From 35c7f470bf7945cbe22a591a3bc17b81ad0ed340 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Jan 2021 00:40:22 +0000 Subject: [PATCH 01/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.47.0 (#87) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index ebf1380a..bb6d6226 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.46.2" + version = "0.47.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From 8724a151ec4c36bd22e7adea01e95f4a065ea64b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Jan 2021 15:08:31 +0000 Subject: [PATCH 02/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.17.0 (#91) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index bb6d6226..e1159fba 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.16.1" + version = "0.17.0" vpc_id = var.vpc_id port = var.container_port From 8636c68704887dea1d8491f02e0f90bd0af16ad6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Feb 2021 15:11:44 +0000 Subject: [PATCH 03/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.18.0 (#94) * chore(deps): update terraform cloudposse/alb-ingress/aws to v0.18.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 19 +++++++++++++++++++ main.tf | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d8da750e..945985f4 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,25 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are +## Security & Compliance [](https://bridgecrew.io/) + +Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. + +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-web-app/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-web-app&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | + + + ## Usage diff --git a/main.tf b/main.tf index e1159fba..f0759fd7 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.17.0" + version = "0.18.0" vpc_id = var.vpc_id port = var.container_port From 069424f44e7cb715c175b742366091642cefe12d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Feb 2021 05:55:03 +0000 Subject: [PATCH 04/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.44.1 (#95) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f0759fd7..ffe54418 100644 --- a/main.tf +++ b/main.tf @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.44.0" + version = "0.44.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 6d774e97f4042575576cabe0541c260c01dfabad Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 08:03:28 +0000 Subject: [PATCH 05/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.48.0 (#98) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index ffe54418..f071f142 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.47.0" + version = "0.48.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From d98c64c9b73e3b277aac3d33682b4064d1d60437 Mon Sep 17 00:00:00 2001 From: Maxim Mironenko Date: Thu, 4 Feb 2021 15:06:22 +0700 Subject: [PATCH 06/82] minimum required Terraform version bumped to 0.13.0, context.tf updated, readme updated (#96) --- README.md | 6 ++- context.tf | 45 ++++++++++++++++++- docs/terraform.md | 6 ++- examples/complete/context.tf | 45 ++++++++++++++++++- examples/complete/main.tf | 16 +++---- examples/complete/versions.tf | 2 +- .../with_cognito_authentication/versions.tf | 2 +- .../versions.tf | 2 +- examples/without_authentication/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 109 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 945985f4..d78aacec 100644 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | local | >= 1.3 | | null | >= 2.0 | @@ -248,7 +248,7 @@ Available targets: | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -290,7 +290,9 @@ Available targets: | id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/context.tf b/context.tf index f5f27979..ff90b1c3 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.23.0" // requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -54,6 +54,8 @@ variable "context" { regex_replace_chars = string label_order = list(string) id_length_limit = number + label_key_case = string + label_value_case = string }) default = { enabled = true @@ -68,6 +70,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +80,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -165,4 +179,33 @@ variable "id_length_limit" { EOT } +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index a979b14c..570310b3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | | local | >= 1.3 | | null | >= 2.0 | @@ -92,7 +92,7 @@ | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -134,7 +134,9 @@ | id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index f5f27979..ff90b1c3 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.23.0" // requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -54,6 +54,8 @@ variable "context" { regex_replace_chars = string label_order = list(string) id_length_limit = number + label_key_case = string + label_value_case = string }) default = { enabled = true @@ -68,6 +70,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +80,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -165,4 +179,33 @@ variable "id_length_limit" { EOT } +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/complete/main.tf b/examples/complete/main.tf index abe7609f..a908d920 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -60,7 +60,7 @@ module "ecs_web_app" { region = var.region vpc_id = module.vpc.vpc_id - // Container + # Container container_image = var.container_image container_cpu = var.container_cpu container_memory = var.container_memory @@ -70,7 +70,7 @@ module "ecs_web_app" { aws_logs_region = var.region healthcheck = var.healthcheck - // Authentication + # Authentication authentication_type = var.authentication_type alb_ingress_listener_unauthenticated_priority = var.alb_ingress_listener_unauthenticated_priority alb_ingress_listener_authenticated_priority = var.alb_ingress_listener_authenticated_priority @@ -88,7 +88,7 @@ module "ecs_web_app" { authentication_oidc_token_endpoint = var.authentication_oidc_token_endpoint authentication_oidc_user_info_endpoint = var.authentication_oidc_user_info_endpoint - // ECS + # ECS ecs_private_subnet_ids = module.subnets.private_subnet_ids ecs_cluster_arn = aws_ecs_cluster.default.arn ecs_cluster_name = aws_ecs_cluster.default.name @@ -98,14 +98,14 @@ module "ecs_web_app" { launch_type = var.launch_type container_port = var.container_port - // ALB + # ALB alb_arn_suffix = module.alb.alb_arn_suffix alb_security_group = module.alb.security_group_id alb_ingress_unauthenticated_listener_arns = [module.alb.http_listener_arn] alb_ingress_unauthenticated_listener_arns_count = 1 alb_ingress_healthcheck_path = var.alb_ingress_healthcheck_path - // CodePipeline + # CodePipeline codepipeline_enabled = var.codepipeline_enabled badge_enabled = var.codepipeline_badge_enabled github_oauth_token = var.codepipeline_github_oauth_token @@ -128,7 +128,7 @@ module "ecs_web_app" { container_environment = var.container_environment secrets = var.secrets - // Autoscaling + # Autoscaling autoscaling_enabled = var.autoscaling_enabled autoscaling_dimension = var.autoscaling_dimension autoscaling_min_capacity = var.autoscaling_min_capacity @@ -138,7 +138,7 @@ module "ecs_web_app" { autoscaling_scale_down_adjustment = var.autoscaling_scale_down_adjustment autoscaling_scale_down_cooldown = var.autoscaling_scale_down_cooldown - // ECS alarms + # ECS alarms ecs_alarms_enabled = var.ecs_alarms_enabled ecs_alarms_cpu_utilization_high_threshold = var.ecs_alarms_cpu_utilization_high_threshold ecs_alarms_cpu_utilization_high_evaluation_periods = var.ecs_alarms_cpu_utilization_high_evaluation_periods @@ -161,7 +161,7 @@ module "ecs_web_app" { ecs_alarms_memory_utilization_low_alarm_actions = [aws_sns_topic.sns_topic.arn] ecs_alarms_memory_utilization_low_ok_actions = [aws_sns_topic.sns_topic.arn] - // ALB and Target Group alarms + # ALB and Target Group alarms alb_target_group_alarms_enabled = var.alb_target_group_alarms_enabled alb_target_group_alarms_evaluation_periods = var.alb_target_group_alarms_evaluation_periods alb_target_group_alarms_period = var.alb_target_group_alarms_period diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5947f14f..a09279ce 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { diff --git a/examples/with_cognito_authentication/versions.tf b/examples/with_cognito_authentication/versions.tf index 5947f14f..a09279ce 100644 --- a/examples/with_cognito_authentication/versions.tf +++ b/examples/with_cognito_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { diff --git a/examples/with_google_oidc_authentication/versions.tf b/examples/with_google_oidc_authentication/versions.tf index 5947f14f..a09279ce 100644 --- a/examples/with_google_oidc_authentication/versions.tf +++ b/examples/with_google_oidc_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { diff --git a/examples/without_authentication/versions.tf b/examples/without_authentication/versions.tf index 5947f14f..a09279ce 100644 --- a/examples/without_authentication/versions.tf +++ b/examples/without_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { diff --git a/versions.tf b/versions.tf index 5947f14f..a09279ce 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { From 5d887b1a40e6e369bbfb13bb86bde3a9b36fc07d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 09:31:01 +0000 Subject: [PATCH 07/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.48.1 (#101) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f071f142..b679d28e 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.48.0" + version = "0.48.1" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From 911bbe12eb8dd4f1ccd9749bd626142d7d60b008 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 10:33:26 +0000 Subject: [PATCH 08/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.45.1 (#100) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b679d28e..d8292cd1 100644 --- a/main.tf +++ b/main.tf @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.44.1" + version = "0.45.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 83640f5b86861e0e4942370cf112988e1c48a155 Mon Sep 17 00:00:00 2001 From: Michael Manganiello Date: Thu, 4 Feb 2021 08:16:01 -0300 Subject: [PATCH 09/82] Mark "codebuild" output as sensitive (#89) * Mark codebuild output as sensitive Terraform 0.14 fails when trying to run this module, because the `codebuild` output is not marked as sensitive. However, `codepipeline_webhook_url` is correctly marked. * Updated README.md Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> --- outputs.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/outputs.tf b/outputs.tf index ed692ab9..09540381 100644 --- a/outputs.tf +++ b/outputs.tf @@ -146,6 +146,7 @@ output "cloudwatch_log_group_name" { output "codebuild" { description = "All outputs from `module.ecs_codepipeline`" value = module.ecs_codepipeline + sensitive = true } output "codebuild_project_name" { From 8eb69d391d3f7641701c017fe1abc53ac085b9b4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Feb 2021 17:27:09 +0000 Subject: [PATCH 10/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.46.0 (#102) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index d8292cd1..8c986ccb 100644 --- a/main.tf +++ b/main.tf @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.45.1" + version = "0.46.0" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 1f0a6ec840403554936e4d4dc501ac07a9c0c0b0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Feb 2021 01:18:10 +0000 Subject: [PATCH 11/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.6.2 (#97) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 8c986ccb..5977beb4 100644 --- a/main.tf +++ b/main.tf @@ -203,7 +203,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.5.1" + version = "0.6.2" name = var.name namespace = var.namespace stage = var.stage From 58ee020b7e843dfaad71283eaf8aff7515d73dc7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Feb 2021 01:18:15 +0000 Subject: [PATCH 12/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.49.0 (#104) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5977beb4..c7313657 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.48.1" + version = "0.49.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From a5438eec2f7db90c7cd6b60ed125d2c13db1aced Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Thu, 4 Feb 2021 19:29:22 -0800 Subject: [PATCH 13/82] Update context.tf from origin source (#93) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 8 ++++---- context.tf | 35 +++++++++++++---------------------- docs/terraform.md | 8 ++++---- examples/complete/context.tf | 35 +++++++++++++---------------------- 4 files changed, 34 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index d78aacec..f01d0a99 100644 --- a/README.md +++ b/README.md @@ -248,7 +248,7 @@ Available targets: | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -287,12 +287,12 @@ Available targets: | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/context.tf b/context.tf index ff90b1c3..81f99b4e 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.23.0" // requires Terraform >= 0.13.0 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,22 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - label_key_case = string - label_value_case = string - }) + type = any default = { enabled = true namespace = null @@ -82,12 +69,12 @@ variable "context" { EOT validation { - condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) error_message = "Allowed values: `lower`, `title`, `upper`." } validation { - condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } @@ -172,11 +159,15 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } } variable "label_key_case" { @@ -184,7 +175,7 @@ variable "label_key_case" { default = null description = <<-EOT The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. + Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -199,7 +190,7 @@ variable "label_value_case" { default = null description = <<-EOT The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). Default value: `lower`. EOT diff --git a/docs/terraform.md b/docs/terraform.md index 570310b3..98be2eda 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -92,7 +92,7 @@ | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
    label_key_case      = string
    label_value_case    = string
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -131,12 +131,12 @@ | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index ff90b1c3..81f99b4e 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.23.0" // requires Terraform >= 0.13.0 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,22 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - label_key_case = string - label_value_case = string - }) + type = any default = { enabled = true namespace = null @@ -82,12 +69,12 @@ variable "context" { EOT validation { - condition = var.context["label_key_case"] == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) error_message = "Allowed values: `lower`, `title`, `upper`." } validation { - condition = var.context["label_value_case"] == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } @@ -172,11 +159,15 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } } variable "label_key_case" { @@ -184,7 +175,7 @@ variable "label_key_case" { default = null description = <<-EOT The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. + Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -199,7 +190,7 @@ variable "label_value_case" { default = null description = <<-EOT The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). Default value: `lower`. EOT From 23f3abef3ce7b776d366b53d407bf56b428dbc5d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Feb 2021 04:00:26 +0000 Subject: [PATCH 14/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.19.1 (#99) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index c7313657..8e1a952d 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.18.0" + version = "0.19.1" vpc_id = var.vpc_id port = var.container_port From 3f0d90d7c1b627a7613a445facdf4510dd3c83bd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Feb 2021 04:00:31 +0000 Subject: [PATCH 15/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.6.3 (#107) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 8e1a952d..60159994 100644 --- a/main.tf +++ b/main.tf @@ -203,7 +203,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.6.2" + version = "0.6.3" name = var.name namespace = var.namespace stage = var.stage From 2e64c6dd9ecf5ab12b5e3c2d13764c8db6aaf859 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 5 Feb 2021 04:00:56 +0000 Subject: [PATCH 16/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.46.1 (#106) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 60159994..73b9bad5 100644 --- a/main.tf +++ b/main.tf @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.46.0" + version = "0.46.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 8a6d8a5b9d59b6653173841775aba08d748c9598 Mon Sep 17 00:00:00 2001 From: Nuru Date: Thu, 4 Feb 2021 21:00:26 -0800 Subject: [PATCH 17/82] Pin GitHub provider to version 3.0.0 (#105) --- README.md | 9 +-- context.tf | 66 +++++-------------- docs/terraform.md | 9 +-- examples/complete/context.tf | 66 +++++-------------- examples/complete/fixtures.us-east-2.tfvars | 2 - examples/complete/main.tf | 1 - examples/complete/variables.tf | 6 -- examples/complete/versions.tf | 2 +- .../with_cognito_authentication/versions.tf | 2 +- .../versions.tf | 2 +- examples/without_authentication/versions.tf | 2 +- main.tf | 11 ++-- outputs.tf | 1 - test/src/examples_complete_test.go | 6 +- variables.tf | 6 -- versions.tf | 2 +- 16 files changed, 51 insertions(+), 142 deletions(-) diff --git a/README.md b/README.md index f01d0a99..96a4b36b 100644 --- a/README.md +++ b/README.md @@ -159,7 +159,7 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.13.0 | +| terraform | >= 0.12.26 | | aws | >= 2.0 | | local | >= 1.3 | | null | >= 2.0 | @@ -248,7 +248,7 @@ Available targets: | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -283,16 +283,13 @@ Available targets: | environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_webhooks_token`) | `bool` | `false` | no | | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/context.tf b/context.tf index 81f99b4e..f5f27979 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.22.1" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace @@ -34,8 +34,6 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit - label_key_case = var.label_key_case - label_value_case = var.label_value_case context = var.context } @@ -43,7 +41,20 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = any + type = object({ + enabled = bool + namespace = string + environment = string + stage = string + name = string + delimiter = string + attributes = list(string) + tags = map(string) + additional_tag_map = map(string) + regex_replace_chars = string + label_order = list(string) + id_length_limit = number + }) default = { enabled = true namespace = null @@ -57,8 +68,6 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null - label_key_case = null - label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -67,16 +76,6 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT - - validation { - condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) - error_message = "Allowed values: `lower`, `title`, `upper`." - } - - validation { - condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) - error_message = "Allowed values: `lower`, `title`, `upper`, `none`." - } } variable "enabled" { @@ -159,44 +158,11 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters (minimum 6). + Limit `id` to this many characters. Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT - validation { - condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 - error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." - } -} - -variable "label_key_case" { - type = string - default = null - description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. - Default value: `title`. - EOT - - validation { - condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) - error_message = "Allowed values: `lower`, `title`, `upper`." - } } -variable "label_value_case" { - type = string - default = null - description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). - Default value: `lower`. - EOT - - validation { - condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) - error_message = "Allowed values: `lower`, `title`, `upper`, `none`." - } -} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index 98be2eda..774f96d9 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| terraform | >= 0.13.0 | +| terraform | >= 0.12.26 | | aws | >= 2.0 | | local | >= 1.3 | | null | >= 2.0 | @@ -92,7 +92,7 @@ | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -127,16 +127,13 @@ | environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_webhooks_token`) | `bool` | `false` | no | | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index 81f99b4e..f5f27979 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.22.1" // requires Terraform >= 0.12.26 enabled = var.enabled namespace = var.namespace @@ -34,8 +34,6 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit - label_key_case = var.label_key_case - label_value_case = var.label_value_case context = var.context } @@ -43,7 +41,20 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = any + type = object({ + enabled = bool + namespace = string + environment = string + stage = string + name = string + delimiter = string + attributes = list(string) + tags = map(string) + additional_tag_map = map(string) + regex_replace_chars = string + label_order = list(string) + id_length_limit = number + }) default = { enabled = true namespace = null @@ -57,8 +68,6 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null - label_key_case = null - label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -67,16 +76,6 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT - - validation { - condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) - error_message = "Allowed values: `lower`, `title`, `upper`." - } - - validation { - condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) - error_message = "Allowed values: `lower`, `title`, `upper`, `none`." - } } variable "enabled" { @@ -159,44 +158,11 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters (minimum 6). + Limit `id` to this many characters. Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT - validation { - condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 - error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." - } -} - -variable "label_key_case" { - type = string - default = null - description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. - Possible values: `lower`, `title`, `upper`. - Default value: `title`. - EOT - - validation { - condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) - error_message = "Allowed values: `lower`, `title`, `upper`." - } } -variable "label_value_case" { - type = string - default = null - description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). - Possible values: `lower`, `title`, `upper` and `none` (no transformation). - Default value: `lower`. - EOT - - validation { - condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) - error_message = "Allowed values: `lower`, `title`, `upper`, `none`." - } -} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index bfc799b6..e3a2e171 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -130,6 +130,4 @@ codepipeline_build_image = "aws/codebuild/docker:17.09.0" codepipeline_build_timeout = 20 -codepipeline_github_webhooks_anonymous = true - container_environment = [] diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a908d920..a7ec7fbd 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -109,7 +109,6 @@ module "ecs_web_app" { codepipeline_enabled = var.codepipeline_enabled badge_enabled = var.codepipeline_badge_enabled github_oauth_token = var.codepipeline_github_oauth_token - github_webhooks_anonymous = var.codepipeline_github_webhooks_anonymous github_webhooks_token = var.codepipeline_github_webhooks_token github_webhook_events = var.codepipeline_github_webhook_events repo_owner = var.codepipeline_repo_owner diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index b4b01804..4769e7df 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -307,12 +307,6 @@ variable "codepipeline_github_webhooks_token" { default = "" } -variable "codepipeline_github_webhooks_anonymous" { - type = bool - default = false - description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_webhooks_token`)" -} - variable "codepipeline_github_webhook_events" { type = list(string) description = "A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/)" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index a09279ce..5947f14f 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.12.26" required_providers { aws = { diff --git a/examples/with_cognito_authentication/versions.tf b/examples/with_cognito_authentication/versions.tf index a09279ce..5947f14f 100644 --- a/examples/with_cognito_authentication/versions.tf +++ b/examples/with_cognito_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.12.26" required_providers { aws = { diff --git a/examples/with_google_oidc_authentication/versions.tf b/examples/with_google_oidc_authentication/versions.tf index a09279ce..5947f14f 100644 --- a/examples/with_google_oidc_authentication/versions.tf +++ b/examples/with_google_oidc_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.12.26" required_providers { aws = { diff --git a/examples/without_authentication/versions.tf b/examples/without_authentication/versions.tf index a09279ce..5947f14f 100644 --- a/examples/without_authentication/versions.tf +++ b/examples/without_authentication/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.12.26" required_providers { aws = { diff --git a/main.tf b/main.tf index 73b9bad5..af47cadd 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.19.1" + version = "0.18.0" vpc_id = var.vpc_id port = var.container_port @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.49.0" + version = "0.47.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.46.1" + version = "0.44.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group @@ -158,11 +158,10 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.19.0" + version = "0.21.0" region = var.region github_oauth_token = var.github_oauth_token - github_anonymous = var.github_webhooks_anonymous github_webhooks_token = var.github_webhooks_token github_webhook_events = var.github_webhook_events repo_owner = var.repo_owner @@ -203,7 +202,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.6.3" + version = "0.5.1" name = var.name namespace = var.namespace stage = var.stage diff --git a/outputs.tf b/outputs.tf index 09540381..ed692ab9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -146,7 +146,6 @@ output "cloudwatch_log_group_name" { output "codebuild" { description = "All outputs from `module.ecs_codepipeline`" value = module.ecs_codepipeline - sensitive = true } output "codebuild_project_name" { diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index f6e72eaf..eb1c06c9 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -100,19 +100,19 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable codebuildCacheBucketName := terraform.Output(t, terraformOptions, "codebuild_cache_bucket_name") // Verify we're getting back the outputs we expect - expectedCodebuildCacheBucketName := "eg-test-ecs-web-app-build-" + attributes[0] + expectedCodebuildCacheBucketName := "eg-test-ecs-web-app-" + attributes[0] + "-build" assert.Contains(t, codebuildCacheBucketName, expectedCodebuildCacheBucketName) // Run `terraform output` to get the value of an output variable codebuildProjectName := terraform.Output(t, terraformOptions, "codebuild_project_name") // Verify we're getting back the outputs we expect - expectedCodebuildProjectName := "eg-test-ecs-web-app-build-" + attributes[0] + expectedCodebuildProjectName := "eg-test-ecs-web-app-" + attributes[0] + "-build" assert.Equal(t, expectedCodebuildProjectName, codebuildProjectName) // Run `terraform output` to get the value of an output variable codebuildRoleId := terraform.Output(t, terraformOptions, "codebuild_role_id") // Verify we're getting back the outputs we expect - expectedCodebuildRoleId := "eg-test-ecs-web-app-build-" + attributes[0] + expectedCodebuildRoleId := "eg-test-ecs-web-app-" + attributes[0] + "-build" assert.Equal(t, expectedCodebuildRoleId, codebuildRoleId) // Run `terraform output` to get the value of an output variable diff --git a/variables.tf b/variables.tf index 79a8070e..d1c065b4 100644 --- a/variables.tf +++ b/variables.tf @@ -607,12 +607,6 @@ variable "github_webhooks_token" { default = "" } -variable "github_webhooks_anonymous" { - type = bool - default = false - description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_webhooks_token`)" -} - variable "github_webhook_events" { type = list(string) description = "A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/)" diff --git a/versions.tf b/versions.tf index a09279ce..5947f14f 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.12.26" required_providers { aws = { From fb2c5735fe9777033061dcdd47be5074d2fe034e Mon Sep 17 00:00:00 2001 From: Nuru Date: Fri, 5 Feb 2021 15:29:34 -0800 Subject: [PATCH 18/82] Support Null Label 0.24.1 (#110) --- .github/CODEOWNERS | 7 ++-- .github/workflows/auto-readme.yml | 41 ------------------- .gitignore | 1 + README.md | 7 +--- docs/terraform.md | 7 +--- examples/complete/main.tf | 11 +++-- examples/with_cognito_authentication/main.tf | 11 ++++- .../with_google_oidc_authentication/main.tf | 11 ++++- examples/without_authentication/main.tf | 11 ++++- main.tf | 10 ++--- test/src/examples_complete_test.go | 20 ++++----- variables.tf | 2 +- versions.tf | 14 +------ 13 files changed, 61 insertions(+), 92 deletions(-) delete mode 100644 .github/workflows/auto-readme.