| Name | Version |
|---|---|
| terraform | ~> 1.5 |
| aws | ~> 5.100 |
| Name | Version |
|---|---|
| aws | 5.100.0 |
| terraform | n/a |
| Name | Source | Version |
|---|---|---|
| ecs_task_execution_role | terraform.registry.launch.nttdata.com/module_primitive/iam_role/aws | ~> 0.1.0 |
| ecs_task_execution_custom_access_policy | terraform.registry.launch.nttdata.com/module_primitive/iam_policy/aws | ~> 0.3.0 |
| ecs_task_execution_custom_access_policy_attachment | terraform.registry.launch.nttdata.com/module_primitive/iam_role_policy_attachment/aws | ~> 0.1.0 |
| ecs_task_role | terraform.registry.launch.nttdata.com/module_primitive/iam_role/aws | ~> 0.1.0 |
| ecs_task_role_custom_policies | terraform.registry.launch.nttdata.com/module_primitive/iam_policy/aws | ~> 0.3.0 |
| ecs_task_role_custom_policies_attachment | terraform.registry.launch.nttdata.com/module_primitive/iam_role_policy_attachment/aws | ~> 0.1.0 |
| ecs_task | terraform.registry.launch.nttdata.com/module_primitive/ecs_task/aws | ~> 0.1.1 |
| Name | Type |
|---|---|
| terraform_data.role_validation | resource |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| tags | A map of tags to assign to all resources created by this module. | map(string) |
{} |
no |
| ecs_container_name | Name for the ECS container | string |
null |
no |
| log_group_name | Name for the CloudWatch log group | string |
null |
no |
| ecs_task_family | The family name of the ECS task definition | string |
n/a | yes |
| ecs_task_requires_compatibilities | The launch types required by the task (e.g., FARGATE, EC2) | list(string) |
[ |
no |
| ecs_task_network_mode | The Docker networking mode to use for the containers in the task | string |
"awsvpc" |
no |
| ecs_task_cpu | The number of CPU units used by the task | string |
"256" |
no |
| ecs_task_memory | The amount (in MiB) of memory used by the task | string |
"512" |
no |
| execution_role_arn | The ARN of the task execution role that containers can assume | string |
null |
no |
| task_role_arn | The ARN of the IAM role that containers in this task can assume | string |
null |
no |
| create_execution_role | Whether to create the ECS task execution role | bool |
true |
no |
| create_task_role | Whether to create the ECS task role | bool |
true |
no |
| execution_role_name | Name of the execution role to create (if create_execution_role is true) | string |
null |
no |
| task_role_name | Name of the task role to create (if create_task_role is true) | string |
null |
no |
| execution_role_description | Description for the execution role | string |
"ECS task execution role for pulling container images and managing logs" |
no |
| task_role_description | Description for the task role | string |
"ECS task role for accessing AWS services from ECS tasks" |
no |
| secrets_manager_arns | List of Secrets Manager ARNs that the execution role should have access to | list(string) |
[] |
no |
| execution_kms_key_arns | List of KMS key ARNs that the execution role should have decrypt access to | list(string) |
[] |
no |
| execution_efs_file_system_arns | List of EFS file system ARNs that the execution role should have access to | list(string) |
[] |
no |
| s3_bucket_arns | List of S3 bucket ARNs that the task role should have access to | list(string) |
[] |
no |
| task_kms_key_arns | List of KMS key ARNs that the task role should have decrypt access to | list(string) |
[] |
no |
| task_efs_file_system_arns | List of EFS file system ARNs that the task role should have access to | list(string) |
[] |
no |
| efs_access_point_arns | List of EFS access point ARNs that the task role should have access to | list(string) |
[] |
no |
| enable_ecs_exec | Whether to enable ECS Exec for the task | bool |
false |
no |
| custom_task_policies | List of custom managed policy ARNs to attach to the task role | list(string) |
[] |
no |
| container_name | The name of the container | string |
null |
no |
| container_image | The image to use for the container | string |
n/a | yes |
| container_cpu | The number of cpu units reserved for the container | number |
256 |
no |
| container_memory | The amount (in MiB) of memory reserved for the container | number |
512 |
no |
| container_environment | A list of environment variables to pass to the container | list(map(string)) |
[] |
no |
| container_port_mappings | A list of port mappings for the container | list(object({ |
[] |
no |
| secrets_manager_secrets | Map of environment variable names to Secrets Manager secret ARNs or names | map(string) |
{} |
no |
| container_secrets | List of secrets to pass to container (legacy format) | list(object({ |
[] |
no |
| ephemeral_storage | The amount of ephemeral storage to allocate for the task | object({ |
null |
no |
| ipc_mode | The IPC resource namespace to be used for the containers in the task | string |
null |
no |
| pid_mode | The process namespace to use for the containers in the task | string |
null |
no |
| skip_destroy | Whether to skip destroying the task definition | bool |
