns) | List of policies ARNs to attach to the ECS Task Role. eg: { rds\_arn = module.postgres\_db.rds\_policy\_arn } | `list(string)` | `[]` | no |
-| [additional\_ecs\_task\_role\_policy\_arns](#input\_additional\_ecs\_task\_role\_policy\_arns) | List of policies ARNs to attach to the ECS Task Role. eg: { rds\_arn = module.postgres\_db.rds\_policy\_arn } | `list(string)` | `[]` | no |
-| [alb\_host\_header](#input\_alb\_host\_header) | Mention host header for api endpoint | `string` | `null` | no |
-| [alb\_listener\_arn](#input\_alb\_listener\_arn) | The ALB listener to attach to | `string` | `""` | no |
-| [alb\_paths](#input\_alb\_paths) | Mention list Path For ALB routing eg: ["/"] or ["/route1"] | `list(string)` | `[]` | no |
-| [alb\_priority](#input\_alb\_priority) | Priority of ALB rule https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules | `string` | `"100"` | no |
-| [apm\_config](#input\_apm\_config) | Config for X-Ray sidecar container for APM and traceability | object({
service_port = number
cpu = number
memory = number
}) | {
"cpu": 256,
"memory": 512,
"service_port": 9000
} | no |
-| [apm\_sidecar\_ecr\_url](#input\_apm\_sidecar\_ecr\_url) | [Optional] To enable APM, set Sidecar ECR URL | `string` | `""` | no |
-| [application\_subnet\_ids](#input\_application\_subnet\_ids) | Subnet IDs to deploy into | `list(string)` | n/a | yes |
-| [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service EC2 Autoscaling group | `map(any)` | `null` | no |
-| [cloudwatch\_log\_kms\_key\_id](#input\_cloudwatch\_log\_kms\_key\_id) | The ARN for the KMS encryption key. | `string` | `null` | no |
-| [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | Retention day for cloudwatch log group | `number` | `90` | no |
-| [command](#input\_command) | Command to override | `list(string)` | `[]` | no |
-| [custom\_header\_token](#input\_custom\_header\_token) | [Required] Specify secret value for custom header | `string` | `""` | no |
-| [deployment\_circuit\_breaker](#input\_deployment\_circuit\_breaker) | Configuration block for deployment circuit breaker | object({
enable = bool
rollback = bool
}) | {
"enable": true,
"rollback": true
} | no |
-| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster name to deploy in | `string` | n/a | yes |
-| [efs\_volumes](#input\_efs\_volumes) | Task EFS volume definitions as list of configuration objects. You cannot define both Docker volumes and EFS volumes on the same task definition. | `list(any)` | `[]` | no |
-| [entry\_point](#input\_entry\_point) | Entrypoint to override | `list(string)` | `[]` | no |
-| [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
-| [envvars](#input\_envvars) | List of [{name = \"\", value = \"\"}] pairs of environment variables
envvars = [{
name = "EXAMPLE\_ENV"
value = "example"
}] | set(object({
name = string
value = string
})) | `[]` | no |
-| [exists\_task\_execution\_role\_arn](#input\_exists\_task\_execution\_role\_arn) | The existing arn of task exec role | `string` | `""` | no |
-| [exists\_task\_role\_arn](#input\_exists\_task\_role\_arn) | The existing arn of task role | `string` | `""` | no |
-| [health\_check](#input\_health\_check) | Health Check Config for the service | `map(string)` | `{}` | no |
-| [is\_application\_scratch\_volume\_enabled](#input\_is\_application\_scratch\_volume\_enabled) | To enabled the temporary storage for the service | `bool` | `false` | no |
-| [is\_attach\_service\_with\_lb](#input\_is\_attach\_service\_with\_lb) | Attach the container to the public ALB? (true/false) | `bool` | n/a | yes |
-| [is\_create\_cloudwatch\_log\_group](#input\_is\_create\_cloudwatch\_log\_group) | Whether to create cloudwatch log group or not | `bool` | `true` | no |
-| [is\_create\_iam\_role](#input\_is\_create\_iam\_role) | Create the built in IAM role for task role and task exec role | `bool` | `true` | no |
