From 36add8c1d1a939b0ff3cdfad521635c486d4c58a Mon Sep 17 00:00:00 2001
From: pwillis-oi <pwillis@outsideinc.com>
Date: Tue, 29 Jul 2025 09:53:53 -0400
Subject: [PATCH 1/2] Use a valid default default_capacity_provider_strategy

If the default value is null, the module fails with `Error: Iteration over null value`. This changes the default from null to an empty map to avoid this error.
---
 modules/cluster/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/cluster/variables.tf b/modules/cluster/variables.tf
index fae86a9..577e644 100644
--- a/modules/cluster/variables.tf
+++ b/modules/cluster/variables.tf
@@ -147,7 +147,7 @@ variable "default_capacity_provider_strategy" {
     name   = optional(string) # Will fall back to use map key if not set
     weight = optional(number)
   }))
-  default = null
+  default = {}
 }
 
 ################################################################################

From b00f2cf5a8727a55d33b41be6c172b151cf10833 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Tue, 29 Jul 2025 09:28:46 -0500
Subject: [PATCH 2/2] fix: Disallow null and update docs

---
 .pre-commit-config.yaml      | 2 +-
 modules/cluster/README.md    | 2 +-
 modules/cluster/variables.tf | 3 ++-
 wrappers/cluster/main.tf     | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b784816..0bb0a2e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,8 +2,8 @@ repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.99.5
     hooks:
-      - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
+      - id: terraform_fmt
       - id: terraform_docs
         args:
           - '--args=--lockfile=false'
diff --git a/modules/cluster/README.md b/modules/cluster/README.md
index 06f4bd8..bb18050 100644
--- a/modules/cluster/README.md
+++ b/modules/cluster/README.md
@@ -177,7 +177,7 @@ No modules.
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no |
 | <a name="input_create_task_exec_iam_role"></a> [create\_task\_exec\_iam\_role](#input\_create\_task\_exec\_iam\_role) | Determines whether the ECS task definition IAM role should be created | `bool` | `false` | no |
 | <a name="input_create_task_exec_policy"></a> [create\_task\_exec\_policy](#input\_create\_task\_exec\_policy) | Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters | `bool` | `true` | no |
-| <a name="input_default_capacity_provider_strategy"></a> [default\_capacity\_provider\_strategy](#input\_default\_capacity\_provider\_strategy) | Map of default capacity provider strategy definitions to use for the cluster | <pre>map(object({<br/>    base   = optional(number)<br/>    name   = optional(string) # Will fall back to use map key if not set<br/>    weight = optional(number)<br/>  }))</pre> | `null` | no |
+| <a name="input_default_capacity_provider_strategy"></a> [default\_capacity\_provider\_strategy](#input\_default\_capacity\_provider\_strategy) | Map of default capacity provider strategy definitions to use for the cluster | <pre>map(object({<br/>    base   = optional(number)<br/>    name   = optional(string) # Will fall back to use map key if not set<br/>    weight = optional(number)<br/>  }))</pre> | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the cluster (up to 255 letters, numbers, hyphens, and underscores) | `string` | `""` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
 | <a name="input_service_connect_defaults"></a> [service\_connect\_defaults](#input\_service\_connect\_defaults) | Configures a default Service Connect namespace | <pre>object({<br/>    namespace = string<br/>  })</pre> | `null` | no |
diff --git a/modules/cluster/variables.tf b/modules/cluster/variables.tf
index 577e644..495e5dd 100644
--- a/modules/cluster/variables.tf
+++ b/modules/cluster/variables.tf
@@ -147,7 +147,8 @@ variable "default_capacity_provider_strategy" {
     name   = optional(string) # Will fall back to use map key if not set
     weight = optional(number)
   }))
-  default = {}
+  default  = {}
+  nullable = false
 }
 
 ################################################################################
diff --git a/wrappers/cluster/main.tf b/wrappers/cluster/main.tf
index e18fc62..bbd27c5 100644
--- a/wrappers/cluster/main.tf
+++ b/wrappers/cluster/main.tf
@@ -20,7 +20,7 @@ module "wrapper" {
   create_cloudwatch_log_group        = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, true)
   create_task_exec_iam_role          = try(each.value.create_task_exec_iam_role, var.defaults.create_task_exec_iam_role, false)
   create_task_exec_policy            = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
-  default_capacity_provider_strategy = try(each.value.default_capacity_provider_strategy, var.defaults.default_capacity_provider_strategy, null)
+  default_capacity_provider_strategy = try(each.value.default_capacity_provider_strategy, var.defaults.default_capacity_provider_strategy, {})
   name                               = try(each.value.name, var.defaults.name, "")
   region                             = try(each.value.region, var.defaults.region, null)
   service_connect_defaults           = try(each.value.service_connect_defaults, var.defaults.service_connect_defaults, null)