v0.75.0

Add ECS Service Connect TLS and timeout @awkaplan (#235)

what

• Add support for TLS with Service Connect
• Add support for Service Connect timeouts

why

• Extend the module's functionality

references

• closes #214

🤖 Automatic Updates

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#233)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#232)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Bump golang.org/x/net from 0.17.0 to 0.23.0 in /test/src @dependabot (#230)

Bumps golang.org/x/net from 0.17.0 to 0.23.0.

Commits

• c48da13 http2: fix TestServerContinuationFlood flakes
• 762b58d http2: fix tipos in comment
• ba87210 http2: close connections when receiving too many headers
• ebc8168 all: fix some typos
• 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
• 448c44f http2: remove clientTester
• c7877ac http2: convert the remaining clientTester tests to testClientConn
• d8870b0 http2: use synthetic time in TestIdleConnTimeout
• d73acff http2: only set up deadline when Server.IdleTimeout is positive
• 89f602b http2: validate client/outgoing trailers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#228)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Bump golang.org/x/net from 0.7.0 to 0.17.0 in /test/src @dependabot (#224)

Bumps golang.org/x/net from 0.7.0 to 0.17.0.

Commits

• b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
• 88194ad go.mod: update golang.org/x dependencies
• 2b60a61 quic: fix several bugs in flow control accounting
• 73d82ef quic: handle DATA_BLOCKED frames
• 5d5a036 quic: handle streams moving from the data queue to the meta queue
• 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
• 21814e7 quic: validate connection id transport parameters
• a600b35 quic: avoid redundant MAX_DATA updates
• ea63359 http2: check stream body is present on read timeout
• ddd8598 quic: version negotiation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Add GitHub Settings @osterman (#223)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update R...

v0.74.0

🚀 Enhancements

feat: Add task_definition_arn_without_revision output @adamantike (#216)

what

• Add task_definition_arn_without_revision output, using the arn_without_revision attribute from aws_ecs_task_definition resource.
• Update minimum AWS provider version to v4.59.0.

why

• Useful for situations where the latest task definition is always desired.
• Avoiding manual string manipulation to strip the revision from the ARN.

references

• Added to AWS provider in version v4.59.0: hashicorp/terraform-provider-aws#27119

v0.73.0

Make `elb_name` optional @lagerfeuer (#215)

what

Make elb_name in ecs_load_balancer optional, as described in the linked Terraform docs for ECS Service.

why

Currently, when creating a service without elb_name, Terraform will fail because it expects the variable to be set. The workaround is to set it to null.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#load_balancer

v0.72.0

🚀 Enhancements

feat: support ECS service connect @gberenice (#212)

what

• This adds support for ECS Service connect, which is already supported by the provider, see service_connect_configuration block.

why

• Extend the module's functionality.

references

• There is a PR that partially covers this feature, but unfortunately, it's not active for a while, and there are requested changes to be done: #208

v0.71.0

feat: add pid and ipc mode to task def @dudymas (#206)

what

• add ipc_mode
• add pid_mode

why

• support host level access for monitoring processes

v0.70.0

fix external task definition must exist before first run @mightyguava (#204)

what

Change external task definition to a list(string) so that it can be flagged on without needing the task definition to already exist.

why

Fix this issue when using an external task definition

│   49:   count                    = local.enabled && var.task_definition == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

references

Similar to how this was solved for the task role arn https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/blob/main/variables.tf#L216-L226. The workaround for now is to use -target like mentioned in #123.

Sync github @max-lobur (#199)

Sync github from the template

v0.69.0

• No changes

v0.68.0

Accept map or list for policy arns @Nuru (#198)

what

• Accept both map (task_policy_arns_map, task_exec_policy_arns_map) and list (task_policy_arns, task_exec_policy_arns) inputs for policy ARNs. Supersedes and closes #196.
• Add depends_on for ecs_service resource to aws_iam_role_policy.ecs_service.
  • Closes #182
  • Closes #187

why

History

• Issue #167 is typical behavior when supplying a list of inputs to convert into resources. The solution to it is to provide a map of resources, so that changes are limited to what is necessary according to the change in inputs. Adding to or removing from the list, or changing the order of the list, no longer affects the list items that did not change, because each item is now referenced by the key in the map rather than its index in the list.
• PR #178 tried to fix #167 by using the input values as keys. However, this created issue #191, because the values (IAM Policy ARNs) are generated by the terraform apply and are therefore not known at plan time, which is a requirement.
• PR #194 fixed #198, but re-introduced #167, because it simply replaced the implicit "list index as key" with an explicit one in the case of list inputs.
• PR #195 used the values as keys, but this just recreated #191, so it was abandoned
• PR #196 used a little-used provider that tries to let us have it both ways: it gives us #167 if the values are unknown at plan time but works well if the values are known at plan time. Unfortunately, this can render a plan non-deterministic. Even more importantly, it does not give a user whose values are unknown at plan time a way to avoid #167.

This Solution

With the solution provided by this PR, any user can avoid #167 by providing a map whose keys are known at plan time, regardless of whether the values are known at plan time. Policy ARNs could be labeled by name, purpose, region, or whatever the user wants to avoid #167. Or, if the user doesn't care about #167, perhaps because they are only supplying a single Policy ARN, then they can just supply it in a list.

v0.67.1

🚀 Enhancements

Use map for task & task exec policy arns variables @joe-niland (#194)

what

• Replaced variables task_policy_arns and task_exec_policy_arns with task_policy_arns_map and task_exec_policy_arns_map respectively
• Existing variables were moved to variables-deprecated.tf and values will be internally converted to a map if variables are defined

why

• The for_each change implemented in 14008fc has the potential to cause the Terraform '"for_each" value depends on resource attributes that cannot be determined until apply' error.
• Modifying this input to use a map can circumvent this error

references

• closes #191

v0.67.0

Add option to trigger a redeployment on apply @joe-niland (#193)

what

• Adds a variable to enable/disable triggering a new ECS service deployment on apply.

why

• In aws provider v4.40.0 an option was added to allow triggering a new ECS service deployment on apply.
• This is useful so the service can be updated to the latest service/task configuration without needing to take additional steps are applying the Terraform config.

references

• None