-| [is\_enable\_execute\_command](#input\_is\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service. | `bool` | `false` | no |
-| [json\_secrets](#input\_json\_secrets) | Map of secret name(as reflected in Secrets Manager) and secret JSON string associated | `map(string)` | `{}` | no |
-| [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
-| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Service level strategy rules that are taken into consideration during task placement | set(object({
type = string
field = string
})) | [
{
"field": "attribute:ecs.availability-zone",
"type": "spread"
}
]
| no |
-| [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
-| [scaling\_configuration](#input\_scaling\_configuration) | configuration of scaling configuration support both target tracking and step scaling policies
https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html | `any` | `{}` | no |
-| [secrets](#input\_secrets) | Map of secret name(as reflected in Secrets Manager) and secret JSON string associated | `map(string)` | `{}` | no |
-| [security\_groups](#input\_security\_groups) | Security groups to apply to service | `list(string)` | n/a | yes |
-| [service\_count](#input\_service\_count) | Number of containers to deploy | `number` | `1` | no |
-| [service\_discovery\_namespace](#input\_service\_discovery\_namespace) | DNS Namespace to deploy to | `string` | n/a | yes |
-| [service\_info](#input\_service\_info) | The configuration of service | object({
cpu_allocation = number
mem_allocation = number
port = number
image = string
mount_points = list(any)
}) | n/a | yes |
-| [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
-| [target\_group\_deregistration\_delay](#input\_target\_group\_deregistration\_delay) | (Optional) Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. | `number` | `300` | no |
-| [unix\_max\_connection](#input\_unix\_max\_connection) | Number of net.core.somaxconn | `number` | `4096` | no |
-| [vpc\_id](#input\_vpc\_id) | VPC id where security group is created | `string` | `""` | no |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [additional\_ecs\_task\_execution\_role\_policy\_arns](#input\_additional\_ecs\_task\_execution\_role\_policy\_arns) | List of policies ARNs to attach to the ECS Task Role. eg: { rds\_arn = module.postgres\_db.rds\_policy\_arn } | `list(string)` | `[]` | no |
+| [additional\_ecs\_task\_role\_policy\_arns](#input\_additional\_ecs\_task\_role\_policy\_arns) | List of policies ARNs to attach to the ECS Task Role. eg: { rds\_arn = module.postgres\_db.rds\_policy\_arn } | `list(string)` | `[]` | no |
+| [alb\_host\_header](#input\_alb\_host\_header) | Mention host header for api endpoint | `string` | `null` | no |
+| [alb\_listener\_arn](#input\_alb\_listener\_arn) | The ALB listener to attach to | `string` | `""` | no |
+| [alb\_paths](#input\_alb\_paths) | Mention list Path For ALB routing eg: ["/"] or ["/route1"] | `list(string)` | `[]` | no |
+| [alb\_priority](#input\_alb\_priority) | Priority of ALB rule https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules | `string` | `"100"` | no |
+| [apm\_config](#input\_apm\_config) | Config for X-Ray sidecar container for APM and traceability | object({
service_port = number
cpu = number
memory = number
}) | {
"cpu": 256,
"memory": 512,
"service_port": 9000
} | no |
+| [apm\_sidecar\_ecr\_url](#input\_apm\_sidecar\_ecr\_url) | [Optional] To enable APM, set Sidecar ECR URL | `string` | `""` | no |
+| [application\_subnet\_ids](#input\_application\_subnet\_ids) | Subnet IDs to deploy into | `list(string)` | n/a | yes |
+| [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service EC2 Autoscaling group | `map(any)` | `null` | no |
+| [cloudwatch\_log\_kms\_key\_id](#input\_cloudwatch\_log\_kms\_key\_id) | The ARN for the KMS encryption key. | `string` | `null` | no |
