diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index ceb46444..6f64b5a3 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -15,9 +15,10 @@
# Cloud Posse must review any changes to standard context definition,
# but some changes can be rubber-stamped.
-**/context.tf @cloudposse/engineering @cloudposse/approvers
-README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
-docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration
.github/mergify.yml @cloudposse/admins
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 00000000..94d32460
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,72 @@
+---
+name: Bug report
+description: Create a report to help us improve
+labels: ["bug"]
+assignees: [""]
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Found a bug?
+
+ Please checkout our [Slack Community](https://slack.cloudposse.com)
+ or visit our [Slack Archive](https://archive.sweetops.com/).
+
+ [](https://slack.cloudposse.com)
+
+ - type: textarea
+ id: concise-description
+ attributes:
+ label: Describe the Bug
+ description: A clear and concise description of what the bug is.
+ placeholder: What is the bug about?
+ validations:
+ required: true
+
+ - type: textarea
+ id: expected
+ attributes:
+ label: Expected Behavior
+ description: A clear and concise description of what you expected.
+ placeholder: What happened?
+ validations:
+ required: true
+
+ - type: textarea
+ id: reproduction-steps
+ attributes:
+ label: Steps to Reproduce
+ description: Steps to reproduce the behavior.
+ placeholder: How do we reproduce it?
+ validations:
+ required: true
+
+ - type: textarea
+ id: screenshots
+ attributes:
+ label: Screenshots
+ description: If applicable, add screenshots or logs to help explain.
+ validations:
+ required: false
+
+ - type: textarea
+ id: environment
+ attributes:
+ label: Environment
+ description: Anything that will help us triage the bug.
+ placeholder: |
+ - OS: [e.g. Linux, OSX, WSL, etc]
+ - Version [e.g. 10.15]
+ - Module version
+ - Terraform version
+ validations:
+ required: false
+
+ - type: textarea
+ id: additional
+ attributes:
+ label: Additional Context
+ description: |
+ Add any other context about the problem here.
+ validations:
+ required: false
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 00000000..7b866727
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,71 @@
+---
+name: Feature Request
+description: Suggest an idea for this project
+labels: ["feature request"]
+assignees: [""]
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Have a question?
+
+ Please checkout our [Slack Community](https://slack.cloudposse.com)
+ or visit our [Slack Archive](https://archive.sweetops.com/).
+
+ [](https://slack.cloudposse.com)
+
+ - type: textarea
+ id: concise-description
+ attributes:
+ label: Describe the Feature
+ description: A clear and concise description of what the feature is.
+ placeholder: What is the feature about?
+ validations:
+ required: true
+
+ - type: textarea
+ id: expected
+ attributes:
+ label: Expected Behavior
+ description: A clear and concise description of what you expected.
+ placeholder: What happened?
+ validations:
+ required: true
+
+ - type: textarea
+ id: use-case
+ attributes:
+ label: Use Case
+ description: |
+ Is your feature request related to a problem/challenge you are trying
+ to solve?
+
+ Please provide some additional context of why this feature or
+ capability will be valuable.
+ validations:
+ required: true
+
+ - type: textarea
+ id: ideal-solution
+ attributes:
+ label: Describe Ideal Solution
+ description: A clear and concise description of what you want to happen.
+ validations:
+ required: true
+
+ - type: textarea
+ id: alternatives-considered
+ attributes:
+ label: Alternatives Considered
+ description: Explain alternative solutions or features considered.
+ validations:
+ required: false
+
+ - type: textarea
+ id: additional
+ attributes:
+ label: Additional Context
+ description: |
+ Add any other context about the problem here.
+ validations:
+ required: false
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 4b8f32df..8944933e 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,13 +1,21 @@
## what
-* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
-* Use bullet points to be concise and to the point.
+
+
## why
-* Provide the justifications for the changes (e.g. business case).
-* Describe why these changes were made (e.g. why do these commits fix the problem?)
-* Use bullet points to be concise and to the point.
+
+
## references
-* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
-* Use `closes #123`, if this PR closes a GitHub issue `#123`
+
diff --git a/.github/auto-release.yml b/.github/auto-release.yml
index c78a4d83..17cd39c8 100644
--- a/.github/auto-release.yml
+++ b/.github/auto-release.yml
@@ -46,7 +46,7 @@ template: |
replacers:
# Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
diff --git a/.github/mergify.yml b/.github/mergify.yml
index b0106567..ef15545e 100644
--- a/.github/mergify.yml
+++ b/.github/mergify.yml
@@ -56,3 +56,10 @@ pull_request_rules:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."
+
+- name: "close Pull Requests without files changed"
+ conditions:
+ - "#files=0"
+ actions:
+ close:
+ message: "This pull request has been automatically closed by Mergify because there are no longer any changes."
diff --git a/.github/renovate.json b/.github/renovate.json
index ae4f0aa5..a7802980 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -4,9 +4,9 @@
":preserveSemverRanges"
],
"labels": ["auto-update"],
+ "dependencyDashboardAutoclose": true,
"enabledManagers": ["terraform"],
"terraform": {
"ignorePaths": ["**/context.tf", "examples/**"]
}
}
-
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml
index ab979e0e..831e7faa 100644
--- a/.github/workflows/auto-context.yml
+++ b/.github/workflows/auto-context.yml
@@ -27,7 +27,7 @@ jobs:
make init
make github/init/context.tf
make readme/build
- echo "::set-output name=create_pull_request::true"
+ echo "create_pull_request=true" >> "$GITHUB_OUTPUT"
fi
else
echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
@@ -35,9 +35,9 @@ jobs:
- name: Create Pull Request
if: steps.update.outputs.create_pull_request == 'true'
- uses: cloudposse/actions/github/create-pull-request@0.22.0
+ uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
commit-message: Update context.tf from origin source
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
index 990abed6..b8c20641 100644
--- a/.github/workflows/auto-format.yml
+++ b/.github/workflows/auto-format.yml
@@ -6,7 +6,7 @@ on:
jobs:
auto-format:
runs-on: ubuntu-latest
- container: cloudposse/build-harness:slim-latest
+ container: cloudposse/build-harness:latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
@@ -19,7 +19,7 @@ jobs:
if: github.event.pull_request.state == 'open'
name: Privileged Checkout
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Check out the PR commit, not the merge commit
# Use `ref` instead of `sha` to enable pushing back to `ref`
@@ -29,6 +29,8 @@ jobs:
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
+ env:
+ GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}"
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
# Commit changes (if any) to the PR branch
@@ -52,15 +54,15 @@ jobs:
[[ $SENDER == "cloudpossebot" ]] || git push
# Set status to fail, because the push should trigger another status check,
# and we use success to indicate the checks are finished.
- printf "::set-output name=%s::%s\n" "changed" "true"
+ echo "changed=true" >> "$GITHUB_OUTPUT"
exit 1
else
- printf "::set-output name=%s::%s\n" "changed" "false"
+ echo "changed=false" >> "$GITHUB_OUTPUT"
echo "No changes detected"
fi
- name: Auto Test
- uses: cloudposse/actions/github/repository-dispatch@0.22.0
+ uses: cloudposse/actions/github/repository-dispatch@0.30.0
# match users by ID because logins (user names) are inconsistent,
# for example in the REST API Renovate Bot is `renovate[bot]` but
# in GraphQL it is just `renovate`, plus there is a non-bot
@@ -73,7 +75,7 @@ jobs:
contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
&& steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
repository: cloudposse/actions
event-type: test-command
client-payload: |-
diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml
index 6229e606..b2db520b 100644
--- a/.github/workflows/auto-readme.yml
+++ b/.github/workflows/auto-readme.yml
@@ -1,29 +1,58 @@
name: "auto-readme"
on:
+ workflow_dispatch:
+
schedule:
- # Update README.md nightly
+ # Example of job definition:
+ # .---------------- minute (0 - 59)
+ # | .------------- hour (0 - 23)
+ # | | .---------- day of month (1 - 31)
+ # | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
+ # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+ # | | | | |
+ # * * * * * user-name command to be executed
+
+ # Update README.md nightly at 4am UTC
- cron: '0 4 * * *'
jobs:
update:
- if: github.event_name == 'schedule'
+ if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+ - name: Find default branch name
+ id: defaultBranch
+ shell: bash
+ env:
+ GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+ run: |
+ default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name)
+ echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT"
+ printf "defaultBranchRef.name=%s\n" "${default_branch}"
+
- name: Update readme
shell: bash
id: update
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+ DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}"
run: |
make init
make readme/build
+ # Ignore changes if they are only whitespace
+ if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then
+ git restore README.md
+ echo Ignoring whitespace-only changes in README
+ fi
- name: Create Pull Request
- uses: cloudposse/actions/github/create-pull-request@0.20.0
+ # This action will not create or change a pull request if there are no changes to make.
+ # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
+ uses: cloudposse/actions/github/create-pull-request@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
commit-message: Update README.md and docs
title: Update README.md and docs
body: |-
@@ -34,8 +63,9 @@ jobs:
To have most recent changes of README.md and doc from origin templates
branch: auto-update/readme
- base: master
+ base: ${{ steps.defaultBranch.outputs.defaultBranch }}
delete-branch: true
labels: |
auto-update
+ no-release
readme
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 3f48017d..17d6cabb 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -3,17 +3,24 @@ name: auto-release
on:
push:
branches:
- - master
+ - main
+ - master
+ - production
jobs:
publish:
runs-on: ubuntu-latest
steps:
- # Drafts your next Release notes as Pull Requests are merged into "master"
- - uses: release-drafter/release-drafter@v5
- with:
- publish: true
- prerelease: false
- config-name: auto-release.yml
- env:
- GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ # Get PR from merged commit to master
+ - uses: actions-ecosystem/action-get-merged-pull-request@v1
+ id: get-merged-pull-request
+ with:
+ github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+ # Drafts your next Release notes as Pull Requests are merged into "main"
+ - uses: release-drafter/release-drafter@v5
+ with:
+ publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
+ prerelease: false
+ config-name: auto-release.yml
+ env:
+ GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
index 4ddc0674..0f645747 100644
--- a/.github/workflows/chatops.yml
+++ b/.github/workflows/chatops.yml
@@ -9,9 +9,9 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: "Handle common commands"
- uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
+ uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: rebuild-readme, terraform-fmt
@@ -24,9 +24,9 @@ jobs:
- name: "Checkout commit"
uses: actions/checkout@v2
- name: "Run tests"
- uses: cloudposse/actions/github/slash-command-dispatch@0.22.0
+ uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ token: ${{ secrets.REPO_ACCESS_TOKEN }}
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: cloudposse/actions
commands: test
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 386eb286..b3f7c327 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -1,5 +1,7 @@
name: Validate Codeowners
on:
+ workflow_dispatch:
+
pull_request:
jobs:
@@ -8,7 +10,8 @@ jobs:
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
- - uses: mszostok/codeowners-validator@v0.5.0
+ # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved
+ - uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
with:
@@ -16,10 +19,12 @@ jobs:
# files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
# checks: "files,syntax,owners,duppatterns"
checks: "syntax,owners,duppatterns"
+ owner_checker_allow_unowned_patterns: "false"
# GitHub access token is required only if the `owners` check is enabled
- github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- - uses: mszostok/codeowners-validator@v0.5.0
+ github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}"
+ - uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name != github.repository
name: "Syntax check of CODEOWNERS"
with:
checks: "syntax,duppatterns"
+ owner_checker_allow_unowned_patterns: "false"
diff --git a/.gitignore b/.gitignore
index d56c5b67..4e403ab5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
*.tfstate
*.tfstate.backup
.terraform.tfstate.lock.info
+**/.terraform.lock.hcl
# Module directory
.terraform/
diff --git a/Makefile b/Makefile
index 655f6303..d1d74612 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ SHELL := /bin/bash
# List of targets the `readme` target should call before generating the readme
export README_DEPS ?= docs/targets.md docs/terraform.md
--include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+-include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness)
## Lint terraform code
lint:
diff --git a/README.md b/README.md
index d8da750e..a9b6597c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+
# terraform-aws-ecs-web-app [](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dbb22a15c2e97b3b73ab484) [](https://github.com/cloudposse/terraform-aws-ecs-web-app/releases/latest) [](https://slack.cloudposse.com)
@@ -29,7 +30,6 @@
A Terraform module which implements a web app on ECS and supporting AWS resources.
