diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index 8afc085..e8bafab 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -8,11 +8,6 @@ on:
release:
types: [published]
-env:
- DEFAULT_REGION: us-east-1
- AWS_ACCESS_KEY_ID: localstack
- AWS_SECRET_ACCESS_KEY: localstack
-
jobs:
check-format:
runs-on: ubuntu-latest
@@ -28,7 +23,13 @@ jobs:
container: hashicorp/terraform
strategy:
matrix: {
- dir: ['examples/test']
+ dir: [
+ 'examples/basic',
+ 'examples/log-configuration-cw',
+ 'examples/log-configuration-s3',
+ 'examples/setting-container-insights',
+ 'examples/service-connect-defaults'
+ ]
}
steps:
- name: Checkout repository
@@ -45,15 +46,14 @@ jobs:
container: hashicorp/terraform
strategy:
matrix: {
- dir: ['examples/test']
+ dir: [
+ 'examples/basic',
+ 'examples/log-configuration-cw',
+ 'examples/log-configuration-s3',
+ 'examples/setting-container-insights',
+ 'examples/service-connect-defaults'
+ ]
}
- services:
- localstack:
- image: localstack/localstack
- env:
- SERVICES: apigateway,cloudformation,cloudwatch,dynamodb,es,firehose,iam,kinesis,lambda,route53,redshift,s3,secretsmanager,ses,sns,sqs,ssm,stepfunctions,sts
- ports:
- - 4566:4566
steps:
- name: Checkout repository
uses: actions/checkout@v3
@@ -69,7 +69,13 @@ jobs:
name: Show infracost diff
strategy:
matrix: {
- dir: ['examples/test']
+ dir: [
+ 'examples/basic',
+ 'examples/log-configuration-cw',
+ 'examples/log-configuration-s3',
+ 'examples/setting-container-insights',
+ 'examples/service-connect-defaults'
+ ]
}
steps:
- name: Check out repository
diff --git a/.gitignore b/.gitignore
index bba452b..1f0b2f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
-# Created by https://www.toptal.com/developers/gitignore/api/linux,macos,windows,terraform,visualstudiocode,sublimetext
-# Edit at https://www.toptal.com/developers/gitignore?templates=linux,macos,windows,terraform,visualstudiocode,sublimetext
+# Created by https://www.toptal.com/developers/gitignore/api/linux,macos,windows,terraform,sublimetext,visualstudiocode
+# Edit at https://www.toptal.com/developers/gitignore?templates=linux,macos,windows,terraform,sublimetext,visualstudiocode
### Linux ###
*~
@@ -163,4 +163,4 @@ $RECYCLE.BIN/
# Windows shortcuts
*.lnk
-# End of https://www.toptal.com/developers/gitignore/api/linux,macos,windows,terraform,visualstudiocode,sublimetext
+# End of https://www.toptal.com/developers/gitignore/api/linux,macos,windows,terraform,sublimetext,visualstudiocode
diff --git a/README.md b/README.md
index 18331aa..da0bf18 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ In order to run all checks at any point run the following command:
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.24.0 |
+| [aws](#provider\_aws) | 5.15.0 |
## Modules
@@ -57,8 +57,10 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [containerInsights](#input\_containerInsights) | Enables container insights if true | `bool` | `false` | no |
-| [name](#input\_name) | The name of the cluster (up to 255 letters, numbers, hyphens, and underscores) | `any` | n/a | yes |
+| [configuration](#input\_configuration) | (Optional) The execute command configuration for the cluster. | object({
# The details of the execute command configuration.
execute_command_configuration = object({
# The AWS Key Management Service key ID to encrypt the data between the local client and the container.
kms_key_id = optional(string)
# The log configuration for the results of the execute command actions Required when logging is OVERRIDE.
log_configuration = object({
# Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.
cloud_watch_encryption_enabled = optional(bool)
# The name of the CloudWatch log group to send logs to.
cloud_watch_log_group_name = optional(string)
# The name of the S3 bucket to send logs to.
s3_bucket_name = optional(string)
# Whether or not to enable encryption on the logs sent to S3. If not specified, encryption will be disabled.
s3_bucket_encryption_enabled = optional(bool)
# An optional folder in the S3 bucket to place logs in.
s3_key_prefix = optional(string)
})
# The log setting to use for redirecting logs for your execute command results. Valid values are NONE, DEFAULT, and OVERRIDE.