+| [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | Retention day for cloudwatch log group | `number` | `90` | no |
+| [command](#input\_command) | Command to override | `list(string)` | `[]` | no |
+| [custom\_header\_token](#input\_custom\_header\_token) | [Required] Specify secret value for custom header | `string` | `""` | no |
+| [deployment\_circuit\_breaker](#input\_deployment\_circuit\_breaker) | Configuration block for deployment circuit breaker | object({
enable = bool
rollback = bool
}) | {
"enable": true,
"rollback": true
} | no |
+| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster name to deploy in | `string` | n/a | yes |
+| [efs\_volumes](#input\_efs\_volumes) | Task EFS volume definitions as list of configuration objects. You cannot define both Docker volumes and EFS volumes on the same task definition. | `list(any)` | `[]` | no |
+| [entry\_point](#input\_entry\_point) | Entrypoint to override | `list(string)` | `[]` | no |
+| [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
+| [envvars](#input\_envvars) | List of [{name = \"\", value = \"\"}] pairs of environment variables
envvars = [{
name = "EXAMPLE\_ENV"
value = "example"
}] | set(object({
name = string
value = string
})) | `[]` | no |
+| [exists\_task\_execution\_role\_arn](#input\_exists\_task\_execution\_role\_arn) | The existing arn of task exec role | `string` | `""` | no |
+| [exists\_task\_role\_arn](#input\_exists\_task\_role\_arn) | The existing arn of task role | `string` | `""` | no |
+| [health\_check](#input\_health\_check) | Health Check Config for the service | `map(string)` | `{}` | no |
+| [is\_application\_scratch\_volume\_enabled](#input\_is\_application\_scratch\_volume\_enabled) | To enabled the temporary storage for the service | `bool` | `false` | no |
+| [is\_attach\_service\_with\_lb](#input\_is\_attach\_service\_with\_lb) | Attach the container to the public ALB? (true/false) | `bool` | n/a | yes |
+| [is\_create\_cloudwatch\_log\_group](#input\_is\_create\_cloudwatch\_log\_group) | Whether to create cloudwatch log group or not | `bool` | `true` | no |
+| [is\_create\_iam\_role](#input\_is\_create\_iam\_role) | Create the built in IAM role for task role and task exec role | `bool` | `true` | no |
+| [is\_enable\_execute\_command](#input\_is\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service. | `bool` | `false` | no |
+| [json\_secrets](#input\_json\_secrets) | Map of secret name(as reflected in Secrets Manager) and secret JSON string associated | `map(string)` | `{}` | no |
+| [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
+| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Service level strategy rules that are taken into consideration during task placement | set(object({
type = string
field = string
})) | [
{
"field": "attribute:ecs.availability-zone",
"type": "spread"
}
]
| no |
+| [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
+| [scaling\_configuration](#input\_scaling\_configuration) | configuration of scaling configuration support both target tracking and step scaling policies
https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html | `any` | `{}` | no |
+| [secrets](#input\_secrets) | Map of secret name(as reflected in Secrets Manager) and secret JSON string associated | `map(string)` | `{}` | no |
+| [security\_groups](#input\_security\_groups) | Security groups to apply to service | `list(string)` | n/a | yes |
+| [service\_count](#input\_service\_count) | Number of containers to deploy | `number` | `1` | no |
+| [service\_discovery\_namespace](#input\_service\_discovery\_namespace) | DNS Namespace to deploy to | `string` | n/a | yes |
+| [service\_info](#input\_service\_info) | The configuration of service | object({
cpu_allocation = number
mem_allocation = number
port = number
image = string