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ceb46444..2537f2f8 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,9 +15,10 @@ # Cloud Posse must review any changes to standard context definition, # but some changes can be rubber-stamped. -**/context.tf @cloudposse/engineering @cloudposse/approvers -README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers -docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +**/*.tf @cloudposse/engineering @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers # Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration .github/mergify.yml @cloudposse/admins diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index 6229e606..00000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "auto-readme" -on: - schedule: - # Update README.md nightly - - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - make init - make readme/build - - - name: Create Pull Request - uses: cloudposse/actions/github/create-pull-request@0.20.0 - with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: master - delete-branch: true - labels: | - auto-update - readme diff --git a/.gitignore b/.gitignore index d56c5b67..4e403ab5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ *.tfstate *.tfstate.backup .terraform.tfstate.lock.info +**/.terraform.lock.hcl # Module directory .terraform/ diff --git a/README.md b/README.md index 96a4b36b..62562237 100644 --- a/README.md +++ b/README.md @@ -159,11 +159,8 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | -| local | >= 1.3 | -| null | >= 2.0 | -| template | >= 2.0 | ## Providers @@ -292,7 +289,7 @@ Available targets: | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | -| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | +| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | | map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | | mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 774f96d9..10e32539 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,11 +3,8 @@ | Name | Version | |------|---------| -| terraform | >= 0.12.26 | +| terraform | >= 0.13.0 | | aws | >= 2.0 | -| local | >= 1.3 | -| null | >= 2.0 | -| template | >= 2.0 | ## Providers @@ -136,7 +133,7 @@ | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | -| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `null` | no | +| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | | map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | | mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a7ec7fbd..c22a98c1 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -46,12 +46,17 @@ module "alb" { resource "aws_ecs_cluster" "default" { name = module.this.id tags = module.this.tags + setting { + name = "containerInsights" + value = "enabled" + } } resource "aws_sns_topic" "sns_topic" { - name = module.this.id - display_name = "Test terraform-aws-ecs-web-app" - tags = module.this.tags + name = module.this.id + display_name = "Test terraform-aws-ecs-web-app" + tags = module.this.tags + kms_master_key_id = "alias/aws/sns" } module "ecs_web_app" { diff --git a/examples/with_cognito_authentication/main.tf b/examples/with_cognito_authentication/main.tf index fa3a48db..e5f5b67e 100644 --- a/examples/with_cognito_authentication/main.tf +++ b/examples/with_cognito_authentication/main.tf @@ -53,11 +53,18 @@ module "alb" { # ECS Cluster (needed even if using FARGATE launch type) resource "aws_ecs_cluster" "default" { name = module.this.id + tags = module.this.tags + setting { + name = "containerInsights" + value = "enabled" + } } resource "aws_cloudwatch_log_group" "app" { - name = module.this.id - tags = module.this.tags + #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules + name = module.this.id + tags = module.this.tags + retention_in_days = 90 } module "web_app" { diff --git a/examples/with_google_oidc_authentication/main.tf b/examples/with_google_oidc_authentication/main.tf index 1f482afe..154bbde8 100644 --- a/examples/with_google_oidc_authentication/main.tf +++ b/examples/with_google_oidc_authentication/main.tf @@ -52,11 +52,18 @@ module "alb" { # ECS Cluster (needed even if using FARGATE launch type) resource "aws_ecs_cluster" "default" { name = module.this.id + tags = module.this.tags + setting { + name = "containerInsights" + value = "enabled" + } } resource "aws_cloudwatch_log_group" "app" { - name = module.this.id - tags = module.this.tags + #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules + name = module.this.id + tags = module.this.tags + retention_in_days = 90 } module "web_app" { diff --git a/examples/without_authentication/main.tf b/examples/without_authentication/main.tf index 1cdf3056..a318faa9 100644 --- a/examples/without_authentication/main.tf +++ b/examples/without_authentication/main.tf @@ -52,11 +52,18 @@ module "alb" { # ECS Cluster (needed even if using FARGATE launch type) resource "aws_ecs_cluster" "default" { name = module.this.id + tags = module.this.tags + setting { + name = "containerInsights" + value = "enabled" + } } resource "aws_cloudwatch_log_group" "app" { - name = module.this.id - tags = module.this.tags + #bridgecrew:skip=BC_AWS_LOGGING_21:Skipping `Ensure CloudWatch logs are encrypted at rest using KMS CMKs` in example/test modules + name = module.this.id + tags = module.this.tags + retention_in_days = 90 } module "web_app" { diff --git a/main.tf b/main.tf index af47cadd..e2e2651a 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "ecr" { source = "cloudposse/ecr/aws" - version = "0.29.2" + version = "0.32.1" enabled = var.codepipeline_enabled attributes = ["ecr"] @@ -158,7 +158,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.21.0" + version = "0.22.0" region = var.region github_oauth_token = var.github_oauth_token @@ -202,7 +202,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.5.1" + version = "0.7.0" name = var.name namespace = var.namespace stage = var.stage @@ -226,7 +226,7 @@ locals { module "ecs_cloudwatch_sns_alarms" { source = "cloudposse/ecs-cloudwatch-sns-alarms/aws" - version = "0.8.1" + version = "0.11.1" enabled = var.ecs_alarms_enabled cluster_name = var.ecs_cluster_name @@ -289,7 +289,7 @@ module "ecs_cloudwatch_sns_alarms" { module "alb_target_group_cloudwatch_sns_alarms" { source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws" - version = "0.13.0" + version = "0.15.0" enabled = var.alb_target_group_alarms_enabled alarm_actions = var.alb_target_group_alarms_alarm_actions diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index eb1c06c9..cdb28da7 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -124,7 +124,7 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable ecrRepositoryName := terraform.Output(t, terraformOptions, "ecr_repository_name") // Verify we're getting back the outputs we expect - expectedEcrRepositoryName := "eg-test-ecs-web-app-ecr-" + attributes[0] + expectedEcrRepositoryName := "eg-test-ecs-web-app-" + attributes[0] + "-ecr" assert.Equal(t, expectedEcrRepositoryName, ecrRepositoryName) // Run `terraform output` to get the value of an output variable @@ -166,54 +166,54 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-cpu-utilization-high-" + attributes[0] + expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-cpu-utilization-high" assert.Equal(t, expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-cpu-utilization-low-" + attributes[0] + expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-cpu-utilization-low" assert.Equal(t, expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-memory-utilization-high-" + attributes[0] + expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-memory-utilization-high" assert.Equal(t, expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-memory-utilization-low-" + attributes[0] + expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-memory-utilization-low" assert.Equal(t, expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeElb5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_elb_5xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-elb-5xx-count-high-" + attributes[0] + expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-elb-5xx-count-high" assert.Equal(t, expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId, httpcodeElb5xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget3xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_3xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-3xx-count-high-" + attributes[0] + expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-3xx-count-high" assert.Equal(t, expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId, httpcodeTarget3xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget4xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_4xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-4xx-count-high-" + attributes[0] + expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-4xx-count-high" assert.Equal(t, expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId, httpcodeTarget4xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_5xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-5xx-count-high-" + attributes[0] + expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-5xx-count-high" assert.Equal(t, expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId, httpcodeTarget5xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable targetResponseTimeAverageCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "target_response_time_average_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we - expectedTargetResponseTimeAverageCloudwatchMetricAlarmId := "eg-test-ecs-web-app-target-response-high-" + attributes[0] + expectedTargetResponseTimeAverageCloudwatchMetricAlarmId := "eg-test-ecs-web-app-" + attributes[0] + "-target-response-high" assert.Equal(t, expectedTargetResponseTimeAverageCloudwatchMetricAlarmId, targetResponseTimeAverageCloudwatchMetricAlarmId) } diff --git a/variables.tf b/variables.tf index d1c065b4..411857dc 100644 --- a/variables.tf +++ b/variables.tf @@ -433,7 +433,7 @@ variable "aws_logs_prefix" { variable "log_retention_in_days" { type = number description = "The number of days to retain logs for the log group" - default = null + default = 90 } variable "log_driver" { diff --git a/versions.tf b/versions.tf index 5947f14f..5b2c49b9 100644 --- a/versions.tf +++ b/versions.tf @@ -1,22 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" version = ">= 2.0" } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" - } } } From e94b50055d25b4a758b058709dce2e94be055ecd Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Fri, 5 Feb 2021 19:29:25 -0800 Subject: [PATCH 19/82] Update context.tf from origin source (#111) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 6 ++-- context.tf | 66 +++++++++++++++++++++++++++--------- docs/terraform.md | 6 ++-- examples/complete/context.tf | 66 +++++++++++++++++++++++++++--------- 4 files changed, 108 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 62562237..0a148382 100644 --- a/README.md +++ b/README.md @@ -245,7 +245,7 @@ Available targets: | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -283,10 +283,12 @@ Available targets: | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | diff --git a/context.tf b/context.tf index f5f27979..81f99b4e 100644 --- a/context.tf +++ b/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,20 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null @@ -68,6 +57,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +67,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -158,11 +159,44 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } } +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index 10e32539..f7b0f6c0 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -89,7 +89,7 @@ | container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | | container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | @@ -127,10 +127,12 @@ | github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | | ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | | launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index f5f27979..81f99b4e 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -20,7 +20,7 @@ module "this" { source = "cloudposse/label/null" - version = "0.22.1" // requires Terraform >= 0.12.26 + version = "0.24.1" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace @@ -34,6 +34,8 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case context = var.context } @@ -41,20 +43,7 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null @@ -68,6 +57,8 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null } description = <<-EOT Single object for setting entire context at once. @@ -76,6 +67,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -158,11 +159,44 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for default, which is `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } } +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} #### End of copy of cloudposse/terraform-null-label/variables.tf From f7604816fdee01a7eadca8cb9ab3f42c99aa5e52 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 7 Feb 2021 23:21:04 +0000 Subject: [PATCH 20/82] chore(deps): update terraform cloudposse/ecr/aws to v0.32.2 (#112) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e2e2651a..73b4c126 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "ecr" { source = "cloudposse/ecr/aws" - version = "0.32.1" + version = "0.32.2" enabled = var.codepipeline_enabled attributes = ["ecr"] From f33dfa09e3de148e2c6b4ea1fc2f36bac766cda7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Feb 2021 02:39:49 +0000 Subject: [PATCH 21/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.47.0 (#114) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 73b4c126..73c250de 100644 --- a/main.tf +++ b/main.tf @@ -125,7 +125,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.44.1" + version = "0.47.0" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From cd6ddafbf126c145775adcc5f37fce2e91853afe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Feb 2021 02:40:06 +0000 Subject: [PATCH 22/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-sns-alarms/aws to v0.12.0 (#115) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 73c250de..5cb5a7db 100644 --- a/main.tf +++ b/main.tf @@ -226,7 +226,7 @@ locals { module "ecs_cloudwatch_sns_alarms" { source = "cloudposse/ecs-cloudwatch-sns-alarms/aws" - version = "0.11.1" + version = "0.12.0" enabled = var.ecs_alarms_enabled cluster_name = var.ecs_cluster_name From e88bec5b0f527d95714c6ef34ce961d944580ef9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Feb 2021 03:53:50 +0000 Subject: [PATCH 23/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.20.0 (#116) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5cb5a7db..b25cb567 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.18.0" + version = "0.20.0" vpc_id = var.vpc_id port = var.container_port From a23a3b1958208b7a6dbcf1288ab0ab5d8795cb64 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Feb 2021 05:44:39 +0000 Subject: [PATCH 24/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.49.2 (#117) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b25cb567..c9b617bc 100644 --- a/main.tf +++ b/main.tf @@ -59,7 +59,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.47.0" + version = "0.49.2" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From 889e9da94748f829f3b0b0f384e16a4842b382dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Feb 2021 09:41:56 +0000 Subject: [PATCH 25/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-sns-alarms/aws to v0.12.1 (#118) Co-authored-by: Renovate Bot --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index c9b617bc..ad27e6cd 100644 --- a/main.tf +++ b/main.tf @@ -226,7 +226,7 @@ locals { module "ecs_cloudwatch_sns_alarms" { source = "cloudposse/ecs-cloudwatch-sns-alarms/aws" - version = "0.12.0" + version = "0.12.1" enabled = var.ecs_alarms_enabled cluster_name = var.ecs_cluster_name From e9df99f24a0e34f8a09c82dda5abb4104e2f0fab Mon Sep 17 00:00:00 2001 From: Frank <639906+syphernl@users.noreply.github.com> Date: Tue, 9 Feb 2021 16:39:30 +0100 Subject: [PATCH 26/82] fix: make required outputs sensitive (#113) --- outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/outputs.tf b/outputs.tf index ed692ab9..f0798b0d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -51,16 +51,19 @@ output "alb_ingress_target_group_arn_suffix" { output "container_definition" { description = "All outputs from `module.container_definition`" value = module.container_definition + sensitive = true } output "container_definition_json" { description = "JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition" value = module.container_definition.json_map_encoded_list + sensitive = true } output "container_definition_json_map" { description = "JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition" value = module.container_definition.json_map_encoded + sensitive = true } output "ecs_alb_service_task" { @@ -146,6 +149,7 @@ output "cloudwatch_log_group_name" { output "codebuild" { description = "All outputs from `module.ecs_codepipeline`" value = module.ecs_codepipeline + sensitive = true } output "codebuild_project_name" { From db0b863f3076c4c4fb69940cbfb229fa96da2877 Mon Sep 17 00:00:00 2001 From: Josh Ross <53832644+jross-ai@users.noreply.github.com> Date: Thu, 11 Feb 2021 16:45:22 -0500 Subject: [PATCH 27/82] Add ecr image tag mutability variable for the ecr module (#120) --- README.md | 1 + docs/terraform.md | 1 + main.tf | 5 +++-- variables.tf | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0a148382..5d24c3eb 100644 --- a/README.md +++ b/README.md @@ -249,6 +249,7 @@ Available targets: | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| ecr\_image\_tag\_mutability | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | | ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | | ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | diff --git a/docs/terraform.md b/docs/terraform.md index f7b0f6c0..ab074695 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -93,6 +93,7 @@ | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| ecr\_image\_tag\_mutability | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | | ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | | ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | diff --git a/main.tf b/main.tf index ad27e6cd..f71bc1d1 100644 --- a/main.tf +++ b/main.tf @@ -3,8 +3,9 @@ module "ecr" { version = "0.32.2" enabled = var.codepipeline_enabled - attributes = ["ecr"] - scan_images_on_push = var.ecr_scan_images_on_push + attributes = ["ecr"] + scan_images_on_push = var.ecr_scan_images_on_push + image_tag_mutability = var.ecr_image_tag_mutability context = module.this.context } diff --git a/variables.tf b/variables.tf index 411857dc..05946a54 100644 --- a/variables.tf +++ b/variables.tf @@ -896,3 +896,9 @@ variable "deployment_controller_type" { description = "Type of deployment controller. Valid values are CODE_DEPLOY and ECS" default = "ECS" } + +variable "ecr_image_tag_mutability" { + type = string + default = "IMMUTABLE" + description = "The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE`" +} From d69ea0dc2df1994b1279db77eb3ea08cfd27dc18 Mon Sep 17 00:00:00 2001 From: Leo <38137291+lezavala@users.noreply.github.com> Date: Mon, 15 Feb 2021 19:19:00 -0800 Subject: [PATCH 28/82] Expose codepipeline build cache bucket suffix variable. (#122) --- README.md | 22 +++++++++++++++++++++- docs/terraform.md | 22 +++++++++++++++++++++- main.tf | 39 ++++++++++++++++++++------------------- variables.tf | 6 ++++++ 4 files changed, 68 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 5d24c3eb..380f9d57 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,26 @@ Available targets: |------|---------| | aws | >= 2.0 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | +| alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| container_definition | cloudposse/ecs-container-definition/aws | 0.49.2 | +| ecr | cloudposse/ecr/aws | 0.32.2 | +| ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.23.0 | +| this | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | +|------| +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/cloudwatch_log_group) | + ## Inputs | Name | Description | Type | Default | Required | @@ -232,6 +252,7 @@ Available targets: | buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | | capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | | cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| codepipeline\_build\_cache\_bucket\_suffix\_enabled | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | | codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | | codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | @@ -396,7 +417,6 @@ Available targets: | httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | | target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | | target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | - diff --git a/docs/terraform.md b/docs/terraform.md index ab074695..989281d9 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -12,6 +12,26 @@ |------|---------| | aws | >= 2.0 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | +| alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| container_definition | cloudposse/ecs-container-definition/aws | 0.49.2 | +| ecr | cloudposse/ecr/aws | 0.32.2 | +| ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.23.0 | +| this | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | +|------| +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/cloudwatch_log_group) | + ## Inputs | Name | Description | Type | Default | Required | @@ -76,6 +96,7 @@ | buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | | capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | | cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| codepipeline\_build\_cache\_bucket\_suffix\_enabled | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | | codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | | codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | @@ -240,5 +261,4 @@ | httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | | target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | | target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | - diff --git a/main.tf b/main.tf index f71bc1d1..6db4388f 100644 --- a/main.tf +++ b/main.tf @@ -159,25 +159,26 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.22.0" - - region = var.region - github_oauth_token = var.github_oauth_token - github_webhooks_token = var.github_webhooks_token - github_webhook_events = var.github_webhook_events - repo_owner = var.repo_owner - repo_name = var.repo_name - branch = var.branch - badge_enabled = var.badge_enabled - build_image = var.build_image - build_compute_type = var.codepipeline_build_compute_type - build_timeout = var.build_timeout - buildspec = var.buildspec - image_repo_name = module.ecr.repository_name - service_name = module.ecs_alb_service_task.service_name - ecs_cluster_name = var.ecs_cluster_name - privileged_mode = true - poll_source_changes = var.poll_source_changes + version = "0.23.0" + + region = var.region + github_oauth_token = var.github_oauth_token + github_webhooks_token = var.github_webhooks_token + github_webhook_events = var.github_webhook_events + repo_owner = var.repo_owner + repo_name = var.repo_name + branch = var.branch + badge_enabled = var.badge_enabled + build_image = var.build_image + build_compute_type = var.codepipeline_build_compute_type + build_timeout = var.build_timeout + buildspec = var.buildspec + cache_bucket_suffix_enabled = var.codepipeline_build_cache_bucket_suffix_enabled + image_repo_name = module.ecr.repository_name + service_name = module.ecs_alb_service_task.service_name + ecs_cluster_name = var.ecs_cluster_name + privileged_mode = true + poll_source_changes = var.poll_source_changes webhook_enabled = var.webhook_enabled webhook_target_action = var.webhook_target_action diff --git a/variables.tf b/variables.tf index 05946a54..22ddde62 100644 --- a/variables.tf +++ b/variables.tf @@ -846,6 +846,12 @@ variable "authentication_oidc_scope" { default = [] } +variable "codepipeline_build_cache_bucket_suffix_enabled" { + type = bool + description = "The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache_type is 'S3'" + default = true +} + variable "codepipeline_build_compute_type" { type = string default = "BUILD_GENERAL1_SMALL" From 42dbebc66534be7cb0fd32fafccfe9303e12d7b2 Mon Sep 17 00:00:00 2001 From: nitro Date: Tue, 2 Mar 2021 13:49:11 -0500 Subject: [PATCH 29/82] Fewer required variables (#127) * Update variables.tf * Update main.tf * Update variables.tf * Update variables.tf * Auto Format * Trigger Build Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 9 +++++---- docs/terraform.md | 9 +++++---- main.tf | 6 ++++-- variables.tf | 3 +++ 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 380f9d57..60179aae 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,8 @@ Available targets: | Name | |------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/cloudwatch_log_group) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | ## Inputs @@ -243,7 +244,7 @@ Available targets: | autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no | | autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no | | aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | -| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | n/a | yes | +| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | | badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | | branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | | build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | @@ -294,7 +295,7 @@ Available targets: | ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | | ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no | | ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | -| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | n/a | yes | +| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | | ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | | enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | @@ -327,7 +328,7 @@ Available targets: | port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region for S3 bucket | `string` | n/a | yes | +| region | AWS Region for S3 bucket | `string` | `null` | no | | repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | repo\_owner | GitHub Organization or Username | `string` | `""` | no | | secrets | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 989281d9..99c92365 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -30,7 +30,8 @@ | Name | |------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/cloudwatch_log_group) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | ## Inputs @@ -87,7 +88,7 @@ | autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no | | autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no | | aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | -| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | n/a | yes | +| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | | badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | | branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | | build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | @@ -138,7 +139,7 @@ | ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | | ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no | | ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | -| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | n/a | yes | +| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | | ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | | enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | @@ -171,7 +172,7 @@ | port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region for S3 bucket | `string` | n/a | yes | +| region | AWS Region for S3 bucket | `string` | `null` | no | | repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | repo\_owner | GitHub Organization or Username | `string` | `""` | no | | secrets | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | diff --git a/main.tf b/main.tf index 6db4388f..8c8cf9e2 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,5 @@ +data "aws_region" "current" {} + module "ecr" { source = "cloudposse/ecr/aws" version = "0.32.2" @@ -84,7 +86,7 @@ module "container_definition" { log_configuration = var.cloudwatch_log_group_enabled ? { logDriver = var.log_driver options = { - "awslogs-region" = var.aws_logs_region + "awslogs-region" = coalesce(var.aws_logs_region, data.aws_region.current.name) "awslogs-group" = join("", aws_cloudwatch_log_group.app.*.name) "awslogs-stream-prefix" = var.aws_logs_prefix == "" ? module.this.name : var.aws_logs_prefix } @@ -161,7 +163,7 @@ module "ecs_codepipeline" { source = "cloudposse/ecs-codepipeline/aws" version = "0.23.0" - region = var.region + region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token github_webhooks_token = var.github_webhooks_token github_webhook_events = var.github_webhook_events diff --git a/variables.tf b/variables.tf index 22ddde62..7e699313 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,7 @@ variable "region" { type = string description = "AWS Region for S3 bucket" + default = null } variable "codepipeline_enabled" { @@ -422,6 +423,7 @@ variable "vpc_id" { variable "aws_logs_region" { type = string description = "The region for the AWS Cloudwatch Logs group" + default = null } variable "aws_logs_prefix" { @@ -462,6 +464,7 @@ variable "ecs_cluster_arn" { variable "ecs_cluster_name" { type = string description = "The ECS Cluster Name to use in ECS Code Pipeline Deployment step" + default = null } variable "ecs_alarms_cpu_utilization_high_threshold" { From bdd7688af36f5959b1ceca74d6b52aeb6cb6a243 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Mar 2021 05:04:58 -0700 Subject: [PATCH 30/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.24.0 (#133) * Enable workflow dispatch for validate-codeowners Co-authored-by: Nuru --- .github/workflows/validate-codeowners.yml | 2 ++ README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 386eb286..592c83cf 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -1,5 +1,7 @@ name: Validate Codeowners on: + workflow_dispatch: + pull_request: jobs: diff --git a/README.md b/README.md index 60179aae..db47c7d5 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ Available targets: | ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | | ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.23.0 | +| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.24.0 | | this | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index 99c92365..6952b884 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | | ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.23.0 | +| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.24.0 | | this | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/main.tf b/main.tf index 8c8cf9e2..4e1b0ccb 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.23.0" + version = "0.24.0" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From 1b58c8cdb9f902b126d679e3bed4dd219e3d105a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Mar 2021 00:27:01 +0000 Subject: [PATCH 31/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.55.0 (#134) * chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.53.0 * Auto Format * Update main.tf * Auto Format * Update main.tf * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitro --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index db47c7d5..d2369946 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ Available targets: |------|--------|---------| | alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | | alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| container_definition | cloudposse/ecs-container-definition/aws | 0.49.2 | +| container_definition | cloudposse/ecs-container-definition/aws | 0.55.0 | | ecr | cloudposse/ecr/aws | 0.32.2 | | ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | | ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 6952b884..2dbe0ed2 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ |------|--------|---------| | alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | | alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| container_definition | cloudposse/ecs-container-definition/aws | 0.49.2 | +| container_definition | cloudposse/ecs-container-definition/aws | 0.55.0 | | ecr | cloudposse/ecr/aws | 0.32.2 | | ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | | ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/main.tf b/main.tf index 4e1b0ccb..55a46f7d 100644 --- a/main.tf +++ b/main.tf @@ -62,7 +62,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.49.2" + version = "0.55.