logging = optional(string)
})
}) | `null` | no |
+| [containerInsights](#input\_containerInsights) | (Optional) Enables container insights if true | `bool` | `false` | no |
+| [name](#input\_name) | (Required) Name of the cluster (up to 255 letters, numbers, hyphens, and underscores). | `any` | n/a | yes |
+| [service\_connect\_defaults](#input\_service\_connect\_defaults) | (Optional) Configures a default Service Connect namespace. | object({
# The ARN of the aws_service_discovery_http_namespace that's used when you create a service and don't specify a Service Connect configuration.
namespace = string
}) | `null` | no |
| [tags](#input\_tags) | Resource tags | `map(string)` | `{}` | no |
## Outputs
diff --git a/examples/basic/.terraform.lock.hcl b/examples/basic/.terraform.lock.hcl
new file mode 100644
index 0000000..a62df8a
--- /dev/null
+++ b/examples/basic/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.15.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=",
+ "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a",
+ "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854",
+ "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07",
+ "zh:51e6cf850de8a8ae0e3b4e55b45ca2e6632a149c5851158f3c2711af51adb277",
+ "zh:5703eacc47d5a8169d1028f8cfcdf32cd12972ebea8780e870f520020280258a",
+ "zh:6a77e0406126208ae217c416e4b59940cd989df4d7d5ac23dfe8043725ff8f6a",
+ "zh:702cc6db865aeee571a639a81be3ed36326dcbda5c0a2ca91c9280772fce3e49",
+ "zh:8279822c5a267869d4459e429ad7b3b8ffaa36de2f6ca29cf7779214783ddf3a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:bcb74854b0742a03b46e526bc2a79f556988c7622d54ebb2ccefc72c9759e9bc",
+ "zh:c7b0f4e94a9351a004a5555e91c8fe5b7da8cd2e03411cbd59d135ea8fceedd8",
+ "zh:cec427b1ef0e0948fd16736c72de57438fafcd8eeb5aab3bb1131579d2d6d031",
+ "zh:d5e4819851e52c15283064f6fa8cb8179a69cc981bee39e9b5ce5f027da8e251",
+ "zh:dade91d49309813b7453b053429678c8e7185e5ac54b2f68edb2ffea20242149",
+ "zh:e05e1395a738317a6761b592a5643ea5e660abd32de36ece68809cfd04a6a8e3",
+ ]
+}
diff --git a/examples/test/main.tf b/examples/basic/main.tf
similarity index 100%
rename from examples/test/main.tf
rename to examples/basic/main.tf
diff --git a/examples/basic/mock_provider.tf b/examples/basic/mock_provider.tf
new file mode 100644
index 0000000..d93c85e
--- /dev/null
+++ b/examples/basic/mock_provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-east-1"
+ skip_credentials_validation = true
+ skip_requesting_account_id = true
+ skip_metadata_api_check = true
+ access_key = "mock_access_key"
+ secret_key = "mock_secret_key"
+}
diff --git a/examples/log-configuration-cw/.terraform.lock.hcl b/examples/log-configuration-cw/.terraform.lock.hcl
new file mode 100644
index 0000000..a62df8a
--- /dev/null
+++ b/examples/log-configuration-cw/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.15.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=",
+ "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a",
+ "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854",
+ "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07",
+ "zh:51e6cf850de8a8ae0e3b4e55b45ca2e6632a149c5851158f3c2711af51adb277",
+ "zh:5703eacc47d5a8169d1028f8cfcdf32cd12972ebea8780e870f520020280258a",
+ "zh:6a77e0406126208ae217c416e4b59940cd989df4d7d5ac23dfe8043725ff8f6a",
+ "zh:702cc6db865aeee571a639a81be3ed36326dcbda5c0a2ca91c9280772fce3e49",
+ "zh:8279822c5a267869d4459e429ad7b3b8ffaa36de2f6ca29cf7779214783ddf3a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:bcb74854b0742a03b46e526bc2a79f556988c7622d54ebb2ccefc72c9759e9bc",
+ "zh:c7b0f4e94a9351a004a5555e91c8fe5b7da8cd2e03411cbd59d135ea8fceedd8",
+ "zh:cec427b1ef0e0948fd16736c72de57438fafcd8eeb5aab3bb1131579d2d6d031",
