- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 631
Description
The ECS module currently contains incorrect logic in the dynamic "service_registries" block, which makes it impossible to pass valid service_registries inputs.
The block uses a list-wrapped map comprehension:
for_each = length(var.service_registries) > 0 ? [{ for k, v in var.service_registries : k => v if !local.is_external_deployment }] : []
This wraps the result of a map comprehension in a list. As a result, the for_each ends up with a list of one map, like this:
[
{
"https" = { ... },
"http" = { ... }
}
]
Terraform then iterates over the list, so each service_registries.value is the entire map — not a single registry object. This leads to the following error:
"This object does not have an attribute named 'registry_arn'"
Steps to reproduce:
service_registries = [
{
    registry_arn   = “somearn“
    container_name = ”test“
    container_port = 80
  }
]
Expected Behavior:
The for_each should iterate over the registry objects directly by using a simple filtered map when local.is_external_deployment is false.
Suggested correction:
for_each = local.is_external_deployment ? {} : { for k, v in var.service_registries : k => v }
This way, service_registries.value refers to a single registry object and attributes like registry_arn are accessible as expected.
Suggested Fix:
Replace the current for_each line with:
for_each = local.is_external_deployment ? {} : { for k, v in var.service_registries : k => v }
Module Version:
Confirmed issue in the latest version as of May 2025.
References:
AWS ECS documentation for service discovery
Terraform AWS provider aws_ecs_service resource documentation