-
---
This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
@@ -60,6 +60,24 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
+## Security & Compliance [
](https://bridgecrew.io/)
+
+Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
+
+| Benchmark | Description |
+|--------|---------------|
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=SOC2)| Service Organization Control 2 Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance |
+
+
## Usage
@@ -105,7 +123,7 @@ module "default_backend_web_app" {
alb_ingress_unauthenticated_paths = ["/*"]
codepipeline_enabled = false
- environment = [
+ container_environment = [
{
name = "COOKIE"
value = "cookiemonster"
@@ -140,245 +158,301 @@ Available targets:
| Name | Version |
|------|---------|
-| terraform | >= 0.12.26 |
-| aws | >= 2.0 |
-| local | >= 1.3 |
-| null | >= 2.0 |
-| template | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [aws](#requirement\_aws) | >= 3.34 |
## Providers
| Name | Version |
|------|---------|
-| aws | >= 2.0 |
+| [aws](#provider\_aws) | >= 3.34 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.25.1 |
+| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 |
+| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 |
+| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 |
+| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 |
+| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 |
+| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 |
+| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.30.0 |
+| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_log_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| alb\_arn\_suffix | ARN suffix of the ALB for the Target Group | `string` | `""` | no |
-| alb\_container\_name | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no |
-| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
-| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
-| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
-| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| alb\_ingress\_enable\_default\_target\_group | If true, create a default target group for the ALB ingress | `bool` | `true` | no |
-| alb\_ingress\_healthcheck\_path | The path of the healthcheck which the ALB checks | `string` | `"/"` | no |
-| alb\_ingress\_healthcheck\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no |
-| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
-| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no |
-| alb\_ingress\_target\_group\_arn | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no |
-| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
-| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
-| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
-| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| alb\_security\_group | Security group of the ALB | `string` | n/a | yes |
-| alb\_target\_group\_alarms\_3xx\_threshold | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_4xx\_threshold | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_5xx\_threshold | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no |
-| alb\_target\_group\_alarms\_evaluation\_periods | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no |
-| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_period | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no |
-| alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no |
-| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no |
-| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
-| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
-| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
-| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no |
-| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no |
-| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no |
-| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no |
-| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no |
-| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no |
-| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no |
-| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |
-| autoscaling\_dimension | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no |
-| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no |
-| autoscaling\_max\_capacity | Maximum number of running instances of a Service | `number` | `2` | no |
-| autoscaling\_min\_capacity | Minimum number of running instances of a Service | `number` | `1` | no |
-| autoscaling\_scale\_down\_adjustment | Scaling adjustment to make during scale down event | `number` | `-1` | no |
-| autoscaling\_scale\_down\_cooldown | Period (in seconds) to wait between scale down events | `number` | `300` | no |
-| autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no |
-| autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no |
-| aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no |
-| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | n/a | yes |
-| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no |
-| branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no |
-| build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | list(object(
{
name = string
value = string
}))
| `[]` | no |
-| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no |
-| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no |
-| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no |
-| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | list(object({
capacity_provider = string
weight = number
base = number
})) | `[]` | no |
-| cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
-| codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no |
-| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no |
-| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| command | The command that is passed to the container | `list(string)` | `null` | no |
-| container\_cpu | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no |
-| container\_definition | Override the main container\_definition | `string` | `""` | no |
-| container\_environment | The environment variables to pass to the container. This is a list of maps | list(object({
name = string
value = string
})) | `null` | no |
-| container\_image | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no |
-| container\_memory | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no |
-| container\_memory\_reservation | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no |
-| container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no |
-| container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
-| container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no |
-| desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no |
-| ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_threshold | The maximum percentage of CPU utilization average | `number` | `80` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_threshold | The minimum percentage of CPU utilization average | `number` | `20` | no |
-| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no |
-| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_memory\_utilization\_high\_threshold | The maximum percentage of Memory utilization average | `number` | `80` | no |
-| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no |
-| ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes |
-| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | n/a | yes |
-| ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes |
-| ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| entrypoint | The entry point that is passed to the container | `list(string)` | `null` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no |
-| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | [
"push"
]
| no |
-| github\_webhooks\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_webhooks_token`) | `bool` | `false` | no |
-| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no |
-| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |
-| healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
}) | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no |
-| init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | list(object({
container_definition = any
condition = string
})) | `[]` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no |
-| log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no |
-| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no |
-| map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no |
-| mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | list(object({
containerPath = string
sourceVolume = string
})) | `[]` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no |
-| nlb\_container\_name | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no |
-| nlb\_container\_port | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no |
-| nlb\_ingress\_target\_group\_arn | Target group ARN of the NLB ingress | `string` | `""` | no |
-| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no |
-| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no |
-| port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({
containerPort = number
hostPort = number
protocol = string
})) | [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
| no |
-| privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| region | AWS Region for S3 bucket | `string` | n/a | yes |
-| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no |
-| repo\_owner | GitHub Organization or Username | `string` | `""` | no |
-| secrets | The secrets to pass to the container. This is a list of maps | list(object({
name = string
valueFrom = string
})) | `null` | no |
-| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | list(object({
registry_arn = string
port = number
container_name = string
container_port = number
})) | `[]` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| system\_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| task\_cpu | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
-| task\_memory | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
-| ulimits | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | list(object({
name = string
softLimit = number
hardLimit = number
})) | `[]` | no |
-| use\_alb\_security\_group | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no |
-| use\_ecr\_image | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no |
-| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no |
-| volumes | Task volume definitions as list of configuration objects | list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
})) | `[]` | no |
-| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes |
-| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no |
-| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no |
-| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no |
-| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no |
-| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
+| [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no |
+| [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no |
+| [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
+| [alb\_ingress\_authenticated\_listener\_arns](#input\_alb\_ingress\_authenticated\_listener\_arns) | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
+| [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
+| [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
+| [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no |
+| [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no |
+| [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no |
+| [alb\_ingress\_health\_check\_matcher](#input\_alb\_ingress\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no |
+| [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no |
+| [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no |
+| [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no |
+| [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no |
+| [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
+| [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no |
+| [alb\_ingress\_protocol](#input\_alb\_ingress\_protocol) | The protocol for the created ALB target group (if target\_group\_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`. | `string` | `"HTTP"` | no |
+| [alb\_ingress\_protocol\_version](#input\_alb\_ingress\_protocol\_version) | The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1 | `string` | `"HTTP1"` | no |
+| [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no |
+| [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
+| [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
+| [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
+| [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
+| [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes |
+| [alb\_stickiness\_cookie\_duration](#input\_alb\_stickiness\_cookie\_duration) | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no |
+| [alb\_stickiness\_enabled](#input\_alb\_stickiness\_enabled) | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no |
+| [alb\_stickiness\_type](#input\_alb\_stickiness\_type) | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no |
+| [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_alarm\_actions](#input\_alb\_target\_group\_alarms\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_enabled](#input\_alb\_target\_group\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no |
+| [alb\_target\_group\_alarms\_evaluation\_periods](#input\_alb\_target\_group\_alarms\_evaluation\_periods) | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no |
+| [alb\_target\_group\_alarms\_insufficient\_data\_actions](#input\_alb\_target\_group\_alarms\_insufficient\_data\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_ok\_actions](#input\_alb\_target\_group\_alarms\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no |
+| [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no |
+| [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
+| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
+| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no |
+| [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no |
+| [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no |
+| [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
+| [authentication\_oidc\_authorization\_endpoint](#input\_authentication\_oidc\_authorization\_endpoint) | OIDC Authorization Endpoint | `string` | `""` | no |
+| [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no |
+| [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no |
+| [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no |
+| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP) | `string` | `null` | no |
+| [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no |
+| [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no |
+| [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |
+| [autoscaling\_dimension](#input\_autoscaling\_dimension) | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no |
+| [autoscaling\_enabled](#input\_autoscaling\_enabled) | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no |
+| [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of running instances of a Service | `number` | `2` | no |
+| [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of running instances of a Service | `number` | `1` | no |
+| [autoscaling\_scale\_down\_adjustment](#input\_autoscaling\_scale\_down\_adjustment) | Scaling adjustment to make during scale down event | `number` | `-1` | no |
+| [autoscaling\_scale\_down\_cooldown](#input\_autoscaling\_scale\_down\_cooldown) | Period (in seconds) to wait between scale down events | `number` | `300` | no |
+| [autoscaling\_scale\_up\_adjustment](#input\_autoscaling\_scale\_up\_adjustment) | Scaling adjustment to make during scale up event | `number` | `1` | no |
+| [autoscaling\_scale\_up\_cooldown](#input\_autoscaling\_scale\_up\_cooldown) | Period (in seconds) to wait between scale up events | `number` | `60` | no |
+| [aws\_logs\_prefix](#input\_aws\_logs\_prefix) | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no |
+| [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no |
+| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no |
+| [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no |
+| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | list(object(
{
name = string
value = string
type = string
}))
| `[]` | no |
+| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no |
+| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no |
+| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no |
+| [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | list(object({
capacity_provider = string
weight = number
base = number
})) | `[]` | no |
+| [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no |
+| [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no |
+| [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
+| [codebuild\_cache\_type](#input\_codebuild\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to NO\_CACHE. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no |
+| [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no |
+| [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no |
+| [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no |
+| [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no |
+| [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no |
+| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled. | `bool` | `true` | no |
+| [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
+| [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no |
+| [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no |
+| [container\_definition](#input\_container\_definition) | Override the main container\_definition | `string` | `""` | no |
+| [container\_environment](#input\_container\_environment) | The environment variables to pass to the container. This is a list of maps | list(object({
name = string
value = string
})) | `null` | no |
+| [container\_image](#input\_container\_image) | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no |
+| [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no |
+| [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no |
+| [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no |
+| [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no |
+| [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
+| [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no |
+| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no |
+| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no |
+| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
+| [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no |
+| [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no |
+| [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no |
+| [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_period](#input\_ecs\_alarms\_cpu\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_high\_threshold) | The maximum percentage of CPU utilization average | `number` | `80` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_period](#input\_ecs\_alarms\_cpu\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_low\_threshold) | The minimum percentage of CPU utilization average | `number` | `20` | no |
+| [ecs\_alarms\_enabled](#input\_ecs\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_period](#input\_ecs\_alarms\_memory\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_threshold](#input\_ecs\_alarms\_memory\_utilization\_high\_threshold) | The maximum percentage of Memory utilization average | `number` | `80` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_period](#input\_ecs\_alarms\_memory\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no |
+| [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes |
+| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no |
+| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes |
+| [ecs\_security\_group\_enabled](#input\_ecs\_security\_group\_enabled) | Whether to create a security group for the service. | `bool` | `true` | no |
+| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no |
+| [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no |
+| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no |
+| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no |
+| [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no |
+| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no |
+| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | [
"push"
]
| no |
+| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no |
+| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |
+| [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
}) | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [ignore\_changes\_desired\_count](#input\_ignore\_changes\_desired\_count) | Whether to ignore changes for desired count in the ECS service | `bool` | `false` | no |
+| [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no |
+| [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | list(object({
container_definition = any
condition = string
})) | `[]` | no |
+| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
+| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
+| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
+| [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no |
+| [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no |
+| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no |
+| [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no |
+| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | list(object({
containerPath = string
sourceVolume = string
readOnly = bool
})) | `[]` | no |
+| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
+| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
+| [network\_mode](#input\_network\_mode) | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type` | `string` | `"awsvpc"` | no |
+| [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no |
+| [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no |
+| [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no |
+| [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no |
+| [permissions\_boundary](#input\_permissions\_boundary) | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no |
+| [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no |
+| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no |
+| [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({
containerPort = number
hostPort = number
protocol = string
})) | [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
| no |
+| [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no |
+| [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no |
+| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no |
+| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no |
+| [runtime\_platform](#input\_runtime\_platform) | Zero or one runtime platform configurations that containers in your task may use.
Map of strings with optional keys `operating_system_family` and `cpu_architecture`.