+ "zh:d5e4819851e52c15283064f6fa8cb8179a69cc981bee39e9b5ce5f027da8e251",
+ "zh:dade91d49309813b7453b053429678c8e7185e5ac54b2f68edb2ffea20242149",
+ "zh:e05e1395a738317a6761b592a5643ea5e660abd32de36ece68809cfd04a6a8e3",
+ ]
+}
diff --git a/examples/log-configuration-cw/main.tf b/examples/log-configuration-cw/main.tf
new file mode 100644
index 0000000..9bf9f7d
--- /dev/null
+++ b/examples/log-configuration-cw/main.tf
@@ -0,0 +1,25 @@
+resource "aws_kms_key" "example" {
+ description = "example"
+ deletion_window_in_days = 7
+}
+
+resource "aws_cloudwatch_log_group" "example" {
+ name = "example"
+}
+
+module "cluster" {
+ source = "../../"
+ name = "test-cluster"
+
+ configuration = {
+ execute_command_configuration = {
+ kms_key_id = aws_kms_key.example.arn
+ logging = "OVERRIDE"
+
+ log_configuration = {
+ cloud_watch_encryption_enabled = true
+ cloud_watch_log_group_name = aws_cloudwatch_log_group.example.name
+ }
+ }
+ }
+}
diff --git a/examples/log-configuration-cw/mock_provider.tf b/examples/log-configuration-cw/mock_provider.tf
new file mode 100644
index 0000000..d93c85e
--- /dev/null
+++ b/examples/log-configuration-cw/mock_provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-east-1"
+ skip_credentials_validation = true
+ skip_requesting_account_id = true
+ skip_metadata_api_check = true
+ access_key = "mock_access_key"
+ secret_key = "mock_secret_key"
+}
diff --git a/examples/log-configuration-s3/.terraform.lock.hcl b/examples/log-configuration-s3/.terraform.lock.hcl
new file mode 100644
index 0000000..a62df8a
--- /dev/null
+++ b/examples/log-configuration-s3/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.15.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=",
+ "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a",
+ "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854",
+ "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07",
+ "zh:51e6cf850de8a8ae0e3b4e55b45ca2e6632a149c5851158f3c2711af51adb277",
+ "zh:5703eacc47d5a8169d1028f8cfcdf32cd12972ebea8780e870f520020280258a",
+ "zh:6a77e0406126208ae217c416e4b59940cd989df4d7d5ac23dfe8043725ff8f6a",
+ "zh:702cc6db865aeee571a639a81be3ed36326dcbda5c0a2ca91c9280772fce3e49",
+ "zh:8279822c5a267869d4459e429ad7b3b8ffaa36de2f6ca29cf7779214783ddf3a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:bcb74854b0742a03b46e526bc2a79f556988c7622d54ebb2ccefc72c9759e9bc",
+ "zh:c7b0f4e94a9351a004a5555e91c8fe5b7da8cd2e03411cbd59d135ea8fceedd8",
+ "zh:cec427b1ef0e0948fd16736c72de57438fafcd8eeb5aab3bb1131579d2d6d031",
+ "zh:d5e4819851e52c15283064f6fa8cb8179a69cc981bee39e9b5ce5f027da8e251",
+ "zh:dade91d49309813b7453b053429678c8e7185e5ac54b2f68edb2ffea20242149",
+ "zh:e05e1395a738317a6761b592a5643ea5e660abd32de36ece68809cfd04a6a8e3",
+ ]
+}
diff --git a/examples/log-configuration-s3/main.tf b/examples/log-configuration-s3/main.tf
new file mode 100644
index 0000000..107ba19
--- /dev/null
+++ b/examples/log-configuration-s3/main.tf
@@ -0,0 +1,26 @@
+resource "aws_kms_key" "example" {
+ description = "example"
+ deletion_window_in_days = 7
+}
+
+resource "aws_s3_bucket" "example" {
+ bucket = "my-tf-test-bucket"
+}
+
+module "cluster" {
+ source = "../../"
+ name = "test-cluster"
+
+ configuration = {
+ execute_command_configuration = {
+ kms_key_id = aws_kms_key.example.arn
+ logging = "OVERRIDE"
+
+ log_configuration = {
+ s3_bucket_name = aws_s3_bucket.example.bucket
+ s3_bucket_encryption_enabled = true
+ s3_key_prefix = "test-logs"
+ }
+ }
+ }
+}
diff --git a/examples/log-configuration-s3/mock_provider.tf b/examples/log-configuration-s3/mock_provider.tf
new file mode 100644
index 0000000..d93c85e
--- /dev/null