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From f6e5ae9dbb0c5582dc5f56833667600a87c58ff4 Mon Sep 17 00:00:00 2001 From: Appelberg-s Date: Fri, 26 Mar 2021 21:51:42 +0100 Subject: [PATCH 32/82] Fix example in README.md (#131) * Update README.md The example provided in the README.md gave an error when trying to run it since it set the attribute `environment` when it was probably trying set the attribute `container_environment`. * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com> Co-authored-by: nitro --- README.md | 474 +++++++++++++++++++++++----------------------- README.yaml | 2 +- docs/terraform.md | 472 ++++++++++++++++++++++----------------------- 3 files changed, 474 insertions(+), 474 deletions(-) diff --git a/README.md b/README.md index d2369946..f78041a9 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ module "default_backend_web_app" { alb_ingress_unauthenticated_paths = ["/*"] codepipeline_enabled = false - environment = [ + container_environment = [ { name = "COOKIE" value = "cookiemonster" @@ -159,265 +159,265 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | +| [aws](#provider\_aws) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | -| alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| container_definition | cloudposse/ecs-container-definition/aws | 0.55.0 | -| ecr | cloudposse/ecr/aws | 0.32.2 | -| ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | -| ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | -| ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.24.0 | -| this | cloudposse/label/null | 0.24.1 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| alb\_arn\_suffix | ARN suffix of the ALB for the Target Group | `string` | `""` | no | -| alb\_container\_name | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | -| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | -| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | -| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | -| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | -| alb\_ingress\_enable\_default\_target\_group | If true, create a default target group for the ALB ingress | `bool` | `true` | no | -| alb\_ingress\_healthcheck\_path | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | -| alb\_ingress\_healthcheck\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | -| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | -| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | -| alb\_ingress\_target\_group\_arn | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | -| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | -| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | -| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | -| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | -| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | -| alb\_target\_group\_alarms\_3xx\_threshold | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_4xx\_threshold | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_5xx\_threshold | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | -| alb\_target\_group\_alarms\_evaluation\_periods | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no | -| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_period | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | -| alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no | -| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no | -| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | -| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | -| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | -| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | -| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | -| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | -| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | -| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no | -| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | -| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | -| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | -| autoscaling\_dimension | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no | -| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | -| autoscaling\_max\_capacity | Maximum number of running instances of a Service | `number` | `2` | no | -| autoscaling\_min\_capacity | Minimum number of running instances of a Service | `number` | `1` | no | -| autoscaling\_scale\_down\_adjustment | Scaling adjustment to make during scale down event | `number` | `-1` | no | -| autoscaling\_scale\_down\_cooldown | Period (in seconds) to wait between scale down events | `number` | `300` | no | -| autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no | -| autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no | -| aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | -| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | -| build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | -| cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | -| codepipeline\_build\_cache\_bucket\_suffix\_enabled | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | -| codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | -| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| command | The command that is passed to the container | `list(string)` | `null` | no | -| container\_cpu | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | -| container\_definition | Override the main container\_definition | `string` | `""` | no | -| container\_environment | The environment variables to pass to the container. This is a list of maps | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | -| container\_image | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no | -| container\_memory | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | -| container\_memory\_reservation | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | -| container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | -| container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | -| container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | -| desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | -| ecr\_image\_tag\_mutability | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | -| ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | -| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_cpu\_utilization\_high\_threshold | The maximum percentage of CPU utilization average | `number` | `80` | no | -| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_cpu\_utilization\_low\_threshold | The minimum percentage of CPU utilization average | `number` | `20` | no | -| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | -| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_memory\_utilization\_high\_threshold | The maximum percentage of Memory utilization average | `number` | `80` | no | -| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no | -| ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | -| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | -| ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | -| ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| entrypoint | The entry point that is passed to the container | `list(string)` | `null` | no | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | -| healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | -| init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | -| log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | -| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | -| map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | -| mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | -| nlb\_container\_name | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | -| nlb\_container\_port | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | -| nlb\_ingress\_target\_group\_arn | Target group ARN of the NLB ingress | `string` | `""` | no | -| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | -| privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region for S3 bucket | `string` | `null` | no | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | -| repo\_owner | GitHub Organization or Username | `string` | `""` | no | -| secrets | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | -| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| system\_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| task\_cpu | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | -| task\_memory | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | -| ulimits | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | -| use\_alb\_security\_group | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | -| use\_ecr\_image | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | -| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | -| volumes | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
    efs_volume_configuration = list(object({
      file_system_id          = string
      root_directory          = string
      transit_encryption      = string
      transit_encryption_port = string
      authorization_config = list(object({
        access_point_id = string
        iam             = string
      }))
    }))
  }))
| `[]` | no | -| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no | +| [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | +| [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| [alb\_ingress\_authenticated\_listener\_arns](#input\_alb\_ingress\_authenticated\_listener\_arns) | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | +| [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | +| [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | +| [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | +| [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | +| [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | +| [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes | +| [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_alarm\_actions](#input\_alb\_target\_group\_alarms\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_enabled](#input\_alb\_target\_group\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| [alb\_target\_group\_alarms\_evaluation\_periods](#input\_alb\_target\_group\_alarms\_evaluation\_periods) | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no | +| [alb\_target\_group\_alarms\_insufficient\_data\_actions](#input\_alb\_target\_group\_alarms\_insufficient\_data\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_ok\_actions](#input\_alb\_target\_group\_alarms\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | +| [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | +| [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope | `list(string)` | `[]` | no | +| [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | +| [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | +| [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| [authentication\_oidc\_authorization\_endpoint](#input\_authentication\_oidc\_authorization\_endpoint) | OIDC Authorization Endpoint | `string` | `""` | no | +| [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no | +| [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no | +| [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no | +| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope | `list(string)` | `[]` | no | +| [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no | +| [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no | +| [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| [autoscaling\_dimension](#input\_autoscaling\_dimension) | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no | +| [autoscaling\_enabled](#input\_autoscaling\_enabled) | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of running instances of a Service | `number` | `2` | no | +| [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of running instances of a Service | `number` | `1` | no | +| [autoscaling\_scale\_down\_adjustment](#input\_autoscaling\_scale\_down\_adjustment) | Scaling adjustment to make during scale down event | `number` | `-1` | no | +| [autoscaling\_scale\_down\_cooldown](#input\_autoscaling\_scale\_down\_cooldown) | Period (in seconds) to wait between scale down events | `number` | `300` | no | +| [autoscaling\_scale\_up\_adjustment](#input\_autoscaling\_scale\_up\_adjustment) | Scaling adjustment to make during scale up event | `number` | `1` | no | +| [autoscaling\_scale\_up\_cooldown](#input\_autoscaling\_scale\_up\_cooldown) | Period (in seconds) to wait between scale up events | `number` | `60` | no | +| [aws\_logs\_prefix](#input\_aws\_logs\_prefix) | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | +| [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | +| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | +| [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | +| [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | +| [container\_definition](#input\_container\_definition) | Override the main container\_definition | `string` | `""` | no | +| [container\_environment](#input\_container\_environment) | The environment variables to pass to the container. This is a list of maps | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | +| [container\_image](#input\_container\_image) | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no | +| [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | +| [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | +| [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no | +| [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | +| [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | +| [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_period](#input\_ecs\_alarms\_cpu\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_high\_threshold) | The maximum percentage of CPU utilization average | `number` | `80` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_period](#input\_ecs\_alarms\_cpu\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_low\_threshold) | The minimum percentage of CPU utilization average | `number` | `20` | no | +| [ecs\_alarms\_enabled](#input\_ecs\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| [ecs\_alarms\_memory\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_memory\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_high\_period](#input\_ecs\_alarms\_memory\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_memory\_utilization\_high\_threshold](#input\_ecs\_alarms\_memory\_utilization\_high\_threshold) | The maximum percentage of Memory utilization average | `number` | `80` | no | +| [ecs\_alarms\_memory\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_memory\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_low\_period](#input\_ecs\_alarms\_memory\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no | +| [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | +| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | +| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | +| [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | +| [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | +| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | +| [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | +| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | +| [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | +| [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | +| [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no | +| [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | +| [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | +| [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | +| [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | +| [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | +| [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | +| [use\_nlb\_cidr\_blocks](#input\_use\_nlb\_cidr\_blocks) | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | +| [volumes](#input\_volumes) | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
    efs_volume_configuration = list(object({
      file_system_id          = string
      root_directory          = string
      transit_encryption      = string
      transit_encryption_port = string
      authorization_config = list(object({
        access_point_id = string
        iam             = string
      }))
    }))
  }))
| `[]` | no | +| [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created | `string` | n/a | yes | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| alb\_ingress | All outputs from `module.alb_ingress` | -| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | -| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | -| alb\_ingress\_target\_group\_name | ALB Target Group name | -| alb\_target\_group\_cloudwatch\_sns\_alarms | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` | -| cloudwatch\_log\_group | All outputs from `aws_cloudwatch_log_group.app` | -| cloudwatch\_log\_group\_arn | Cloudwatch log group ARN | -| cloudwatch\_log\_group\_name | Cloudwatch log group name | -| codebuild | All outputs from `module.ecs_codepipeline` | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| codepipeline\_webhook\_id | The CodePipeline webhook's ID | -| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container\_definition | All outputs from `module.container_definition` | -| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | -| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | -| ecr | All outputs from `module.ecr` | -| ecr\_registry\_id | Registry ID | -| ecr\_registry\_url | Repository URL | -| ecr\_repository\_arn | ARN of ECR repository | -| ecr\_repository\_name | Registry name | -| ecr\_repository\_url | Repository URL | -| ecs\_alarms | All outputs from `module.ecs_cloudwatch_sns_alarms` | -| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs\_alb\_service\_task | All outputs from `module.ecs_alb_service_task` | -| ecs\_cloudwatch\_autoscaling | All outputs from `module.ecs_cloudwatch_autoscaling` | -| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | -| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | -| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs\_exec\_role\_policy\_name | ECS service role name | -| ecs\_service\_name | ECS Service name | -| ecs\_service\_role\_arn | ECS Service role ARN | -| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | -| ecs\_task\_definition\_family | ECS task definition family | -| ecs\_task\_definition\_revision | ECS task definition revision | -| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | -| ecs\_task\_exec\_role\_name | ECS Task role name | -| ecs\_task\_role\_arn | ECS Task role ARN | -| ecs\_task\_role\_id | ECS Task role id | -| ecs\_task\_role\_name | ECS Task role name | -| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | +| [alb\_ingress](#output\_alb\_ingress) | All outputs from `module.alb_ingress` | +| [alb\_ingress\_target\_group\_arn](#output\_alb\_ingress\_target\_group\_arn) | ALB Target Group ARN | +| [alb\_ingress\_target\_group\_arn\_suffix](#output\_alb\_ingress\_target\_group\_arn\_suffix) | ALB Target Group ARN suffix | +| [alb\_ingress\_target\_group\_name](#output\_alb\_ingress\_target\_group\_name) | ALB Target Group name | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#output\_alb\_target\_group\_cloudwatch\_sns\_alarms) | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` | +| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | All outputs from `aws_cloudwatch_log_group.app` | +| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Cloudwatch log group ARN | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Cloudwatch log group name | +| [codebuild](#output\_codebuild) | All outputs from `module.ecs_codepipeline` | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_webhook\_id](#output\_codepipeline\_webhook\_id) | The CodePipeline webhook's ID | +| [codepipeline\_webhook\_url](#output\_codepipeline\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| [container\_definition](#output\_container\_definition) | All outputs from `module.container_definition` | +| [container\_definition\_json](#output\_container\_definition\_json) | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| [container\_definition\_json\_map](#output\_container\_definition\_json\_map) | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| [ecr](#output\_ecr) | All outputs from `module.ecr` | +| [ecr\_registry\_id](#output\_ecr\_registry\_id) | Registry ID | +| [ecr\_registry\_url](#output\_ecr\_registry\_url) | Repository URL | +| [ecr\_repository\_arn](#output\_ecr\_repository\_arn) | ARN of ECR repository | +| [ecr\_repository\_name](#output\_ecr\_repository\_name) | Registry name | +| [ecr\_repository\_url](#output\_ecr\_repository\_url) | Repository URL | +| [ecs\_alarms](#output\_ecs\_alarms) | All outputs from `module.ecs_cloudwatch_sns_alarms` | +| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization high CloudWatch metric alarm ARN | +| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization high CloudWatch metric alarm ID | +| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization low CloudWatch metric alarm ARN | +| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization low CloudWatch metric alarm ID | +| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization high CloudWatch metric alarm ARN | +| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization high CloudWatch metric alarm ID | +| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization low CloudWatch metric alarm ARN | +| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization low CloudWatch metric alarm ID | +| [ecs\_alb\_service\_task](#output\_ecs\_alb\_service\_task) | All outputs from `module.ecs_alb_service_task` | +| [ecs\_cloudwatch\_autoscaling](#output\_ecs\_cloudwatch\_autoscaling) | All outputs from `module.ecs_cloudwatch_autoscaling` | +| [ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn) | ARN of the scale down policy | +| [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy | +| [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name | +| [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name | +| [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN | +| [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | ECS task definition family | +| [ecs\_task\_definition\_revision](#output\_ecs\_task\_definition\_revision) | ECS task definition revision | +| [ecs\_task\_exec\_role\_arn](#output\_ecs\_task\_exec\_role\_arn) | ECS Task exec role ARN | +| [ecs\_task\_exec\_role\_name](#output\_ecs\_task\_exec\_role\_name) | ECS Task role name | +| [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | ECS Task role ARN | +| [ecs\_task\_role\_id](#output\_ecs\_task\_role\_id) | ECS Task role id | +| [ecs\_task\_role\_name](#output\_ecs\_task\_role\_name) | ECS Task role name | +| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB 5xx count CloudWatch metric alarm ARN | +| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB 5xx count CloudWatch metric alarm ID | +| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 3xx count CloudWatch metric alarm ID | +| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 4xx count CloudWatch metric alarm ID | +| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 5xx count CloudWatch metric alarm ID | +| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group response time average CloudWatch metric alarm ARN | +| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id) | ALB Target Group response time average CloudWatch metric alarm ID | diff --git a/README.yaml b/README.yaml index 3e37d659..76a78ad1 100644 --- a/README.yaml +++ b/README.yaml @@ -100,7 +100,7 @@ usage: |- alb_ingress_unauthenticated_paths = ["/*"] codepipeline_enabled = false - environment = [ + container_environment = [ { name = "COOKIE" value = "cookiemonster" diff --git a/docs/terraform.md b/docs/terraform.md index 2dbe0ed2..5a0a682c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,263 +3,263 @@ | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | +| [aws](#provider\_aws) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| alb_ingress | cloudposse/alb-ingress/aws | 0.20.0 | -| alb_target_group_cloudwatch_sns_alarms | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| container_definition | cloudposse/ecs-container-definition/aws | 0.55.0 | -| ecr | cloudposse/ecr/aws | 0.32.2 | -| ecs_alb_service_task | cloudposse/ecs-alb-service-task/aws | 0.47.0 | -| ecs_cloudwatch_autoscaling | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | -| ecs_cloudwatch_sns_alarms | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| ecs_codepipeline | cloudposse/ecs-codepipeline/aws | 0.24.0 | -| this | cloudposse/label/null | 0.24.1 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| alb\_arn\_suffix | ARN suffix of the ALB for the Target Group | `string` | `""` | no | -| alb\_container\_name | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | -| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | -| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | -| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | -| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | -| alb\_ingress\_enable\_default\_target\_group | If true, create a default target group for the ALB ingress | `bool` | `true` | no | -| alb\_ingress\_healthcheck\_path | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | -| alb\_ingress\_healthcheck\_protocol | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | -| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | -| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | -| alb\_ingress\_target\_group\_arn | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | -| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | -| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | -| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | -| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | -| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | -| alb\_target\_group\_alarms\_3xx\_threshold | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_4xx\_threshold | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_5xx\_threshold | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | -| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | -| alb\_target\_group\_alarms\_evaluation\_periods | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no | -| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no | -| alb\_target\_group\_alarms\_period | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | -| alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no | -| assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no | -| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | -| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | -| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | -| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | -| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | -| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | -| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | -| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no | -| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | -| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | -| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | -| autoscaling\_dimension | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no | -| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | -| autoscaling\_max\_capacity | Maximum number of running instances of a Service | `number` | `2` | no | -| autoscaling\_min\_capacity | Minimum number of running instances of a Service | `number` | `1` | no | -| autoscaling\_scale\_down\_adjustment | Scaling adjustment to make during scale down event | `number` | `-1` | no | -| autoscaling\_scale\_down\_cooldown | Period (in seconds) to wait between scale down events | `number` | `300` | no | -| autoscaling\_scale\_up\_adjustment | Scaling adjustment to make during scale up event | `number` | `1` | no | -| autoscaling\_scale\_up\_cooldown | Period (in seconds) to wait between scale up events | `number` | `60` | no | -| aws\_logs\_prefix | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | -| aws\_logs\_region | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | -| build\_environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| capacity\_provider\_strategies | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | -| cloudwatch\_log\_group\_enabled | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | -| codepipeline\_build\_cache\_bucket\_suffix\_enabled | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | -| codepipeline\_build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | -| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| command | The command that is passed to the container | `list(string)` | `null` | no | -| container\_cpu | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | -| container\_definition | Override the main container\_definition | `string` | `""` | no | -| container\_environment | The environment variables to pass to the container. This is a list of maps | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | -| container\_image | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no | -| container\_memory | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | -| container\_memory\_reservation | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | -| container\_port | The port number on the container bound to assigned host\_port | `number` | `80` | no | -| container\_start\_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | -| container\_stop\_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| deployment\_controller\_type | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | -| desired\_count | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | -| ecr\_image\_tag\_mutability | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | -| ecr\_scan\_images\_on\_push | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | -| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_cpu\_utilization\_high\_threshold | The maximum percentage of CPU utilization average | `number` | `80` | no | -| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_cpu\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_cpu\_utilization\_low\_threshold | The minimum percentage of CPU utilization average | `number` | `20` | no | -| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | -| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_high\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_memory\_utilization\_high\_threshold | The maximum percentage of Memory utilization average | `number` | `80` | no | -| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods | Number of periods to evaluate for the alarm | `number` | `1` | no | -| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | -| ecs\_alarms\_memory\_utilization\_low\_period | Duration in seconds to evaluate for the alarm | `number` | `300` | no | -| ecs\_alarms\_memory\_utilization\_low\_threshold | The minimum percentage of Memory utilization average | `number` | `20` | no | -| ecs\_cluster\_arn | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | -| ecs\_cluster\_name | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | -| ecs\_private\_subnet\_ids | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | -| ecs\_security\_group\_ids | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| entrypoint | The entry point that is passed to the container | `list(string)` | `null` | no | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| github\_oauth\_token | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | -| healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| ignore\_changes\_task\_definition | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | -| init\_containers | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | -| log\_driver | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | -| log\_retention\_in\_days | The number of days to retain logs for the log group | `number` | `90` | no | -| map\_container\_environment | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | -| mount\_points | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| nlb\_cidr\_blocks | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | -| nlb\_container\_name | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | -| nlb\_container\_port | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | -| nlb\_ingress\_target\_group\_arn | Target group ARN of the NLB ingress | `string` | `""` | no | -| platform\_version | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| port\_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | -| privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region for S3 bucket | `string` | `null` | no | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | -| repo\_owner | GitHub Organization or Username | `string` | `""` | no | -| secrets | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | -| service\_registries | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| system\_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| task\_cpu | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | -| task\_memory | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | -| ulimits | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | -| use\_alb\_security\_group | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | -| use\_ecr\_image | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | -| use\_nlb\_cidr\_blocks | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | -| volumes | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