false |
no |
| track_latest | Whether the ECS service should track the latest ACTIVE revision | bool |
false |
no |
| placement_constraints | Configuration block for placement constraints | list(object({ |
[] |
no |
| proxy_configuration | Configuration block for the proxy configuration | object({ |
null |
no |
| runtime_platform | Configuration block for runtime platform | object({ |
null |
no |
| volumes | Configuration block for volumes | list(object({ |
[] |
no |
| path | The path for the IAM role. | string |
null |
no |
| ecs_secrets_permissions | Permissions for accessing secrets in ECS tasks | object({ |
{ |
no |
| ecs_execution_kms_permissions | KMS permissions for ECS task execution role | object({ |
{ |
no |
| ecs_execution_efs_permissions | EFS permissions for ECS task execution role | object({ |
{ |
no |
| execution_policy_name | The name of the IAM policy. | string |
null |
no |
| task_policy_name | The name of the IAM policy for the task role. | string |
null |
no |
| custom_ecs_execution_policies | List of custom policy ARNs to attach to ECS task execution role | list(string) |
[] |
no |
| ecs_efs_s3_kms_arns | List of KMS key ARNs used by the containerized app to decrypt data. ARN of KMS key used by the containerized app to decrypt data you explicitly encrypted with KMS for the files stored in EFS volume; ARN of the KMS key used by ECS task to read files from S3 buckets that are encrypted with SSE‑KMS; ARN of KMS key used for any client‑side encryption where the container performs decryption. |
list(string) |
[] |
no |
| ecs_task_kms_permissions | KMS permissions for ECS task role | object({ |
{ |
no |
| region | AWS region or availability zone (e.g., us-west-1a, eu-west-2). Optional, used for regional resources. | string |
"" |
no |
| ecs_task_cloudwatch_permissions | CloudWatch Logs permissions for ECS task role | object({ |
{ |
no |
| ecs_task_ssm_permissions | SSM Session Manager permissions for ECS task role | object({ |
{ |
no |
| ecs_task_appconfig_permissions | AppConfig permissions for ECS task role | object({ |
{ |
no |
| ecs_task_s3_permissions | S3 permissions for ECS task role | object({ |
{ |
no |
| ecs_task_efs_permissions | EFS permissions for ECS task role | object({ |
{ |
no |
| ecs_task_efs_s3_permissions | S3 permissions for EFS integration with ECS task role | object({ |
{ |
no |
| Name | Description |
|---|---|
| tags | Merged tags with default, module-specific, and user-provided tags |
| ecs_task_family_name | The fully formatted resource name following DMV naming convention |
| ecs_container_name | The fully formatted ECS container name following DMV naming convention |
| log_group_name | The fully formatted log group name following DMV naming convention |
| task_definition_arn | The ARN of the ECS task definition |
| task_definition_arn_without_revision | The ARN of the ECS task definition without revision |
| task_definition_family | The family of the ECS task definition |
| task_definition_revision | The revision of the ECS task definition |
| task_definition_network_mode | The Docker networking mode used by the task |
| task_definition_requires_compatibilities | The launch types required by the task |
| task_definition_cpu | The number of CPU units used by the task |
| task_definition_memory | The amount of memory (in MiB) used by the task |
| task_execution_role_arn | The ARN of the task execution role |
| task_role_arn | The ARN of the task role |
| ecs_task_execution_role_arn | The ARN of the created ECS task execution role (if created) |
| ecs_task_execution_role_name | The name of the created ECS task execution role (if created) |
| ecs_task_execution_role_unique_id | The unique ID of the created ECS task execution role (if created) |
| ecs_task_role_arn | The ARN of the created ECS task role (if created) |
| ecs_task_role_name | The name of the created ECS task role (if created) |
| ecs_task_role_id | The unique ID of the created ECS task role (if created) |
| ecs_task_role_unique_id | The unique ID of the created ECS task role (if created) |
| ecs_task_role_create_date | The creation date of the created ECS task role (if created) |
| ecs_task_role_tags | The tags applied to the created ECS task role (if created) |
| ecs_task_role_custom_policy_arns | Map of custom policy names to their ARNs for the ECS task role |
| ecs_task_role_custom_policy_names | Map of custom policy names to their names for the ECS task role |
| ecs_task_role_custom_policy_ids | Map of custom policy names to their IDs for the ECS task role |
| container_names | List of container names in the task definition |
| container_definitions | The container definitions in JSON format |
| task_definition_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block |
| track_latest | Whether the ECS service tracks the latest ACTIVE revision |
| placement_constraints | The placement constraints for the task |
| volumes | The volume configuration for the task |