+++ b/examples/log-configuration-s3/mock_provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-east-1"
+ skip_credentials_validation = true
+ skip_requesting_account_id = true
+ skip_metadata_api_check = true
+ access_key = "mock_access_key"
+ secret_key = "mock_secret_key"
+}
diff --git a/examples/service-connect-defaults/.terraform.lock.hcl b/examples/service-connect-defaults/.terraform.lock.hcl
new file mode 100644
index 0000000..a62df8a
--- /dev/null
+++ b/examples/service-connect-defaults/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.15.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=",
+ "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a",
+ "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854",
+ "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07",
+ "zh:51e6cf850de8a8ae0e3b4e55b45ca2e6632a149c5851158f3c2711af51adb277",
+ "zh:5703eacc47d5a8169d1028f8cfcdf32cd12972ebea8780e870f520020280258a",
+ "zh:6a77e0406126208ae217c416e4b59940cd989df4d7d5ac23dfe8043725ff8f6a",
+ "zh:702cc6db865aeee571a639a81be3ed36326dcbda5c0a2ca91c9280772fce3e49",
+ "zh:8279822c5a267869d4459e429ad7b3b8ffaa36de2f6ca29cf7779214783ddf3a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:bcb74854b0742a03b46e526bc2a79f556988c7622d54ebb2ccefc72c9759e9bc",
+ "zh:c7b0f4e94a9351a004a5555e91c8fe5b7da8cd2e03411cbd59d135ea8fceedd8",
+ "zh:cec427b1ef0e0948fd16736c72de57438fafcd8eeb5aab3bb1131579d2d6d031",
+ "zh:d5e4819851e52c15283064f6fa8cb8179a69cc981bee39e9b5ce5f027da8e251",
+ "zh:dade91d49309813b7453b053429678c8e7185e5ac54b2f68edb2ffea20242149",
+ "zh:e05e1395a738317a6761b592a5643ea5e660abd32de36ece68809cfd04a6a8e3",
+ ]
+}
diff --git a/examples/service-connect-defaults/main.tf b/examples/service-connect-defaults/main.tf
new file mode 100644
index 0000000..7854859
--- /dev/null
+++ b/examples/service-connect-defaults/main.tf
@@ -0,0 +1,13 @@
+resource "aws_service_discovery_http_namespace" "example" {
+ name = "development"
+ description = "example"
+}
+
+module "cluster" {
+ source = "../../"
+ name = "test-cluster"
+
+ service_connect_defaults = {
+ namespace = aws_service_discovery_http_namespace.example.arn
+ }
+}
diff --git a/examples/service-connect-defaults/mock_provider.tf b/examples/service-connect-defaults/mock_provider.tf
new file mode 100644
index 0000000..d93c85e
--- /dev/null
+++ b/examples/service-connect-defaults/mock_provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-east-1"
+ skip_credentials_validation = true
+ skip_requesting_account_id = true
+ skip_metadata_api_check = true
+ access_key = "mock_access_key"
+ secret_key = "mock_secret_key"
+}
diff --git a/examples/setting-container-insights/.terraform.lock.hcl b/examples/setting-container-insights/.terraform.lock.hcl
new file mode 100644
index 0000000..a62df8a
--- /dev/null
+++ b/examples/setting-container-insights/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.15.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=",
+ "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a",
+ "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854",
+ "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07",
+ "zh:51e6cf850de8a8ae0e3b4e55b45ca2e6632a149c5851158f3c2711af51adb277",
+ "zh:5703eacc47d5a8169d1028f8cfcdf32cd12972ebea8780e870f520020280258a",
+ "zh:6a77e0406126208ae217c416e4b59940cd989df4d7d5ac23dfe8043725ff8f6a",
+ "zh:702cc6db865aeee571a639a81be3ed36326dcbda5c0a2ca91c9280772fce3e49",
+ "zh:8279822c5a267869d4459e429ad7b3b8ffaa36de2f6ca29cf7779214783ddf3a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:bcb74854b0742a03b46e526bc2a79f556988c7622d54ebb2ccefc72c9759e9bc",
+ "zh:c7b0f4e94a9351a004a5555e91c8fe5b7da8cd2e03411cbd59d135ea8fceedd8",
