From 0d9f94b3d681a6bde031b99a03057482ee0d8b69 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 7 Aug 2025 09:25:37 -0500 Subject: [PATCH] fix: Remove empty containers (map/list) from container definition --- examples/container-definition/README.md | 4 +++ .../definition_simple.json | 32 +++++++++++++++++++ examples/container-definition/main.tf | 21 ++++++++++++ examples/container-definition/outputs.tf | 23 +++++++++++++ modules/container-definition/README.md | 14 ++++---- modules/container-definition/main.tf | 17 ++++++---- modules/container-definition/variables.tf | 21 +++++------- modules/service/README.md | 2 +- modules/service/variables.tf | 6 +--- wrappers/container-definition/main.tf | 12 +++---- 10 files changed, 113 insertions(+), 39 deletions(-) create mode 100644 examples/container-definition/definition_simple.json diff --git a/examples/container-definition/README.md b/examples/container-definition/README.md index 0a65ec6..aeab045 100644 --- a/examples/container-definition/README.md +++ b/examples/container-definition/README.md @@ -36,12 +36,14 @@ Note that this example may create resources which will incur monetary charges on | Name | Source | Version | |------|--------|---------| | [ecs\_container\_definition](#module\_ecs\_container\_definition) | ../../modules/container-definition | n/a | +| [ecs\_container\_definition\_simple](#module\_ecs\_container\_definition\_simple) | ../../modules/container-definition | n/a | ## Resources | Name | Type | |------|------| | [null_resource.container_definition_json](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.container_definition_json_simple](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | ## Inputs @@ -57,6 +59,8 @@ Note that this example may create resources which will incur monetary charges on | [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of CloudWatch log group created | | [container\_definition](#output\_container\_definition) | Container definition | | [container\_definition\_json](#output\_container\_definition\_json) | Container definition | +| [container\_definition\_json\_simple](#output\_container\_definition\_json\_simple) | Container definition | +| [container\_definition\_simple](#output\_container\_definition\_simple) | Container definition | ## License diff --git a/examples/container-definition/definition_simple.json b/examples/container-definition/definition_simple.json new file mode 100644 index 0000000..b311d64 --- /dev/null +++ b/examples/container-definition/definition_simple.json @@ -0,0 +1,32 @@ +{ + "cpu": 256, + "essential": true, + "image": "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50", + "interactive": false, + "linuxParameters": { + "initProcessEnabled": false + }, + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "/aws/ecs", + "awslogs-region": "eu-west-1", + "awslogs-stream-prefix": "ecs" + } + }, + "memory": 512, + "portMappings": [ + { + "containerPort": 80, + "hostPort": 80, + "name": "app", + "protocol": "tcp" + } + ], + "privileged": false, + "pseudoTerminal": false, + "readonlyRootFilesystem": false, + "startTimeout": 30, + "stopTimeout": 120, + "versionConsistency": "disabled" +} diff --git a/examples/container-definition/main.tf b/examples/container-definition/main.tf index cc1e8af..2faf29b 100644 --- a/examples/container-definition/main.tf +++ b/examples/container-definition/main.tf @@ -155,3 +155,24 @@ module "ecs_container_definition" { tags = local.tags } + +module "ecs_container_definition_simple" { + source = "../../modules/container-definition" + + image = "public.ecr.aws/aws-containers/ecsdemo-frontend:776fd50" + cpu = 256 + memory = 512 + essential = true + readonlyRootFilesystem = false + portMappings = [{ + name = "app" + protocol = "tcp" + containerPort = 80 + hostPort = 80 + }] + restartPolicy = { + enabled = false + } + + tags = local.tags +} diff --git a/examples/container-definition/outputs.tf b/examples/container-definition/outputs.tf index 16521cf..f58c94c 100644 --- a/examples/container-definition/outputs.tf +++ b/examples/container-definition/outputs.tf @@ -25,6 +25,29 @@ resource "null_resource" "container_definition_json" { } } +output "container_definition_simple" { + description = "Container definition" + value = module.ecs_container_definition.container_definition +} + +output "container_definition_json_simple" { + description = "Container definition" + value = module.ecs_container_definition.container_definition_json +} + +resource "null_resource" "container_definition_json_simple" { + count = var.write_container_definition_to_file ? 