See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform | `list(map(string))` | `[]` | no |
+| [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | list(object({
name = string
valueFrom = string
})) | `null` | no |
+| [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | list(object({
registry_arn = string
port = number
container_name = string
container_port = number
})) | `[]` | no |
+| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no |
+| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
+| [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
+| [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
+| [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no |
+| [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no |
+| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
+| [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | list(object({
name = string
softLimit = number
hardLimit = number
})) | `[]` | no |
+| [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no |
+| [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no |
+| [use\_nlb\_cidr\_blocks](#input\_use\_nlb\_cidr\_blocks) | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no |
+| [volumes](#input\_volumes) | Task volume definitions as list of configuration objects | list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
})) | `[]` | no |
+| [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created | `string` | n/a | yes |
+| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no |
+| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no |
+| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no |
+| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no |
+| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no |
## Outputs
| Name | Description |
|------|-------------|
-| alb\_ingress | All outputs from `module.alb_ingress` |
-| alb\_ingress\_target\_group\_arn | ALB Target Group ARN |
-| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix |
-| alb\_ingress\_target\_group\_name | ALB Target Group name |
-| alb\_target\_group\_cloudwatch\_sns\_alarms | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` |
-| cloudwatch\_log\_group | All outputs from `aws_cloudwatch_log_group.app` |
-| cloudwatch\_log\_group\_arn | Cloudwatch log group ARN |
-| cloudwatch\_log\_group\_name | Cloudwatch log group name |
-| codebuild | All outputs from `module.ecs_codepipeline` |
-| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled |
-| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN |
-| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name |
-| codebuild\_project\_id | CodeBuild project ID |
-| codebuild\_project\_name | CodeBuild project name |
-| codebuild\_role\_arn | CodeBuild IAM Role ARN |
-| codebuild\_role\_id | CodeBuild IAM Role ID |
-| codepipeline\_arn | CodePipeline ARN |
-| codepipeline\_id | CodePipeline ID |
-| codepipeline\_webhook\_id | The CodePipeline webhook's ID |
-| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target |
-| container\_definition | All outputs from `module.container_definition` |
-| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
-| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
-| ecr | All outputs from `module.ecr` |
-| ecr\_registry\_id | Registry ID |
-| ecr\_registry\_url | Repository URL |
-| ecr\_repository\_arn | ARN of ECR repository |
-| ecr\_repository\_name | Registry name |
-| ecr\_repository\_url | Repository URL |
-| ecs\_alarms | All outputs from `module.ecs_cloudwatch_sns_alarms` |
-| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN |
-| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID |
-| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN |
-| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID |
-| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN |
-| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID |
-| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN |
-| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID |
-| ecs\_alb\_service\_task | All outputs from `module.ecs_alb_service_task` |
-| ecs\_cloudwatch\_autoscaling | All outputs from `module.ecs_cloudwatch_autoscaling` |
-| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy |
-| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy |
-| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` |
-| ecs\_exec\_role\_policy\_name | ECS service role name |
-| ecs\_service\_name | ECS Service name |
-| ecs\_service\_role\_arn | ECS Service role ARN |
-| ecs\_service\_security\_group\_id | Security Group ID of the ECS task |
-| ecs\_task\_definition\_family | ECS task definition family |
-| ecs\_task\_definition\_revision | ECS task definition revision |
-| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN |
-| ecs\_task\_exec\_role\_name | ECS Task role name |
-| ecs\_task\_role\_arn | ECS Task role ARN |
-| ecs\_task\_role\_id | ECS Task role id |
-| ecs\_task\_role\_name | ECS Task role name |
-| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN |
-| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID |
-| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID |
-| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID |
-| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID |
-| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN |
-| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID |
-
+| [alb\_ingress](#output\_alb\_ingress) | All outputs from `module.alb_ingress` |
+| [alb\_ingress\_target\_group\_arn](#output\_alb\_ingress\_target\_group\_arn) | ALB Target Group ARN |
+| [alb\_ingress\_target\_group\_arn\_suffix](#output\_alb\_ingress\_target\_group\_arn\_suffix) | ALB Target Group ARN suffix |
+| [alb\_ingress\_target\_group\_name](#output\_alb\_ingress\_target\_group\_name) | ALB Target Group name |
+| [alb\_target\_group\_cloudwatch\_sns\_alarms](#output\_alb\_target\_group\_cloudwatch\_sns\_alarms) | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` |
+| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | All outputs from `aws_cloudwatch_log_group.app` |
+| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Cloudwatch log group ARN |
+| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Cloudwatch log group name |
+| [codebuild](#output\_codebuild) | All outputs from `module.ecs_codepipeline` |
+| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled |
+| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN |
+| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name |
+| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID |
+| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name |
+| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN |
+| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID |
+| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN |
+| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID |
+| [codepipeline\_webhook\_id](#output\_codepipeline\_webhook\_id) | The CodePipeline webhook's ID |
+| [codepipeline\_webhook\_url](#output\_codepipeline\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target |
+| [container\_definition](#output\_container\_definition) | All outputs from `module.container_definition` |
+| [container\_definition\_json](#output\_container\_definition\_json) | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
+| [container\_definition\_json\_map](#output\_container\_definition\_json\_map) | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
+| [ecr](#output\_ecr) | All outputs from `module.ecr` |
+| [ecr\_registry\_id](#output\_ecr\_registry\_id) | Registry ID |
+| [ecr\_registry\_url](#output\_ecr\_registry\_url) | Repository URL |
+| [ecr\_repository\_arn](#output\_ecr\_repository\_arn) | ARN of ECR repository |
+| [ecr\_repository\_name](#output\_ecr\_repository\_name) | Registry name |
+| [ecr\_repository\_url](#output\_ecr\_repository\_url) | Repository URL |
+| [ecs\_alarms](#output\_ecs\_alarms) | All outputs from `module.ecs_cloudwatch_sns_alarms` |
+| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization high CloudWatch metric alarm ARN |
+| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization high CloudWatch metric alarm ID |
+| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization low CloudWatch metric alarm ARN |
+| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization low CloudWatch metric alarm ID |
+| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization high CloudWatch metric alarm ARN |
+| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization high CloudWatch metric alarm ID |
+| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization low CloudWatch metric alarm ARN |
+| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization low CloudWatch metric alarm ID |
+| [ecs\_alb\_service\_task](#output\_ecs\_alb\_service\_task) | All outputs from `module.ecs_alb_service_task` |
+| [ecs\_cloudwatch\_autoscaling](#output\_ecs\_cloudwatch\_autoscaling) | All outputs from `module.ecs_cloudwatch_autoscaling` |
+| [ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn) | ARN of the scale down policy |
+| [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy |
+| [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` |
+| [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name |
+| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ECS Service ARN |
+| [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name |
+| [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN |
+| [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task |
+| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | ECS task definition family |
+| [ecs\_task\_definition\_revision](#output\_ecs\_task\_definition\_revision) | ECS task definition revision |
+| [ecs\_task\_exec\_role\_arn](#output\_ecs\_task\_exec\_role\_arn) | ECS Task exec role ARN |
+| [ecs\_task\_exec\_role\_name](#output\_ecs\_task\_exec\_role\_name) | ECS Task role name |
+| [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | ECS Task role ARN |
+| [ecs\_task\_role\_id](#output\_ecs\_task\_role\_id) | ECS Task role id |
+| [ecs\_task\_role\_name](#output\_ecs\_task\_role\_name) | ECS Task role name |
+| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB 5xx count CloudWatch metric alarm ARN |
+| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB 5xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 3xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 3xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 4xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 4xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 5xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 5xx count CloudWatch metric alarm ID |
+| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group response time average CloudWatch metric alarm ARN |
+| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id) | ALB Target Group response time average CloudWatch metric alarm ID |
@@ -390,6 +464,7 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud
Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
+
## Related Projects
Check out these related projects.
@@ -406,8 +481,6 @@ Check out these related projects.
- [terraform-aws-eks-workers](https://github.com/cloudposse/terraform-aws-eks-workers) - Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers
- [terraform-aws-ec2-autoscale-group](https://github.com/cloudposse/terraform-aws-ec2-autoscale-group) - Terraform module to provision Auto Scaling Group and Launch Template on AWS
-
-
## Help
**Got a question?** We got answers.
@@ -479,7 +552,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
## Copyright
-Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
@@ -552,7 +625,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
[![README Footer][readme_footer_img]][readme_footer_link]
[![Beacon][beacon]][website]
-
+
[logo]: https://cloudposse.com/logo-300x69.svg
[docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-web-app&utm_content=docs
[website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-web-app&utm_content=website
@@ -583,3 +656,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
[share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-ecs-web-app
[share_email]: mailto:?subject=terraform-aws-ecs-web-app&body=https://github.com/cloudposse/terraform-aws-ecs-web-app
[beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-ecs-web-app?pixel&cs=github&cm=readme&an=terraform-aws-ecs-web-app
+
diff --git a/README.yaml b/README.yaml
index 3e37d659..76a78ad1 100644
--- a/README.yaml
+++ b/README.yaml
@@ -100,7 +100,7 @@ usage: |-
alb_ingress_unauthenticated_paths = ["/*"]
codepipeline_enabled = false
- environment = [
+ container_environment = [
{
name = "COOKIE"
value = "cookiemonster"
diff --git a/context.tf b/context.tf
index f5f27979..5e0ef885 100644
--- a/context.tf
+++ b/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -20,10 +22,11 @@
module "this" {
source = "cloudposse/label/null"
- version = "0.22.1" // requires Terraform >= 0.12.26
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -34,6 +37,10 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
+ label_key_case = var.label_key_case
+ label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -41,23 +48,11 @@ module "this" {
# Copy contents of cloudposse/terraform-null-label/variables.tf here
variable "context" {
- type = object({
- enabled = bool
- namespace = string
- environment = string
- stage = string
- name = string
- delimiter = string
- attributes = list(string)
- tags = map(string)
- additional_tag_map = map(string)
- regex_replace_chars = string
- label_order = list(string)
- id_length_limit = number
- })
+ type = any
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -68,6 +63,17 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
+ label_key_case = null
+ label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -76,6 +82,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
+
+ validation {
+ condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+
+ validation {
+ condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
}
variable "enabled" {
@@ -87,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -120,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -158,11 +212,68 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
- Limit `id` to this many characters.
+ Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
+ validation {
+ condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+ error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+ }
+}
+
+variable "label_key_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper`.
+ Default value: `title`.
+ EOT
+
+ validation {
+ condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+}
+
+variable "label_value_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
+ Default value: `lower`.