    efs_volume_configuration = list(object({
      file_system_id          = string
      root_directory          = string
      transit_encryption      = string
      transit_encryption_port = string
      authorization_config = list(object({
        access_point_id = string
        iam             = string
      }))
    }))
  }))
| `[]` | no | -| vpc\_id | The VPC ID where resources are created | `string` | n/a | yes | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no | +| [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | +| [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| [alb\_ingress\_authenticated\_listener\_arns](#input\_alb\_ingress\_authenticated\_listener\_arns) | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | +| [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | +| [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | +| [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | +| [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | +| [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | +| [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | +| [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes | +| [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | +| [alb\_target\_group\_alarms\_alarm\_actions](#input\_alb\_target\_group\_alarms\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_enabled](#input\_alb\_target\_group\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| [alb\_target\_group\_alarms\_evaluation\_periods](#input\_alb\_target\_group\_alarms\_evaluation\_periods) | The number of periods to analyze for ALB CloudWatch Alarms | `number` | `1` | no | +| [alb\_target\_group\_alarms\_insufficient\_data\_actions](#input\_alb\_target\_group\_alarms\_insufficient\_data\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_ok\_actions](#input\_alb\_target\_group\_alarms\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state | `list(string)` | `[]` | no | +| [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | +| [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | +| [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope | `list(string)` | `[]` | no | +| [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | +| [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | +| [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| [authentication\_oidc\_authorization\_endpoint](#input\_authentication\_oidc\_authorization\_endpoint) | OIDC Authorization Endpoint | `string` | `""` | no | +| [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no | +| [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no | +| [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no | +| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope | `list(string)` | `[]` | no | +| [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no | +| [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no | +| [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| [autoscaling\_dimension](#input\_autoscaling\_dimension) | Dimension to autoscale on (valid options: cpu, memory) | `string` | `"memory"` | no | +| [autoscaling\_enabled](#input\_autoscaling\_enabled) | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of running instances of a Service | `number` | `2` | no | +| [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of running instances of a Service | `number` | `1` | no | +| [autoscaling\_scale\_down\_adjustment](#input\_autoscaling\_scale\_down\_adjustment) | Scaling adjustment to make during scale down event | `number` | `-1` | no | +| [autoscaling\_scale\_down\_cooldown](#input\_autoscaling\_scale\_down\_cooldown) | Period (in seconds) to wait between scale down events | `number` | `300` | no | +| [autoscaling\_scale\_up\_adjustment](#input\_autoscaling\_scale\_up\_adjustment) | Scaling adjustment to make during scale up event | `number` | `1` | no | +| [autoscaling\_scale\_up\_cooldown](#input\_autoscaling\_scale\_up\_cooldown) | Period (in seconds) to wait between scale up events | `number` | `60` | no | +| [aws\_logs\_prefix](#input\_aws\_logs\_prefix) | Custom AWS Logs prefix. If empty name from label module will be used | `string` | `""` | no | +| [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | +| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | +| [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | +| [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | +| [container\_definition](#input\_container\_definition) | Override the main container\_definition | `string` | `""` | no | +| [container\_environment](#input\_container\_environment) | The environment variables to pass to the container. This is a list of maps | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | +| [container\_image](#input\_container\_image) | The default container image to use in container definition | `string` | `"cloudposse/default-backend"` | no | +| [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | +| [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | +| [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no | +| [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | +| [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | +| [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_period](#input\_ecs\_alarms\_cpu\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_cpu\_utilization\_high\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_high\_threshold) | The maximum percentage of CPU utilization average | `number` | `80` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_cpu\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_cpu\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_period](#input\_ecs\_alarms\_cpu\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_cpu\_utilization\_low\_threshold](#input\_ecs\_alarms\_cpu\_utilization\_low\_threshold) | The minimum percentage of CPU utilization average | `number` | `20` | no | +| [ecs\_alarms\_enabled](#input\_ecs\_alarms\_enabled) | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| [ecs\_alarms\_memory\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_high\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_memory\_utilization\_high\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_high\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_high\_period](#input\_ecs\_alarms\_memory\_utilization\_high\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_memory\_utilization\_high\_threshold](#input\_ecs\_alarms\_memory\_utilization\_high\_threshold) | The maximum percentage of Memory utilization average | `number` | `80` | no | +| [ecs\_alarms\_memory\_utilization\_low\_alarm\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods](#input\_ecs\_alarms\_memory\_utilization\_low\_evaluation\_periods) | Number of periods to evaluate for the alarm | `number` | `1` | no | +| [ecs\_alarms\_memory\_utilization\_low\_ok\_actions](#input\_ecs\_alarms\_memory\_utilization\_low\_ok\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| [ecs\_alarms\_memory\_utilization\_low\_period](#input\_ecs\_alarms\_memory\_utilization\_low\_period) | Duration in seconds to evaluate for the alarm | `number` | `300` | no | +| [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no | +| [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | +| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | +| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | +| [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | +| [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | +| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | +| [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | +| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | +| [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | +| [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | +| [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no | +| [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | +| [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | +| [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | +| [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | +| [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | +| [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | +| [use\_nlb\_cidr\_blocks](#input\_use\_nlb\_cidr\_blocks) | A flag to enable/disable adding the NLB ingress rule to the security group | `bool` | `false` | no | +| [volumes](#input\_volumes) | Task volume definitions as list of configuration objects | 
list(object({
    host_path = string
    name      = string
    docker_volume_configuration = list(object({
      autoprovision = bool
      driver        = string
      driver_opts   = map(string)
      labels        = map(string)
      scope         = string
    }))
    efs_volume_configuration = list(object({
      file_system_id          = string
      root_directory          = string
      transit_encryption      = string
      transit_encryption_port = string
      authorization_config = list(object({
        access_point_id = string
        iam             = string
      }))
    }))
  }))
| `[]` | no | +| [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created | `string` | n/a | yes | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| alb\_ingress | All outputs from `module.alb_ingress` | -| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | -| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | -| alb\_ingress\_target\_group\_name | ALB Target Group name | -| alb\_target\_group\_cloudwatch\_sns\_alarms | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` | -| cloudwatch\_log\_group | All outputs from `aws_cloudwatch_log_group.app` | -| cloudwatch\_log\_group\_arn | Cloudwatch log group ARN | -| cloudwatch\_log\_group\_name | Cloudwatch log group name | -| codebuild | All outputs from `module.ecs_codepipeline` | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| codepipeline\_webhook\_id | The CodePipeline webhook's ID | -| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container\_definition | All outputs from `module.container_definition` | -| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | -| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | -| ecr | All outputs from `module.ecr` | -| ecr\_registry\_id | Registry ID | -| ecr\_registry\_url | Repository URL | -| ecr\_repository\_arn | ARN of ECR repository | -| ecr\_repository\_name | Registry name | -| ecr\_repository\_url | Repository URL | -| ecs\_alarms | All outputs from `module.ecs_cloudwatch_sns_alarms` | -| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs\_alb\_service\_task | All outputs from `module.ecs_alb_service_task` | -| ecs\_cloudwatch\_autoscaling | All outputs from `module.ecs_cloudwatch_autoscaling` | -| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | -| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | -| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs\_exec\_role\_policy\_name | ECS service role name | -| ecs\_service\_name | ECS Service name | -| ecs\_service\_role\_arn | ECS Service role ARN | -| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | -| ecs\_task\_definition\_family | ECS task definition family | -| ecs\_task\_definition\_revision | ECS task definition revision | -| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | -| ecs\_task\_exec\_role\_name | ECS Task role name | -| ecs\_task\_role\_arn | ECS Task role ARN | -| ecs\_task\_role\_id | ECS Task role id | -| ecs\_task\_role\_name | ECS Task role name | -| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | +| [alb\_ingress](#output\_alb\_ingress) | All outputs from `module.alb_ingress` | +| [alb\_ingress\_target\_group\_arn](#output\_alb\_ingress\_target\_group\_arn) | ALB Target Group ARN | +| [alb\_ingress\_target\_group\_arn\_suffix](#output\_alb\_ingress\_target\_group\_arn\_suffix) | ALB Target Group ARN suffix | +| [alb\_ingress\_target\_group\_name](#output\_alb\_ingress\_target\_group\_name) | ALB Target Group name | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#output\_alb\_target\_group\_cloudwatch\_sns\_alarms) | All outputs from `module.alb_target_group_cloudwatch_sns_alarms` | +| [cloudwatch\_log\_group](#output\_cloudwatch\_log\_group) | All outputs from `aws_cloudwatch_log_group.app` | +| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Cloudwatch log group ARN | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Cloudwatch log group name | +| [codebuild](#output\_codebuild) | All outputs from `module.ecs_codepipeline` | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_webhook\_id](#output\_codepipeline\_webhook\_id) | The CodePipeline webhook's ID | +| [codepipeline\_webhook\_url](#output\_codepipeline\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| [container\_definition](#output\_container\_definition) | All outputs from `module.container_definition` | +| [container\_definition\_json](#output\_container\_definition\_json) | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| [container\_definition\_json\_map](#output\_container\_definition\_json\_map) | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| [ecr](#output\_ecr) | All outputs from `module.ecr` | +| [ecr\_registry\_id](#output\_ecr\_registry\_id) | Registry ID | +| [ecr\_registry\_url](#output\_ecr\_registry\_url) | Repository URL | +| [ecr\_repository\_arn](#output\_ecr\_repository\_arn) | ARN of ECR repository | +| [ecr\_repository\_name](#output\_ecr\_repository\_name) | Registry name | +| [ecr\_repository\_url](#output\_ecr\_repository\_url) | Repository URL | +| [ecs\_alarms](#output\_ecs\_alarms) | All outputs from `module.ecs_cloudwatch_sns_alarms` | +| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization high CloudWatch metric alarm ARN | +| [ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization high CloudWatch metric alarm ID | +| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS CPU utilization low CloudWatch metric alarm ARN | +| [ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS CPU utilization low CloudWatch metric alarm ID | +| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization high CloudWatch metric alarm ARN | +| [ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization high CloudWatch metric alarm ID | +| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn) | ECS Memory utilization low CloudWatch metric alarm ARN | +| [ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id](#output\_ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id) | ECS Memory utilization low CloudWatch metric alarm ID | +| [ecs\_alb\_service\_task](#output\_ecs\_alb\_service\_task) | All outputs from `module.ecs_alb_service_task` | +| [ecs\_cloudwatch\_autoscaling](#output\_ecs\_cloudwatch\_autoscaling) | All outputs from `module.ecs_cloudwatch_autoscaling` | +| [ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn) | ARN of the scale down policy | +| [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy | +| [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name | +| [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name | +| [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN | +| [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | ECS task definition family | +| [ecs\_task\_definition\_revision](#output\_ecs\_task\_definition\_revision) | ECS task definition revision | +| [ecs\_task\_exec\_role\_arn](#output\_ecs\_task\_exec\_role\_arn) | ECS Task exec role ARN | +| [ecs\_task\_exec\_role\_name](#output\_ecs\_task\_exec\_role\_name) | ECS Task role name | +| [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | ECS Task role ARN | +| [ecs\_task\_role\_id](#output\_ecs\_task\_role\_id) | ECS Task role id | +| [ecs\_task\_role\_name](#output\_ecs\_task\_role\_name) | ECS Task role name | +| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB 5xx count CloudWatch metric alarm ARN | +| [httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB 5xx count CloudWatch metric alarm ID | +| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 3xx count CloudWatch metric alarm ID | +| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 4xx count CloudWatch metric alarm ID | +| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| [httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id](#output\_httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id) | ALB Target Group 5xx count CloudWatch metric alarm ID | +| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn) | ALB Target Group response time average CloudWatch metric alarm ARN | +| [target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id](#output\_target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id) | ALB Target Group response time average CloudWatch metric alarm ID | From 47d739388287342f2c9817969d2b00e1bcbded97 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Mar 2021 21:04:58 +0000 Subject: [PATCH 33/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.54.2 (#136) * chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.54.2 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitro --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f78041a9..6c4b10b4 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 5a0a682c..c613fece 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.47.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/main.tf b/main.tf index 55a46f7d..bedc4679 100644 --- a/main.tf +++ b/main.tf @@ -128,7 +128,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.47.0" + version = "0.54.2" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From eb22a6a379e22524c38bc2161bc95c4774129be5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 28 Mar 2021 05:07:43 +0000 Subject: [PATCH 34/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.56.0 (#137) * chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.56.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6c4b10b4..25ee04b2 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ Available targets: |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/docs/terraform.md b/docs/terraform.md index c613fece..77dc9ee7 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.55.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/main.tf b/main.tf index bedc4679..99d66edf 100644 --- a/main.tf +++ b/main.tf @@ -62,7 +62,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.55.0" + version = "0.56.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From 53f03ce3ad73012af11304285029d96468976ff9 Mon Sep 17 00:00:00 2001 From: Joe Hosteny Date: Sun, 4 Apr 2021 18:03:30 -0400 Subject: [PATCH 35/82] feat: add optional CDN to codepipeline deploy (#135) --- README.md | 3 +++ docs/terraform.md | 3 +++ main.tf | 4 ++++ variables.tf | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+) diff --git a/README.md b/README.md index 25ee04b2..a410f964 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,9 @@ Available targets: | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | +| [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no | +| [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | | [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | | [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | | [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 77dc9ee7..77807b11 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -99,6 +99,9 @@ | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | +| [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no | +| [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | | [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | | [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | | [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | diff --git a/main.tf b/main.tf index 99d66edf..4b136f80 100644 --- a/main.tf +++ b/main.tf @@ -182,6 +182,10 @@ module "ecs_codepipeline" { privileged_mode = true poll_source_changes = var.poll_source_changes + secondary_artifact_bucket_id = var.codepipeline_cdn_bucket_id + secondary_artifact_encryption_enabled = var.codepipeline_cdn_bucket_encryption_enabled + secondary_artifact_identifier = var.codepipeline_cdn_bucket_buildspec_identifier + webhook_enabled = var.webhook_enabled webhook_target_action = var.webhook_target_action webhook_authentication = var.webhook_authentication diff --git a/variables.tf b/variables.tf index 7e699313..6f5bbb7e 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,24 @@ variable "codepipeline_enabled" { default = true } +variable "codepipeline_cdn_bucket_id" { + type = string + default = null + description = "Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)" +} + +variable "codepipeline_cdn_bucket_encryption_enabled" { + type = bool + default = false + description = "If set to true, enable encryption on the optional CDN asset deployment bucket" +} + +variable "codepipeline_cdn_bucket_buildspec_identifier" { + type = string + default = null + description = "Identifier for buildspec section controlling the optional CDN asset deployment." +} + variable "use_ecr_image" { type = bool description = "If true, use ECR repo URL for image, otherwise use value in container_image" From 936540c43799102e0e81e276b1dd25f9d69090fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 4 Apr 2021 22:14:43 +0000 Subject: [PATCH 36/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.55.0 (#139) * chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.55.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: Nuru --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a410f964..dab80635 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 77807b11..293c8fb6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.54.2 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/main.tf b/main.tf index 4b136f80..540e9579 100644 --- a/main.tf +++ b/main.tf @@ -128,7 +128,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.54.2" + version = "0.55.0" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 20a8d1c697662c794c887ab7cc524f37ab7a3be7 Mon Sep 17 00:00:00 2001 From: Joe Hosteny Date: Fri, 9 Apr 2021 10:28:05 -0400 Subject: [PATCH 37/82] feat: update to use latest ALB ingress module (#140) --- README.md | 6 +++--- docs/terraform.md | 6 +++--- main.tf | 8 +++----- variables.tf | 12 ++++++------ 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index dab80635..b79fc5b8 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | @@ -223,7 +223,7 @@ Available targets: | [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope | `list(string)` | `[]` | no | +| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no | | [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | @@ -231,7 +231,7 @@ Available targets: | [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no | | [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no | | [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no | -| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope | `list(string)` | `[]` | no | +| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP) | `string` | `null` | no | | [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no | | [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no | | [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 293c8fb6..9684b24d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -16,7 +16,7 @@ | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.20.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | @@ -67,7 +67,7 @@ | [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope | `list(string)` | `[]` | no | +| [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no | | [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_domain](#input\_authentication\_cognito\_user\_pool\_domain) | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | @@ -75,7 +75,7 @@ | [authentication\_oidc\_client\_id](#input\_authentication\_oidc\_client\_id) | OIDC Client ID | `string` | `""` | no | | [authentication\_oidc\_client\_secret](#input\_authentication\_oidc\_client\_secret) | OIDC Client Secret | `string` | `""` | no | | [authentication\_oidc\_issuer](#input\_authentication\_oidc\_issuer) | OIDC Issuer | `string` | `""` | no | -| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope | `list(string)` | `[]` | no | +| [authentication\_oidc\_scope](#input\_authentication\_oidc\_scope) | OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP) | `string` | `null` | no | | [authentication\_oidc\_token\_endpoint](#input\_authentication\_oidc\_token\_endpoint) | OIDC Token Endpoint | `string` | `""` | no | | [authentication\_oidc\_user\_info\_endpoint](#input\_authentication\_oidc\_user\_info\_endpoint) | OIDC User Info Endpoint | `string` | `""` | no | | [authentication\_type](#input\_authentication\_type) | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | diff --git a/main.tf b/main.tf index 540e9579..379a383b 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.20.0" + version = "0.23.0" vpc_id = var.vpc_id port = var.container_port @@ -39,10 +39,8 @@ module "alb_ingress" { authenticated_priority = var.alb_ingress_listener_authenticated_priority unauthenticated_priority = var.alb_ingress_listener_unauthenticated_priority - unauthenticated_listener_arns = var.alb_ingress_unauthenticated_listener_arns - unauthenticated_listener_arns_count = var.alb_ingress_unauthenticated_listener_arns_count - authenticated_listener_arns = var.alb_ingress_authenticated_listener_arns - authenticated_listener_arns_count = var.alb_ingress_authenticated_listener_arns_count + unauthenticated_listener_arns = var.alb_ingress_unauthenticated_listener_arns + authenticated_listener_arns = var.alb_ingress_authenticated_listener_arns authentication_type = var.authentication_type authentication_cognito_user_pool_arn = var.authentication_cognito_user_pool_arn diff --git a/variables.tf b/variables.tf index 6f5bbb7e..e7d0bfd6 100644 --- a/variables.tf +++ b/variables.tf @@ -820,9 +820,9 @@ variable "authentication_cognito_user_pool_domain" { } variable "authentication_cognito_scope" { - type = list(string) - description = "Cognito scope" - default = [] + type = string + description = "Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)" + default = null } variable "authentication_oidc_client_id" { @@ -862,9 +862,9 @@ variable "authentication_oidc_user_info_endpoint" { } variable "authentication_oidc_scope" { - type = list(string) - description = "OIDC scope" - default = [] + type = string + description = "OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP)" + default = null } variable "codepipeline_build_cache_bucket_suffix_enabled" { From b84ca6fe3beefa9282761e2adc28243ec9c20127 Mon Sep 17 00:00:00 2001 From: Frank <639906+syphernl@users.noreply.github.com> Date: Fri, 9 Apr 2021 21:38:43 +0200 Subject: [PATCH 38/82] feat: add force_new_deployment variable (#138) * feat: add force_new_deployment variable * Update validate-codeowners.yml Co-authored-by: Nuru Co-authored-by: nitro Co-authored-by: Matt Gowie --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index b79fc5b8..9a9ebcb8 100644 --- a/README.md +++ b/README.md @@ -304,6 +304,7 @@ Available targets: | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | | [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 9684b24d..e2927316 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -148,6 +148,7 @@ | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | | [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | diff --git a/main.tf b/main.tf index 379a383b..6d41161a 100644 --- a/main.tf +++ b/main.tf @@ -152,6 +152,7 @@ module "ecs_alb_service_task" { volumes = var.volumes ecs_load_balancers = local.load_balancers deployment_controller_type = var.deployment_controller_type + force_new_deployment = var.force_new_deployment context = module.this.context } diff --git a/variables.tf b/variables.tf index e7d0bfd6..307d0fa3 100644 --- a/variables.tf +++ b/variables.tf @@ -929,3 +929,9 @@ variable "ecr_image_tag_mutability" { default = "IMMUTABLE" description = "The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE`" } + +variable "force_new_deployment" { + type = bool + description = "Enable to force a new task deployment of the service." + default = false +} From 44b689b7d7d17f845758dc2db872bc915c7653d6 Mon Sep 17 00:00:00 2001 From: Maeghan Porter <80358403+maeghan-porter@users.noreply.github.com> Date: Thu, 22 Apr 2021 18:51:14 -0300 Subject: [PATCH 39/82] Add Usage of the repository_credentials (#142) * Adding a variable for utillizing the repository_credentials variable in the task definition * Auto Format * Ran fmt * Fix issue with null variable * Update to use a map instead of a string to match what the container definition module expects. * Auto Format * Update to use a map instead of a string to match what the container definition module expects. * Auto Format * Update readme * fix variable name * Change default from empty map to null * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 4 ++-- docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9a9ebcb8..3d9785dd 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ + # terraform-aws-ecs-web-app [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecs-web-app?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dbb22a15c2e97b3b73ab484) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-web-app.svg)](https://github.com/cloudposse/terraform-aws-ecs-web-app/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) @@ -29,7 +30,6 @@ A Terraform module which implements a web app on ECS and supporting AWS resources. - --- This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. @@ -60,7 +60,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are - ## Security & Compliance [](https://bridgecrew.io/) Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. @@ -268,6 +267,7 @@ Available targets: | [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | | [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | | [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no | +| [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no | | [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | diff --git a/docs/terraform.md b/docs/terraform.md index e2927316..befab640 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -112,6 +112,7 @@ | [container\_memory](#input\_container\_memory) | The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `512` | no | | [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than `container_memory` if set | `number` | `128` | no | | [container\_port](#input\_container\_port) | The port number on the container bound to assigned host\_port | `number` | `80` | no | +| [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no | | [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | diff --git a/main.tf b/main.tf index 6d41161a..5dfca3c4 100644 --- a/main.tf +++ b/main.tf @@ -80,6 +80,7 @@ module "container_definition" { command = var.command mount_points = var.mount_points container_depends_on = local.container_depends_on + repository_credentials = var.container_repo_credentials log_configuration = var.cloudwatch_log_group_enabled ? { logDriver = var.log_driver diff --git a/variables.tf b/variables.tf index 307d0fa3..94b74bdb 100644 --- a/variables.tf +++ b/variables.tf @@ -40,6 +40,12 @@ variable "container_image" { default = "cloudposse/default-backend" } +variable "container_repo_credentials" { + type = map(string) + default = null + description = "Container repository credentials; required when using a private repo. This map currently supports a single key; \"credentialsParameter\", which should be the ARN of a Secrets Manager's secret holding the credentials" +} + variable "ecr_scan_images_on_push" { type = bool description = "Indicates whether images are scanned after being pushed to the repository (true) or not (false)" From 8f5b97fecbfca217daf21a58dac9e2c2add1de96 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 26 Apr 2021 10:41:33 +0000 Subject: [PATCH 40/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.55.1 (#143) * chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.55.1 * Auto Format * trigger GH actions Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: SweetOps --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3d9785dd..d0a0931f 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/docs/terraform.md b/docs/terraform.md index befab640..e527053c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | diff --git a/main.tf b/main.tf index 5dfca3c4..0d694cb9 100644 --- a/main.tf +++ b/main.tf @@ -127,7 +127,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.55.0" + version = "0.55.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 83474d9386d11a7efb7147d4abfd3f10bf2e7d38 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 26 Apr 2021 11:05:43 +0000 Subject: [PATCH 41/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.26.0 (#144) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.26.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: Vladimir --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d0a0931f..53910cd3 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.26.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index e527053c..3298555f 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.24.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.26.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/main.tf b/main.tf index 0d694cb9..14fad2de 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.24.0" + version = "0.26.0" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From 7b0019811fed978acb6cf7d5d77e72d017833f33 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Fri, 30 Apr 2021 12:23:21 +1000 Subject: [PATCH 42/82] Support 'type' key in Codebuild environment variables (#146) * Support type attribute in Codebuild environment variables * Auto Format * bump version of codepipeline module * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 4 ++-- docs/terraform.md | 4 ++-- examples/complete/fixtures.us-east-2.tfvars | 8 ++++++++ main.tf | 3 ++- variables.tf | 3 ++- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 53910cd3..2e90dd8d 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.26.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.27.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources @@ -246,7 +246,7 @@ Available targets: | [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | | [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | | [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | -| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | 
