terraform-aws-modules · antonbabenko · Oct 31, 2023 · Oct 27, 2023 · Oct 30, 2023 · Oct 30, 2023
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.3
+    rev: v1.83.5
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/modules/cluster/README.md b/modules/cluster/README.md
@@ -161,7 +161,6 @@ No modules.
 | [aws_iam_role_policy_attachment.task_exec_additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_policy_document.task_exec](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.task_exec_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 
 ## Inputs
 

diff --git a/modules/cluster/main.tf b/modules/cluster/main.tf
@@ -1,5 +1,3 @@
-data "aws_partition" "current" {}
-
 ################################################################################
 # Cluster
 ################################################################################
@@ -194,7 +192,7 @@ data "aws_iam_policy_document" "task_exec_assume" {
 
     principals {
       type        = "Service"
-      identifiers = ["ecs-tasks.${data.aws_partition.current.dns_suffix}"]
+      identifiers = ["ecs-tasks.amazonaws.com"]
     }
   }
 }

diff --git a/modules/service/main.tf b/modules/service/main.tf
@@ -4,7 +4,6 @@ data "aws_caller_identity" "current" {}
 
 locals {
   account_id = data.aws_caller_identity.current.account_id
-  dns_suffix = data.aws_partition.current.dns_suffix
   partition  = data.aws_partition.current.partition
   region     = data.aws_region.current.name
 }
@@ -419,7 +418,7 @@ data "aws_iam_policy_document" "service_assume" {
 
     principals {
       type        = "Service"
-      identifiers = ["ecs.${local.dns_suffix}"]
+      identifiers = ["ecs.amazonaws.com"]
     }
   }
 }
@@ -758,7 +757,7 @@ data "aws_iam_policy_document" "task_exec_assume" {
 
     principals {
       type        = "Service"
-      identifiers = ["ecs-tasks.${local.dns_suffix}"]
+      identifiers = ["ecs-tasks.amazonaws.com"]
     }
   }
 }
@@ -909,7 +908,7 @@ data "aws_iam_policy_document" "tasks_assume" {
 
     principals {
       type        = "Service"
-      identifiers = ["ecs-tasks.${local.dns_suffix}"]
+      identifiers = ["ecs-tasks.amazonaws.com"]
     }
 
     # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#create_task_iam_policy_and_role

diff --git a/wrappers/cluster/main.tf b/wrappers/cluster/main.tf
@@ -3,32 +3,32 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                = try(each.value.create, var.defaults.create, true)
-  tags                  = try(each.value.tags, var.defaults.tags, {})
-  cluster_name          = try(each.value.cluster_name, var.defaults.cluster_name, "")
-  cluster_configuration = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  autoscaling_capacity_providers         = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
+  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
+  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
+  cloudwatch_log_group_tags              = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  cluster_configuration                  = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  cluster_name                           = try(each.value.cluster_name, var.defaults.cluster_name, "")
+  cluster_service_connect_defaults       = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
   cluster_settings = try(each.value.cluster_settings, var.defaults.cluster_settings, {
     name  = "containerInsights"
     value = "enabled"
   })
-  cluster_service_connect_defaults        = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
+  create                                  = try(each.value.create, var.defaults.create, true)
   create_cloudwatch_log_group             = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_retention_in_days  = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
-  cloudwatch_log_group_kms_key_id         = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
-  cloudwatch_log_group_tags               = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
   default_capacity_provider_use_fargate   = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
   fargate_capacity_providers              = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
-  autoscaling_capacity_providers          = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
-  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  tags                                    = try(each.value.tags, var.defaults.tags, {})
+  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_name                 = try(each.value.task_exec_iam_role_name, var.defaults.task_exec_iam_role_name, null)
-  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_role_path                 = try(each.value.task_exec_iam_role_path, var.defaults.task_exec_iam_role_path, null)
-  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_permissions_boundary = try(each.value.task_exec_iam_role_permissions_boundary, var.defaults.task_exec_iam_role_permissions_boundary, null)
-  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
   task_exec_iam_role_policies             = try(each.value.task_exec_iam_role_policies, var.defaults.task_exec_iam_role_policies, {})
-  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
-  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
-  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
+  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_statements                = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {})
+  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
 }
diff --git a/wrappers/container-definition/main.tf b/wrappers/container-definition/main.tf
@@ -3,15 +3,18 @@ module "wrapper" {
 