+ EOT
+
+ validation {
+ condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
+}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/docs/terraform.md b/docs/terraform.md
index a979b14c..28542a07 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,243 +3,299 @@
| Name | Version |
|------|---------|
-| terraform | >= 0.12.26 |
-| aws | >= 2.0 |
-| local | >= 1.3 |
-| null | >= 2.0 |
-| template | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [aws](#requirement\_aws) | >= 3.34 |
## Providers
| Name | Version |
|------|---------|
-| aws | >= 2.0 |
+| [aws](#provider\_aws) | >= 3.34 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.25.1 |
+| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 |
+| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 |
+| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 |
+| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 |
+| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 |
+| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 |
+| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.30.0 |
+| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_log_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| alb\_arn\_suffix | ARN suffix of the ALB for the Target Group | `string` | `""` | no |
-| alb\_container\_name | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no |
-| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
-| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
-| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
-| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| alb\_ingress\_enable\_default\_target\_group | If true, create a default target group for the ALB ingress | `bool` | `true` | no |
-| alb\_ingress\_healthcheck\_path | The path of the healthcheck which the ALB checks | `string` | `"/"` | no |
-| alb\_ingress\_healthcheck\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no |
-| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
-| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no |
-| alb\_ingress\_target\_group\_arn | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no |
-| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
-| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
-| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
-| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| alb\_security\_group | Security group of the ALB | `string` | n/a | yes |
-| alb\_target\_group\_alarms\_3xx\_threshold | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_4xx\_threshold | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_5xx\_threshold | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
-| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no |
-| alb\_target\_group\_alarms\_evaluation\_periods | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no |
-| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no |
-| alb\_target\_group\_alarms\_period | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no |
-| alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no |
-| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no |
-| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
-| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
-| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
-| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no |
-| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no |
-| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no |
-| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no |
-| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no |
-| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no |
-| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no |
-| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |
-| autoscaling\_dimension | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no |
-| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no |
-| autoscaling\_max\_capacity | Maximum number of running instances of a Service | `number` | `2` | no |
-| autoscaling\_min\_capacity | Minimum number of running instances of a Service | `number` | `1` | no |
-| autoscaling\_scale\_down\_adjustment | Scaling adjustment to make during scale down event | `number` | `-1` | no |
-| autoscaling\_scale\_down\_cooldown | Period (in seconds) to wait between scale down events | `number` | `300` | no |
-| autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no |
-| autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no |
-| aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no |
-| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | n/a | yes |
-| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no |
-| branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no |
-| build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | list(object(
{
name = string
value = string
}))
| `[]` | no |
-| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no |
-| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no |
-| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no |
-| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | list(object({
capacity_provider = string
weight = number
base = number
})) | `[]` | no |
-| cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
-| codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no |
-| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no |
-| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| command | The command that is passed to the container | `list(string)` | `null` | no |
-| container\_cpu | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no |
-| container\_definition | Override the main container\_definition | `string` | `""` | no |
-| container\_environment | The environment variables to pass to the container. This is a list of maps | list(object({
name = string
value = string
})) | `null` | no |
-| container\_image | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no |
-| container\_memory | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no |
-| container\_memory\_reservation | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no |
-| container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no |
-| container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
-| container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no |
-| desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no |
-| ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_cpu\_utilization\_high\_threshold | The maximum percentage of CPU utilization average | `number` | `80` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_cpu\_utilization\_low\_threshold | The minimum percentage of CPU utilization average | `number` | `20` | no |
-| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no |
-| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_memory\_utilization\_high\_threshold | The maximum percentage of Memory utilization average | `number` | `80` | no |
-| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no |
-| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no |
-| ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
-| ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no |
-| ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes |
-| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | n/a | yes |
-| ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes |
-| ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| entrypoint | The entry point that is passed to the container | `list(string)` | `null` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no |
-| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | [
"push"
]
| no |
-| github\_webhooks\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_webhooks_token`) | `bool` | `false` | no |
-| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no |
-| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |
-| healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
}) | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no |
-| init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | list(object({
container_definition = any
condition = string
})) | `[]` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no |
-| log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no |
-| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no |
-| map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no |
-| mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | list(object({
containerPath = string
sourceVolume = string
})) | `[]` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no |
-| nlb\_container\_name | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no |
-| nlb\_container\_port | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no |
-| nlb\_ingress\_target\_group\_arn | Target group ARN of the NLB ingress | `string` | `""` | no |
-| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no |
-| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no |
-| port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({
containerPort = number
hostPort = number
protocol = string
})) | [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
| no |
-| privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| region | AWS Region for S3 bucket | `string` | n/a | yes |
-| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no |
-| repo\_owner | GitHub Organization or Username | `string` | `""` | no |
-| secrets | The secrets to pass to the container. This is a list of maps | list(object({
name = string
valueFrom = string
})) | `null` | no |
-| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | list(object({
registry_arn = string
port = number
container_name = string
container_port = number
})) | `[]` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| system\_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| task\_cpu | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
-| task\_memory | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
-| ulimits | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | list(object({
name = string
softLimit = number
hardLimit = number
})) | `[]` | no |
-| use\_alb\_security\_group | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no |
-| use\_ecr\_image | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no |
-| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no |
-| volumes | Task volume definitions as list of configuration objects | list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
})) | `[]` | no |
-| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes |
-| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no |
-| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no |
-| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no |
-| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no |
-| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
+| [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no |
+| [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no |
+| [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
+| [alb\_ingress\_authenticated\_listener\_arns](#input\_alb\_ingress\_authenticated\_listener\_arns) | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
+| [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
+| [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
+| [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no |
+| [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no |
+| [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no |
+| [alb\_ingress\_health\_check\_matcher](#input\_alb\_ingress\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no |
+| [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no |
+| [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no |
+| [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no |
+| [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no |
+| [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
+| [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no |
+| [alb\_ingress\_protocol](#input\_alb\_ingress\_protocol) | The protocol for the created ALB target group (if target\_group\_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`. | `string` | `"HTTP"` | no |
+| [alb\_ingress\_protocol\_version](#input\_alb\_ingress\_protocol\_version) | The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1 | `string` | `"HTTP1"` | no |
+| [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no |
+| [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no |
+| [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
+| [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
+| [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
+| [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes |
+| [alb\_stickiness\_cookie\_duration](#input\_alb\_stickiness\_cookie\_duration) | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no |
+| [alb\_stickiness\_enabled](#input\_alb\_stickiness\_enabled) | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no |
+| [alb\_stickiness\_type](#input\_alb\_stickiness\_type) | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no |
+| [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no |
+| [alb\_target\_group\_alarms\_alarm\_actions](#input\_alb\_target\_group\_alarms\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_enabled](#input\_alb\_target\_group\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no |
+| [alb\_target\_group\_alarms\_evaluation\_periods](#input\_alb\_target\_group\_alarms\_evaluation\_periods) | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no |
+| [alb\_target\_group\_alarms\_insufficient\_data\_actions](#input\_alb\_target\_group\_alarms\_insufficient\_data\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_ok\_actions](#input\_alb\_target\_group\_alarms\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no |
+| [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no |
+| [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no |
+| [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
+| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
+| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no |
+| [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no |
+| [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no |
+| [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
+| [authentication\_oidc\_authorization\_endpoint](#input\_authentication\_oidc\_authorization\_endpoint) | OIDC Authorization Endpoint | `string` | `""` | no |
+| [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no |
+| [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no |
+| [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no |
+| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP) | `string` | `null` | no |
+| [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no |
+| [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no |
+| [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |
+| [autoscaling\_dimension](#input\_autoscaling\_dimension) | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no |
+| [autoscaling\_enabled](#input\_autoscaling\_enabled) | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no |
+| [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of running instances of a Service | `number` | `2` | no |
+| [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of running instances of a Service | `number` | `1` | no |
+| [autoscaling\_scale\_down\_adjustment](#input\_autoscaling\_scale\_down\_adjustment) | Scaling adjustment to make during scale down event | `number` | `-1` | no |
+| [autoscaling\_scale\_down\_cooldown](#input\_autoscaling\_scale\_down\_cooldown) | Period (in seconds) to wait between scale down events | `number` | `300` | no |
+| [autoscaling\_scale\_up\_adjustment](#input\_autoscaling\_scale\_up\_adjustment) | Scaling adjustment to make during scale up event | `number` | `1` | no |
+| [autoscaling\_scale\_up\_cooldown](#input\_autoscaling\_scale\_up\_cooldown) | Period (in seconds) to wait between scale up events | `number` | `60` | no |
+| [aws\_logs\_prefix](#input\_aws\_logs\_prefix) | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no |
+| [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no |
+| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no |
+| [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no |
+| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | list(object(
{
name = string
value = string
type = string
}))
| `[]` | no |
+| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no |
+| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no |
+| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no |
+| [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | list(object({
capacity_provider = string
weight = number
base = number
})) | `[]` | no |
+| [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no |
+| [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no |
+| [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
+| [codebuild\_cache\_type](#input\_codebuild\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to NO\_CACHE. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no |
+| [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no |
+| [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no |
+| [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no |
+| [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no |
+| [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no |
+| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled. | `bool` | `true` | no |
+| [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
+| [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no |
+| [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no |
+| [container\_definition](#input\_container\_definition) | Override the main container\_definition | `string` | `""` | no |
+| [container\_environment](#input\_container\_environment) | The environment variables to pass to the container. This is a list of maps | list(object({
name = string
value = string
})) | `null` | no |
+| [container\_image](#input\_container\_image) | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no |
+| [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no |
+| [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no |
+| [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no |
+| [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no |
+| [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
+| [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no |
+| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no |
+| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no |
+| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
+| [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no |
+| [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no |
+| [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no |
+| [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_period](#input\_ecs\_alarms\_cpu\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_cpu\_utilization\_high\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_high\_threshold) | The maximum percentage of CPU utilization average | `number` | `80` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_period](#input\_ecs\_alarms\_cpu\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_cpu\_utilization\_low\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_low\_threshold) | The minimum percentage of CPU utilization average | `number` | `20` | no |
+| [ecs\_alarms\_enabled](#input\_ecs\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_period](#input\_ecs\_alarms\_memory\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_memory\_utilization\_high\_threshold](#input\_ecs\_alarms\_memory\_utilization\_high\_threshold) | The maximum percentage of Memory utilization average | `number` | `80` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_period](#input\_ecs\_alarms\_memory\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no |
+| [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no |
+| [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes |
+| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no |
+| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes |
+| [ecs\_security\_group\_enabled](#input\_ecs\_security\_group\_enabled) | Whether to create a security group for the service. | `bool` | `true` | no |
+| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no |
+| [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no |
+| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no |
+| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no |
+| [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no |
+| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no |
+| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | [
"push"
]
| no |
+| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no |
+| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |
+| [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
}) | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [ignore\_changes\_desired\_count](#input\_ignore\_changes\_desired\_count) | Whether to ignore changes for desired count in the ECS service | `bool` | `false` | no |
+| [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no |
+| [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | list(object({
container_definition = any
condition = string
})) | `[]` | no |
+| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
+| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
+| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
+| [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no |
+| [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no |
+| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no |
+| [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no |
+| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | list(object({
containerPath = string
sourceVolume = string
readOnly = bool
})) | `[]` | no |
+| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
+| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
+| [network\_mode](#input\_network\_mode) | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type` | `string` | `"awsvpc"` | no |
+| [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no |
+| [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no |
+| [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no |
+| [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no |
+| [permissions\_boundary](#input\_permissions\_boundary) | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no |
+| [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no |
+| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no |
+| [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({
containerPort = number
hostPort = number
protocol = string
})) | [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
| no |
+| [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no |
+| [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no |
+| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no |
+| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no |
+| [runtime\_platform](#input\_runtime\_platform) | Zero or one runtime platform configurations that containers in your task may use.
Map of strings with optional keys `operating_system_family` and `cpu_architecture`.
See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform | `list(map(string))` | `[]` | no |
