fix: Corrections

Author: bryantbiggs

README.md

@@ -168,21 +168,18 @@ module "ecs" {
 
       subnet_ids                    = module.vpc.private_subnets
       availability_zone_rebalancing = "ENABLED"
-      security_group_rules = {
-        alb_ingress_3000 = {
-          type                     = "ingress"
-          from_port                = local.container_port
-          to_port                  = local.container_port
-          protocol                 = "tcp"
-          description              = "Service port"
-          source_security_group_id = module.alb.security_group_id
+      security_group_ingress_rules = {
+        alb_3000 = {
+          from_port                    = local.container_port
+          description                  = "Service port"
+          referenced_security_group_id = module.alb.security_group_id
         }
-        egress_all = {
-          type        = "egress"
-          from_port   = 0
+      }
+      security_group_egress_rules = {
+        all = {
+          cidr_ipv4   = "0.0.0.0/0"
           to_port     = 0
-          protocol    = "-1"
-          cidr_blocks = ["0.0.0.0/0"]
+          ip_protocol = "-1"
         }
       }
     }

examples/complete/main.tf

@@ -162,11 +162,10 @@ module "ecs_service" {
 
   subnet_ids = module.vpc.private_subnets
   security_group_ingress_rules = {
-    alb_http_ingress = {
-      from_port                = local.container_port
-      protocol                 = "tcp"
-      description              = "Service port"
-      source_security_group_id = module.alb.security_group_id
+    alb_http = {
+      from_port                    = local.container_port
+      description                  = "Service port"
+      referenced_security_group_id = module.alb.security_group_id
     }
   }
 
@@ -261,7 +260,7 @@ module "autoscaling" {
     ex_1 = {
       instance_type              = "t3.large"
       use_mixed_instances_policy = false
-      mixed_instances_policy     = {}
+      mixed_instances_policy     = null
       user_data                  = <<-EOT
         #!/bin/bash
 
@@ -284,16 +283,18 @@ module "autoscaling" {
           spot_allocation_strategy                 = "price-capacity-optimized"
         }
 
-        override = [
-          {
-            instance_type     = "m4.large"
-            weighted_capacity = "2"
-          },
-          {
-            instance_type     = "t3.large"
-            weighted_capacity = "1"
-          },
-        ]
+        launch_template = {
+          override = [
+            {
+              instance_type     = "m4.large"
+              weighted_capacity = "2"
+            },
+            {
+              instance_type     = "t3.large"
+              weighted_capacity = "1"
+            },
+          ]
+        }
       }
       user_data = <<-EOT
         #!/bin/bash

examples/ec2-autoscaling/main.tf

@@ -68,19 +68,19 @@ module "ecs_service" {
       memory    = 1024
       essential = true
       image     = nonsensitive(data.aws_ssm_parameter.fluentbit.value)
-      firelens_configuration = {
+      firelensConfiguration = {
         type = "fluentbit"
       }
-      memory_reservation = 50
-      user               = "0"
+      memoryReservation = 50
+      user              = "0"
     }
 
     (local.container_name) = {
       cpu       = 512
       memory    = 1024
       essential = true
       image     = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50"
-      port_mappings = [
+      portMappings = [
         {
           name          = local.container_name
           containerPort = local.container_port
@@ -90,15 +90,15 @@ module "ecs_service" {
       ]
 
       # Example image used requires access to write to root filesystem
-      readonly_root_filesystem = false
+      readonlyRootFilesystem = false
 
       dependencies = [{
         containerName = "fluent-bit"
         condition     = "START"
       }]
 
       enable_cloudwatch_logging = false
-      log_configuration = {
+      logConfiguration = {
         logDriver = "awsfirelens"
         options = {
           Name                    = "firehose"
@@ -108,7 +108,7 @@ module "ecs_service" {
         }
       }
 
-      linux_parameters = {
+      linuxParameters = {
         capabilities = {
           add = []
           drop = [
@@ -117,19 +117,19 @@ module "ecs_service" {
         }
       }
 