+ "zh:cec427b1ef0e0948fd16736c72de57438fafcd8eeb5aab3bb1131579d2d6d031",
+ "zh:d5e4819851e52c15283064f6fa8cb8179a69cc981bee39e9b5ce5f027da8e251",
+ "zh:dade91d49309813b7453b053429678c8e7185e5ac54b2f68edb2ffea20242149",
+ "zh:e05e1395a738317a6761b592a5643ea5e660abd32de36ece68809cfd04a6a8e3",
+ ]
+}
diff --git a/examples/setting-container-insights/main.tf b/examples/setting-container-insights/main.tf
new file mode 100644
index 0000000..7bd3e9c
--- /dev/null
+++ b/examples/setting-container-insights/main.tf
@@ -0,0 +1,6 @@
+module "cluster" {
+ source = "../../"
+ name = "test-cluster"
+
+ containerInsights = true
+}
diff --git a/examples/setting-container-insights/mock_provider.tf b/examples/setting-container-insights/mock_provider.tf
new file mode 100644
index 0000000..d93c85e
--- /dev/null
+++ b/examples/setting-container-insights/mock_provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4"
+ }
+ }
+}
+
+provider "aws" {
+ region = "us-east-1"
+ skip_credentials_validation = true
+ skip_requesting_account_id = true
+ skip_metadata_api_check = true
+ access_key = "mock_access_key"
+ secret_key = "mock_secret_key"
+}
diff --git a/examples/test/.terraform.lock.hcl b/examples/test/.terraform.lock.hcl
deleted file mode 100644
index 0f2f727..0000000
--- a/examples/test/.terraform.lock.hcl
+++ /dev/null
@@ -1,22 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
- version = "4.0.0"
- constraints = ">= 4.0.0"
- hashes = [
- "h1:StwpoFw0rXHgAVGV1M/QZaN9OfGx/3+mo1EjjFpbu9w=",
- "h1:XjvC5UMR+bRj8Rt9T2VhJdryCfe6lxDaXUSOKFviV5c=",
- "zh:02937cb37860b022e7d996726e7584ca23904baf7852d266f2dd7891ee088ae4",
- "zh:259dd5790ec5f4e6814c9584c79834dce3d719e932ce662b21f13434e9441194",
- "zh:2d230c8c92c3cb2c07471a4324d802c44365dcf99fe0d562cc737d1f964e9c1d",
- "zh:380b04e78934519469e699c537516ae1674d15f77c6778c2738cd69374b661aa",
- "zh:3d7121da1fa92166c9ea26f3c9839cef06833420d6c46978b4cbbfd0b5050791",
- "zh:6b7f5a3b28ec3a631d689f599a39bfe98ca5b785353b01e374cff655b097a791",
- "zh:7882291716d2d03df5ece721429770452db76c712fcff08964c3a7c0b639f703",
- "zh:95250c5768610d69a28501f03176b6a05a5d5ac2ae317cb582d94b044b3272b3",
- "zh:b16a622a76bee455c8b256d828f8a60515e1e9dad38420a4db1be9b9e16d474a",
- "zh:c805822f0ba57e8063b6201e1f351aa4dbd5ad8886dedd25d809e5aeb9aa0259",
- "zh:e1c3a0da5576aec4a48f897cd04b739c1f533cdb0005ce4c7f5bc45808b799b1",
- ]
-}
diff --git a/examples/test/mock_provider.tf b/examples/test/mock_provider.tf
deleted file mode 100644
index bcc022c..0000000
--- a/examples/test/mock_provider.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-terraform {
- required_version = ">= 0.13"
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 4"
- }
- }
-}
-
-provider "aws" {
- region = "us-east-1"
- skip_credentials_validation = true
- skip_requesting_account_id = true
- skip_metadata_api_check = true
- s3_use_path_style = true
-
- endpoints {
- apigateway = "http://localstack:4566"
- cloudformation = "http://localstack:4566"
- cloudwatch = "http://localstack:4566"
- dynamodb = "http://localstack:4566"
- es = "http://localstack:4566"
- firehose = "http://localstack:4566"
- iam = "http://localstack:4566"
- kinesis = "http://localstack:4566"
- lambda = "http://localstack:4566"
- route53 = "http://localstack:4566"
- redshift = "http://localstack:4566"
- s3 = "http://localstack:4566"
- secretsmanager = "http://localstack:4566"
- ses = "http://localstack:4566"
- sns = "http://localstack:4566"
- sqs = "http://localstack:4566"
- ssm = "http://localstack:4566"
- stepfunctions = "http://localstack:4566"
- sts = "http://localstack:4566"
- }
-}
diff --git a/main.tf b/main.tf
index 2709ce9..88712a8 100644
--- a/main.tf
+++ b/main.tf