+| [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | list(object({
name = string
valueFrom = string
})) | `null` | no |
+| [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | list(object({
registry_arn = string
port = number
container_name = string
container_port = number
})) | `[]` | no |
+| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no |
+| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
+| [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
+| [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no |
+| [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no |
+| [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no |
+| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
+| [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | list(object({
name = string
softLimit = number
hardLimit = number
})) | `[]` | no |
+| [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no |
+| [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no |
+| [use\_nlb\_cidr\_blocks](#input\_use\_nlb\_cidr\_blocks) | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no |
+| [volumes](#input\_volumes) | Task volume definitions as list of configuration objects | list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
})) | `[]` | no |
+| [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created | `string` | n/a | yes |
+| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no |
+| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no |
+| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no |
+| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no |
+| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no |
## Outputs
| Name | Description |
|------|-------------|
-| alb\_ingress | All outputs from `module.alb_ingress` |
-| alb\_ingress\_target\_group\_arn | ALB Target Group ARN |
-| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix |
-| alb\_ingress\_target\_group\_name | ALB Target Group name |
-| alb\_target\_group\_cloudwatch\_sns\_alarms | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` |
-| cloudwatch\_log\_group | All outputs from `aws_cloudwatch_log_group.app` |
-| cloudwatch\_log\_group\_arn | Cloudwatch log group ARN |
-| cloudwatch\_log\_group\_name | Cloudwatch log group name |
-| codebuild | All outputs from `module.ecs_codepipeline` |
-| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled |
-| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN |
-| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name |
-| codebuild\_project\_id | CodeBuild project ID |
-| codebuild\_project\_name | CodeBuild project name |
-| codebuild\_role\_arn | CodeBuild IAM Role ARN |
-| codebuild\_role\_id | CodeBuild IAM Role ID |
-| codepipeline\_arn | CodePipeline ARN |
-| codepipeline\_id | CodePipeline ID |
-| codepipeline\_webhook\_id | The CodePipeline webhook's ID |
-| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target |
-| container\_definition | All outputs from `module.container_definition` |
-| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
-| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
-| ecr | All outputs from `module.ecr` |
-| ecr\_registry\_id | Registry ID |
-| ecr\_registry\_url | Repository URL |
-| ecr\_repository\_arn | ARN of ECR repository |
-| ecr\_repository\_name | Registry name |
-| ecr\_repository\_url | Repository URL |
-| ecs\_alarms | All outputs from `module.ecs_cloudwatch_sns_alarms` |
-| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN |
-| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID |
-| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN |
-| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID |
-| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN |
-| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID |
-| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN |
-| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID |
-| ecs\_alb\_service\_task | All outputs from `module.ecs_alb_service_task` |
-| ecs\_cloudwatch\_autoscaling | All outputs from `module.ecs_cloudwatch_autoscaling` |
-| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy |
-| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy |
-| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` |
-| ecs\_exec\_role\_policy\_name | ECS service role name |
-| ecs\_service\_name | ECS Service name |
-| ecs\_service\_role\_arn | ECS Service role ARN |
-| ecs\_service\_security\_group\_id | Security Group ID of the ECS task |
-| ecs\_task\_definition\_family | ECS task definition family |
-| ecs\_task\_definition\_revision | ECS task definition revision |
-| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN |
-| ecs\_task\_exec\_role\_name | ECS Task role name |
-| ecs\_task\_role\_arn | ECS Task role ARN |
-| ecs\_task\_role\_id | ECS Task role id |
-| ecs\_task\_role\_name | ECS Task role name |
-| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN |
-| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID |
-| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID |
-| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID |
-| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN |
-| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID |
-| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN |
-| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID |
-
+| [alb\_ingress](#output\_alb\_ingress) | All outputs from `module.alb_ingress` |
+| [alb\_ingress\_target\_group\_arn](#output\_alb\_ingress\_target\_group\_arn) | ALB Target Group ARN |
+| [alb\_ingress\_target\_group\_arn\_suffix](#output\_alb\_ingress\_target\_group\_arn\_suffix) | ALB Target Group ARN suffix |
+| [alb\_ingress\_target\_group\_name](#output\_alb\_ingress\_target\_group\_name) | ALB Target Group name |
+| [alb\_target\_group\_cloudwatch\_sns\_alarms](#output\_alb\_target\_group\_cloudwatch\_sns\_alarms) | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` |
+| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | All outputs from `aws_cloudwatch_log_group.app` |
+| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Cloudwatch log group ARN |
+| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Cloudwatch log group name |
+| [codebuild](#output\_codebuild) | All outputs from `module.ecs_codepipeline` |
+| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled |
+| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN |
+| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name |
+| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID |
+| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name |
+| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN |
+| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID |
+| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN |
+| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID |
+| [codepipeline\_webhook\_id](#output\_codepipeline\_webhook\_id) | The CodePipeline webhook's ID |
+| [codepipeline\_webhook\_url](#output\_codepipeline\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target |
+| [container\_definition](#output\_container\_definition) | All outputs from `module.container_definition` |
+| [container\_definition\_json](#output\_container\_definition\_json) | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
+| [container\_definition\_json\_map](#output\_container\_definition\_json\_map) | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition |
+| [ecr](#output\_ecr) | All outputs from `module.ecr` |
+| [ecr\_registry\_id](#output\_ecr\_registry\_id) | Registry ID |
+| [ecr\_registry\_url](#output\_ecr\_registry\_url) | Repository URL |
+| [ecr\_repository\_arn](#output\_ecr\_repository\_arn) | ARN of ECR repository |
+| [ecr\_repository\_name](#output\_ecr\_repository\_name) | Registry name |
+| [ecr\_repository\_url](#output\_ecr\_repository\_url) | Repository URL |
+| [ecs\_alarms](#output\_ecs\_alarms) | All outputs from `module.ecs_cloudwatch_sns_alarms` |
+| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization high CloudWatch metric alarm ARN |
+| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization high CloudWatch metric alarm ID |
+| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization low CloudWatch metric alarm ARN |
+| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization low CloudWatch metric alarm ID |
+| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization high CloudWatch metric alarm ARN |
+| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization high CloudWatch metric alarm ID |
+| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization low CloudWatch metric alarm ARN |
+| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization low CloudWatch metric alarm ID |
+| [ecs\_alb\_service\_task](#output\_ecs\_alb\_service\_task) | All outputs from `module.ecs_alb_service_task` |
+| [ecs\_cloudwatch\_autoscaling](#output\_ecs\_cloudwatch\_autoscaling) | All outputs from `module.ecs_cloudwatch_autoscaling` |
+| [ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn) | ARN of the scale down policy |
+| [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy |
+| [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` |
+| [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name |
+| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ECS Service ARN |
+| [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name |
+| [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN |
+| [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task |
+| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | ECS task definition family |
+| [ecs\_task\_definition\_revision](#output\_ecs\_task\_definition\_revision) | ECS task definition revision |
+| [ecs\_task\_exec\_role\_arn](#output\_ecs\_task\_exec\_role\_arn) | ECS Task exec role ARN |
+| [ecs\_task\_exec\_role\_name](#output\_ecs\_task\_exec\_role\_name) | ECS Task role name |
+| [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | ECS Task role ARN |
+| [ecs\_task\_role\_id](#output\_ecs\_task\_role\_id) | ECS Task role id |
+| [ecs\_task\_role\_name](#output\_ecs\_task\_role\_name) | ECS Task role name |
+| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB 5xx count CloudWatch metric alarm ARN |
+| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB 5xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 3xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 3xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 4xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 4xx count CloudWatch metric alarm ID |
+| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 5xx count CloudWatch metric alarm ARN |
+| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 5xx count CloudWatch metric alarm ID |
+| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group response time average CloudWatch metric alarm ARN |
+| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id) | ALB Target Group response time average CloudWatch metric alarm ID |
diff --git a/examples/complete/context.tf b/examples/complete/context.tf
index f5f27979..5e0ef885 100644
--- a/examples/complete/context.tf
+++ b/examples/complete/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -20,10 +22,11 @@
module "this" {
source = "cloudposse/label/null"
- version = "0.22.1" // requires Terraform >= 0.12.26
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -34,6 +37,10 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
+ label_key_case = var.label_key_case
+ label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -41,23 +48,11 @@ module "this" {
# Copy contents of cloudposse/terraform-null-label/variables.tf here
variable "context" {
- type = object({
- enabled = bool
- namespace = string
- environment = string
- stage = string
- name = string
- delimiter = string
- attributes = list(string)
- tags = map(string)
- additional_tag_map = map(string)
- regex_replace_chars = string
- label_order = list(string)
- id_length_limit = number
- })
+ type = any
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -68,6 +63,17 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
+ label_key_case = null
+ label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -76,6 +82,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
+
+ validation {
+ condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+
+ validation {
+ condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
}
variable "enabled" {
@@ -87,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -120,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -158,11 +212,68 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
- Limit `id` to this many characters.
+ Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
+ validation {
+ condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+ error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+ }
+}
+
+variable "label_key_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper`.
+ Default value: `title`.
+ EOT
+
+ validation {
+ condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+}
+
+variable "label_value_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
+ Default value: `lower`.
+ EOT
+
+ validation {
+ condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
+}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index bfc799b6..66d5cb23 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -130,6 +130,12 @@ codepipeline_build_image = "aws/codebuild/docker:17.09.0"
codepipeline_build_timeout = 20
-codepipeline_github_webhooks_anonymous = true
+build_environment_variables = [
+ {
+ name = "TEST"
+ value = "TEST"
+ type = "PLAINTEXT"
+ }
+]
container_environment = []
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index abe7609f..c22a98c1 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -46,12 +46,17 @@ module "alb" {
resource "aws_ecs_cluster" "default" {
name = module.this.id
tags = module.this.tags
+ setting {
+ name = "containerInsights"
+ value = "enabled"
+ }
}
resource "aws_sns_topic" "sns_topic" {
- name = module.this.id
- display_name = "Test terraform-aws-ecs-web-app"
- tags = module.this.tags
+ name = module.this.id
+ display_name = "Test terraform-aws-ecs-web-app"
+ tags = module.this.tags
+ kms_master_key_id = "alias/aws/sns"
}
module "ecs_web_app" {
@@ -60,7 +65,7 @@ module "ecs_web_app" {
region = var.region
vpc_id = module.vpc.vpc_id
- // Container
+ # Container
container_image = var.container_image
container_cpu = var.container_cpu
container_memory = var.container_memory
@@ -70,7 +75,7 @@ module "ecs_web_app" {
aws_logs_region = var.region
healthcheck = var.healthcheck
- // Authentication
+ # Authentication
authentication_type = var.authentication_type
alb_ingress_listener_unauthenticated_priority = var.alb_ingress_listener_unauthenticated_priority
alb_ingress_listener_authenticated_priority = var.alb_ingress_listener_authenticated_priority
@@ -88,7 +93,7 @@ module "ecs_web_app" {
authentication_oidc_token_endpoint = var.authentication_oidc_token_endpoint
authentication_oidc_user_info_endpoint = var.authentication_oidc_user_info_endpoint
- // ECS
+ # ECS
ecs_private_subnet_ids = module.subnets.private_subnet_ids
ecs_cluster_arn = aws_ecs_cluster.default.arn
ecs_cluster_name = aws_ecs_cluster.default.name
@@ -98,18 +103,17 @@ module "ecs_web_app" {
launch_type = var.launch_type
container_port = var.container_port
- // ALB
+ # ALB
alb_arn_suffix = module.alb.alb_arn_suffix
alb_security_group = module.alb.security_group_id
alb_ingress_unauthenticated_listener_arns = [module.alb.http_listener_arn]
alb_ingress_unauthenticated_listener_arns_count = 1
alb_ingress_healthcheck_path = var.alb_ingress_healthcheck_path
- // CodePipeline
+ # CodePipeline
codepipeline_enabled = var.codepipeline_enabled
badge_enabled = var.codepipeline_badge_enabled
github_oauth_token = var.codepipeline_github_oauth_token
- github_webhooks_anonymous = var.codepipeline_github_webhooks_anonymous
github_webhooks_token = var.codepipeline_github_webhooks_token
github_webhook_events = var.codepipeline_github_webhook_events
repo_owner = var.codepipeline_repo_owner
@@ -128,7 +132,7 @@ module "ecs_web_app" {
container_environment = var.container_environment
secrets = var.secrets
- // Autoscaling
+ # Autoscaling
autoscaling_enabled = var.autoscaling_enabled
autoscaling_dimension = var.autoscaling_dimension
autoscaling_min_capacity = var.autoscaling_min_capacity
@@ -138,7 +142,7 @@ module "ecs_web_app" {
autoscaling_scale_down_adjustment = var.autoscaling_scale_down_adjustment
autoscaling_scale_down_cooldown = var.autoscaling_scale_down_cooldown
- // ECS alarms
+ # ECS alarms
ecs_alarms_enabled = var.ecs_alarms_enabled
ecs_alarms_cpu_utilization_high_threshold = var.ecs_alarms_cpu_utilization_high_threshold
ecs_alarms_cpu_utilization_high_evaluation_periods = var.ecs_alarms_cpu_utilization_high_evaluation_periods
@@ -161,7 +165,7 @@ module "ecs_web_app" {
ecs_alarms_memory_utilization_low_alarm_actions = [aws_sns_topic.sns_topic.arn]
ecs_alarms_memory_utilization_low_ok_actions = [aws_sns_topic.sns_topic.arn]
- // ALB and Target Group alarms
+ # ALB and Target Group alarms
alb_target_group_alarms_enabled = var.alb_target_group_alarms_enabled
alb_target_group_alarms_evaluation_periods = var.alb_target_group_alarms_evaluation_periods
alb_target_group_alarms_period = var.alb_target_group_alarms_period
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index b4b01804..4769e7df 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -307,12 +307,6 @@ variable "codepipeline_github_webhooks_token" {
default = ""
}
-variable "codepipeline_github_webhooks_anonymous" {
- type = bool
- default = false
- description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_webhooks_token`)"
-}
-
variable "codepipeline_github_webhook_events" {
type = list(string)
description = "A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/)"
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 5947f14f..a0be7256 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,22 +1,10 @@
terraform {
- required_version = ">= 0.12.26"
+ required_version = ">= 0.13.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 3.34"
}
}
}
diff --git a/examples/with_cognito_authentication/context.tf b/examples/with_cognito_authentication/context.tf
index 648917d6..5e0ef885 100644
--- a/examples/with_cognito_authentication/context.tf
+++ b/examples/with_cognito_authentication/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -19,10 +21,12 @@
#
module "this" {
- source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0"
+ source = "cloudposse/label/null"
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -33,6 +37,10 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
+ label_key_case = var.label_key_case
+ label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -40,23 +48,11 @@ module "this" {
# Copy contents of cloudposse/terraform-null-label/variables.tf here
variable "context" {
- type = object({
- enabled = bool
- namespace = string
- environment = string
- stage = string
- name = string
- delimiter = string
- attributes = list(string)
- tags = map(string)
- additional_tag_map = map(string)
- regex_replace_chars = string
- label_order = list(string)
- id_length_limit = number
- })
+ type = any
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -67,6 +63,17 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
+ label_key_case = null
+ label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -75,6 +82,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
+
+ validation {
+ condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+
+ validation {
+ condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
}
variable "enabled" {
@@ -86,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -119,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -157,11 +212,68 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
- Limit `id` to this many characters.
+ Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
+ validation {
+ condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+ error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+ }
+}
+
+variable "label_key_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper`.
+ Default value: `title`.
+ EOT
+
+ validation {
+ condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+}
+
+variable "label_value_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
+ Default value: `lower`.
+ EOT
+
+ validation {
+ condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
+}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/examples/with_cognito_authentication/main.tf b/examples/with_cognito_authentication/main.tf
index fa3a48db..e5f5b67e 100644
--- a/examples/with_cognito_authentication/main.tf
+++ b/examples/with_cognito_authentication/main.tf
@@ -53,11 +53,18 @@ module "alb" {
# ECS Cluster (needed even if using FARGATE launch type)
resource "aws_ecs_cluster" "default" {
name = module.this.id
+ tags = module.this.tags
+ setting {
+ name = "containerInsights"
+ value = "enabled"
+ }
}
resource "aws_cloudwatch_log_group" "app" {
- name = module.this.id
- tags = module.this.tags
+ #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules
+ name = module.this.id
+ tags = module.this.tags
+ retention_in_days = 90
}
module "web_app" {
diff --git a/examples/with_cognito_authentication/versions.tf b/examples/with_cognito_authentication/versions.tf
index 5947f14f..a0be7256 100644
--- a/examples/with_cognito_authentication/versions.tf
+++ b/examples/with_cognito_authentication/versions.tf
@@ -1,22 +1,10 @@
terraform {
- required_version = ">= 0.12.26"
+ required_version = ">= 0.13.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 3.34"
}
}
}
diff --git a/examples/with_google_oidc_authentication/context.tf b/examples/with_google_oidc_authentication/context.tf
index 648917d6..5e0ef885 100644
--- a/examples/with_google_oidc_authentication/context.tf
+++ b/examples/with_google_oidc_authentication/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -19,10 +21,12 @@
#
module "this" {
- source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0"
+ source = "cloudposse/label/null"
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -33,6 +37,10 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
+ label_key_case = var.label_key_case
+ label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -40,23 +48,11 @@ module "this" {
# Copy contents of cloudposse/terraform-null-label/variables.tf here
variable "context" {
- type = object({
- enabled = bool
- namespace = string
- environment = string
- stage = string
- name = string
- delimiter = string
- attributes = list(string)
- tags = map(string)
- additional_tag_map = map(string)
- regex_replace_chars = string
- label_order = list(string)
- id_length_limit = number
- })
+ type = any
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -67,6 +63,17 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
+ label_key_case = null
+ label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -75,6 +82,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
+
+ validation {
+ condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+
+ validation {
+ condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
}
variable "enabled" {
@@ -86,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -119,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -157,11 +212,68 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
- Limit `id` to this many characters.
+ Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
+ validation {
+ condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+ error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+ }
+}
+
+variable "label_key_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper`.
+ Default value: `title`.
+ EOT
+
+ validation {
+ condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+}
+
+variable "label_value_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
+ Default value: `lower`.
+ EOT
+
+ validation {
+ condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
+}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/examples/with_google_oidc_authentication/main.tf b/examples/with_google_oidc_authentication/main.tf
index 1f482afe..154bbde8 100644
--- a/examples/with_google_oidc_authentication/main.tf
+++ b/examples/with_google_oidc_authentication/main.tf
@@ -52,11 +52,18 @@ module "alb" {
# ECS Cluster (needed even if using FARGATE launch type)
resource "aws_ecs_cluster" "default" {
name = module.this.id
+ tags = module.this.tags
+ setting {
+ name = "containerInsights"
+ value = "enabled"
+ }
}
resource "aws_cloudwatch_log_group" "app" {
- name = module.this.id
- tags = module.this.tags
+ #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules
+ name = module.this.id
+ tags = module.this.tags
+ retention_in_days = 90
}
module "web_app" {
diff --git a/examples/with_google_oidc_authentication/versions.tf b/examples/with_google_oidc_authentication/versions.tf
index 5947f14f..a0be7256 100644
--- a/examples/with_google_oidc_authentication/versions.tf
+++ b/examples/with_google_oidc_authentication/versions.tf
@@ -1,22 +1,10 @@
terraform {
- required_version = ">= 0.12.26"
+ required_version = ">= 0.13.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 3.34"
}
}
}
diff --git a/examples/without_authentication/context.tf b/examples/without_authentication/context.tf
index 648917d6..5e0ef885 100644
--- a/examples/without_authentication/context.tf
+++ b/examples/without_authentication/context.tf
@@ -8,6 +8,8 @@
# Cloud Posse's standard configuration inputs suitable for passing
# to Cloud Posse modules.
#
+# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf
+#
# Modules should access the whole context as `module.this.context`
# to get the input variables with nulls for defaults,
# for example `context = module.this.context`,
@@ -19,10 +21,12 @@
#
module "this" {
- source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0"
+ source = "cloudposse/label/null"
+ version = "0.25.0" # requires Terraform >= 0.13.0
enabled = var.enabled
namespace = var.namespace
+ tenant = var.tenant
environment = var.environment
stage = var.stage
name = var.name
@@ -33,6 +37,10 @@ module "this" {
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
+ label_key_case = var.label_key_case
+ label_value_case = var.label_value_case
+ descriptor_formats = var.descriptor_formats
+ labels_as_tags = var.labels_as_tags
context = var.context
}
@@ -40,23 +48,11 @@ module "this" {
# Copy contents of cloudposse/terraform-null-label/variables.tf here
variable "context" {
- type = object({
- enabled = bool
- namespace = string
- environment = string
- stage = string
- name = string
- delimiter = string
- attributes = list(string)
- tags = map(string)
- additional_tag_map = map(string)
- regex_replace_chars = string
- label_order = list(string)
- id_length_limit = number
- })
+ type = any
default = {
enabled = true
namespace = null
+ tenant = null
environment = null
stage = null
name = null
@@ -67,6 +63,17 @@ variable "context" {
regex_replace_chars = null
label_order = []
id_length_limit = null
+ label_key_case = null
+ label_value_case = null
+ descriptor_formats = {}
+ # Note: we have to use [] instead of null for unset lists due to
+ # https://github.com/hashicorp/terraform/issues/28137
+ # which was not fixed until Terraform 1.0.0,
+ # but we want the default to be all the labels in `label_order`
+ # and we want users to be able to prevent all tag generation
+ # by setting `labels_as_tags` to `[]`, so we need
+ # a different sentinel to indicate "default"
+ labels_as_tags = ["unset"]
}
description = <<-EOT
Single object for setting entire context at once.
@@ -75,6 +82,16 @@ variable "context" {
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
+
+ validation {
+ condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+
+ validation {
+ condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"])
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
}
variable "enabled" {
@@ -86,32 +103,42 @@ variable "enabled" {
variable "namespace" {
type = string
default = null
- description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
+ description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}
+
+variable "tenant" {
+ type = string
+ default = null
+ description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for"
}
variable "environment" {
type = string
default = null
- description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
+ description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
- description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
+ description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
- description = "Solution name, e.g. 'app' or 'jenkins'"
+ description = <<-EOT
+ ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
+ This is the only ID element not also included as a `tag`.
+ The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
+ EOT
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
- Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
+ Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
@@ -119,36 +146,64 @@ variable "delimiter" {
variable "attributes" {
type = list(string)
default = []
- description = "Additional attributes (e.g. `1`)"
+ description = <<-EOT
+ ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
+ in the order they appear in the list. New attributes are appended to the
+ end of the list. The elements of the list are joined by the `delimiter`
+ and treated as a single ID element.
+ EOT
+}
+
+variable "labels_as_tags" {
+ type = set(string)
+ default = ["default"]
+ description = <<-EOT
+ Set of labels (ID elements) to include as tags in the `tags` output.
+ Default is to include all labels.
+ Tags with empty values will not be included in the `tags` output.
+ Set to `[]` to suppress all generated tags.
+ **Notes:**
+ The value of the `name` tag, if included, will be the `id`, not the `name`.
+ Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
+ changed in later chained modules. Attempts to change it will be silently ignored.
+ EOT
}
variable "tags" {
type = map(string)
default = {}
- description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
+ description = <<-EOT
+ Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
+ Neither the tag keys nor the tag values will be modified by this module.
+ EOT
}
variable "additional_tag_map" {
type = map(string)
default = {}
- description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
+ description = <<-EOT
+ Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
+ This is for some rare cases where resources want additional configuration of tags
+ and therefore take a list of maps with tag key, value, and additional configuration.
+ EOT
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
- The naming order of the id output and Name tag.
+ The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
- You can omit any of the 5 elements, but at least one must be present.
- EOT
+ You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
+ EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
- Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
+ Terraform regular expression (regex) string.
+ Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
@@ -157,11 +212,68 @@ variable "id_length_limit" {
type = number
default = null
description = <<-EOT
- Limit `id` to this many characters.
+ Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
- Set to `null` for default, which is `0`.
+ Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`.
EOT
+ validation {
+ condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0
+ error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length."
+ }
+}
+
+variable "label_key_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of the `tags` keys (label names) for tags generated by this module.
+ Does not affect keys of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper`.
+ Default value: `title`.
+ EOT
+
+ validation {
+ condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`."
+ }
+}
+
+variable "label_value_case" {
+ type = string
+ default = null
+ description = <<-EOT
+ Controls the letter case of ID elements (labels) as included in `id`,
+ set as tag values, and output by this module individually.
+ Does not affect values of tags passed in via the `tags` input.
+ Possible values: `lower`, `title`, `upper` and `none` (no transformation).
+ Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
+ Default value: `lower`.
+ EOT
+
+ validation {
+ condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case)
+ error_message = "Allowed values: `lower`, `title`, `upper`, `none`."
+ }
+}
+
+variable "descriptor_formats" {
+ type = any
+ default = {}
+ description = <<-EOT
+ Describe additional descriptors to be output in the `descriptors` output map.
+ Map of maps. Keys are names of descriptors. Values are maps of the form
+ `{
+ format = string
+ labels = list(string)
+ }`
+ (Type is `any` so the map values can later be enhanced to provide additional options.)
+ `format` is a Terraform format string to be passed to the `format()` function.
+ `labels` is a list of labels, in order, to pass to `format()` function.
+ Label values will be normalized before being passed to `format()` so they will be
+ identical to how they appear in `id`.
+ Default is `{}` (`descriptors` output will be empty).
+ EOT
}
#### End of copy of cloudposse/terraform-null-label/variables.tf
diff --git a/examples/without_authentication/main.tf b/examples/without_authentication/main.tf
index 1cdf3056..a318faa9 100644
--- a/examples/without_authentication/main.tf
+++ b/examples/without_authentication/main.tf
@@ -52,11 +52,18 @@ module "alb" {
# ECS Cluster (needed even if using FARGATE launch type)
resource "aws_ecs_cluster" "default" {
name = module.this.id
+ tags = module.this.tags
+ setting {
+ name = "containerInsights"
+ value = "enabled"
+ }
}
resource "aws_cloudwatch_log_group" "app" {
- name = module.this.id
- tags = module.this.tags
+ #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules
+ name = module.this.id
+ tags = module.this.tags
+ retention_in_days = 90
}
module "web_app" {
diff --git a/examples/without_authentication/versions.tf b/examples/without_authentication/versions.tf
index 5947f14f..a0be7256 100644
--- a/examples/without_authentication/versions.tf
+++ b/examples/without_authentication/versions.tf
@@ -1,22 +1,10 @@
terraform {
- required_version = ">= 0.12.26"
+ required_version = ">= 0.13.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 3.34"
}
}
}
diff --git a/main.tf b/main.tf
index ebf1380a..457a8dae 100644
--- a/main.tf
+++ b/main.tf
@@ -1,16 +1,19 @@
+data "aws_region" "current" {}
+
module "ecr" {
source = "cloudposse/ecr/aws"
- version = "0.29.2"
- enabled = var.codepipeline_enabled
+ version = "0.34.0"
+ enabled = module.this.enabled && (var.ecr_enabled || var.codepipeline_enabled)
- attributes = ["ecr"]
- scan_images_on_push = var.ecr_scan_images_on_push
+ attributes = ["ecr"]
+ scan_images_on_push = var.ecr_scan_images_on_push
+ image_tag_mutability = var.ecr_image_tag_mutability
context = module.this.context
}
resource "aws_cloudwatch_log_group" "app" {
- count = var.cloudwatch_log_group_enabled ? 1 : 0
+ count = module.this.enabled && var.cloudwatch_log_group_enabled ? 1 : 0
name = module.this.id
tags = module.this.tags
@@ -19,14 +22,23 @@ resource "aws_cloudwatch_log_group" "app" {
module "alb_ingress" {
source = "cloudposse/alb-ingress/aws"
- version = "0.16.1"
+ version = "0.25.1"
+
+ vpc_id = var.vpc_id
+ port = var.container_port
+
+ protocol = var.alb_ingress_protocol
+ protocol_version = var.alb_ingress_protocol_version
- vpc_id = var.vpc_id
- port = var.container_port
- health_check_path = var.alb_ingress_healthcheck_path
- health_check_protocol = var.alb_ingress_healthcheck_protocol
- default_target_group_enabled = var.alb_ingress_enable_default_target_group
- target_group_arn = var.alb_ingress_target_group_arn
+ health_check_path = var.alb_ingress_healthcheck_path
+ health_check_protocol = var.alb_ingress_healthcheck_protocol
+ health_check_healthy_threshold = var.alb_ingress_health_check_healthy_threshold
+ health_check_interval = var.alb_ingress_health_check_interval
+ health_check_matcher = var.alb_ingress_health_check_matcher
+ health_check_timeout = var.alb_ingress_health_check_timeout
+ health_check_unhealthy_threshold = var.alb_ingress_health_check_unhealthy_threshold
+ default_target_group_enabled = var.alb_ingress_enable_default_target_group
+ target_group_arn = var.alb_ingress_target_group_arn
authenticated_paths = var.alb_ingress_authenticated_paths
unauthenticated_paths = var.alb_ingress_unauthenticated_paths
@@ -36,10 +48,8 @@ module "alb_ingress" {
authenticated_priority = var.alb_ingress_listener_authenticated_priority
unauthenticated_priority = var.alb_ingress_listener_unauthenticated_priority
- unauthenticated_listener_arns = var.alb_ingress_unauthenticated_listener_arns
- unauthenticated_listener_arns_count = var.alb_ingress_unauthenticated_listener_arns_count
- authenticated_listener_arns = var.alb_ingress_authenticated_listener_arns
- authenticated_listener_arns_count = var.alb_ingress_authenticated_listener_arns_count
+ unauthenticated_listener_arns = var.alb_ingress_unauthenticated_listener_arns
+ authenticated_listener_arns = var.alb_ingress_authenticated_listener_arns
authentication_type = var.authentication_type
authentication_cognito_user_pool_arn = var.authentication_cognito_user_pool_arn
@@ -54,12 +64,16 @@ module "alb_ingress" {
authentication_oidc_user_info_endpoint = var.authentication_oidc_user_info_endpoint
authentication_oidc_scope = var.authentication_oidc_scope
+ stickiness_cookie_duration = var.alb_stickiness_cookie_duration
+ stickiness_enabled = var.alb_stickiness_enabled
+ stickiness_type = var.alb_stickiness_type
+
context = module.this.context
}
module "container_definition" {
source = "cloudposse/ecs-container-definition/aws"
- version = "0.46.2"
+ version = "0.58.1"
container_name = module.this.id
container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image
container_memory = var.container_memory
@@ -79,11 +93,12 @@ module "container_definition" {
command = var.command