1 : 0 + + triggers = { + container_definition_json = timestamp() + } + + provisioner "local-exec" { + # Need the output pretty-printed and sorted for comparison + command = "echo '${module.ecs_container_definition_simple.container_definition_json}' | jq -S > ./definition_simple.json" + } +} + ################################################################################ # CloudWatch Log Group ################################################################################ diff --git a/modules/container-definition/README.md b/modules/container-definition/README.md index 7b2109e..d210c9b 100644 --- a/modules/container-definition/README.md +++ b/modules/container-definition/README.md @@ -155,9 +155,9 @@ No modules. | [dockerSecurityOptions](#input\_dockerSecurityOptions) | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field isn't valid for containers in tasks using the Fargate launch type | `list(string)` | `null` | no | | [enable\_cloudwatch\_logging](#input\_enable\_cloudwatch\_logging) | Determines whether CloudWatch logging is configured for this container definition. Set to `false` to use other logging drivers | `bool` | `true` | no | | [enable\_execute\_command](#input\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no | -| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `[]` | no | -| [environment](#input\_environment) | The environment variables to pass to the container | 
list(object({
    name  = string
    value = string
  }))
| `[]` | no | -| [environmentFiles](#input\_environmentFiles) | A list of files containing the environment variables to pass to a container | 
list(object({
    value = string
    type  = string
  }))
| `[]` | no | +| [entrypoint](#input\_entrypoint) | The entry point that is passed to the container | `list(string)` | `null` | no | +| [environment](#input\_environment) | The environment variables to pass to the container | 
list(object({
    name  = string
    value = string
  }))
| `null` | no | +| [environmentFiles](#input\_environmentFiles) | A list of files containing the environment variables to pass to a container | 
list(object({
    value = string
    type  = string
  }))
| `null` | no | | [essential](#input\_essential) | If the `essential` parameter of a container is marked as `true`, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `null` | no | | [extraHosts](#input\_extraHosts) | A list of hostnames and IP address mappings to append to the `/etc/hosts` file on the container | 
list(object({
    hostname  = string
    ipAddress = string
  }))
| `null` | no | | [firelensConfiguration](#input\_firelensConfiguration) | The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see [Custom Log Routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the Amazon Elastic Container Service Developer Guide | 
object({
    options = optional(map(string))
    type    = optional(string)
  })
| `null` | no | @@ -170,7 +170,7 @@ No modules. | [logConfiguration](#input\_logConfiguration) | The log configuration for the container. For more information see [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) | 
object({
    logDriver = optional(string)
    options   = optional(map(string))
    secretOptions = optional(list(object({
      name      = string
      valueFrom = string
    })))
  })
| `{}` | no | | [memory](#input\_memory) | The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task `memory` value, if one is specified | `number` | `null` | no | | [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the `memory` parameter (if applicable), or all of the available memory on the container instance | `number` | `null` | no | -| [mountPoints](#input\_mountPoints) | The mount points for data volumes in your container | 
list(object({
    containerPath = optional(string)
    readOnly      = optional(bool)
    sourceVolume  = optional(string)
  }))
| `[]` | no | +| [mountPoints](#input\_mountPoints) | The mount points for data volumes in your container | 
list(object({
    containerPath = optional(string)
    readOnly      = optional(bool)
    sourceVolume  = optional(string)
  }))
| `null` | no | | [name](#input\_name) | The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed | `string` | `null` | no | | [operating\_system\_family](#input\_operating\_system\_family) | The OS family for task | `string` | `"LINUX"` | no | | [portMappings](#input\_portMappings) | The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic. For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort | 
list(object({
    appProtocol        = optional(string)
    containerPort      = optional(number)
    containerPortRange = optional(string)
    hostPort           = optional(number)
    name               = optional(string)
    protocol           = optional(string)
  }))
| `null` | no | @@ -180,17 +180,17 @@ No modules. | [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no | | [repositoryCredentials](#input\_repositoryCredentials) | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | 
object({
    credentialsParameter = optional(string)