list(object(
    {
      name  = string
      value = string
      type  = string
  }))
| `[]` | no | | [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | | [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | | [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 3298555f..e87f0fd6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.26.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.27.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources @@ -91,7 +91,7 @@ | [aws\_logs\_region](#input\_aws\_logs\_region) | The region for the AWS Cloudwatch Logs group | `string` | `null` | no | | [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | | [branch](#input\_branch) | Branch of the GitHub repository, e.g. `master` | `string` | `""` | no | -| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [build\_environment\_variables](#input\_build\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | 
list(object(
    {
      name  = string
      value = string
      type  = string
  }))
| `[]` | no | | [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | | [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | | [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index e3a2e171..66d5cb23 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -130,4 +130,12 @@ codepipeline_build_image = "aws/codebuild/docker:17.09.0" codepipeline_build_timeout = 20 +build_environment_variables = [ + { + name = "TEST" + value = "TEST" + type = "PLAINTEXT" + } +] + container_environment = [] diff --git a/main.tf b/main.tf index 14fad2de..873c6852 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.26.0" + version = "0.27.0" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token @@ -200,6 +200,7 @@ module "ecs_codepipeline" { { name = "CONTAINER_NAME" value = module.this.id + type = "PLAINTEXT" } ] ) diff --git a/variables.tf b/variables.tf index 94b74bdb..66c01925 100644 --- a/variables.tf +++ b/variables.tf @@ -675,10 +675,11 @@ variable "build_environment_variables" { { name = string value = string + type = string })) default = [] - description = "A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build" + description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'" } variable "build_timeout" { From 7a93a4c2d0003c545857ef2e678bce1d3314b865 Mon Sep 17 00:00:00 2001 From: Frank <639906+syphernl@users.noreply.github.com> Date: Wed, 26 May 2021 15:48:08 +0200 Subject: [PATCH 43/82] feat: add exec support to task (#148) --- README.md | 8 ++++---- docs/terraform.md | 5 +++-- main.tf | 1 + variables.tf | 6 ++++++ versions.tf | 2 +- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2e90dd8d..f9710e3e 100644 --- a/README.md +++ b/README.md @@ -159,13 +159,13 @@ Available targets: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 3.34 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 3.34 | ## Modules @@ -304,6 +304,7 @@ Available targets: | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no | | [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | @@ -433,6 +434,7 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) + ## Related Projects Check out these related projects. @@ -449,8 +451,6 @@ Check out these related projects. - [terraform-aws-eks-workers](https://github.com/cloudposse/terraform-aws-eks-workers) - Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers - [terraform-aws-ec2-autoscale-group](https://github.com/cloudposse/terraform-aws-ec2-autoscale-group) - Terraform module to provision Auto Scaling Group and Launch Template on AWS - - ## Help **Got a question?** We got answers. diff --git a/docs/terraform.md b/docs/terraform.md index e87f0fd6..25c893b7 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,13 +4,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 3.34 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 3.34 | ## Modules @@ -149,6 +149,7 @@ | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no | | [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | | [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | diff --git a/main.tf b/main.tf index 873c6852..2ad19bed 100644 --- a/main.tf +++ b/main.tf @@ -154,6 +154,7 @@ module "ecs_alb_service_task" { ecs_load_balancers = local.load_balancers deployment_controller_type = var.deployment_controller_type force_new_deployment = var.force_new_deployment + exec_enabled = var.exec_enabled context = module.this.context } diff --git a/variables.tf b/variables.tf index 66c01925..61b6698e 100644 --- a/variables.tf +++ b/variables.tf @@ -942,3 +942,9 @@ variable "force_new_deployment" { description = "Enable to force a new task deployment of the service." default = false } + +variable "exec_enabled" { + type = bool + description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service" + default = false +} \ No newline at end of file diff --git a/versions.tf b/versions.tf index 5b2c49b9..a0be7256 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" + version = ">= 3.34" } } } From 2fa5debcc0304c0f20e5bb160cfd30b2d21f007a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Jul 2021 21:56:11 +0000 Subject: [PATCH 44/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.57.0 (#150) * chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.57.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f9710e3e..c34f7998 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ Available targets: |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.57.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 25c893b7..0c1e8fcd 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.56.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.57.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | diff --git a/main.tf b/main.tf index 2ad19bed..4b669590 100644 --- a/main.tf +++ b/main.tf @@ -60,7 +60,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.56.0" + version = "0.57.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From 68b4a99db47c85b61fa35923b71faf95212dfb34 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney <716806+kevcube@users.noreply.github.com> Date: Thu, 22 Jul 2021 12:20:31 -0600 Subject: [PATCH 45/82] Enable setting custom task policy/role (#155) --- README.md | 2 ++ docs/terraform.md | 2 ++ main.tf | 2 ++ variables.tf | 14 +++++++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c34f7998..4922220f 100644 --- a/README.md +++ b/README.md @@ -343,6 +343,8 @@ Available targets: | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no | | [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | | [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | | [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 0c1e8fcd..0c093438 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -188,6 +188,8 @@ | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | +| [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no | | [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | | [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | | [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 4b669590..9b9993bf 100644 --- a/main.tf +++ b/main.tf @@ -155,6 +155,8 @@ module "ecs_alb_service_task" { deployment_controller_type = var.deployment_controller_type force_new_deployment = var.force_new_deployment exec_enabled = var.exec_enabled + task_policy_arns = var.task_policy_arns + task_role_arn = var.task_role_arn context = module.this.context } diff --git a/variables.tf b/variables.tf index 61b6698e..aa7f5034 100644 --- a/variables.tf +++ b/variables.tf @@ -88,6 +88,18 @@ variable "task_memory" { default = null } +variable "task_role_arn" { + type = string + description = "The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services" + default = "" +} + +variable "task_policy_arns" { + type = list(string) + description = "A list of IAM Policy ARNs to attach to the generated task role." + default = [] +} + variable "ignore_changes_task_definition" { type = bool description = "Ignore changes (like environment variables) to the ECS task definition" @@ -947,4 +959,4 @@ variable "exec_enabled" { type = bool description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service" default = false -} \ No newline at end of file +} From 2549e338a86ab70269e0a2b178561611b2da0b0a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 1 Aug 2021 03:48:28 +0000 Subject: [PATCH 46/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.58.0 (#157) * chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.58.0 * Auto Format * Add readOnly * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode --- README.md | 4 ++-- docs/terraform.md | 4 ++-- main.tf | 2 +- variables.tf | 1 + 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4922220f..90833def 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ Available targets: |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.57.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | @@ -321,7 +321,7 @@ Available targets: | [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | | [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | -| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | +| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | | [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 0c093438..9abca083 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.57.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | @@ -166,7 +166,7 @@ | [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | | [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | -| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
  }))
| `[]` | no | +| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | | [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 9b9993bf..55923d3a 100644 --- a/main.tf +++ b/main.tf @@ -60,7 +60,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.57.0" + version = "0.58.0" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory diff --git a/variables.tf b/variables.tf index aa7f5034..99ec2d6f 100644 --- a/variables.tf +++ b/variables.tf @@ -229,6 +229,7 @@ variable "mount_points" { type = list(object({ containerPath = string sourceVolume = string + readOnly = bool })) description = "Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`" From a91751faed0971d5d6eae206b4ca4e9d5d7655de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Aug 2021 12:06:37 +0000 Subject: [PATCH 47/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.0 (#145) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 90833def..8f205947 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.27.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index 9abca083..2f4199e3 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.27.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources diff --git a/main.tf b/main.tf index 55923d3a..7f487099 100644 --- a/main.tf +++ b/main.tf @@ -164,7 +164,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.27.0" + version = "0.28.0" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From 5f9216f1effa71200fa8e9df3cabb474b28754f0 Mon Sep 17 00:00:00 2001 From: Jakub Andrzejewski Date: Wed, 18 Aug 2021 14:41:03 +0200 Subject: [PATCH 48/82] add option for ecs managed tags (#161) * add option for ecs managed tags Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 ++ docs/terraform.md | 2 ++ main.tf | 2 ++ variables.tf | 12 ++++++++++++ 4 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 8f205947..8e6ab86b 100644 --- a/README.md +++ b/README.md @@ -301,6 +301,7 @@ Available targets: | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | | [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | @@ -332,6 +333,7 @@ Available targets: | [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | +| [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 2f4199e3..1f693427 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -146,6 +146,7 @@ | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | | [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | @@ -177,6 +178,7 @@ | [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | +| [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | diff --git a/main.tf b/main.tf index 7f487099..fc3ea73a 100644 --- a/main.tf +++ b/main.tf @@ -157,6 +157,8 @@ module "ecs_alb_service_task" { exec_enabled = var.exec_enabled task_policy_arns = var.task_policy_arns task_role_arn = var.task_role_arn + propagate_tags = var.propagate_tags + enable_ecs_managed_tags = var.enable_ecs_managed_tags context = module.this.context } diff --git a/variables.tf b/variables.tf index 99ec2d6f..9555547c 100644 --- a/variables.tf +++ b/variables.tf @@ -961,3 +961,15 @@ variable "exec_enabled" { description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service" default = false } + +variable "propagate_tags" { + type = string + description = "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION" + default = null +} + +variable "enable_ecs_managed_tags" { + type = bool + description = "Specifies whether to enable Amazon ECS managed tags for the tasks within the service" + default = false +} From 24b941eae184bc8219d5435d6538765f940ed7cf Mon Sep 17 00:00:00 2001 From: Dmytro Shamenko Date: Wed, 18 Aug 2021 17:06:23 +0300 Subject: [PATCH 49/82] Added few variables to enable HealthCheck configuration of the ALB (#160) * Added few variables to enable HealthCheck configuration of the ALB * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode --- README.md | 4 ++++ docs/terraform.md | 4 ++++ main.tf | 16 ++++++++++------ variables.tf | 24 ++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 8e6ab86b..a2bde9e0 100644 --- a/README.md +++ b/README.md @@ -200,6 +200,10 @@ Available targets: | [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | | [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | | [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | +| [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no | +| [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no | +| [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | +| [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | | [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | | [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | | [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 1f693427..fd9d8dd0 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -45,6 +45,10 @@ | [alb\_ingress\_authenticated\_listener\_arns\_count](#input\_alb\_ingress\_authenticated\_listener\_arns\_count) | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | | [alb\_ingress\_authenticated\_paths](#input\_alb\_ingress\_authenticated\_paths) | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | | [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | +| [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no | +| [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no | +| [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | +| [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | | [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | | [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | | [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | diff --git a/main.tf b/main.tf index fc3ea73a..47b94473 100644 --- a/main.tf +++ b/main.tf @@ -24,12 +24,16 @@ module "alb_ingress" { source = "cloudposse/alb-ingress/aws" version = "0.23.0" - vpc_id = var.vpc_id - port = var.container_port - health_check_path = var.alb_ingress_healthcheck_path - health_check_protocol = var.alb_ingress_healthcheck_protocol - default_target_group_enabled = var.alb_ingress_enable_default_target_group - target_group_arn = var.alb_ingress_target_group_arn + vpc_id = var.vpc_id + port = var.container_port + health_check_path = var.alb_ingress_healthcheck_path + health_check_protocol = var.alb_ingress_healthcheck_protocol + health_check_healthy_threshold = var.alb_ingress_health_check_healthy_threshold + health_check_interval = var.alb_ingress_health_check_interval + health_check_timeout = var.alb_ingress_health_check_timeout + health_check_unhealthy_threshold = var.alb_ingress_health_check_unhealthy_threshold + default_target_group_enabled = var.alb_ingress_enable_default_target_group + target_group_arn = var.alb_ingress_target_group_arn authenticated_paths = var.alb_ingress_authenticated_paths unauthenticated_paths = var.alb_ingress_unauthenticated_paths diff --git a/variables.tf b/variables.tf index 9555547c..6377c08f 100644 --- a/variables.tf +++ b/variables.tf @@ -410,6 +410,30 @@ variable "alb_ingress_healthcheck_protocol" { description = "The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`" } +variable "alb_ingress_health_check_healthy_threshold" { + type = number + default = 2 + description = "The number of consecutive health checks successes required before healthy" +} + +variable "alb_ingress_health_check_unhealthy_threshold" { + type = number + default = 2 + description = "The number of consecutive health check failures required before unhealthy" +} + +variable "alb_ingress_health_check_interval" { + type = number + default = 15 + description = "The duration in seconds in between health checks" +} + +variable "alb_ingress_health_check_timeout" { + type = number + default = 10 + description = "The amount of time to wait in seconds before failing a health check request" +} + variable "alb_ingress_listener_unauthenticated_priority" { type = number default = 1000 From f772f5f80e38314171e25054dfa4e01c4d4a635d Mon Sep 17 00:00:00 2001 From: "Cloud Posse Bot (CI/CD)" Date: Fri, 20 Aug 2021 20:18:33 -0700 Subject: [PATCH 50/82] Update context.tf from origin source (#163) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 33 ++++++----- context.tf | 109 ++++++++++++++++++++++++++++++----- docs/terraform.md | 33 ++++++----- examples/complete/context.tf | 109 ++++++++++++++++++++++++++++++----- 4 files changed, 222 insertions(+), 62 deletions(-) diff --git a/README.md b/README.md index a2bde9e0..ccfdabcb 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ Available targets: | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -192,7 +192,7 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no | | [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | | [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | @@ -225,7 +225,7 @@ Available targets: | [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | | [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no | | [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | @@ -274,9 +274,10 @@ Available targets: | [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no | | [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | | [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | @@ -308,7 +309,7 @@ Available targets: | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no | | [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | @@ -316,19 +317,20 @@ Available targets: | [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | | [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | | [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | @@ -338,19 +340,20 @@ Available targets: | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | | [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | | [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | | [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no | | [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no | +| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | | [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | | [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | diff --git a/context.tf b/context.tf index 81f99b4e..5e0ef885 100644 --- a/context.tf +++ b/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -20,10 +22,11 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -36,6 +39,8 @@ module "this" { id_length_limit = var.id_length_limit label_key_case = var.label_key_case label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -47,6 +52,7 @@ variable "context" { default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -59,6 +65,15 @@ variable "context" { id_length_limit = null label_key_case = null label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -88,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -121,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -161,7 +214,7 @@ variable "id_length_limit" { description = <<-EOT Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT validation { @@ -174,7 +227,8 @@ variable "label_key_case" { type = string default = null description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -189,8 +243,11 @@ variable "label_value_case" { type = string default = null description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. Default value: `lower`. EOT @@ -199,4 +256,24 @@ variable "label_value_case" { error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT +} + #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/terraform.md b/docs/terraform.md index fd9d8dd0..d9d7b014 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -24,7 +24,7 @@ | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | +| [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -37,7 +37,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [alb\_arn\_suffix](#input\_alb\_arn\_suffix) | ARN suffix of the ALB for the Target Group | `string` | `""` | no | | [alb\_container\_name](#input\_alb\_container\_name) | The name of the container to associate with the ALB. If not provided, the generated container will be used | `string` | `null` | no | | [alb\_ingress\_authenticated\_hosts](#input\_alb\_ingress\_authenticated\_hosts) | Authenticated hosts to match in Hosts header | `list(string)` | `[]` | no | @@ -70,7 +70,7 @@ | [alb\_target\_group\_alarms\_period](#input\_alb\_target\_group\_alarms\_period) | The period (in seconds) to analyze for ALB CloudWatch Alarms | `number` | `300` | no | | [alb\_target\_group\_alarms\_response\_time\_threshold](#input\_alb\_target\_group\_alarms\_response\_time\_threshold) | The maximum ALB Target Group response time | `number` | `0.5` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [authentication\_cognito\_scope](#input\_authentication\_cognito\_scope) | Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) | `string` | `null` | no | | [authentication\_cognito\_user\_pool\_arn](#input\_authentication\_cognito\_user\_pool\_arn) | Cognito User Pool ARN | `string` | `""` | no | | [authentication\_cognito\_user\_pool\_client\_id](#input\_authentication\_cognito\_user\_pool\_client\_id) | Cognito User Pool Client ID | `string` | `""` | no | @@ -119,9 +119,10 @@ | [container\_repo\_credentials](#input\_container\_repo\_credentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | `map(string)` | `null` | no | | [container\_start\_timeout](#input\_container\_start\_timeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | [container\_stop\_timeout](#input\_container\_stop\_timeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `30` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | | [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | @@ -153,7 +154,7 @@ | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [exec\_enabled](#input\_exec\_enabled) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no | | [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service. | `bool` | `false` | no | | [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token with permissions to access private repositories | `string` | `""` | no | @@ -161,19 +162,20 @@ | [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | | [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [launch\_type](#input\_launch\_type) | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | | [log\_driver](#input\_log\_driver) | The log driver to use for the container. If using Fargate launch type, only supported value is awslogs | `string` | `"awslogs"` | no | | [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `90` | no | | [map\_container\_environment](#input\_map\_container\_environment) | The environment variables to pass to the container. This is a map of string: {key: value}. `environment` overrides `map_environment` | `map(string)` | `null` | no | | [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | @@ -183,19 +185,20 @@ | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | | [privileged](#input\_privileged) | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value | `string` | `null` | no | | [propagate\_tags](#input\_propagate\_tags) | Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK\_DEFINITION | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | | [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | | [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [system\_controls](#input\_system\_controls) | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | `list(map(string))` | `null` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_memory](#input\_task\_memory) | The amount of memory (in MiB) used by the task. If unspecified, it will default to `container_memory`. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `null` | no | | [task\_policy\_arns](#input\_task\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task role. | `list(string)` | `[]` | no | | [task\_role\_arn](#input\_task\_role\_arn) | The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services | `string` | `""` | no | +| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [ulimits](#input\_ulimits) | The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit" | 
list(object({
    name      = string
    softLimit = number
    hardLimit = number
  }))