   for_each = var.items
 
-  operating_system_family                = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
+  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
+  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
   command                                = try(each.value.command, var.defaults.command, [])
   cpu                                    = try(each.value.cpu, var.defaults.cpu, null)
+  create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
   dependencies                           = try(each.value.dependencies, var.defaults.dependencies, [])
   disable_networking                     = try(each.value.disable_networking, var.defaults.disable_networking, null)
   dns_search_domains                     = try(each.value.dns_search_domains, var.defaults.dns_search_domains, [])
   dns_servers                            = try(each.value.dns_servers, var.defaults.dns_servers, [])
   docker_labels                          = try(each.value.docker_labels, var.defaults.docker_labels, {})
   docker_security_options                = try(each.value.docker_security_options, var.defaults.docker_security_options, [])
+  enable_cloudwatch_logging              = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
   entrypoint                             = try(each.value.entrypoint, var.defaults.entrypoint, [])
   environment                            = try(each.value.environment, var.defaults.environment, [])
   environment_files                      = try(each.value.environment_files, var.defaults.environment_files, [])
@@ -29,24 +32,21 @@ module "wrapper" {
   memory_reservation                     = try(each.value.memory_reservation, var.defaults.memory_reservation, null)
   mount_points                           = try(each.value.mount_points, var.defaults.mount_points, [])
   name                                   = try(each.value.name, var.defaults.name, null)
+  operating_system_family                = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX")
   port_mappings                          = try(each.value.port_mappings, var.defaults.port_mappings, [])
   privileged                             = try(each.value.privileged, var.defaults.privileged, false)
   pseudo_terminal                        = try(each.value.pseudo_terminal, var.defaults.pseudo_terminal, false)
   readonly_root_filesystem               = try(each.value.readonly_root_filesystem, var.defaults.readonly_root_filesystem, true)
   repository_credentials                 = try(each.value.repository_credentials, var.defaults.repository_credentials, {})
   resource_requirements                  = try(each.value.resource_requirements, var.defaults.resource_requirements, [])
   secrets                                = try(each.value.secrets, var.defaults.secrets, [])
+  service                                = try(each.value.service, var.defaults.service, "")
   start_timeout                          = try(each.value.start_timeout, var.defaults.start_timeout, 30)
   stop_timeout                           = try(each.value.stop_timeout, var.defaults.stop_timeout, 120)
   system_controls                        = try(each.value.system_controls, var.defaults.system_controls, [])
+  tags                                   = try(each.value.tags, var.defaults.tags, {})
   ulimits                                = try(each.value.ulimits, var.defaults.ulimits, [])
   user                                   = try(each.value.user, var.defaults.user, null)
   volumes_from                           = try(each.value.volumes_from, var.defaults.volumes_from, [])
   working_directory                      = try(each.value.working_directory, var.defaults.working_directory, null)
-  service                                = try(each.value.service, var.defaults.service, "")
-  enable_cloudwatch_logging              = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true)
-  create_cloudwatch_log_group            = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 30)
-  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
-  tags                                   = try(each.value.tags, var.defaults.tags, {})
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -3,34 +3,34 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                = try(each.value.create, var.defaults.create, true)
-  tags                  = try(each.value.tags, var.defaults.tags, {})
-  cluster_name          = try(each.value.cluster_name, var.defaults.cluster_name, "")
-  cluster_configuration = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  autoscaling_capacity_providers         = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
+  cloudwatch_log_group_kms_key_id        = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
+  cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
+  cloudwatch_log_group_tags              = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  cluster_configuration                  = try(each.value.cluster_configuration, var.defaults.cluster_configuration, {})
+  cluster_name                           = try(each.value.cluster_name, var.defaults.cluster_name, "")
+  cluster_service_connect_defaults       = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
   cluster_settings = try(each.value.cluster_settings, var.defaults.cluster_settings, {
     name  = "containerInsights"
     value = "enabled"
   })
-  cluster_service_connect_defaults        = try(each.value.cluster_service_connect_defaults, var.defaults.cluster_service_connect_defaults, {})
   cluster_tags                            = try(each.value.cluster_tags, var.defaults.cluster_tags, {})
+  create                                  = try(each.value.create, var.defaults.create, true)
   create_cloudwatch_log_group             = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
-  cloudwatch_log_group_retention_in_days  = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 90)
-  cloudwatch_log_group_kms_key_id         = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
-  cloudwatch_log_group_tags               = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
   default_capacity_provider_use_fargate   = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
   fargate_capacity_providers              = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
-  autoscaling_capacity_providers          = try(each.value.autoscaling_capacity_providers, var.defaults.autoscaling_capacity_providers, {})
-  create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
+  services                                = try(each.value.services, var.defaults.services, {})
+  tags                                    = try(each.value.tags, var.defaults.tags, {})
+  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_name                 = try(each.value.task_exec_iam_role_name, var.defaults.task_exec_iam_role_name, null)
-  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_role_path                 = try(each.value.task_exec_iam_role_path, var.defaults.task_exec_iam_role_path, null)
-  task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_permissions_boundary = try(each.value.task_exec_iam_role_permissions_boundary, var.defaults.task_exec_iam_role_permissions_boundary, null)
-  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
   task_exec_iam_role_policies             = try(each.value.task_exec_iam_role_policies, var.defaults.task_exec_iam_role_policies, {})
-  create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
-  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
-  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, var.defaults.task_exec_iam_role_tags, {})
+  task_exec_iam_role_use_name_prefix      = try(each.value.task_exec_iam_role_use_name_prefix, var.defaults.task_exec_iam_role_use_name_prefix, true)
   task_exec_iam_statements                = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {})
-  services                                = try(each.value.services, var.defaults.services, {})
+  task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
 }