mount_points = list(any)
}) | n/a | yes |
+| [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
+| [target\_group\_deregistration\_delay](#input\_target\_group\_deregistration\_delay) | (Optional) Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. | `number` | `300` | no |
+| [unix\_max\_connection](#input\_unix\_max\_connection) | Number of net.core.somaxconn | `number` | `4096` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC id where security group is created | `string` | `""` | no |
## Outputs
-| Name | Description |
-|-----------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
-| [secret\_arns](#output\_secret\_arns) | List of ARNs of the SecretsManager secrets |
-| [secret\_json\_arn](#output\_secret\_json\_arn) | List of ARNs of the SecretsManager json secrets |
-| [task\_execution\_role\_arn](#output\_task\_execution\_role\_arn) | ECS Task execution role ARN |
-| [task\_execution\_role\_id](#output\_task\_execution\_role\_id) | ECS Task execution role ID |
-| [task\_role\_arn](#output\_task\_role\_arn) | ECS Task role ARN |
-| [task\_role\_id](#output\_task\_role\_id) | ECS Task role ID |
+| Name | Description |
+|------|-------------|
+| [secret\_arns](#output\_secret\_arns) | List of ARNs of the SecretsManager secrets |
+| [secret\_json\_arn](#output\_secret\_json\_arn) | List of ARNs of the SecretsManager json secrets |
+| [task\_execution\_role\_arn](#output\_task\_execution\_role\_arn) | ECS Task execution role ARN |
+| [task\_execution\_role\_id](#output\_task\_execution\_role\_id) | ECS Task execution role ID |
+| [task\_role\_arn](#output\_task\_role\_arn) | ECS Task role ARN |
+| [task\_role\_id](#output\_task\_role\_id) | ECS Task role ID |
diff --git a/locals.tf b/locals.tf
index 0e963fb..6fe4eb5 100644
--- a/locals.tf
+++ b/locals.tf
@@ -7,14 +7,12 @@ data "aws_region" "current" {
/* Generics */
/* -------------------------------------------------------------------------- */
locals {
- service_name_tmp = format("%s-%s-%s", var.prefix, var.environment, var.name)
- service_name = substr("${local.service_name_tmp}", 0, min(29, length(local.service_name_tmp)))
+ service_name = format("%s-%s-%s", var.prefix, var.environment, var.name)
# Task Role
- task_role_arn = var.is_create_iam_role ? aws_iam_role.task_role[0].arn : var.exists_task_role_arn
- task_role_name = try(split("/", local.task_role_arn)[1], "")
- task_role_id = local.task_role_name
- ecs_task_role_policy_arns = toset(var.additional_ecs_task_role_policy_arns)
+ task_role_arn = var.is_create_iam_role ? aws_iam_role.task_role[0].arn : var.exists_task_role_arn
+ task_role_name = try(split("/", local.task_role_arn)[1], "")
+ task_role_id = local.task_role_name
# Task Exec Role
task_execution_role_arn = var.is_create_iam_role ? aws_iam_role.task_execution_role[0].arn : var.exists_task_execution_role_arn
diff --git a/main.tf b/main.tf
index 03982fe..467bc16 100644
--- a/main.tf
+++ b/main.tf
@@ -26,10 +26,10 @@ resource "aws_iam_role" "task_role" {
}
resource "aws_iam_role_policy_attachment" "task_role" {
- for_each = var.is_create_iam_role ? local.ecs_task_role_policy_arns : []
+ count = var.is_create_iam_role ? length(var.additional_ecs_task_role_policy_arns) : 0
role = local.task_role_name
- policy_arn = each.value
+ policy_arn = var.additional_ecs_task_role_policy_arns[count.index]
}
/* -------------------------------- Validator ------------------------------- */
data "aws_iam_role" "get_ecs_task_role" {
@@ -98,7 +98,8 @@ resource "aws_cloudwatch_log_group" "this" {
resource "aws_lb_target_group" "this" {
count = var.is_attach_service_with_lb ? 1 : 0
- name = format("%s-tg", local.service_name)
+ name = format("%s-tg", substr("${local.service_name}", 0, min(29, length(local.service_name))))
+
port = var.service_info.port
protocol = var.service_info.port == 443 ? "HTTPS" : "HTTP"
vpc_id = var.vpc_id