| `[]` | no | | [use\_alb\_security\_group](#input\_use\_alb\_security\_group) | A boolean to enable adding an ALB security group rule for the service task | `bool` | `false` | no | | [use\_ecr\_image](#input\_use\_ecr\_image) | If true, use ECR repo URL for image, otherwise use value in container\_image | `bool` | `false` | no | diff --git a/examples/complete/context.tf b/examples/complete/context.tf index 81f99b4e..5e0ef885 100644 --- a/examples/complete/context.tf +++ b/examples/complete/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -20,10 +22,11 @@ module "this" { source = "cloudposse/label/null" - version = "0.24.1" # requires Terraform >= 0.13.0 + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -36,6 +39,8 @@ module "this" { id_length_limit = var.id_length_limit label_key_case = var.label_key_case label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -47,6 +52,7 @@ variable "context" { default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -59,6 +65,15 @@ variable "context" { id_length_limit = null label_key_case = null label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -88,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -121,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -161,7 +214,7 @@ variable "id_length_limit" { description = <<-EOT Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT validation { @@ -174,7 +227,8 @@ variable "label_key_case" { type = string default = null description = <<-EOT - The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper`. Default value: `title`. EOT @@ -189,8 +243,11 @@ variable "label_value_case" { type = string default = null description = <<-EOT - The letter case of output label values (also used in `tags` and `id`). + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. Default value: `lower`. EOT @@ -199,4 +256,24 @@ variable "label_value_case" { error_message = "Allowed values: `lower`, `title`, `upper`, `none`." } } + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT +} + #### End of copy of cloudposse/terraform-null-label/variables.tf From ce7c53a7eb0c75592b67098a043ebe71eab7ab3c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 21 Aug 2021 05:27:26 +0000 Subject: [PATCH 51/82] chore(deps): update terraform cloudposse/ecr/aws to v0.32.3 (#164) * chore(deps): update terraform cloudposse/ecr/aws to v0.32.3 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ccfdabcb..546f44f3 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ Available targets: | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | -| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | diff --git a/docs/terraform.md b/docs/terraform.md index d9d7b014..7e97af07 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -19,7 +19,7 @@ | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | -| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.2 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | diff --git a/main.tf b/main.tf index 47b94473..3c9925cd 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ data "aws_region" "current" {} module "ecr" { source = "cloudposse/ecr/aws" - version = "0.32.2" + version = "0.32.3" enabled = var.codepipeline_enabled attributes = ["ecr"] From f8a1c990ef43511e3701b6cbc12d028a84d36395 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 14:36:54 +0000 Subject: [PATCH 52/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.4 (#158) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.4 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 546f44f3..6e1f0df3 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index 7e97af07..6136f9a4 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.0 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/main.tf b/main.tf index 3c9925cd..6e52191c 100644 --- a/main.tf +++ b/main.tf @@ -170,7 +170,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.28.0" + version = "0.28.4" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From fb167192beb45abed126d4f590832ea71e14e0ef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 14:58:59 +0000 Subject: [PATCH 53/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.1 (#169) * chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.1 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6e1f0df3..063e4c4f 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Available targets: | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.1 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 6136f9a4..873e6958 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -21,7 +21,7 @@ | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.0 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.1 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/main.tf b/main.tf index 6e52191c..5c649f7b 100644 --- a/main.tf +++ b/main.tf @@ -220,7 +220,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.7.0" + version = "0.7.1" name = var.name namespace = var.namespace stage = var.stage From 8a4e8e4722f7b61f2409d1b69c0ab214dd9445a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 15:21:37 +0000 Subject: [PATCH 54/82] chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.16.0 (#170) * chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.16.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 063e4c4f..67d79b7f 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | diff --git a/docs/terraform.md b/docs/terraform.md index 873e6958..239b9848 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -17,7 +17,7 @@ | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.15.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | diff --git a/main.tf b/main.tf index 5c649f7b..ac09dc25 100644 --- a/main.tf +++ b/main.tf @@ -307,7 +307,7 @@ module "ecs_cloudwatch_sns_alarms" { module "alb_target_group_cloudwatch_sns_alarms" { source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws" - version = "0.15.0" + version = "0.16.0" enabled = var.alb_target_group_alarms_enabled alarm_actions = var.alb_target_group_alarms_alarm_actions From c3da196295c1ae2c57f14c3f29e325485d626aef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Nov 2021 17:13:35 +0000 Subject: [PATCH 55/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.24.0 (#154) * chore(deps): update terraform cloudposse/alb-ingress/aws to v0.24.0 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 67d79b7f..e4dea75b 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | diff --git a/docs/terraform.md b/docs/terraform.md index 239b9848..ca259465 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -16,7 +16,7 @@ | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.23.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.0 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | diff --git a/main.tf b/main.tf index ac09dc25..d6f2dfe1 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.23.0" + version = "0.24.0" vpc_id = var.vpc_id port = var.container_port From bd25c0a617a3fdef9cd4a78da937e5b89180a7e7 Mon Sep 17 00:00:00 2001 From: justnom Date: Wed, 17 Nov 2021 19:55:46 -0500 Subject: [PATCH 56/82] Adding ALB stickiness variables (#168) * Adding ALB stickiness * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode --- README.md | 3 +++ docs/terraform.md | 3 +++ main.tf | 4 ++++ variables.tf | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+) diff --git a/README.md b/README.md index e4dea75b..dff56ef3 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,9 @@ Available targets: | [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | | [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | | [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes | +| [alb\_stickiness\_cookie\_duration](#input\_alb\_stickiness\_cookie\_duration) | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no | +| [alb\_stickiness\_enabled](#input\_alb\_stickiness\_enabled) | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no | +| [alb\_stickiness\_type](#input\_alb\_stickiness\_type) | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no | | [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | | [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | | [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | diff --git a/docs/terraform.md b/docs/terraform.md index ca259465..41acadc2 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -59,6 +59,9 @@ | [alb\_ingress\_unauthenticated\_listener\_arns\_count](#input\_alb\_ingress\_unauthenticated\_listener\_arns\_count) | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | | [alb\_ingress\_unauthenticated\_paths](#input\_alb\_ingress\_unauthenticated\_paths) | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no | | [alb\_security\_group](#input\_alb\_security\_group) | Security group of the ALB | `string` | n/a | yes | +| [alb\_stickiness\_cookie\_duration](#input\_alb\_stickiness\_cookie\_duration) | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no | +| [alb\_stickiness\_enabled](#input\_alb\_stickiness\_enabled) | Boolean to enable / disable `stickiness`. Default is `true` | `bool` | `true` | no | +| [alb\_stickiness\_type](#input\_alb\_stickiness\_type) | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no | | [alb\_target\_group\_alarms\_3xx\_threshold](#input\_alb\_target\_group\_alarms\_3xx\_threshold) | The maximum number of 3XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | | [alb\_target\_group\_alarms\_4xx\_threshold](#input\_alb\_target\_group\_alarms\_4xx\_threshold) | The maximum number of 4XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | | [alb\_target\_group\_alarms\_5xx\_threshold](#input\_alb\_target\_group\_alarms\_5xx\_threshold) | The maximum number of 5XX HTTPCodes in a given period for ECS Service | `number` | `25` | no | diff --git a/main.tf b/main.tf index d6f2dfe1..2d676f47 100644 --- a/main.tf +++ b/main.tf @@ -59,6 +59,10 @@ module "alb_ingress" { authentication_oidc_user_info_endpoint = var.authentication_oidc_user_info_endpoint authentication_oidc_scope = var.authentication_oidc_scope + stickiness_cookie_duration = var.alb_stickiness_cookie_duration + stickiness_enabled = var.alb_stickiness_enabled + stickiness_type = var.alb_stickiness_type + context = module.this.context } diff --git a/variables.tf b/variables.tf index 6377c08f..eaec46fe 100644 --- a/variables.tf +++ b/variables.tf @@ -476,6 +476,24 @@ variable "nlb_ingress_target_group_arn" { default = "" } +variable "alb_stickiness_type" { + type = string + default = "lb_cookie" + description = "The type of sticky sessions. The only current possible value is `lb_cookie`" +} + +variable "alb_stickiness_cookie_duration" { + type = number + default = 86400 + description = "The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds)" +} + +variable "alb_stickiness_enabled" { + type = bool + default = true + description = "Boolean to enable / disable `stickiness`. Default is `true`" +} + variable "vpc_id" { type = string description = "The VPC ID where resources are created" From b6031a31fb9c39544af88c01087708407ff6fcc5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 20 Nov 2021 05:35:33 +0000 Subject: [PATCH 57/82] chore(deps): update terraform cloudposse/alb-ingress/aws to v0.24.1 (#171) * chore(deps): update terraform cloudposse/alb-ingress/aws to v0.24.1 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index dff56ef3..395da474 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | diff --git a/docs/terraform.md b/docs/terraform.md index 41acadc2..4d32ae08 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -16,7 +16,7 @@ | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.0 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | diff --git a/main.tf b/main.tf index 2d676f47..f87294b5 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.24.0" + version = "0.24.1" vpc_id = var.vpc_id port = var.container_port From 6213be5dea421515d7c442ee71e3e97fe93f8acd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Nov 2021 17:06:26 +0000 Subject: [PATCH 58/82] chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.16.1 (#172) * chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.16.1 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 395da474..9838b514 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | diff --git a/docs/terraform.md b/docs/terraform.md index 4d32ae08..9d25a1e6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -17,7 +17,7 @@ | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.0 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | diff --git a/main.tf b/main.tf index f87294b5..6aa141a1 100644 --- a/main.tf +++ b/main.tf @@ -311,7 +311,7 @@ module "ecs_cloudwatch_sns_alarms" { module "alb_target_group_cloudwatch_sns_alarms" { source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws" - version = "0.16.0" + version = "0.16.1" enabled = var.alb_target_group_alarms_enabled alarm_actions = var.alb_target_group_alarms_alarm_actions From f43a0ef5c2172034a65a9bed94c0a3edcf767378 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Dec 2021 07:27:03 +0000 Subject: [PATCH 59/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.2 (#173) * chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.2 * Auto Format Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9838b514..024632a1 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Available targets: | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.1 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index 9d25a1e6..a361abac 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -21,7 +21,7 @@ | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.1 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/main.tf b/main.tf index 6aa141a1..f0d91ae3 100644 --- a/main.tf +++ b/main.tf @@ -224,7 +224,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.7.1" + version = "0.7.2" name = var.name namespace = var.namespace stage = var.stage From 87fdfce762127a33e2a0dd90a55b9d396c879036 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bart=C5=82omiej=20Szostek?= Date: Fri, 14 Jan 2022 22:16:08 +0000 Subject: [PATCH 60/82] feat: add network_mode pass-through variable for ECS Service module (#179) * feat: add network_mode pass-through variable for ECS Service module * Auto Format * feat: pass-through variables for ECS circuit breaker * Auto Format * feat: pass-through variables for ECS circuit breaker * Auto Format * feat: enable_all_egress_rule pass-through var * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 12 ++++++--- docs/terraform.md | 10 ++++--- main.tf | 68 +++++++++++++++++++++++++---------------------- variables.tf | 28 +++++++++++++++++-- 4 files changed, 77 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 024632a1..c7905474 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | @@ -258,6 +258,8 @@ Available targets: | [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | | [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | | [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no | +| [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no | | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | @@ -307,8 +309,9 @@ Available targets: | [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no | | [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | -| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | -| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes | +| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no | +| [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no | | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | @@ -334,6 +337,7 @@ Available targets: | [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | +| [network\_mode](#input\_network\_mode) | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type` | `string` | `"awsvpc"` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | @@ -536,7 +540,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) diff --git a/docs/terraform.md b/docs/terraform.md index a361abac..ac55b39b 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.55.1 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | @@ -103,6 +103,8 @@ | [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | | [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | | [capacity\_provider\_strategies](#input\_capacity\_provider\_strategies) | The capacity provider strategies to use for the service. See `capacity_provider_strategy` configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy | 
list(object({
    capacity_provider = string
    weight            = number
    base              = number
  }))
| `[]` | no | +| [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no | +| [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no | | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | @@ -152,8 +154,9 @@ | [ecs\_alarms\_memory\_utilization\_low\_threshold](#input\_ecs\_alarms\_memory\_utilization\_low\_threshold) | The minimum percentage of Memory utilization average | `number` | `20` | no | | [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | -| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto | `list(string)` | n/a | yes | -| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service | `list(string)` | `[]` | no | +| [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes | +| [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no | +| [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no | | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | @@ -179,6 +182,7 @@ | [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume` | 
list(object({
    containerPath = string
    sourceVolume  = string
    readOnly      = bool
  }))
| `[]` | no | | [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | +| [network\_mode](#input\_network\_mode) | The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type` | `string` | `"awsvpc"` | no | | [nlb\_cidr\_blocks](#input\_nlb\_cidr\_blocks) | A list of CIDR blocks to add to the ingress rule for the NLB container port | `list(string)` | `[]` | no | | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | diff --git a/main.tf b/main.tf index f0d91ae3..0671dd34 100644 --- a/main.tf +++ b/main.tf @@ -135,38 +135,42 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.55.1" - - alb_security_group = var.alb_security_group - use_alb_security_group = var.use_alb_security_group - nlb_cidr_blocks = var.nlb_cidr_blocks - use_nlb_cidr_blocks = var.use_nlb_cidr_blocks - container_definition_json = local.all_container_definitions - desired_count = var.desired_count - health_check_grace_period_seconds = var.health_check_grace_period_seconds - task_cpu = coalesce(var.task_cpu, var.container_cpu) - task_memory = coalesce(var.task_memory, var.container_memory) - ignore_changes_task_definition = var.ignore_changes_task_definition - ecs_cluster_arn = var.ecs_cluster_arn - capacity_provider_strategies = var.capacity_provider_strategies - service_registries = var.service_registries - launch_type = var.launch_type - platform_version = var.platform_version - vpc_id = var.vpc_id - assign_public_ip = var.assign_public_ip - security_group_ids = var.ecs_security_group_ids - subnet_ids = var.ecs_private_subnet_ids - container_port = var.container_port - nlb_container_port = var.nlb_container_port - volumes = var.volumes - ecs_load_balancers = local.load_balancers - deployment_controller_type = var.deployment_controller_type - force_new_deployment = var.force_new_deployment - exec_enabled = var.exec_enabled - task_policy_arns = var.task_policy_arns - task_role_arn = var.task_role_arn - propagate_tags = var.propagate_tags - enable_ecs_managed_tags = var.enable_ecs_managed_tags + version = "0.60.1" + + alb_security_group = var.alb_security_group + use_alb_security_group = var.use_alb_security_group + nlb_cidr_blocks = var.nlb_cidr_blocks + use_nlb_cidr_blocks = var.use_nlb_cidr_blocks + container_definition_json = local.all_container_definitions + desired_count = var.desired_count + health_check_grace_period_seconds = var.health_check_grace_period_seconds + network_mode = var.network_mode + task_cpu = coalesce(var.task_cpu, var.container_cpu) + task_memory = coalesce(var.task_memory, var.container_memory) + ignore_changes_task_definition = var.ignore_changes_task_definition + ecs_cluster_arn = var.ecs_cluster_arn + capacity_provider_strategies = var.capacity_provider_strategies + service_registries = var.service_registries + launch_type = var.launch_type + enable_all_egress_rule = var.enable_all_egress_rule + platform_version = var.platform_version + vpc_id = var.vpc_id + assign_public_ip = var.assign_public_ip + security_group_ids = var.ecs_security_group_ids + subnet_ids = var.ecs_private_subnet_ids + container_port = var.container_port + nlb_container_port = var.nlb_container_port + volumes = var.volumes + ecs_load_balancers = local.load_balancers + deployment_controller_type = var.deployment_controller_type + force_new_deployment = var.force_new_deployment + exec_enabled = var.exec_enabled + task_policy_arns = var.task_policy_arns + task_role_arn = var.task_role_arn + propagate_tags = var.propagate_tags + enable_ecs_managed_tags = var.enable_ecs_managed_tags + circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled + circuit_breaker_rollback_enabled = var.circuit_breaker_rollback_enabled context = module.this.context } diff --git a/variables.tf b/variables.tf index eaec46fe..fde5854c 100644 --- a/variables.tf +++ b/variables.tf @@ -76,6 +76,12 @@ variable "container_stop_timeout" { default = 30 } +variable "network_mode" { + type = string + description = "The network mode to use for the task. This is required to be `awsvpc` for `FARGATE` `launch_type` or `null` for `EC2` `launch_type`" + default = "awsvpc" +} + variable "task_cpu" { type = number description = "The number of CPU units used by the task. If unspecified, it will default to `container_cpu`. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size)" @@ -172,6 +178,12 @@ variable "launch_type" { default = "FARGATE" } +variable "enable_all_egress_rule" { + type = bool + description = "A flag to enable/disable adding the all ports egress rule to the ECS security group" + default = true +} + variable "platform_version" { type = string description = "The platform version on which to run your service. Only applicable for launch_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide." @@ -668,13 +680,13 @@ variable "ecs_alarms_memory_utilization_low_ok_actions" { variable "ecs_security_group_ids" { type = list(string) - description = "Additional Security Group IDs to allow into ECS Service" + description = "Additional Security Group IDs to allow into ECS Service if `var.network_mode = \"awsvpc\"`" default = [] } variable "ecs_private_subnet_ids" { type = list(string) - description = "List of Private Subnet IDs to provision ECS Service onto" + description = "List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = \"awsvpc\"`" } variable "github_oauth_token" { @@ -1015,3 +1027,15 @@ variable "enable_ecs_managed_tags" { description = "Specifies whether to enable Amazon ECS managed tags for the tasks within the service" default = false } + +variable "circuit_breaker_deployment_enabled" { + type = bool + description = "If `true`, enable the deployment circuit breaker logic for the service" + default = false +} + +variable "circuit_breaker_rollback_enabled" { + type = bool + description = "If `true`, Amazon ECS will roll back the service if a service deployment fails" + default = false +} From be3242c2f8e5f165b6631f7645d6949202a54ce6 Mon Sep 17 00:00:00 2001 From: Tyler Pickett Date: Fri, 21 Jan 2022 16:01:23 -0600 Subject: [PATCH 61/82] feat: Expose underlying service task module's ignore_changes_desired_count (#180) * feat: Expose underlying service task module's ignore_changes_desired_count * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index c7905474..40103637 100644 --- a/README.md +++ b/README.md @@ -324,6 +324,7 @@ Available targets: | [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [ignore\_changes\_desired\_count](#input\_ignore\_changes\_desired\_count) | Whether to ignore changes for desired count in the ECS service | `bool` | `false` | no | | [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index ac55b39b..936053da 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -169,6 +169,7 @@ | [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no | | [healthcheck](#input\_healthcheck) | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | 
object({
    command     = list(string)
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
| `null` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [ignore\_changes\_desired\_count](#input\_ignore\_changes\_desired\_count) | Whether to ignore changes for desired count in the ECS service | `bool` | `false` | no | | [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Ignore changes (like environment variables) to the ECS task definition | `bool` | `true` | no | | [init\_containers](#input\_init\_containers) | A list of additional init containers to start. The map contains the container\_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY. | 
list(object({
    container_definition = any
    condition            = string
  }))
| `[]` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | diff --git a/main.tf b/main.tf index 0671dd34..15e0c460 100644 --- a/main.tf +++ b/main.tf @@ -143,6 +143,7 @@ module "ecs_alb_service_task" { use_nlb_cidr_blocks = var.use_nlb_cidr_blocks container_definition_json = local.all_container_definitions desired_count = var.desired_count + ignore_changes_desired_count = var.ignore_changes_desired_count health_check_grace_period_seconds = var.health_check_grace_period_seconds network_mode = var.network_mode task_cpu = coalesce(var.task_cpu, var.container_cpu) diff --git a/variables.tf b/variables.tf index fde5854c..799d7b5d 100644 --- a/variables.tf +++ b/variables.tf @@ -112,6 +112,12 @@ variable "ignore_changes_task_definition" { default = true } +variable "ignore_changes_desired_count" { + type = bool + description = "Whether to ignore changes for desired count in the ECS service" + default = false +} + variable "system_controls" { type = list(map(string)) description = "A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = \"\", value = \"\"}" From 2b32997e4313144ec753acef14e524be14811aed Mon Sep 17 00:00:00 2001 From: Mihai PLESA Date: Sat, 16 Apr 2022 19:22:20 -0500 Subject: [PATCH 62/82] health check matcher for alb ingress (#190) --- .github/CODEOWNERS | 4 +- .github/auto-release.yml | 3 +- .github/mergify.yml | 7 +++ .github/workflows/auto-context.yml | 2 +- .github/workflows/auto-format.yml | 6 +- .github/workflows/auto-readme.yml | 71 +++++++++++++++++++++++ .github/workflows/auto-release.yml | 25 +++++--- .github/workflows/chatops.yml | 4 +- .github/workflows/validate-codeowners.yml | 8 ++- README.md | 3 +- docs/terraform.md | 3 +- main.tf | 3 +- variables.tf | 6 ++ 13 files changed, 122 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/auto-readme.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2537f2f8..6f64b5a3 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,8 +15,8 @@ # Cloud Posse must review any changes to standard context definition, # but some changes can be rubber-stamped. -**/*.tf @cloudposse/engineering @cloudposse/approvers -README.yaml @cloudposse/engineering @cloudposse/approvers +**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers diff --git a/.github/auto-release.yml b/.github/auto-release.yml index c78a4d83..b45efb7a 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,6 +17,7 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' + - 'no-release' default: 'minor' categories: @@ -46,7 +47,7 @@ template: | replacers: # Remove irrelevant information from Renovate bot -- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm' +- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm' replace: '' # Remove Renovate bot banner image - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' diff --git a/.github/mergify.yml b/.github/mergify.yml index b0106567..ef15545e 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -56,3 +56,10 @@ pull_request_rules: changes_requested: true approved: true message: "This Pull Request has been updated, so we're dismissing all reviews." + +- name: "close Pull Requests without files changed" + conditions: + - "#files=0" + actions: + close: + message: "This pull request has been automatically closed by Mergify because there are no longer any changes." diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index ab979e0e..665833af 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -35,7 +35,7 @@ jobs: - name: Create Pull Request if: steps.update.outputs.create_pull_request == 'true' - uses: cloudposse/actions/github/create-pull-request@0.22.0 + uses: cloudposse/actions/github/create-pull-request@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index 990abed6..c600d602 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -6,7 +6,7 @@ on: jobs: auto-format: runs-on: ubuntu-latest - container: cloudposse/build-harness:slim-latest + container: cloudposse/build-harness:latest steps: # Checkout the pull request branch # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using @@ -29,6 +29,8 @@ jobs: - name: Auto Format if: github.event.pull_request.state == 'open' shell: bash + env: + GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host # Commit changes (if any) to the PR branch @@ -60,7 +62,7 @@ jobs: fi - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.22.0 + uses: cloudposse/actions/github/repository-dispatch@0.30.0 # match users by ID because logins (user names) are inconsistent, # for example in the REST API Renovate Bot is `renovate[bot]` but # in GraphQL it is just `renovate`, plus there is a non-bot diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml new file mode 100644 index 00000000..6f25b8dd --- /dev/null +++ b/.github/workflows/auto-readme.yml @@ -0,0 +1,71 @@ +name: "auto-readme" +on: + workflow_dispatch: + + schedule: + # Example of job definition: + # .---------------- minute (0 - 59) + # | .------------- hour (0 - 23) + # | | .---------- day of month (1 - 31) + # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... + # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat + # | | | | | + # * * * * * user-name command to be executed + + # Update README.md nightly at 4am UTC + - cron: '0 4 * * *' + +jobs: + update: + if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Find default branch name + id: defaultBranch + shell: bash + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) + printf "::set-output name=defaultBranch::%s\n" "${default_branch}" + printf "defaultBranchRef.name=%s\n" "${default_branch}" + + - name: Update readme + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}" + run: | + make init + make readme/build + # Ignore changes if they are only whitespace + if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then + git restore README.md + echo Ignoring whitespace-only changes in README + fi + + - name: Create Pull Request + # This action will not create or change a pull request if there are no changes to make. + # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. + uses: cloudposse/actions/github/create-pull-request@0.30.