Fix issue #72 task_definition known after apply

[tomwj]

Description

Using a data provider means terraform doesn't have the information required until runtime to determine if the task_definition needs to be updated. Subsequently an update is triggered on every apply. It has the information locally already, by removing the indirection of a data provider terraform can correctly reconcile if any updates are required prior to apply being run. Essentially it's making the dependency between the aws_ecs_service and aws_ecs_task_definition explicit rather than implied through the data provider and depends_on

https://www.terraform.io/docs/configuration/data-sources.html#data-resource-dependencies

Motivation and Context

Currently atlantis shows an update everytime a plan or apply is run despite no configuration changes.
#72

Breaking Changes

None that I'm aware of.

How Has This Been Tested?

• Confirmed that updating the vars that are used in the task_definition trigger an update
• Manually create a new task_definition revision and confirm that terraform will role back to the

AWS, plan/apply and manual changes

[antonbabenko]

This PR is not going to work for the situation when a user deploys Atlantis once and then uses something else to update ECS Task Definition (eg, deploy new version of an image).

I remember that I and some other people I know used ecs-deploy or similar tools to do actual deployments. This way we were sure that all infrastructure was managed as code and the image was updating during CI/CD process. I may not remember all details now, but in general, this was the process. I don't remember what is the right approach to avoid what you are experiencing.

/cc @maartenvanderhoef @osterman Do you remember what is the right solution to achieve a clean plan with task_definition every time?

[maartenvanderhoef]

Hi, what if you only drop the depends_on from the aws_ecs_task_definition datasource, IIRC depends_on inside datasources causes weird behaviour like this.

One of the workaround I can find here hashicorp/terraform#11806 would be:

data "aws_ecs_task_definition" "atlantis" {		
   task_definition = "${var.name}${replace(aws_ecs_task_definition.atlantis.arn, "/.*/", "")}"
}

or

data "aws_ecs_task_definition" "atlantis" {		
   task_definition = replace(aws_ecs_task_definition.atlantis.arn, "/.*/", var.name)
}

[domcleal]

Hi, what if you only drop the depends_on from the aws_ecs_task_definition datasource, IIRC depends_on inside datasources causes weird behaviour like this.

I think depends_on is needed for the first apply of this module to work, as the data source will fail if the task definition didn't already exist. Unfortunately data sources that depend on resources will always cause this behaviour of showing up in plans.

This PR is not going to work for the situation when a user deploys Atlantis once and then uses something else to update ECS Task Definition (eg, deploy new version of an image).

I've opened #163 which keeps this working with a new input variable, is this a reasonable compromise do you think?

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.