mount_points = var.mount_points
container_depends_on = local.container_depends_on
+ repository_credentials = var.container_repo_credentials
log_configuration = var.cloudwatch_log_group_enabled ? {
logDriver = var.log_driver
options = {
- "awslogs-region" = var.aws_logs_region
+ "awslogs-region" = coalesce(var.aws_logs_region, data.aws_region.current.name)
"awslogs-group" = join("", aws_cloudwatch_log_group.app.*.name)
"awslogs-stream-prefix" = var.aws_logs_prefix == "" ? module.this.name : var.aws_logs_prefix
}
@@ -93,13 +108,13 @@ module "container_definition" {
locals {
alb = {
- container_name = coalesce(var.alb_container_name, module.this.id)
+ container_name = var.alb_container_name != null ? var.alb_container_name : module.this.id
container_port = var.container_port
elb_name = null
target_group_arn = module.alb_ingress.target_group_arn
}
nlb = {
- container_name = coalesce(var.nlb_container_name, module.this.id)
+ container_name = var.alb_container_name != null ? var.alb_container_name : module.this.id
container_port = var.nlb_container_port
elb_name = null
target_group_arn = var.nlb_ingress_target_group_arn
@@ -125,32 +140,48 @@ locals {
module "ecs_alb_service_task" {
source = "cloudposse/ecs-alb-service-task/aws"
- version = "0.44.0"
-
- alb_security_group = var.alb_security_group
- use_alb_security_group = var.use_alb_security_group
- nlb_cidr_blocks = var.nlb_cidr_blocks
- use_nlb_cidr_blocks = var.use_nlb_cidr_blocks
- container_definition_json = local.all_container_definitions
- desired_count = var.desired_count
- health_check_grace_period_seconds = var.health_check_grace_period_seconds
- task_cpu = coalesce(var.task_cpu, var.container_cpu)
- task_memory = coalesce(var.task_memory, var.container_memory)
- ignore_changes_task_definition = var.ignore_changes_task_definition
- ecs_cluster_arn = var.ecs_cluster_arn
- capacity_provider_strategies = var.capacity_provider_strategies
- service_registries = var.service_registries
- launch_type = var.launch_type
- platform_version = var.platform_version
- vpc_id = var.vpc_id
- assign_public_ip = var.assign_public_ip
- security_group_ids = var.ecs_security_group_ids
- subnet_ids = var.ecs_private_subnet_ids
- container_port = var.container_port
- nlb_container_port = var.nlb_container_port
- volumes = var.volumes
- ecs_load_balancers = local.load_balancers
- deployment_controller_type = var.deployment_controller_type
+ version = "0.64.1"
+
+ alb_security_group = var.alb_security_group
+ use_alb_security_group = var.use_alb_security_group
+ nlb_cidr_blocks = var.nlb_cidr_blocks
+ use_nlb_cidr_blocks = var.use_nlb_cidr_blocks
+ container_definition_json = local.all_container_definitions
+ desired_count = var.desired_count
+ ignore_changes_desired_count = var.ignore_changes_desired_count
+ health_check_grace_period_seconds = var.health_check_grace_period_seconds
+ network_mode = var.network_mode
+ task_cpu = coalesce(var.task_cpu, var.container_cpu)
+ task_memory = coalesce(var.task_memory, var.container_memory)
+ ignore_changes_task_definition = var.ignore_changes_task_definition
+ ecs_cluster_arn = var.ecs_cluster_arn
+ capacity_provider_strategies = var.capacity_provider_strategies
+ service_registries = var.service_registries
+ launch_type = var.launch_type
+ enable_all_egress_rule = var.enable_all_egress_rule
+ platform_version = var.platform_version
+ vpc_id = var.vpc_id
+ assign_public_ip = var.assign_public_ip
+ security_group_enabled = var.ecs_security_group_enabled
+ security_group_ids = var.ecs_security_group_ids
+ subnet_ids = var.ecs_private_subnet_ids
+ container_port = var.container_port
+ nlb_container_port = var.nlb_container_port
+ docker_volumes = var.volumes
+ ecs_load_balancers = local.load_balancers
+ deployment_controller_type = var.deployment_controller_type
+ deployment_maximum_percent = var.deployment_maximum_percent
+ deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+ force_new_deployment = var.force_new_deployment
+ exec_enabled = var.exec_enabled
+ task_policy_arns = var.task_policy_arns
+ task_role_arn = var.task_role_arn
+ propagate_tags = var.propagate_tags
+ enable_ecs_managed_tags = var.enable_ecs_managed_tags
+ circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled
+ circuit_breaker_rollback_enabled = var.circuit_breaker_rollback_enabled
+ permissions_boundary = var.permissions_boundary
+ runtime_platform = var.runtime_platform
context = module.this.context
}
@@ -158,26 +189,30 @@ module "ecs_alb_service_task" {
module "ecs_codepipeline" {
enabled = var.codepipeline_enabled
source = "cloudposse/ecs-codepipeline/aws"
- version = "0.19.0"
-
- region = var.region
- github_oauth_token = var.github_oauth_token
- github_anonymous = var.github_webhooks_anonymous
- github_webhooks_token = var.github_webhooks_token
- github_webhook_events = var.github_webhook_events
- repo_owner = var.repo_owner
- repo_name = var.repo_name
- branch = var.branch
- badge_enabled = var.badge_enabled
- build_image = var.build_image
- build_compute_type = var.codepipeline_build_compute_type
- build_timeout = var.build_timeout
- buildspec = var.buildspec
- image_repo_name = module.ecr.repository_name
- service_name = module.ecs_alb_service_task.service_name
- ecs_cluster_name = var.ecs_cluster_name
- privileged_mode = true
- poll_source_changes = var.poll_source_changes
+ version = "0.30.0"
+
+ region = coalesce(var.region, data.aws_region.current.name)
+ github_oauth_token = var.github_oauth_token
+ github_webhooks_token = var.github_webhooks_token
+ github_webhook_events = var.github_webhook_events
+ repo_owner = var.repo_owner
+ repo_name = var.repo_name
+ branch = var.branch
+ badge_enabled = var.badge_enabled
+ build_image = var.build_image
+ build_compute_type = var.codepipeline_build_compute_type
+ build_timeout = var.build_timeout
+ buildspec = var.buildspec
+ cache_bucket_suffix_enabled = var.codepipeline_build_cache_bucket_suffix_enabled
+ image_repo_name = module.ecr.repository_name
+ service_name = module.ecs_alb_service_task.service_name
+ ecs_cluster_name = var.ecs_cluster_name
+ privileged_mode = true
+ poll_source_changes = var.poll_source_changes
+
+ secondary_artifact_bucket_id = var.codepipeline_cdn_bucket_id
+ secondary_artifact_encryption_enabled = var.codepipeline_cdn_bucket_encryption_enabled
+ secondary_artifact_identifier = var.codepipeline_cdn_bucket_buildspec_identifier
webhook_enabled = var.webhook_enabled
webhook_target_action = var.webhook_target_action
@@ -187,12 +222,15 @@ module "ecs_codepipeline" {
s3_bucket_force_destroy = var.codepipeline_s3_bucket_force_destroy
+ cache_type = var.codebuild_cache_type
+
environment_variables = concat(
var.build_environment_variables,
[
{
name = "CONTAINER_NAME"
value = module.this.id
+ type = "PLAINTEXT"
}
]
)
@@ -203,7 +241,7 @@ module "ecs_codepipeline" {
module "ecs_cloudwatch_autoscaling" {
enabled = var.autoscaling_enabled
source = "cloudposse/ecs-cloudwatch-autoscaling/aws"
- version = "0.5.1"
+ version = "0.7.3"
name = var.name
namespace = var.namespace
stage = var.stage
@@ -227,7 +265,7 @@ locals {
module "ecs_cloudwatch_sns_alarms" {
source = "cloudposse/ecs-cloudwatch-sns-alarms/aws"
- version = "0.8.1"
+ version = "0.12.2"
enabled = var.ecs_alarms_enabled
cluster_name = var.ecs_cluster_name
@@ -290,7 +328,7 @@ module "ecs_cloudwatch_sns_alarms" {
module "alb_target_group_cloudwatch_sns_alarms" {
source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws"
- version = "0.13.0"
+ version = "0.17.0"
enabled = var.alb_target_group_alarms_enabled
alarm_actions = var.alb_target_group_alarms_alarm_actions
diff --git a/outputs.tf b/outputs.tf
index ed692ab9..18f310e6 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -51,16 +51,19 @@ output "alb_ingress_target_group_arn_suffix" {
output "container_definition" {
description = "All outputs from `module.container_definition`"
value = module.container_definition
+ sensitive = true
}
output "container_definition_json" {
description = "JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition"
value = module.container_definition.json_map_encoded_list
+ sensitive = true
}
output "container_definition_json_map" {
description = "JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition"
value = module.container_definition.json_map_encoded
+ sensitive = true
}
output "ecs_alb_service_task" {
@@ -78,6 +81,11 @@ output "ecs_exec_role_policy_name" {
value = module.ecs_alb_service_task.ecs_exec_role_policy_name
}
+output "ecs_service_arn" {
+ description = "ECS Service ARN"
+ value = module.ecs_alb_service_task.service_arn
+}
+
output "ecs_service_name" {
description = "ECS Service name"
value = module.ecs_alb_service_task.service_name
@@ -146,6 +154,7 @@ output "cloudwatch_log_group_name" {
output "codebuild" {
description = "All outputs from `module.ecs_codepipeline`"
value = module.ecs_codepipeline
+ sensitive = true
}
output "codebuild_project_name" {
diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go
index f6e72eaf..cdb28da7 100644
--- a/test/src/examples_complete_test.go
+++ b/test/src/examples_complete_test.go
@@ -100,19 +100,19 @@ func TestExamplesComplete(t *testing.T) {
// Run `terraform output` to get the value of an output variable
codebuildCacheBucketName := terraform.Output(t, terraformOptions, "codebuild_cache_bucket_name")
// Verify we're getting back the outputs we expect
- expectedCodebuildCacheBucketName := "eg-test-ecs-web-app-build-" + attributes[0]
+ expectedCodebuildCacheBucketName := "eg-test-ecs-web-app-" + attributes[0] + "-build"
assert.Contains(t, codebuildCacheBucketName, expectedCodebuildCacheBucketName)
// Run `terraform output` to get the value of an output variable
codebuildProjectName := terraform.Output(t, terraformOptions, "codebuild_project_name")
// Verify we're getting back the outputs we expect
- expectedCodebuildProjectName := "eg-test-ecs-web-app-build-" + attributes[0]
+ expectedCodebuildProjectName := "eg-test-ecs-web-app-" + attributes[0] + "-build"
assert.Equal(t, expectedCodebuildProjectName, codebuildProjectName)
// Run `terraform output` to get the value of an output variable
codebuildRoleId := terraform.Output(t, terraformOptions, "codebuild_role_id")
// Verify we're getting back the outputs we expect
- expectedCodebuildRoleId := "eg-test-ecs-web-app-build-" + attributes[0]
+ expectedCodebuildRoleId := "eg-test-ecs-web-app-" + attributes[0] + "-build"
assert.Equal(t, expectedCodebuildRoleId, codebuildRoleId)
// Run `terraform output` to get the value of an output variable
@@ -124,7 +124,7 @@ func TestExamplesComplete(t *testing.T) {
// Run `terraform output` to get the value of an output variable
ecrRepositoryName := terraform.Output(t, terraformOptions, "ecr_repository_name")
// Verify we're getting back the outputs we expect
- expectedEcrRepositoryName := "eg-test-ecs-web-app-ecr-" + attributes[0]
+ expectedEcrRepositoryName := "eg-test-ecs-web-app-" + attributes[0] + "-ecr"
assert.Equal(t, expectedEcrRepositoryName, ecrRepositoryName)
// Run `terraform output` to get the value of an output variable
@@ -166,54 +166,54 @@ func TestExamplesComplete(t *testing.T) {
// Run `terraform output` to get the value of an output variable
ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-cpu-utilization-high-" + attributes[0]
+ expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-cpu-utilization-high"
assert.Equal(t, expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-cpu-utilization-low-" + attributes[0]
+ expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-cpu-utilization-low"
assert.Equal(t, expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-memory-utilization-high-" + attributes[0]
+ expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-memory-utilization-high"
assert.Equal(t, expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-memory-utilization-low-" + attributes[0]
+ expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-memory-utilization-low"
assert.Equal(t, expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
httpcodeElb5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_elb_5xx_count_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-elb-5xx-count-high-" + attributes[0]
+ expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-elb-5xx-count-high"
assert.Equal(t, expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId, httpcodeElb5xxCountCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
httpcodeTarget3xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_3xx_count_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-3xx-count-high-" + attributes[0]
+ expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-3xx-count-high"
assert.Equal(t, expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId, httpcodeTarget3xxCountCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
httpcodeTarget4xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_4xx_count_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-4xx-count-high-" + attributes[0]
+ expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-4xx-count-high"
assert.Equal(t, expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId, httpcodeTarget4xxCountCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
httpcodeTarget5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_5xx_count_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we expect
- expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-5xx-count-high-" + attributes[0]
+ expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-5xx-count-high"
assert.Equal(t, expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId, httpcodeTarget5xxCountCloudwatchMetricAlarmId)
// Run `terraform output` to get the value of an output variable
targetResponseTimeAverageCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "target_response_time_average_cloudwatch_metric_alarm_id")
// Verify we're getting back the outputs we
- expectedTargetResponseTimeAverageCloudwatchMetricAlarmId := "eg-test-ecs-web-app-target-response-high-" + attributes[0]
+ expectedTargetResponseTimeAverageCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-target-response-high"
assert.Equal(t, expectedTargetResponseTimeAverageCloudwatchMetricAlarmId, targetResponseTimeAverageCloudwatchMetricAlarmId)
}
diff --git a/variables.tf b/variables.tf
index 79a8070e..ccca30eb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,14 +1,39 @@
variable "region" {
type = string
description = "AWS Region for S3 bucket"
+ default = null
+}
+
+variable "ecr_enabled" {
+ type = bool
+ description = "A boolean to enable/disable AWS ECR"
+ default = true
}
variable "codepipeline_enabled" {
type = bool
- description = "A boolean to enable/disable AWS Codepipeline and ECR"
+ description = "A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled."
default = true
}
+variable "codepipeline_cdn_bucket_id" {
+ type = string
+ default = null
+ description = "Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)"
+}
+
+variable "codepipeline_cdn_bucket_encryption_enabled" {
+ type = bool
+ default = false
+ description = "If set to true, enable encryption on the optional CDN asset deployment bucket"
+}
+
+variable "codepipeline_cdn_bucket_buildspec_identifier" {
+ type = string
+ default = null
+ description = "Identifier for buildspec section controlling the optional CDN asset deployment."
+}
+
variable "use_ecr_image" {
type = bool
description = "If true, use ECR repo URL for image, otherwise use value in container_image"
@@ -21,6 +46,12 @@ variable "container_image" {
default = "cloudposse/default-backend"
}
+variable "container_repo_credentials" {
+ type = map(string)
+ default = null
+ description = "Container repository credentials; required when using a private repo. This map currently supports a single key; \"credentialsParameter\", which should be the ARN of a Secrets Manager's secret holding the credentials"
+}
+
variable "ecr_scan_images_on_push" {
type = bool
description = "Indicates whether images are scanned after being pushed to the repository (true) or not (false)"
@@ -51,6 +82,12 @@ variable "container_stop_timeout" {
default = 30
}
+variable "network_mode" {
+ type = string
+ description = "The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type`"
+ default = "awsvpc"
+}
+
variable "task_cpu" {
type = number
description = "The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size)"
@@ -63,12 +100,30 @@ variable "task_memory" {
default = null
}
+variable "task_role_arn" {
+ type = string
+ description = "The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services"
+ default = ""
+}
+
+variable "task_policy_arns" {
+ type = list(string)
+ description = "A list of IAM Policy ARNs to attach to the generated task role."
+ default = []
+}
+
variable "ignore_changes_task_definition" {
type = bool
description = "Ignore changes (like environment variables) to the ECS task definition"
default = true
}
+variable "ignore_changes_desired_count" {
+ type = bool
+ description = "Whether to ignore changes for desired count in the ECS service"
+ default = false
+}
+
variable "system_controls" {
type = list(map(string))
description = "A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = \"\", value = \"\"}"
@@ -135,6 +190,12 @@ variable "launch_type" {
default = "FARGATE"
}
+variable "enable_all_egress_rule" {
+ type = bool
+ description = "A flag to enable/disable adding the all ports egress rule to the ECS security group"
+ default = true
+}
+
variable "platform_version" {
type = string
description = "The platform version on which to run your service. Only applicable for launch_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide."
@@ -192,6 +253,7 @@ variable "mount_points" {
type = list(object({
containerPath = string
sourceVolume = string
+ readOnly = bool
}))
description = "Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`"
@@ -372,6 +434,36 @@ variable "alb_ingress_healthcheck_protocol" {
description = "The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`"
}
+variable "alb_ingress_health_check_healthy_threshold" {
+ type = number
+ default = 2
+ description = "The number of consecutive health checks successes required before healthy"
+}
+
+variable "alb_ingress_health_check_unhealthy_threshold" {
+ type = number
+ default = 2
+ description = "The number of consecutive health check failures required before unhealthy"
+}
+
+variable "alb_ingress_health_check_interval" {
+ type = number
+ default = 15
+ description = "The duration in seconds in between health checks"
+}
+
+variable "alb_ingress_health_check_matcher" {
+ type = string
+ default = "200-399"
+ description = "The HTTP response codes to indicate a healthy check"
+}
+
+variable "alb_ingress_health_check_timeout" {
+ type = number
+ default = 10
+ description = "The amount of time to wait in seconds before failing a health check request"
+}
+
variable "alb_ingress_listener_unauthenticated_priority" {
type = number
default = 1000
@@ -384,6 +476,18 @@ variable "alb_ingress_listener_authenticated_priority" {
description = "The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority"
}
+variable "alb_ingress_protocol" {
+ type = string
+ default = "HTTP"
+ description = "The protocol for the created ALB target group (if target_group_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`."
+}
+
+variable "alb_ingress_protocol_version" {
+ type = string
+ default = "HTTP1"
+ description = "The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1"
+}
+
variable "alb_ingress_unauthenticated_hosts" {
type = list(string)
default = []
@@ -414,6 +518,24 @@ variable "nlb_ingress_target_group_arn" {
default = ""
}
+variable "alb_stickiness_type" {
+ type = string
+ default = "lb_cookie"
+ description = "The type of sticky sessions. The only current possible value is `lb_cookie`"
+}
+
+variable "alb_stickiness_cookie_duration" {
+ type = number
+ default = 86400
+ description = "The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds)"
+}
+
+variable "alb_stickiness_enabled" {
+ type = bool
+ default = true
+ description = "Boolean to enable / disable `stickiness`. Default is `true`"
+}
+
variable "vpc_id" {
type = string
description = "The VPC ID where resources are created"
@@ -422,6 +544,7 @@ variable "vpc_id" {
variable "aws_logs_region" {
type = string
description = "The region for the AWS Cloudwatch Logs group"
+ default = null
}
variable "aws_logs_prefix" {
@@ -433,7 +556,7 @@ variable "aws_logs_prefix" {
variable "log_retention_in_days" {
type = number
description = "The number of days to retain logs for the log group"
- default = null
+ default = 90
}
variable "log_driver" {
@@ -462,6 +585,7 @@ variable "ecs_cluster_arn" {
variable "ecs_cluster_name" {
type = string
description = "The ECS Cluster Name to use in ECS Code Pipeline Deployment step"
+ default = null
}
variable "ecs_alarms_cpu_utilization_high_threshold" {
@@ -586,13 +710,19 @@ variable "ecs_alarms_memory_utilization_low_ok_actions" {
variable "ecs_security_group_ids" {
type = list(string)
- description = "Additional Security Group IDs to allow into ECS Service"
+ description = "Additional Security Group IDs to allow into ECS Service if `var.network_mode = \"awsvpc\"`"
default = []
}
+variable "ecs_security_group_enabled" {
+ type = bool
+ description = "Whether to create a security group for the service."
+ default = true
+}
+
variable "ecs_private_subnet_ids" {
type = list(string)
- description = "List of Private Subnet IDs to provision ECS Service onto"
+ description = "List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = \"awsvpc\"`"
}
variable "github_oauth_token" {
@@ -607,10 +737,20 @@ variable "github_webhooks_token" {
default = ""
}
-variable "github_webhooks_anonymous" {
- type = bool
- default = false
- description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_webhooks_token`)"
+variable "permissions_boundary" {
+ type = string
+ description = "A permissions boundary ARN to apply to the 3 roles that are created."
+ default = ""
+}
+
+variable "runtime_platform" {
+ type = list(map(string))
+ description = <<-EOT
+ Zero or one runtime platform configurations that containers in your task may use.
+ Map of strings with optional keys `operating_system_family` and `cpu_architecture`.
+ See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform
+ EOT
+ default = []
}
variable "github_webhook_events" {
@@ -654,10 +794,11 @@ variable "build_environment_variables" {
{
name = string
value = string
+ type = string
}))
default = []
- description = "A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build"
+ description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'"
}
variable "build_timeout" {
@@ -805,9 +946,9 @@ variable "authentication_cognito_user_pool_domain" {
}
variable "authentication_cognito_scope" {
- type = list(string)
- description = "Cognito scope"
- default = []
+ type = string
+ description = "Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)"
+ default = null
}
variable "authentication_oidc_client_id" {
@@ -847,9 +988,15 @@ variable "authentication_oidc_user_info_endpoint" {
}
variable "authentication_oidc_scope" {
- type = list(string)
- description = "OIDC scope"
- default = []
+ type = string
+ description = "OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP)"
+ default = null
+}
+
+variable "codepipeline_build_cache_bucket_suffix_enabled" {
+ type = bool
+ description = "The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache_type is 'S3'"
+ default = true
}
variable "codepipeline_build_compute_type" {
@@ -864,6 +1011,12 @@ variable "codepipeline_s3_bucket_force_destroy" {
default = false
}
+variable "codebuild_cache_type" {
+ type = string
+ description = "The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. Defaults to NO_CACHE. If cache_type is S3, it will create an S3 bucket for storing codebuild cache inside"
+ default = "S3"
+}
+
variable "init_containers" {
type = list(object({
container_definition = any
@@ -902,3 +1055,57 @@ variable "deployment_controller_type" {
description = "Type of deployment controller. Valid values are CODE_DEPLOY and ECS"
default = "ECS"
}
+
+variable "deployment_maximum_percent" {
+ type = number
+ description = "The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment"
+ default = 200
+}
+
+variable "deployment_minimum_healthy_percent" {
+ type = number
+ description = "The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment"
+ default = 100
+}
+
+variable "ecr_image_tag_mutability" {
+ type = string
+ default = "IMMUTABLE"
+ description = "The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE`"
+}
+
+variable "force_new_deployment" {
+ type = bool
+ description = "Enable to force a new task deployment of the service."
+ default = false
+}
+
+variable "exec_enabled" {
+ type = bool
+ description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service"
+ default = false
+}
+
+variable "propagate_tags" {
+ type = string
+ description = "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION"
+ default = null
+}
+
+variable "enable_ecs_managed_tags" {
+ type = bool
+ description = "Specifies whether to enable Amazon ECS managed tags for the tasks within the service"
+ default = false
+}
+
+variable "circuit_breaker_deployment_enabled" {
+ type = bool
+ description = "If `true`, enable the deployment circuit breaker logic for the service"
+ default = false
+}
+
+variable "circuit_breaker_rollback_enabled" {
+ type = bool
+ description = "If `true`, Amazon ECS will roll back the service if a service deployment fails"
+ default = false
+}
diff --git a/versions.tf b/versions.tf
index 5947f14f..a0be7256 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,22 +1,10 @@
terraform {
- required_version = ">= 0.12.26"
+ required_version = ">= 0.13.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 3.34"
}
}
}