-      restart_policy = {
+      restartPolicy = {
         enabled              = true
         ignoredExitCodes     = [1]
         restartAttemptPeriod = 60
       }
 
       # Not required for fluent-bit, just an example
-      volumes_from = [{
+      volumesFrom = [{
         sourceContainer = "fluent-bit"
         readOnly        = false
       }]
 
-      memory_reservation = 100
+      memoryReservation = 100
     }
   }
 
@@ -157,15 +157,15 @@ module "ecs_service" {
 
   subnet_ids = module.vpc.private_subnets
   security_group_ingress_rules = {
-    alb_ingress_3000 = {
+    alb_3000 = {
       description                  = "Service port"
       from_port                    = local.container_port
       ip_protocol                  = "tcp"
       referenced_security_group_id = module.alb.security_group_id
     }
   }
   security_group_egress_rules = {
-    egress_all = {
+    all = {
       ip_protocol = "-1"
       cidr_ipv4   = "0.0.0.0/0"
     }

examples/fargate/main.tf

@@ -174,7 +174,7 @@ No modules.
 | <a name="input_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | Custom name of CloudWatch Log Group for ECS cluster | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | Number of days to retain log events | `number` | `90` | no |
 | <a name="input_cloudwatch_log_group_tags"></a> [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | A map of additional tags to add to the log group created | `map(string)` | `{}` | no |
-| <a name="input_configuration"></a> [configuration](#input\_configuration) | The execute command configuration for the cluster | <pre>object({<br/>    execute_command_configuration = optional(object({<br/>      kms_key_id = optional(string)<br/>      log_configuration = optional(object({<br/>        cloud_watch_encryption_enabled = optional(bool)<br/>        cloud_watch_log_group_name     = optional(string)<br/>        s3_bucket_encryption_enabled   = optional(bool)<br/>        s3_bucket_name                 = optional(string)<br/>        s3_kms_key_id                  = optional(string)<br/>      }))<br/>      logging = optional(string, "OVERRIDE")<br/>    }))<br/>    managed_storage_configuration = optional(object({<br/>      fargate_ephemeral_storage_kms_key_id = optional(string)<br/>      kms_key_id                           = optional(string)<br/>    }))<br/>  })</pre> | <pre>{<br/>  "execute_command_configuration": {<br/>    "log_configuration": {<br/>      "cloud_watch_log_group_name": "placeholder"<br/>    }<br/>  }<br/>}</pre> | no |
+| <a name="input_configuration"></a> [configuration](#input\_configuration) | The execute command configuration for the cluster | <pre>object({<br/>    execute_command_configuration = optional(object({<br/>      kms_key_id = optional(string)<br/>      log_configuration = optional(object({<br/>        cloud_watch_encryption_enabled = optional(bool)<br/>        cloud_watch_log_group_name     = optional(string)<br/>        s3_bucket_encryption_enabled   = optional(bool)<br/>        s3_bucket_name                 = optional(string)<br/>        s3_kms_key_id                  = optional(string)<br/>        s3_key_prefix                  = optional(string)<br/>      }))<br/>      logging = optional(string, "OVERRIDE")<br/>    }))<br/>    managed_storage_configuration = optional(object({<br/>      fargate_ephemeral_storage_kms_key_id = optional(string)<br/>      kms_key_id                           = optional(string)<br/>    }))<br/>  })</pre> | <pre>{<br/>  "execute_command_configuration": {<br/>    "log_configuration": {<br/>      "cloud_watch_log_group_name": "placeholder"<br/>    }<br/>  }<br/>}</pre> | no |
 | <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
 | <a name="input_create_task_exec_iam_role"></a> [create\_task\_exec\_iam\_role](#input\_create\_task\_exec\_iam\_role) | Determines whether the ECS task definition IAM role should be created | `bool` | `false` | no |

modules/cluster/README.md

@@ -103,7 +103,7 @@ resource "aws_ecs_cluster_capacity_providers" "this" {
   cluster_name = aws_ecs_cluster.this[0].name
   capacity_providers = distinct(concat(
     [for k, v in var.default_capacity_provider_strategy : try(coalesce(v.name, k))],
-    [for k, v in var.autoscaling_capacity_providers : try(coalesce(v.name, k))]
+    var.autoscaling_capacity_providers != null ? [for k, v in var.autoscaling_capacity_providers : try(coalesce(v.name, k))] : []
   ))
 
   # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html#capacity-providers-considerations
@@ -112,7 +112,7 @@ resource "aws_ecs_cluster_capacity_providers" "this" {
 
     content {
       base              = default_capacity_provider_strategy.value.base
-      capacity_provider = default_capacity_provider_strategy.value.name
+      capacity_provider = try(coalesce(default_capacity_provider_strategy.value.name, default_capacity_provider_strategy.key))
       weight            = default_capacity_provider_strategy.value.weight
     }
   }

modules/cluster/main.tf

@@ -31,6 +31,7 @@ variable "configuration" {
         s3_bucket_encryption_enabled   = optional(bool)
         s3_bucket_name                 = optional(string)
         s3_kms_key_id                  = optional(string)
+        s3_key_prefix                  = optional(string)
       }))
       logging = optional(string, "OVERRIDE")
     }))

modules/cluster/variables.tf

@@ -182,7 +182,7 @@ No modules.
 | <a name="input_resourceRequirements"></a> [resourceRequirements](#input\_resourceRequirements) | The type and amount of a resource to assign to a container. The only supported resource is a GPU | <pre>list(object({<br/>    type  = string<br/>    value = string<br/>  }))</pre> | `null` | no |
 | <a name="input_restartPolicy"></a> [restartPolicy](#input\_restartPolicy) | Container restart policy; helps overcome transient failures faster and maintain task availability | <pre>object({<br/>    enabled              = optional(bool, true)<br/>    ignoredExitCodes     = optional(list(number))<br/>    restartAttemptPeriod = optional(number)<br/>  })</pre> | <pre>{<br/>  "enabled": true<br/>}</pre> | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the Amazon Elastic Container Service Developer Guide | <pre>list(object({<br/>    name      = string<br/>    valueFrom = string<br/>  }))</pre> | `null` | no |
-| <a name="input_service"></a> [service](#input\_service) | The name of the service that the container definition is associated with | `string` | `""` | no |
+| <a name="input_service"></a> [service](#input\_service) | The name of the service that the container definition is associated with. Used in CloudWatch log group default name (if one is not provided) | `string` | `null` | no |
 | <a name="input_startTimeout"></a> [startTimeout](#input\_startTimeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no |
 | <a name="input_stopTimeout"></a> [stopTimeout](#input\_stopTimeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `120` | no |
 | <a name="input_systemControls"></a> [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | <pre>list(object({<br/>    namespace = optional(string)<br/>    value     = optional(string)<br/>  }))</pre> | `null` | no |

modules/container-definition/README.md

@@ -5,7 +5,9 @@ data "aws_region" "current" {
 locals {
   is_not_windows = contains(["LINUX"], var.operating_system_family)
 
-  log_group_name = try(coalesce(var.cloudwatch_log_group_name, "/aws/ecs/${var.service}/${var.name}"), "")
+  service        = var.service != null ? "/${var.service}" : ""
+  name           = var.name != null ? "/${var.name}" : ""
+  log_group_name = try(coalesce(var.cloudwatch_log_group_name, "/aws/ecs${local.service}${local.name}"), "")
 
   logConfiguration = merge(
     {

modules/container-definition/main.tf

@@ -361,9 +361,9 @@ variable "workingDirectory" {
 ################################################################################
 
 variable "service" {
-  description = "The name of the service that the container definition is associated with"
+  description = "The name of the service that the container definition is associated with. Used in CloudWatch log group default name (if one is not provided)"
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "enable_cloudwatch_logging" {