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + commit-message: Update README.md and docs + title: Update README.md and docs + body: |- + ## what + This is an auto-generated PR that updates the README.md and docs + + ## why + To have most recent changes of README.md and doc from origin templates + + branch: auto-update/readme + base: ${{ steps.defaultBranch.outputs.defaultBranch }} + delete-branch: true + labels: | + auto-update + no-release + readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3f48017d..3a38fae0 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -3,17 +3,24 @@ name: auto-release on: push: branches: - - master + - main + - master + - production jobs: publish: runs-on: ubuntu-latest steps: - # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 - with: - publish: true - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Get PR from merged commit to master + - uses: actions-ecosystem/action-get-merged-pull-request@v1 + id: get-merged-pull-request + with: + github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + # Drafts your next Release notes as Pull Requests are merged into "main" + - uses: release-drafter/release-drafter@v5 + with: + publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }} + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index 4ddc0674..23f96d82 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -9,7 +9,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} @@ -24,7 +24,7 @@ jobs: - name: "Checkout commit" uses: actions/checkout@v2 - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 592c83cf..70f829e3 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -1,7 +1,7 @@ name: Validate Codeowners on: workflow_dispatch: - + pull_request: jobs: @@ -10,7 +10,7 @@ jobs: steps: - name: "Checkout source code at current commit" uses: actions/checkout@v2 - - uses: mszostok/codeowners-validator@v0.5.0 + - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name == github.repository name: "Full check of CODEOWNERS" with: @@ -18,10 +18,12 @@ jobs: # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos # checks: "files,syntax,owners,duppatterns" checks: "syntax,owners,duppatterns" + owner_checker_allow_unowned_patterns: "false" # GitHub access token is required only if the `owners` check is enabled github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.5.0 + - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name != github.repository name: "Syntax check of CODEOWNERS" with: checks: "syntax,duppatterns" + owner_checker_allow_unowned_patterns: "false" diff --git a/README.md b/README.md index 40103637..1738ed77 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | @@ -202,6 +202,7 @@ Available targets: | [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | | [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no | | [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no | +| [alb\_ingress\_health\_check\_matcher](#input\_alb\_ingress\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no | | [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | | [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | | [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 936053da..a3f44c45 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -16,7 +16,7 @@ | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.1 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | @@ -47,6 +47,7 @@ | [alb\_ingress\_enable\_default\_target\_group](#input\_alb\_ingress\_enable\_default\_target\_group) | If true, create a default target group for the ALB ingress | `bool` | `true` | no | | [alb\_ingress\_health\_check\_healthy\_threshold](#input\_alb\_ingress\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before healthy | `number` | `2` | no | | [alb\_ingress\_health\_check\_interval](#input\_alb\_ingress\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no | +| [alb\_ingress\_health\_check\_matcher](#input\_alb\_ingress\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no | | [alb\_ingress\_health\_check\_timeout](#input\_alb\_ingress\_health\_check\_timeout) | The amount of time to wait in seconds before failing a health check request | `number` | `10` | no | | [alb\_ingress\_health\_check\_unhealthy\_threshold](#input\_alb\_ingress\_health\_check\_unhealthy\_threshold) | The number of consecutive health check failures required before unhealthy | `number` | `2` | no | | [alb\_ingress\_healthcheck\_path](#input\_alb\_ingress\_healthcheck\_path) | The path of the healthcheck which the ALB checks | `string` | `"/"` | no | diff --git a/main.tf b/main.tf index 15e0c460..cb6ffb97 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,7 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.24.1" + version = "0.24.2" vpc_id = var.vpc_id port = var.container_port @@ -30,6 +30,7 @@ module "alb_ingress" { health_check_protocol = var.alb_ingress_healthcheck_protocol health_check_healthy_threshold = var.alb_ingress_health_check_healthy_threshold health_check_interval = var.alb_ingress_health_check_interval + health_check_matcher = var.alb_ingress_health_check_matcher health_check_timeout = var.alb_ingress_health_check_timeout health_check_unhealthy_threshold = var.alb_ingress_health_check_unhealthy_threshold default_target_group_enabled = var.alb_ingress_enable_default_target_group diff --git a/variables.tf b/variables.tf index 799d7b5d..108270ba 100644 --- a/variables.tf +++ b/variables.tf @@ -446,6 +446,12 @@ variable "alb_ingress_health_check_interval" { description = "The duration in seconds in between health checks" } +variable "alb_ingress_health_check_matcher" { + type = string + default = "200-399" + description = "The HTTP response codes to indicate a healthy check" +} + variable "alb_ingress_health_check_timeout" { type = number default = 10 From 2a30bff594f01128653238c3d71cf85c4149e4b9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 18 Jun 2022 15:12:02 +0000 Subject: [PATCH 63/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.3 (#183) * chore(deps): update terraform cloudposse/ecs-cloudwatch-autoscaling/aws to v0.7.3 * Auto Format * Update versions.tf * Update versions.tf * Update versions.tf * Update versions.tf Co-authored-by: Renovate Bot Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- .github/renovate.json | 2 +- README.md | 2 +- docs/terraform.md | 2 +- examples/complete/versions.tf | 16 ++-------------- examples/with_cognito_authentication/versions.tf | 16 ++-------------- .../with_google_oidc_authentication/versions.tf | 16 ++-------------- examples/without_authentication/versions.tf | 16 ++-------------- main.tf | 2 +- 8 files changed, 12 insertions(+), 60 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index ae4f0aa5..a7802980 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -4,9 +4,9 @@ ":preserveSemverRanges" ], "labels": ["auto-update"], + "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], "terraform": { "ignorePaths": ["**/context.tf", "examples/**"] } } - diff --git a/README.md b/README.md index 1738ed77..08e6d7d1 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Available targets: | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index a3f44c45..15a31d46 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -21,7 +21,7 @@ | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | -| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.2 | +| [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 5947f14f..a0be7256 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,22 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" - } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" + version = ">= 3.34" } } } diff --git a/examples/with_cognito_authentication/versions.tf b/examples/with_cognito_authentication/versions.tf index 5947f14f..a0be7256 100644 --- a/examples/with_cognito_authentication/versions.tf +++ b/examples/with_cognito_authentication/versions.tf @@ -1,22 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" - } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" + version = ">= 3.34" } } } diff --git a/examples/with_google_oidc_authentication/versions.tf b/examples/with_google_oidc_authentication/versions.tf index 5947f14f..a0be7256 100644 --- a/examples/with_google_oidc_authentication/versions.tf +++ b/examples/with_google_oidc_authentication/versions.tf @@ -1,22 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" - } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" + version = ">= 3.34" } } } diff --git a/examples/without_authentication/versions.tf b/examples/without_authentication/versions.tf index 5947f14f..a0be7256 100644 --- a/examples/without_authentication/versions.tf +++ b/examples/without_authentication/versions.tf @@ -1,22 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" - } - template = { - source = "hashicorp/template" - version = ">= 2.0" - } - null = { - source = "hashicorp/null" - version = ">= 2.0" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" + version = ">= 3.34" } } } diff --git a/main.tf b/main.tf index cb6ffb97..5361020d 100644 --- a/main.tf +++ b/main.tf @@ -230,7 +230,7 @@ module "ecs_codepipeline" { module "ecs_cloudwatch_autoscaling" { enabled = var.autoscaling_enabled source = "cloudposse/ecs-cloudwatch-autoscaling/aws" - version = "0.7.2" + version = "0.7.3" name = var.name namespace = var.namespace stage = var.stage From d11e0e138cc4650c5ee3db7d5aabfc5eeca30eaa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 02:05:54 +0000 Subject: [PATCH 64/82] chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.17.0 (#196) * chore(deps): update terraform cloudposse/alb-target-group-cloudwatch-sns-alarms/aws to v0.17.0 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 08e6d7d1..c1ea83b6 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | diff --git a/docs/terraform.md b/docs/terraform.md index 15a31d46..302a6a76 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -17,7 +17,7 @@ | Name | Source | Version | |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | -| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.16.1 | +| [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | diff --git a/main.tf b/main.tf index 5361020d..6e0eb274 100644 --- a/main.tf +++ b/main.tf @@ -317,7 +317,7 @@ module "ecs_cloudwatch_sns_alarms" { module "alb_target_group_cloudwatch_sns_alarms" { source = "cloudposse/alb-target-group-cloudwatch-sns-alarms/aws" - version = "0.16.1" + version = "0.17.0" enabled = var.alb_target_group_alarms_enabled alarm_actions = var.alb_target_group_alarms_alarm_actions From 5a7b3c03bfb2a6c343f8b1a6926510a24b0887d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 02:35:27 +0000 Subject: [PATCH 65/82] chore(deps): update terraform cloudposse/ecr/aws to v0.34.0 (#188) * chore(deps): update terraform cloudposse/ecr/aws to v0.34.0 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c1ea83b6..e0e421a9 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ Available targets: | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | -| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | diff --git a/docs/terraform.md b/docs/terraform.md index 302a6a76..af4bedf1 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -19,7 +19,7 @@ | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | -| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.32.3 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | diff --git a/main.tf b/main.tf index 6e0eb274..bee9e72f 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ data "aws_region" "current" {} module "ecr" { source = "cloudposse/ecr/aws" - version = "0.32.3" + version = "0.34.0" enabled = var.codepipeline_enabled attributes = ["ecr"] From 4d61f863089d0cd0fa34402b7a1349b43366056d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 03:29:02 +0000 Subject: [PATCH 66/82] chore(deps): update terraform cloudposse/ecs-cloudwatch-sns-alarms/aws to v0.12.2 (#184) * chore(deps): update terraform cloudposse/ecs-cloudwatch-sns-alarms/aws to v0.12.2 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e0e421a9..ef901eb1 100644 --- a/README.md +++ b/README.md @@ -177,7 +177,7 @@ Available targets: | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | -| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index af4bedf1..4deabec4 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -22,7 +22,7 @@ | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | -| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.1 | +| [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | diff --git a/main.tf b/main.tf index bee9e72f..41fd7658 100644 --- a/main.tf +++ b/main.tf @@ -254,7 +254,7 @@ locals { module "ecs_cloudwatch_sns_alarms" { source = "cloudposse/ecs-cloudwatch-sns-alarms/aws" - version = "0.12.1" + version = "0.12.2" enabled = var.ecs_alarms_enabled cluster_name = var.ecs_cluster_name From 23c91053dc4be28268ec49d01de58cbd1a96a67c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 03:44:48 +0000 Subject: [PATCH 67/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.64.0 (#178) * chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.64.0 * Auto Format * Update main.tf Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ef901eb1..48a414b7 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | diff --git a/docs/terraform.md b/docs/terraform.md index 4deabec4..cdbd9549 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.60.1 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | diff --git a/main.tf b/main.tf index 41fd7658..089bbb39 100644 --- a/main.tf +++ b/main.tf @@ -136,7 +136,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.60.1" + version = "0.64.0" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group @@ -162,7 +162,7 @@ module "ecs_alb_service_task" { subnet_ids = var.ecs_private_subnet_ids container_port = var.container_port nlb_container_port = var.nlb_container_port - volumes = var.volumes + docker_volumes = var.volumes ecs_load_balancers = local.load_balancers deployment_controller_type = var.deployment_controller_type force_new_deployment = var.force_new_deployment From 1ce863afc3cfa7570cb03caa4f3c47a7bb5f89e9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 04:00:16 +0000 Subject: [PATCH 68/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.6 (#174) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.6 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 48a414b7..74b60eab 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.6 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index cdbd9549..6c6b835d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.4 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.6 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/main.tf b/main.tf index 089bbb39..d7405fd4 100644 --- a/main.tf +++ b/main.tf @@ -180,7 +180,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.28.4" + version = "0.28.6" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From 3f002f1fb44bc17c11bfc6ba5c37a450b81e7f4c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 19 Jun 2022 04:10:10 +0000 Subject: [PATCH 69/82] chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.58.1 (#197) * chore(deps): update terraform cloudposse/ecs-container-definition/aws to v0.58.1 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 74b60eab..1630ee84 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ Available targets: |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | diff --git a/docs/terraform.md b/docs/terraform.md index 6c6b835d..375db2ed 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ |------|--------|---------| | [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | -| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.0 | +| [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | diff --git a/main.tf b/main.tf index d7405fd4..7061e550 100644 --- a/main.tf +++ b/main.tf @@ -69,7 +69,7 @@ module "alb_ingress" { module "container_definition" { source = "cloudposse/ecs-container-definition/aws" - version = "0.58.0" + version = "0.58.1" container_name = module.this.id container_image = var.use_ecr_image ? module.ecr.repository_url : var.container_image container_memory = var.container_memory From ae592fc374e361cf1fb8754b04ef43803bde8bf4 Mon Sep 17 00:00:00 2001 From: Petro <70154261+pgbce@users.noreply.github.com> Date: Sun, 19 Jun 2022 00:31:30 -0400 Subject: [PATCH 70/82] Add `codebuild_cache_type` to pass to `module.ecs_codepipeline` (#147) * Making s3_cache_type pass through for module ecs_codepiple * Auto Format * Update main.tf based off suggestion Co-authored-by: Joe Niland * Resolving PR comment for variable name change and default value to NO_CACHE * Auto Format * Resolving PR comment; Default changed to NO_CACHE * Auto Format * Update variables.tf * Auto Format Co-authored-by: Petro G Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: Joe Niland Co-authored-by: nitrocode Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- README.md | 1 + docs/terraform.md | 1 + main.tf | 2 ++ variables.tf | 6 ++++++ 4 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 1630ee84..4695e79f 100644 --- a/README.md +++ b/README.md @@ -262,6 +262,7 @@ Available targets: | [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no | | [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no | | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| [codebuild\_cache\_type](#input\_codebuild\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to NO\_CACHE. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | | [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 375db2ed..3fd857be 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -107,6 +107,7 @@ | [circuit\_breaker\_deployment\_enabled](#input\_circuit\_breaker\_deployment\_enabled) | If `true`, enable the deployment circuit breaker logic for the service | `bool` | `false` | no | | [circuit\_breaker\_rollback\_enabled](#input\_circuit\_breaker\_rollback\_enabled) | If `true`, Amazon ECS will roll back the service if a service deployment fails | `bool` | `false` | no | | [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no | +| [codebuild\_cache\_type](#input\_codebuild\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to NO\_CACHE. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | | [codepipeline\_build\_cache\_bucket\_suffix\_enabled](#input\_codepipeline\_build\_cache\_bucket\_suffix\_enabled) | The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | | [codepipeline\_build\_compute\_type](#input\_codepipeline\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | | [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | diff --git a/main.tf b/main.tf index 7061e550..6a1b65a2 100644 --- a/main.tf +++ b/main.tf @@ -213,6 +213,8 @@ module "ecs_codepipeline" { s3_bucket_force_destroy = var.codepipeline_s3_bucket_force_destroy + cache_type = var.codebuild_cache_type + environment_variables = concat( var.build_environment_variables, [ diff --git a/variables.tf b/variables.tf index 108270ba..4a25b22e 100644 --- a/variables.tf +++ b/variables.tf @@ -971,6 +971,12 @@ variable "codepipeline_s3_bucket_force_destroy" { default = false } +variable "codebuild_cache_type" { + type = string + description = "The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. Defaults to NO_CACHE. If cache_type is S3, it will create an S3 bucket for storing codebuild cache inside" + default = "S3" +} + variable "init_containers" { type = list(object({ container_definition = any From 33e9649e1c681d477f2f0436cf314eccb889e6ba Mon Sep 17 00:00:00 2001 From: nitrocode <7775707+nitrocode@users.noreply.github.com> Date: Sun, 19 Jun 2022 10:34:56 -0500 Subject: [PATCH 71/82] feat: adds permissions boundary variable (#198) Co-authored-by: David Co-authored-by: dchocoboo <86618807+dchocoboo@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 4695e79f..80d48a73 100644 --- a/README.md +++ b/README.md @@ -345,6 +345,7 @@ Available targets: | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | | [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no | +| [permissions\_boundary](#input\_permissions\_boundary) | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no | | [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | | [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | diff --git a/docs/terraform.md b/docs/terraform.md index 3fd857be..a162f09d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -190,6 +190,7 @@ | [nlb\_container\_name](#input\_nlb\_container\_name) | The name of the container to associate with the NLB. If not provided, the generated container will be used | `string` | `null` | no | | [nlb\_container\_port](#input\_nlb\_container\_port) | The port number on the container bound to assigned NLB host\_port | `number` | `80` | no | | [nlb\_ingress\_target\_group\_arn](#input\_nlb\_ingress\_target\_group\_arn) | Target group ARN of the NLB ingress | `string` | `""` | no | +| [permissions\_boundary](#input\_permissions\_boundary) | A permissions boundary ARN to apply to the 3 roles that are created. | `string` | `""` | no | | [platform\_version](#input\_platform\_version) | The platform version on which to run your service. Only applicable for launch\_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"LATEST"` | no | | [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | | [port\_mappings](#input\_port\_mappings) | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | 
list(object({
    containerPort = number
    hostPort      = number
    protocol      = string
  }))
| 
[
  {
    "containerPort": 80,
    "hostPort": 80,
    "protocol": "tcp"
  }
]
| no | diff --git a/main.tf b/main.tf index 6a1b65a2..58cfe1a5 100644 --- a/main.tf +++ b/main.tf @@ -173,6 +173,7 @@ module "ecs_alb_service_task" { enable_ecs_managed_tags = var.enable_ecs_managed_tags circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled circuit_breaker_rollback_enabled = var.circuit_breaker_rollback_enabled + permissions_boundary = var.permissions_boundary context = module.this.context } diff --git a/variables.tf b/variables.tf index 4a25b22e..0abe9554 100644 --- a/variables.tf +++ b/variables.tf @@ -713,6 +713,12 @@ variable "github_webhooks_token" { default = "" } +variable "permissions_boundary" { + type = string + description = "A permissions boundary ARN to apply to the 3 roles that are created." + default = "" +} + variable "github_webhook_events" { type = list(string) description = "A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/)" From a520e5c9a0035214663051dc36e201bc2293249d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 22 Jun 2022 06:51:18 +0000 Subject: [PATCH 72/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.7 (#199) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.7 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 80d48a73..5bd33cf3 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.6 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index a162f09d..b5de66d8 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.6 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/main.tf b/main.tf index 58cfe1a5..ccce91cc 100644 --- a/main.tf +++ b/main.tf @@ -181,7 +181,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.28.6" + version = "0.28.7" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From f88fe97588e06af0097fc7f2978490432afe211e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Jul 2022 11:10:20 +0000 Subject: [PATCH 73/82] chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.64.1 (#200) * chore(deps): update terraform cloudposse/ecs-alb-service-task/aws to v0.64.1 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5bd33cf3..58e11d1a 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ Available targets: | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | diff --git a/docs/terraform.md b/docs/terraform.md index b5de66d8..9cdafc8a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -20,7 +20,7 @@ | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | -| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.0 | +| [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | | [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | diff --git a/main.tf b/main.tf index ccce91cc..74e216a1 100644 --- a/main.tf +++ b/main.tf @@ -136,7 +136,7 @@ locals { module "ecs_alb_service_task" { source = "cloudposse/ecs-alb-service-task/aws" - version = "0.64.0" + version = "0.64.1" alb_security_group = var.alb_security_group use_alb_security_group = var.use_alb_security_group From 25f954dc81d4f22d82360b40a2a76b79e1ca484d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Jul 2022 22:37:04 +0000 Subject: [PATCH 74/82] chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.8 (#201) * chore(deps): update terraform cloudposse/ecs-codepipeline/aws to v0.28.8 * Auto Format Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 58e11d1a..6d48b633 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.8 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/docs/terraform.md b/docs/terraform.md index 9cdafc8a..67022f6c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.7 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.8 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources diff --git a/main.tf b/main.tf index 74e216a1..7ed9ad51 100644 --- a/main.tf +++ b/main.tf @@ -181,7 +181,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.28.7" + version = "0.28.8" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token From ef7af53fd877142a61e83580f64b1086d4cf9d97 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Fri, 19 Aug 2022 12:00:41 -0400 Subject: [PATCH 75/82] Expose `runtime_platform` of upstream service task module's task definition (#207) * allow customizing runtime platform of task definition * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- .github/auto-release.yml | 1 - README.md | 4 +++- docs/terraform.md | 1 + main.tf | 1 + variables.tf | 10 ++++++++++ 5 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/auto-release.yml b/.github/auto-release.yml index b45efb7a..17cd39c8 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -17,7 +17,6 @@ version-resolver: - 'bugfix' - 'bug' - 'hotfix' - - 'no-release' default: 'minor' categories: diff --git a/README.md b/README.md index 6d48b633..430b5530 100644 --- a/README.md +++ b/README.md @@ -355,6 +355,7 @@ Available targets: | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | +| [runtime\_platform](#input\_runtime\_platform) | Zero or one runtime platform configurations that containers in your task may use.
Map of strings with optional keys `operating_system_family` and `cpu_architecture`.
See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform | `list(map(string))` | `[]` | no | | [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | | [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | @@ -617,7 +618,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] - + [logo]: https://cloudposse.com/logo-300x69.svg [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-web-app&utm_content=docs [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-web-app&utm_content=website @@ -648,3 +649,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-ecs-web-app [share_email]: mailto:?subject=terraform-aws-ecs-web-app&body=https://github.com/cloudposse/terraform-aws-ecs-web-app [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-ecs-web-app?pixel&cs=github&cm=readme&an=terraform-aws-ecs-web-app + diff --git a/docs/terraform.md b/docs/terraform.md index 67022f6c..0f5a5ac5 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -200,6 +200,7 @@ | [region](#input\_region) | AWS Region for S3 bucket | `string` | `null` | no | | [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | `""` | no | | [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | `""` | no | +| [runtime\_platform](#input\_runtime\_platform) | Zero or one runtime platform configurations that containers in your task may use.
Map of strings with optional keys `operating_system_family` and `cpu_architecture`.
See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform | `list(map(string))` | `[]` | no | | [secrets](#input\_secrets) | The secrets to pass to the container. This is a list of maps | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | | [service\_registries](#input\_service\_registries) | The service discovery registries for the service. The maximum number of service\_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1 | 
list(object({
    registry_arn   = string
    port           = number
    container_name = string
    container_port = number
  }))
| `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | diff --git a/main.tf b/main.tf index 7ed9ad51..3ed3eec0 100644 --- a/main.tf +++ b/main.tf @@ -174,6 +174,7 @@ module "ecs_alb_service_task" { circuit_breaker_deployment_enabled = var.circuit_breaker_deployment_enabled circuit_breaker_rollback_enabled = var.circuit_breaker_rollback_enabled permissions_boundary = var.permissions_boundary + runtime_platform = var.runtime_platform context = module.this.context } diff --git a/variables.tf b/variables.tf index 0abe9554..2ab44a4e 100644 --- a/variables.tf +++ b/variables.tf @@ -719,6 +719,16 @@ variable "permissions_boundary" { default = "" } +variable "runtime_platform" { + type = list(map(string)) + description = <<-EOT + Zero or one runtime platform configurations that containers in your task may use. + Map of strings with optional keys `operating_system_family` and `cpu_architecture`. + See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform + EOT + default = [] +} + variable "github_webhook_events" { type = list(string) description = "A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/)" From 2495170dc9bc5086552bc29383e37913781b3cab Mon Sep 17 00:00:00 2001 From: zaksamalik Date: Sun, 20 Nov 2022 15:19:14 -0500 Subject: [PATCH 76/82] Add protocol and protocol_version variables (#216) * * add protocol and protocol_version variables * * fix accidental var deletion * Sam/add protocol variables (#1) * * add protocol and protocol_version variables * * fix accidental var deletion * * bump alb-ingress version to allow protocol_version * Sam/add protocol variables (#2) * * add protocol and protocol_version variables * * fix accidental var deletion * * bump alb-ingress version to allow protocol_version * * fix typo * fix variable description and auto format --- .github/workflows/validate-codeowners.yml | 1 + README.md | 4 +++- docs/terraform.md | 4 +++- main.tf | 10 +++++++--- variables.tf | 12 ++++++++++++ 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 70f829e3..4b4a2264 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -10,6 +10,7 @@ jobs: steps: - name: "Checkout source code at current commit" uses: actions/checkout@v2 + # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name == github.repository name: "Full check of CODEOWNERS" diff --git a/README.md b/README.md index 430b5530..4b80e989 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.25.1 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | @@ -209,6 +209,8 @@ Available targets: | [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | | [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | | [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | +| [alb\_ingress\_protocol](#input\_alb\_ingress\_protocol) | The protocol for the created ALB target group (if target\_group\_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`. | `string` | `"HTTP"` | no | +| [alb\_ingress\_protocol\_version](#input\_alb\_ingress\_protocol\_version) | The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1 | `string` | `"HTTP1"` | no | | [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | | [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | | [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 0f5a5ac5..e970053f 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -16,7 +16,7 @@ | Name | Source | Version | |------|--------|---------| -| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.24.2 | +| [alb\_ingress](#module\_alb\_ingress) | cloudposse/alb-ingress/aws | 0.25.1 | | [alb\_target\_group\_cloudwatch\_sns\_alarms](#module\_alb\_target\_group\_cloudwatch\_sns\_alarms) | cloudposse/alb-target-group-cloudwatch-sns-alarms/aws | 0.17.0 | | [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.58.1 | | [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | @@ -54,6 +54,8 @@ | [alb\_ingress\_healthcheck\_protocol](#input\_alb\_ingress\_healthcheck\_protocol) | The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda` | `string` | `"HTTP"` | no | | [alb\_ingress\_listener\_authenticated\_priority](#input\_alb\_ingress\_listener\_authenticated\_priority) | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no | | [alb\_ingress\_listener\_unauthenticated\_priority](#input\_alb\_ingress\_listener\_unauthenticated\_priority) | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `1000` | no | +| [alb\_ingress\_protocol](#input\_alb\_ingress\_protocol) | The protocol for the created ALB target group (if target\_group\_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`. | `string` | `"HTTP"` | no | +| [alb\_ingress\_protocol\_version](#input\_alb\_ingress\_protocol\_version) | The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1 | `string` | `"HTTP1"` | no | | [alb\_ingress\_target\_group\_arn](#input\_alb\_ingress\_target\_group\_arn) | Existing ALB target group ARN. If provided, set `alb_ingress_enable_default_target_group` to `false` to disable creation of the default target group | `string` | `""` | no | | [alb\_ingress\_unauthenticated\_hosts](#input\_alb\_ingress\_unauthenticated\_hosts) | Unauthenticated hosts to match in Hosts header | `list(string)` | `[]` | no | | [alb\_ingress\_unauthenticated\_listener\_arns](#input\_alb\_ingress\_unauthenticated\_listener\_arns) | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 3ed3eec0..6ab0ed0f 100644 --- a/main.tf +++ b/main.tf @@ -22,10 +22,14 @@ resource "aws_cloudwatch_log_group" "app" { module "alb_ingress" { source = "cloudposse/alb-ingress/aws" - version = "0.24.2" + version = "0.25.1" + + vpc_id = var.vpc_id + port = var.container_port + + protocol = var.alb_ingress_protocol + protocol_version = var.alb_ingress_protocol_version - vpc_id = var.vpc_id - port = var.container_port health_check_path = var.alb_ingress_healthcheck_path health_check_protocol = var.alb_ingress_healthcheck_protocol health_check_healthy_threshold = var.alb_ingress_health_check_healthy_threshold diff --git a/variables.tf b/variables.tf index 2ab44a4e..9cb62aa9 100644 --- a/variables.tf +++ b/variables.tf @@ -470,6 +470,18 @@ variable "alb_ingress_listener_authenticated_priority" { description = "The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority" } +variable "alb_ingress_protocol" { + type = string + default = "HTTP" + description = "The protocol for the created ALB target group (if target_group_arn is not set). One of `HTTP`, `HTTPS`. Defaults to `HTTP`." +} + +variable "alb_ingress_protocol_version" { + type = string + default = "HTTP1" + description = "The protocol version. One of `HTTP1`, `HTTP2`, `GRPC`. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1" +} + variable "alb_ingress_unauthenticated_hosts" { type = list(string) default = [] From 01b19b9c17194c6e2b14989d3e66b124dca999a8 Mon Sep 17 00:00:00 2001 From: mschfh <37435502+mschfh@users.noreply.github.com> Date: Sun, 20 Nov 2022 17:43:56 -0500 Subject: [PATCH 77/82] Add ecs_service_arn output (#217) * Add ecs_service_arn output * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: Matt Gowie --- README.md | 1 + docs/terraform.md | 1 + outputs.tf | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 4b80e989..6d7d8037 100644 --- a/README.md +++ b/README.md @@ -428,6 +428,7 @@ Available targets: | [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy | | [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` | | [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name | +| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ECS Service ARN | | [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name | | [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN | | [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task | diff --git a/docs/terraform.md b/docs/terraform.md index e970053f..bfbff69e 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -273,6 +273,7 @@ | [ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn](#output\_ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn) | ARN of the scale up policy | | [ecs\_exec\_role\_policy\_id](#output\_ecs\_exec\_role\_policy\_id) | The ECS service role policy ID, in the form of `role_name:role_policy_name` | | [ecs\_exec\_role\_policy\_name](#output\_ecs\_exec\_role\_policy\_name) | ECS service role name | +| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ECS Service ARN | | [ecs\_service\_name](#output\_ecs\_service\_name) | ECS Service name | | [ecs\_service\_role\_arn](#output\_ecs\_service\_role\_arn) | ECS Service role ARN | | [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Security Group ID of the ECS task | diff --git a/outputs.tf b/outputs.tf index f0798b0d..18f310e6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -81,6 +81,11 @@ output "ecs_exec_role_policy_name" { value = module.ecs_alb_service_task.ecs_exec_role_policy_name } +output "ecs_service_arn" { + description = "ECS Service ARN" + value = module.ecs_alb_service_task.service_arn +} + output "ecs_service_name" { description = "ECS Service name" value = module.ecs_alb_service_task.service_name From 78948aed2808d9452d5ca3ae375db74b49e00545 Mon Sep 17 00:00:00 2001 From: Mihai PLESA Date: Thu, 12 Jan 2023 17:03:10 +0200 Subject: [PATCH 78/82] option to disable codepipeline but allow to keep ecr (#210) * option to disable codepipeline * Auto Format * improve conditional * readme updates Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 7 ++++--- docs/terraform.md | 5 +++-- main.tf | 4 ++-- variables.tf | 8 +++++++- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6d7d8037..c330a339 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,7 @@ Available targets: | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.8 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.30.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -270,7 +270,7 @@ Available targets: | [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | | [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no | | [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | +| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled. | `bool` | `true` | no | | [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | | [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | | [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | @@ -288,6 +288,7 @@ Available targets: | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no | | [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | | [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | @@ -548,7 +549,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright) diff --git a/docs/terraform.md b/docs/terraform.md index bfbff69e..83a90634 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -23,7 +23,7 @@ | [ecs\_alb\_service\_task](#module\_ecs\_alb\_service\_task) | cloudposse/ecs-alb-service-task/aws | 0.64.1 | | [ecs\_cloudwatch\_autoscaling](#module\_ecs\_cloudwatch\_autoscaling) | cloudposse/ecs-cloudwatch-autoscaling/aws | 0.7.3 | | [ecs\_cloudwatch\_sns\_alarms](#module\_ecs\_cloudwatch\_sns\_alarms) | cloudposse/ecs-cloudwatch-sns-alarms/aws | 0.12.2 | -| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.28.8 | +| [ecs\_codepipeline](#module\_ecs\_codepipeline) | cloudposse/ecs-codepipeline/aws | 0.30.0 | | [this](#module\_this) | cloudposse/label/null | 0.25.0 | ## Resources @@ -115,7 +115,7 @@ | [codepipeline\_cdn\_bucket\_buildspec\_identifier](#input\_codepipeline\_cdn\_bucket\_buildspec\_identifier) | Identifier for buildspec section controlling the optional CDN asset deployment. | `string` | `null` | no | | [codepipeline\_cdn\_bucket\_encryption\_enabled](#input\_codepipeline\_cdn\_bucket\_encryption\_enabled) | If set to true, enable encryption on the optional CDN asset deployment bucket | `bool` | `false` | no | | [codepipeline\_cdn\_bucket\_id](#input\_codepipeline\_cdn\_bucket\_id) | Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `true` | no | +| [codepipeline\_enabled](#input\_codepipeline\_enabled) | A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled. | `bool` | `true` | no | | [codepipeline\_s3\_bucket\_force\_destroy](#input\_codepipeline\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | | [command](#input\_command) | The command that is passed to the container | `list(string)` | `null` | no | | [container\_cpu](#input\_container\_cpu) | The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `number` | `256` | no | @@ -133,6 +133,7 @@ | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | +| [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no | | [ecr\_image\_tag\_mutability](#input\_ecr\_image\_tag\_mutability) | The tag mutability setting for the ecr repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"IMMUTABLE"` | no | | [ecr\_scan\_images\_on\_push](#input\_ecr\_scan\_images\_on\_push) | Indicates whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `false` | no | | [ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions](#input\_ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions) | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 6ab0ed0f..e4eeff5e 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ data "aws_region" "current" {} module "ecr" { source = "cloudposse/ecr/aws" version = "0.34.0" - enabled = var.codepipeline_enabled + enabled = module.this.enabled && (var.ecr_enabled || var.codepipeline_enabled) attributes = ["ecr"] scan_images_on_push = var.ecr_scan_images_on_push @@ -186,7 +186,7 @@ module "ecs_alb_service_task" { module "ecs_codepipeline" { enabled = var.codepipeline_enabled source = "cloudposse/ecs-codepipeline/aws" - version = "0.28.8" + version = "0.30.0" region = coalesce(var.region, data.aws_region.current.name) github_oauth_token = var.github_oauth_token diff --git a/variables.tf b/variables.tf index 9cb62aa9..961b8d5d 100644 --- a/variables.tf +++ b/variables.tf @@ -4,9 +4,15 @@ variable "region" { default = null } +variable "ecr_enabled" { + type = bool + description = "A boolean to enable/disable AWS ECR" + default = true +} + variable "codepipeline_enabled" { type = bool - description = "A boolean to enable/disable AWS Codepipeline and ECR" + description = "A boolean to enable/disable AWS Codepipeline. If `false`, use `ecr_enabled` to control if AWS ECR stays enabled." default = true } From 91c3019183a024319e45902f3047b17946fb391c Mon Sep 17 00:00:00 2001 From: Pavel Kirpitsov Date: Fri, 24 Feb 2023 19:49:11 +0200 Subject: [PATCH 79/82] feat: add ecs_security_group_enabled variable (#218) * feat: add ecs_security_group_enabled variable to control security group creation * Auto Format * Auto Format --------- Co-authored-by: Pavel Kirpitsov Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Co-authored-by: Benjamin Smith --- .github/ISSUE_TEMPLATE/bug_report.yml | 72 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 71 +++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 22 ++++--- .github/workflows/auto-context.yml | 4 +- .github/workflows/auto-format.yml | 10 +-- .github/workflows/auto-readme.yml | 4 +- .github/workflows/auto-release.yml | 4 +- .github/workflows/chatops.yml | 4 +- .github/workflows/validate-codeowners.yml | 2 +- README.md | 1 + docs/terraform.md | 1 + main.tf | 1 + variables.tf | 6 ++ 13 files changed, 181 insertions(+), 21 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..94d32460 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,72 @@ +--- +name: Bug report +description: Create a report to help us improve +labels: ["bug"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Found a bug? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Bug + description: A clear and concise description of what the bug is. + placeholder: What is the bug about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: reproduction-steps + attributes: + label: Steps to Reproduce + description: Steps to reproduce the behavior. + placeholder: How do we reproduce it? + validations: + required: true + + - type: textarea + id: screenshots + attributes: + label: Screenshots + description: If applicable, add screenshots or logs to help explain. + validations: + required: false + + - type: textarea + id: environment + attributes: + label: Environment + description: Anything that will help us triage the bug. + placeholder: | + - OS: [e.g. Linux, OSX, WSL, etc] + - Version [e.g. 10.15] + - Module version + - Terraform version + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 00000000..7b866727 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,71 @@ +--- +name: Feature Request +description: Suggest an idea for this project +labels: ["feature request"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Have a question? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Feature + description: A clear and concise description of what the feature is. + placeholder: What is the feature about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: use-case + attributes: + label: Use Case + description: | + Is your feature request related to a problem/challenge you are trying + to solve? + + Please provide some additional context of why this feature or + capability will be valuable. + validations: + required: true + + - type: textarea + id: ideal-solution + attributes: + label: Describe Ideal Solution + description: A clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives-considered + attributes: + label: Alternatives Considered + description: Explain alternative solutions or features considered. + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 4b8f32df..8944933e 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,13 +1,21 @@ ## what -* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) -* Use bullet points to be concise and to the point. + + ## why -* Provide the justifications for the changes (e.g. business case). -* Describe why these changes were made (e.g. why do these commits fix the problem?) -* Use bullet points to be concise and to the point. + + ## references -* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). -* Use `closes #123`, if this PR closes a GitHub issue `#123` + diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml index 665833af..831e7faa 100644 --- a/.github/workflows/auto-context.yml +++ b/.github/workflows/auto-context.yml @@ -27,7 +27,7 @@ jobs: make init make github/init/context.tf make readme/build - echo "::set-output name=create_pull_request::true" + echo "create_pull_request=true" >> "$GITHUB_OUTPUT" fi else echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." @@ -37,7 +37,7 @@ jobs: if: steps.update.outputs.create_pull_request == 'true' uses: cloudposse/actions/github/create-pull-request@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' commit-message: Update context.tf from origin source diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml index c600d602..b8c20641 100644 --- a/.github/workflows/auto-format.yml +++ b/.github/workflows/auto-format.yml @@ -19,7 +19,7 @@ jobs: if: github.event.pull_request.state == 'open' name: Privileged Checkout with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: ${{ github.event.pull_request.head.repo.full_name }} # Check out the PR commit, not the merge commit # Use `ref` instead of `sha` to enable pushing back to `ref` @@ -30,7 +30,7 @@ jobs: if: github.event.pull_request.state == 'open' shell: bash env: - GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}" run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host # Commit changes (if any) to the PR branch @@ -54,10 +54,10 @@ jobs: [[ $SENDER == "cloudpossebot" ]] || git push # Set status to fail, because the push should trigger another status check, # and we use success to indicate the checks are finished. - printf "::set-output name=%s::%s\n" "changed" "true" + echo "changed=true" >> "$GITHUB_OUTPUT" exit 1 else - printf "::set-output name=%s::%s\n" "changed" "false" + echo "changed=false" >> "$GITHUB_OUTPUT" echo "No changes detected" fi @@ -75,7 +75,7 @@ jobs: contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: cloudposse/actions event-type: test-command client-payload: |- diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml index 6f25b8dd..b2db520b 100644 --- a/.github/workflows/auto-readme.yml +++ b/.github/workflows/auto-readme.yml @@ -29,7 +29,7 @@ jobs: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) - printf "::set-output name=defaultBranch::%s\n" "${default_branch}" + echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT" printf "defaultBranchRef.name=%s\n" "${default_branch}" - name: Update readme @@ -52,7 +52,7 @@ jobs: # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. uses: cloudposse/actions/github/create-pull-request@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} commit-message: Update README.md and docs title: Update README.md and docs body: |- diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 3a38fae0..17d6cabb 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -15,7 +15,7 @@ jobs: - uses: actions-ecosystem/action-get-merged-pull-request@v1 id: get-merged-pull-request with: - github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} # Drafts your next Release notes as Pull Requests are merged into "main" - uses: release-drafter/release-drafter@v5 with: @@ -23,4 +23,4 @@ jobs: prerelease: false config-name: auto-release.yml env: - GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index 23f96d82..0f645747 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -11,7 +11,7 @@ jobs: - name: "Handle common commands" uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: rebuild-readme, terraform-fmt @@ -26,7 +26,7 @@ jobs: - name: "Run tests" uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 with: - token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + token: ${{ secrets.REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: test diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml index 4b4a2264..b3f7c327 100644 --- a/.github/workflows/validate-codeowners.yml +++ b/.github/workflows/validate-codeowners.yml @@ -21,7 +21,7 @@ jobs: checks: "syntax,owners,duppatterns" owner_checker_allow_unowned_patterns: "false" # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}" - uses: mszostok/codeowners-validator@v0.7.1 if: github.event.pull_request.head.repo.full_name != github.repository name: "Syntax check of CODEOWNERS" diff --git a/README.md b/README.md index c330a339..7bdb782b 100644 --- a/README.md +++ b/README.md @@ -315,6 +315,7 @@ Available targets: | [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes | +| [ecs\_security\_group\_enabled](#input\_ecs\_security\_group\_enabled) | Whether to create a security group for the service. | `bool` | `true` | no | | [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no | | [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no | | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 83a90634..265d47e1 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -160,6 +160,7 @@ | [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | The ECS Cluster ARN where ECS Service will be provisioned | `string` | n/a | yes | | [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The ECS Cluster Name to use in ECS Code Pipeline Deployment step | `string` | `null` | no | | [ecs\_private\_subnet\_ids](#input\_ecs\_private\_subnet\_ids) | List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = "awsvpc"` | `list(string)` | n/a | yes | +| [ecs\_security\_group\_enabled](#input\_ecs\_security\_group\_enabled) | Whether to create a security group for the service. | `bool` | `true` | no | | [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | Additional Security Group IDs to allow into ECS Service if `var.network_mode = "awsvpc"` | `list(string)` | `[]` | no | | [enable\_all\_egress\_rule](#input\_enable\_all\_egress\_rule) | A flag to enable/disable adding the all ports egress rule to the ECS security group | `bool` | `true` | no | | [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no | diff --git a/main.tf b/main.tf index e4eeff5e..c63fd940 100644 --- a/main.tf +++ b/main.tf @@ -162,6 +162,7 @@ module "ecs_alb_service_task" { platform_version = var.platform_version vpc_id = var.vpc_id assign_public_ip = var.assign_public_ip + security_group_enabled = var.ecs_security_group_enabled security_group_ids = var.ecs_security_group_ids subnet_ids = var.ecs_private_subnet_ids container_port = var.container_port diff --git a/variables.tf b/variables.tf index 961b8d5d..8aa08c98 100644 --- a/variables.tf +++ b/variables.tf @@ -714,6 +714,12 @@ variable "ecs_security_group_ids" { default = [] } +variable "ecs_security_group_enabled" { + type = bool + description = "Whether to create a security group for the service." + default = true +} + variable "ecs_private_subnet_ids" { type = list(string) description = "List of Private Subnet IDs to provision ECS Service onto if `var.network_mode = \"awsvpc\"`" From 044a9e671ed3b8085238375358309fe173edf5e8 Mon Sep 17 00:00:00 2001 From: mschfh <37435502+mschfh@users.noreply.github.com> Date: Tue, 14 Mar 2023 14:30:34 -0500 Subject: [PATCH 80/82] feat: add deployment minimum healthy/maximum percent variable (#221) Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> --- README.md | 2 ++ docs/terraform.md | 2 ++ main.tf | 2 ++ variables.tf | 12 ++++++++++++ 4 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 7bdb782b..a9b6597c 100644 --- a/README.md +++ b/README.md @@ -286,6 +286,8 @@ Available targets: | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no | +| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | | [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 265d47e1..28542a07 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -131,6 +131,8 @@ | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | | [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are CODE\_DEPLOY and ECS | `string` | `"ECS"` | no | +| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no | +| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no | | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [desired\_count](#input\_desired\_count) | The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) | `number` | `1` | no | | [ecr\_enabled](#input\_ecr\_enabled) | A boolean to enable/disable AWS ECR | `bool` | `true` | no | diff --git a/main.tf b/main.tf index c63fd940..232e711e 100644 --- a/main.tf +++ b/main.tf @@ -170,6 +170,8 @@ module "ecs_alb_service_task" { docker_volumes = var.volumes ecs_load_balancers = local.load_balancers deployment_controller_type = var.deployment_controller_type + deployment_maximum_percent = var.deployment_maximum_percent + deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent force_new_deployment = var.force_new_deployment exec_enabled = var.exec_enabled task_policy_arns = var.task_policy_arns diff --git a/variables.tf b/variables.tf index 8aa08c98..ccca30eb 100644 --- a/variables.tf +++ b/variables.tf @@ -1056,6 +1056,18 @@ variable "deployment_controller_type" { default = "ECS" } +variable "deployment_maximum_percent" { + type = number + description = "The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment" + default = 200 +} + +variable "deployment_minimum_healthy_percent" { + type = number + description = "The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment" + default = 100 +} + variable "ecr_image_tag_mutability" { type = string default = "IMMUTABLE" From 21e27123acf7b759a8d1619a996eed698c94a8b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bart=C5=82omiej=20Szostek?= Date: Mon, 10 Apr 2023 18:53:35 +0100 Subject: [PATCH 81/82] fix: resource `aws_cloudwatch_log_group` should respect the context.enabled flag (#182) * fix: resource should respect the context.enabled flag * fix: add check if the module is enabled before calls to coalesce * fix: No need to check if module enabled for container_name * run make readme --------- Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> Co-authored-by: Matt Gowie --- .../with_cognito_authentication/context.tf | 170 +++++++++++++++--- .../context.tf | 170 +++++++++++++++--- examples/without_authentication/context.tf | 170 +++++++++++++++--- main.tf | 6 +- 4 files changed, 426 insertions(+), 90 deletions(-) diff --git a/examples/with_cognito_authentication/context.tf b/examples/with_cognito_authentication/context.tf index 648917d6..5e0ef885 100644 --- a/examples/with_cognito_authentication/context.tf +++ b/examples/with_cognito_authentication/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -19,10 +21,12 @@ # module "this" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0" + source = "cloudposse/label/null" + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -33,6 +37,10 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -40,23 +48,11 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -67,6 +63,17 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -75,6 +82,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -86,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -119,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -157,11 +212,68 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT } #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/with_google_oidc_authentication/context.tf b/examples/with_google_oidc_authentication/context.tf index 648917d6..5e0ef885 100644 --- a/examples/with_google_oidc_authentication/context.tf +++ b/examples/with_google_oidc_authentication/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -19,10 +21,12 @@ # module "this" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0" + source = "cloudposse/label/null" + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -33,6 +37,10 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -40,23 +48,11 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -67,6 +63,17 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -75,6 +82,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -86,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -119,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -157,11 +212,68 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT } #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/without_authentication/context.tf b/examples/without_authentication/context.tf index 648917d6..5e0ef885 100644 --- a/examples/without_authentication/context.tf +++ b/examples/without_authentication/context.tf @@ -8,6 +8,8 @@ # Cloud Posse's standard configuration inputs suitable for passing # to Cloud Posse modules. # +# curl -sL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf -o context.tf +# # Modules should access the whole context as `module.this.context` # to get the input variables with nulls for defaults, # for example `context = module.this.context`, @@ -19,10 +21,12 @@ # module "this" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.21.0" + source = "cloudposse/label/null" + version = "0.25.0" # requires Terraform >= 0.13.0 enabled = var.enabled namespace = var.namespace + tenant = var.tenant environment = var.environment stage = var.stage name = var.name @@ -33,6 +37,10 @@ module "this" { label_order = var.label_order regex_replace_chars = var.regex_replace_chars id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case + descriptor_formats = var.descriptor_formats + labels_as_tags = var.labels_as_tags context = var.context } @@ -40,23 +48,11 @@ module "this" { # Copy contents of cloudposse/terraform-null-label/variables.tf here variable "context" { - type = object({ - enabled = bool - namespace = string - environment = string - stage = string - name = string - delimiter = string - attributes = list(string) - tags = map(string) - additional_tag_map = map(string) - regex_replace_chars = string - label_order = list(string) - id_length_limit = number - }) + type = any default = { enabled = true namespace = null + tenant = null environment = null stage = null name = null @@ -67,6 +63,17 @@ variable "context" { regex_replace_chars = null label_order = [] id_length_limit = null + label_key_case = null + label_value_case = null + descriptor_formats = {} + # Note: we have to use [] instead of null for unset lists due to + # https://github.com/hashicorp/terraform/issues/28137 + # which was not fixed until Terraform 1.0.0, + # but we want the default to be all the labels in `label_order` + # and we want users to be able to prevent all tag generation + # by setting `labels_as_tags` to `[]`, so we need + # a different sentinel to indicate "default" + labels_as_tags = ["unset"] } description = <<-EOT Single object for setting entire context at once. @@ -75,6 +82,16 @@ variable "context" { Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } } variable "enabled" { @@ -86,32 +103,42 @@ variable "enabled" { variable "namespace" { type = string default = null - description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" + description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique" +} + +variable "tenant" { + type = string + default = null + description = "ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for" } variable "environment" { type = string default = null - description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" + description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'" } variable "stage" { type = string default = null - description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" + description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'" } variable "name" { type = string default = null - description = "Solution name, e.g. 'app' or 'jenkins'" + description = <<-EOT + ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. + This is the only ID element not also included as a `tag`. + The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. + EOT } variable "delimiter" { type = string default = null description = <<-EOT - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. EOT } @@ -119,36 +146,64 @@ variable "delimiter" { variable "attributes" { type = list(string) default = [] - description = "Additional attributes (e.g. `1`)" + description = <<-EOT + ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, + in the order they appear in the list. New attributes are appended to the + end of the list. The elements of the list are joined by the `delimiter` + and treated as a single ID element. + EOT +} + +variable "labels_as_tags" { + type = set(string) + default = ["default"] + description = <<-EOT + Set of labels (ID elements) to include as tags in the `tags` output. + Default is to include all labels. + Tags with empty values will not be included in the `tags` output. + Set to `[]` to suppress all generated tags. + **Notes:** + The value of the `name` tag, if included, will be the `id`, not the `name`. + Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be + changed in later chained modules. Attempts to change it will be silently ignored. + EOT } variable "tags" { type = map(string) default = {} - description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" + description = <<-EOT + Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). + Neither the tag keys nor the tag values will be modified by this module. + EOT } variable "additional_tag_map" { type = map(string) default = {} - description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." + description = <<-EOT + Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. + This is for some rare cases where resources want additional configuration of tags + and therefore take a list of maps with tag key, value, and additional configuration. + EOT } variable "label_order" { type = list(string) default = null description = <<-EOT - The naming order of the id output and Name tag. + The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. - You can omit any of the 5 elements, but at least one must be present. - EOT + You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. + EOT } variable "regex_replace_chars" { type = string default = null description = <<-EOT - Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + Terraform regular expression (regex) string. + Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. EOT } @@ -157,11 +212,68 @@ variable "id_length_limit" { type = number default = null description = <<-EOT - Limit `id` to this many characters. + Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. - Set to `null` for default, which is `0`. + Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`. EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of the `tags` keys (label names) for tags generated by this module. + Does not affect keys of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + Controls the letter case of ID elements (labels) as included in `id`, + set as tag values, and output by this module individually. + Does not affect values of tags passed in via the `tags` input. + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} + +variable "descriptor_formats" { + type = any + default = {} + description = <<-EOT + Describe additional descriptors to be output in the `descriptors` output map. + Map of maps. Keys are names of descriptors. Values are maps of the form + `{ + format = string + labels = list(string) + }` + (Type is `any` so the map values can later be enhanced to provide additional options.) + `format` is a Terraform format string to be passed to the `format()` function. + `labels` is a list of labels, in order, to pass to `format()` function. + Label values will be normalized before being passed to `format()` so they will be + identical to how they appear in `id`. + Default is `{}` (`descriptors` output will be empty). + EOT } #### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/main.tf b/main.tf index 232e711e..457a8dae 100644 --- a/main.tf +++ b/main.tf @@ -13,7 +13,7 @@ module "ecr" { } resource "aws_cloudwatch_log_group" "app" { - count = var.cloudwatch_log_group_enabled ? 1 : 0 + count = module.this.enabled && var.cloudwatch_log_group_enabled ? 1 : 0 name = module.this.id tags = module.this.tags @@ -108,13 +108,13 @@ module "container_definition" { locals { alb = { - container_name = coalesce(var.alb_container_name, module.this.id) + container_name = var.alb_container_name != null ? var.alb_container_name : module.this.id container_port = var.container_port elb_name = null target_group_arn = module.alb_ingress.target_group_arn } nlb = { - container_name = coalesce(var.nlb_container_name, module.this.id) + container_name = var.alb_container_name != null ? var.alb_container_name : module.this.id container_port = var.nlb_container_port elb_name = null target_group_arn = var.nlb_ingress_target_group_arn From 8626b86b6a6f44ba0d18ea1ca4805a1874d0da06 Mon Sep 17 00:00:00 2001 From: dylanbannon Date: Mon, 10 Apr 2023 14:18:58 -0700 Subject: [PATCH 82/82] git-xargs programmatic commit (#193) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 655f6303..d1d74612 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ SHELL := /bin/bash # List of targets the `readme` target should call before generating the readme export README_DEPS ?= docs/targets.md docs/terraform.md --include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness) +-include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness) ## Lint terraform code lint: