terraform-aws-modules
diff --git a/‎README.md
Lines changed: 25 additions & 30 deletions b/‎README.md
Lines changed: 25 additions & 30 deletions
diff --git a/‎docs/README.md
Lines changed: 3 additions & 3 deletions b/‎docs/README.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/UPGRADE-6.0.md
Lines changed: 183 additions & 2 deletions b/‎docs/UPGRADE-6.0.md
Lines changed: 183 additions & 2 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 13 additions & 16 deletions b/‎examples/complete/main.tf
Lines changed: 13 additions & 16 deletions
diff --git a/‎examples/ec2-autoscaling/main.tf
Lines changed: 24 additions & 22 deletions b/‎examples/ec2-autoscaling/main.tf
Lines changed: 24 additions & 22 deletions
@@ -321,20 +321,20 @@ The default behavior of the container definition module is to create the CloudWa
        # FluentBit sidecar is required for Firelens
        fluent-bit = {
          image = data.aws_ssm_parameter.fluentbit.value
-         firelens_configuration = {
+         firelensConfiguration = {
            type = "fluentbit"
          }
          # ...
        }
 
        default = {
-         dependencies = [{
+         dependsOn = [{
            containerName = "fluent-bit"
            condition     = "START"
          }]
 
          enable_cloudwatch_logging = false
-         log_configuration = {
+         logConfiguration = {
            logDriver = "awsfirelens"
            options = {
              # ...
 
@@ -55,21 +55,202 @@ module "ecs" {
 
   # Truncated for brevity ...
 
+  # Container definition(s)
+  container_definitions = {
+
+    fluent-bit = {
+      cpu       = 512
+      memory    = 1024
+      essential = true
+      image     = "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable"
+      firelens_configuration = {
+        type = "fluentbit"
+      }
+      memory_reservation = 50
+      user               = "0"
+    }
+
+    ecsdemo-frontend = {
+      cpu       = 512
+      memory    = 1024
+      essential = true
+      image     = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50"
+      port_mappings = [
+        {
+          name          = ecsdemo-frontend
+          containerPort = 3000
+          hostPort      = 3000
+          protocol      = "tcp"
+        }
+      ]
+
+      # Example image used requires access to write to root filesystem
+      readonly_root_filesystem = false
+
+      dependencies = [{
+        containerName = "fluent-bit"
+        condition     = "START"
+      }]
+
+      enable_cloudwatch_logging = false
+      log_configuration = {
+        logDriver = "awsfirelens"
+        options = {
+          Name                    = "firehose"
+          region                  = local.region
+          delivery_stream         = "my-stream"
+          log-driver-buffer-limit = "2097152"
+        }
+      }
+
+      linux_parameters = {
+        capabilities = {
+          add = []
+          drop = [
+            "NET_RAW"
+          ]
+        }
+      }
+
+      # Not required for fluent-bit, just an example
+      volumes_from = [{
+        sourceContainer = "fluent-bit"
+        readOnly        = false
+      }]
+
+      memory_reservation = 100
+    }
+  }
+
+  security_group_rules = {
+    alb_ingress_3000 = {
+      type                     = "ingress"
+      from_port                = 3000
+      description              = "Service port"
+      source_security_group_id = module.alb.security_group_id
+    }
+    egress_all = {
+      type        = "egress"
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
 }
 ```
 
 ### After 6.x Example
 
+#### Service
+
 ```hcl
 module "ecs" {
-  source  = "terraform-aws-modules/ecs/aws"
+  source  = "terraform-aws-modules/ecs/aws//modules/service"
   version = "~> 6.0"
 
   # Truncated for brevity ...
 
+  # Container definition(s)
+  container_definitions = {
+
+    fluent-bit = {
+      cpu       = 512
+      memory    = 1024
+      essential = true
+      image     = "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable"
+      firelensConfiguration = {
+        type = "fluentbit"
+      }
+      memoryReservation = 50
+      user              = "0"
+    }
+
+    ecsdemo-frontend = {
+      cpu       = 512
+      memory    = 1024
+      essential = true
+      image     = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50"
+      portMappings = [
+        {
+          name          = "ecsdemo-frontend"
+          containerPort = 3000
+          hostPort      = 3000
+          protocol      = "tcp"
+        }
+      ]
+
+      # Example image used requires access to write to root filesystem
+      readonlyRootFilesystem = false
+
+      dependsOn = [{
+        containerName = "fluent-bit"
+        condition     = "START"
+      }]
+
+      enable_cloudwatch_logging = false
+      logConfiguration = {
+        logDriver = "awsfirelens"
+        options = {
+          Name                    = "firehose"
+          region                  = local.region
+          delivery_stream         = "my-stream"
+          log-driver-buffer-limit = "2097152"
+        }
+      }
+
+      linuxParameters = {
+        capabilities = {
+          add = []
+          drop = [
+            "NET_RAW"
+          ]
+        }
+      }
+
+      restartPolicy = {
+        enabled              = true
+        ignoredExitCodes     = [1]
+        restartAttemptPeriod = 60
+      }
+
+      # Not required for fluent-bit, just an example
+      volumesFrom = [{
+        sourceContainer = "fluent-bit"
+        readOnly        = false
+      }]
+
+      memoryReservation = 100
+    }
+  }
+
+  security_group_ingress_rules = {
+    alb_3000 = {
+      description                  = "Service port"
+      from_port                    = 3000
+      referenced_security_group_id = module.alb.security_group_id
+    }
+  }
+  security_group_egress_rules = {
+    all = {
+      ip_protocol = "-1"
+      cidr_ipv4   = "0.0.0.0/0"
+    }
+  }
 }
 ```
 
 ### State Changes
 
-TODO
+#### Service
+
+```sh
+terraform state rm 'module.ecs_service.aws_security_group_rule.this["alb_ingress_3000"]'
+terraform state import 'module.ecs_service.aws_vpc_security_group_ingress_rule.this["alb_3000"]' 'sg-xxx'
+
+terraform state rm 'module.ecs_service.aws_security_group_rule.this["egress_all"]'
+terraform state import 'module.ecs_service.aws_vpc_security_group_egress_rule.this["all"]' 'sg-xxx'
+
+```
+
+The inline tasks `aws_iam_role_policy` cannot be moved or imported into a standalone `aws_iam_policy`. It must be re-created.
@@ -89,7 +89,7 @@ module "ecs" {
             command = ["CMD-SHELL", "curl -f http://localhost:${local.container_port}/health || exit 1"]
           }
 
-          portPappings = [
+          portMappings = [
             {
               name          = local.container_name
               containerPort = local.container_port
@@ -101,12 +101,12 @@ module "ecs" {
           # Example image used requires access to write to root filesystem
           readonlyRootFilesystem = false
 
-          dependencies = [{
+          dependsOn = [{
             containerName = "fluent-bit"
             condition     = "START"
           }]
 
-          enableCloudwatchLogging = false
+          enable_cloudwatch_logging = false
           logConfiguration = {
             logDriver = "awsfirelens"
             options = {
@@ -168,21 +168,18 @@ module "ecs" {
 
       subnet_ids                    = module.vpc.private_subnets
       availability_zone_rebalancing = "ENABLED"
-      security_group_rules = {
-        alb_ingress_3000 = {
-          type                     = "ingress"
-          from_port                = local.container_port
-          to_port                  = local.container_port
-          protocol                 = "tcp"
-          description              = "Service port"
-          source_security_group_id = module.alb.security_group_id
+      security_group_ingress_rules = {
+        alb_3000 = {
+          from_port                    = local.container_port
+          description                  = "Service port"
+          referenced_security_group_id = module.alb.security_group_id
         }
-        egress_all = {
-          type        = "egress"
-          from_port   = 0
+      }
+      security_group_egress_rules = {
+        all = {
+          cidr_ipv4   = "0.0.0.0/0"
           to_port     = 0
-          protocol    = "-1"
-          cidr_blocks = ["0.0.0.0/0"]
+          ip_protocol = "-1"
         }
       }
     }
 
@@ -117,36 +117,37 @@ module "ecs_service" {
   container_definitions = {
     (local.container_name) = {
       image = "public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest"
-      port_mappings = [
+      portMappings = [
         {
           name          = local.container_name
           containerPort = local.container_port
+          hostPort      = local.container_port
           protocol      = "tcp"
         }
       ]
 
-      mount_points = [
+      mountPoints = [
         {
           sourceVolume  = "my-vol",
           containerPath = "/var/www/my-vol"
         },
         {
-          containerPath = "/ebs/data"
           sourceVolume  = "ebs-volume"
+          containerPath = "/ebs/data"
         }
       ]
 
-      entry_point = ["/usr/sbin/apache2", "-D", "FOREGROUND"]
+      entryPoint = ["/usr/sbin/apache2", "-D", "FOREGROUND"]
 
       # Example image used requires access to write to root filesystem
-      readonly_root_filesystem = false
+      readonlyRootFilesystem = false
 
       enable_cloudwatch_logging              = true
       create_cloudwatch_log_group            = true
       cloudwatch_log_group_name              = "/aws/ecs/${local.name}/${local.container_name}"
       cloudwatch_log_group_retention_in_days = 7
 
-      log_configuration = {
+      logLonfiguration = {
         logDriver = "awslogs"
       }
     }
@@ -162,11 +163,10 @@ module "ecs_service" {
 
   subnet_ids = module.vpc.private_subnets
   security_group_ingress_rules = {
-    alb_http_ingress = {
-      from_port                = local.container_port
-      protocol                 = "tcp"
-      description              = "Service port"
-      source_security_group_id = module.alb.security_group_id
+    alb_http = {
+      from_port                    = local.container_port
+      description                  = "Service port"
+      referenced_security_group_id = module.alb.security_group_id
     }
   }
 
@@ -261,7 +261,7 @@ module "autoscaling" {
     ex_1 = {
       instance_type              = "t3.large"
       use_mixed_instances_policy = false
-      mixed_instances_policy     = {}
+      mixed_instances_policy     = null
       user_data                  = <<-EOT
         #!/bin/bash
 
@@ -284,16 +284,18 @@ module "autoscaling" {
           spot_allocation_strategy                 = "price-capacity-optimized"
         }
 
-        override = [
-          {
-            instance_type     = "m4.large"
-            weighted_capacity = "2"
-          },
-          {
-            instance_type     = "t3.large"
-            weighted_capacity = "1"
-          },
-        ]
+        launch_template = {
+          override = [
+            {
+              instance_type     = "m4.large"
+              weighted_capacity = "2"
+            },
+            {
+              instance_type     = "t3.large"
+              weighted_capacity = "1"
+            },
+          ]
+        }
       }
       user_data = <<-EOT
         #!/bin/bash