@@ -5,6 +5,36 @@ resource "aws_ecs_cluster" "cluster" {
name = var.name
tags = var.tags
+ dynamic "configuration" {
+ for_each = toset(var.configuration != null ? [var.configuration] : [])
+ content {
+ dynamic "execute_command_configuration" {
+ for_each = [configuration.value.execute_command_configuration]
+ content {
+ kms_key_id = try(execute_command_configuration.value.kms_key_id, null)
+ dynamic "log_configuration" {
+ for_each = try([execute_command_configuration.value.log_configuration], [])
+ content {
+ cloud_watch_encryption_enabled = try(log_configuration.value.cloud_watch_encryption_enabled, null)
+ cloud_watch_log_group_name = try(log_configuration.value.cloud_watch_log_group_name, null)
+ s3_bucket_name = try(log_configuration.value.s3_bucket_name, null)
+ s3_bucket_encryption_enabled = try(log_configuration.value.s3_bucket_encryption_enabled, null)
+ s3_key_prefix = try(log_configuration.value.s3_key_prefix, null)
+ }
+ }
+ logging = try(execute_command_configuration.value.logging, null)
+ }
+ }
+ }
+ }
+
+ dynamic "service_connect_defaults" {
+ for_each = toset(var.service_connect_defaults != null ? [var.service_connect_defaults] : [])
+ content {
+ namespace = service_connect_defaults.value.namespace
+ }
+ }
+
dynamic "setting" {
for_each = var.containerInsights == true ? [1] : []
content {
diff --git a/variables.tf b/variables.tf
index 4b63777..7aa51af 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2,17 +2,53 @@
# ECS CLUSTER
#------------------------------------------------------------------------------
variable "name" {
- description = "The name of the cluster (up to 255 letters, numbers, hyphens, and underscores)"
+ description = "(Required) Name of the cluster (up to 255 letters, numbers, hyphens, and underscores)."
}
-variable "tags" {
- type = map(string)
- default = {}
- description = "Resource tags"
+variable "configuration" {
+ description = "(Optional) The execute command configuration for the cluster."
+ type = object({
+ # The details of the execute command configuration.
+ execute_command_configuration = object({
+ # The AWS Key Management Service key ID to encrypt the data between the local client and the container.
+ kms_key_id = optional(string)
+ # The log configuration for the results of the execute command actions Required when logging is OVERRIDE.
+ log_configuration = object({
+ # Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.
+ cloud_watch_encryption_enabled = optional(bool)
+ # The name of the CloudWatch log group to send logs to.
+ cloud_watch_log_group_name = optional(string)
+ # The name of the S3 bucket to send logs to.
+ s3_bucket_name = optional(string)
+ # Whether or not to enable encryption on the logs sent to S3. If not specified, encryption will be disabled.
+ s3_bucket_encryption_enabled = optional(bool)
+ # An optional folder in the S3 bucket to place logs in.
+ s3_key_prefix = optional(string)
+ })
+ # The log setting to use for redirecting logs for your execute command results. Valid values are NONE, DEFAULT, and OVERRIDE.
+ logging = optional(string)
+ })
+ })
+ default = null
}
variable "containerInsights" {
- description = "Enables container insights if true"
+ description = "(Optional) Enables container insights if true"
type = bool
default = false
}
+
+variable "service_connect_defaults" {
+ description = "(Optional) Configures a default Service Connect namespace."
+ type = object({
+ # The ARN of the aws_service_discovery_http_namespace that's used when you create a service and don't specify a Service Connect configuration.
+ namespace = string
+ })
+ default = null
+}
+
+variable "tags" {
+ type = map(string)
+ default = {}
+ description = "Resource tags"
+}