  })
| `null` | no | | [resourceRequirements](#input\_resourceRequirements) | The type and amount of a resource to assign to a container. The only supported resource is a GPU | 
list(object({
    type  = string
    value = string
  }))
| `null` | no | -| [restartPolicy](#input\_restartPolicy) | Container restart policy; helps overcome transient failures faster and maintain task availability | 
object({
    enabled              = optional(bool)
    ignoredExitCodes     = optional(list(number))
    restartAttemptPeriod = optional(number)
  })
| 
{
  "enabled": true
}
| no | +| [restartPolicy](#input\_restartPolicy) | Container restart policy; helps overcome transient failures faster and maintain task availability | 
object({
    enabled              = optional(bool, true)
    ignoredExitCodes     = optional(list(number))
    restartAttemptPeriod = optional(number)
  })
| 
{
  "enabled": true
}
| no | | [secrets](#input\_secrets) | The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the Amazon Elastic Container Service Developer Guide | 
list(object({
    name      = string
    valueFrom = string
  }))
| `null` | no | | [service](#input\_service) | The name of the service that the container definition is associated with. Used in CloudWatch log group default name (if one is not provided) | `string` | `null` | no | | [startTimeout](#input\_startTimeout) | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | `number` | `30` | no | | [stopTimeout](#input\_stopTimeout) | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | `number` | `120` | no | -| [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | 
list(object({
    namespace = optional(string)
    value     = optional(string)
  }))
| `[]` | no | +| [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | 
list(object({
    namespace = optional(string)
    value     = optional(string)
  }))
| `null` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [ulimits](#input\_ulimits) | A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker | 
list(object({
    hardLimit = number
    name      = string
    softLimit = number
  }))
| `null` | no | | [user](#input\_user) | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set | `string` | `null` | no | | [versionConsistency](#input\_versionConsistency) | Specifies whether Amazon ECS will resolve the container image tag provided in the container definition to an image digest | `string` | `"disabled"` | no | -| [volumesFrom](#input\_volumesFrom) | Data volumes to mount from another container | 
list(object({
    readOnly        = optional(bool)
    sourceContainer = optional(string)
  }))
| `[]` | no | +| [volumesFrom](#input\_volumesFrom) | Data volumes to mount from another container | 
list(object({
    readOnly        = optional(bool)
    sourceContainer = optional(string)
  }))
| `null` | no | | [workingDirectory](#input\_workingDirectory) | The working directory to run commands inside the container | `string` | `null` | no | ## Outputs diff --git a/modules/container-definition/main.tf b/modules/container-definition/main.tf index d38eb83..2d8c765 100644 --- a/modules/container-definition/main.tf +++ b/modules/container-definition/main.tf @@ -33,6 +33,9 @@ locals { # tflint-ignore: terraform_naming_convention linuxParameters = var.enable_execute_command ? merge(local.trimedLinuxParameters, { "initProcessEnabled" : true }) : merge({ "initProcessEnabled" : false }, local.trimedLinuxParameters) + # tflint-ignore: terraform_naming_convention + trimmedRestartPolicy = { for k, v in var.restartPolicy : k => v if v != null } + definition = { command = var.command cpu = var.cpu @@ -42,9 +45,9 @@ locals { dnsServers = local.is_not_windows ? var.dnsServers : null dockerLabels = var.dockerLabels dockerSecurityOptions = var.dockerSecurityOptions - entrypoint = var.entrypoint - environment = var.environment - environmentFiles = var.environmentFiles + entrypoint = var.entrypoint != null ? var.entrypoint : null + environment = var.environment != null ? var.environment : null + environmentFiles = var.environmentFiles != null ? var.environmentFiles : null essential = var.essential extraHosts = local.is_not_windows ? var.extraHosts : null firelensConfiguration = var.firelensConfiguration != null ? { for k, v in var.firelensConfiguration : k => v if v != null } : null @@ -57,7 +60,7 @@ locals { logConfiguration = length(local.logConfiguration) > 0 ? local.logConfiguration : null memory = var.memory memoryReservation = var.memoryReservation - mountPoints = var.mountPoints + mountPoints = var.mountPoints != null ? var.mountPoints : null name = var.name portMappings = var.portMappings != null ? [for p in var.portMappings : { for k, v in p : k => v if v != null }] : null privileged = local.is_not_windows ? var.privileged : null @@ -65,15 +68,15 @@ locals { readonlyRootFilesystem = local.is_not_windows ? var.readonlyRootFilesystem : null repositoryCredentials = var.repositoryCredentials resourceRequirements = var.resourceRequirements - restartPolicy = { for k, v in var.restartPolicy : k => v if v != null } + restartPolicy = local.trimmedRestartPolicy.enabled ? local.trimmedRestartPolicy : null secrets = var.secrets startTimeout = var.startTimeout stopTimeout = var.stopTimeout - systemControls = var.systemControls + systemControls = var.systemControls != null ? var.systemControls : null ulimits = local.is_not_windows ? var.ulimits : null user = local.is_not_windows ? var.user : null versionConsistency = var.versionConsistency - volumesFrom = var.volumesFrom + volumesFrom = var.volumesFrom != null ? var.volumesFrom : null workingDirectory = var.workingDirectory } diff --git a/modules/container-definition/variables.tf b/modules/container-definition/variables.tf index 86f8165..0c7d229 100644 --- a/modules/container-definition/variables.tf +++ b/modules/container-definition/variables.tf @@ -89,8 +89,7 @@ variable "enable_execute_command" { variable "entrypoint" { description = "The entry point that is passed to the container" type = list(string) - default = [] - nullable = false + default = null } variable "environment" { @@ -99,8 +98,7 @@ variable "environment" { name = string value = string })) - default = [] - nullable = false + default = null } # tflint-ignore: terraform_naming_convention @@ -110,8 +108,7 @@ variable "environmentFiles" { value = string type = string })) - default = [] - nullable = false + default = null } variable "essential" { @@ -241,8 +238,7 @@ variable "mountPoints" { readOnly = optional(bool) sourceVolume = optional(string) })) - default = [] - nullable = false + default = null } variable "name" { @@ -311,13 +307,14 @@ variable "resourceRequirements" { variable "restartPolicy" { description = "Container restart policy; helps overcome transient failures faster and maintain task availability" type = object({ - enabled = optional(bool) + enabled = optional(bool, true) ignoredExitCodes = optional(list(number)) restartAttemptPeriod = optional(number) }) default = { enabled = true } + nullable = false } variable "secrets" { @@ -350,8 +347,7 @@ variable "systemControls" { namespace = optional(string) value = optional(string) })) - default = [] - nullable = false + default = null } variable "ulimits" { @@ -385,8 +381,7 @@ variable "volumesFrom" { readOnly = optional(bool) sourceContainer = optional(string) })) - default = [] - nullable = false + default = null } # tflint-ignore: terraform_naming_convention diff --git a/modules/service/README.md b/modules/service/README.md index d37ef35..3a95fb1 100644 --- a/modules/service/README.md +++ b/modules/service/README.md @@ -238,7 +238,7 @@ module "ecs_service" { | [availability\_zone\_rebalancing](#input\_availability\_zone\_rebalancing) | ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`. Defaults to `DISABLED` | `string` | `null` | no | | [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more | 
map(object({
    base              = optional(number)
    capacity_provider = string
    weight            = optional(number)
  }))
| `null` | no | | [cluster\_arn](#input\_cluster\_arn) | ARN of the ECS cluster where the resources will be provisioned | `string` | `""` | no | -| [container\_definitions](#input\_container\_definitions) | A map of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). Please note that you should only provide values that are part of the container definition document | 
map(object({
    create                  = optional(bool, true)
    operating_system_family = optional(string)
    tags                    = optional(map(string))

    # Container definition
    command = optional(list(string))
    cpu     = optional(number)
    dependsOn = optional(list(object({
      condition     = string
      containerName = string
    })))
    disableNetworking     = optional(bool)
    dnsSearchDomains      = optional(list(string))
    dnsServers            = optional(list(string))
    dockerLabels          = optional(map(string))
    dockerSecurityOptions = optional(list(string))
    # enable_execute_command = optional(bool, false) Set in standalone variable
    entrypoint = optional(list(string))
    environment = optional(list(object({
      name  = string
      value = string
    })))
    environmentFiles = optional(list(object({
      type  = string
      value = string
    })))
    essential = optional(bool)
    extraHosts = optional(list(object({
      hostname  = string
      ipAddress = string
    })))
    firelensConfiguration = optional(object({
      options = optional(map(string))
      type    = optional(string)
    }))
    healthCheck = optional(object({
      command     = optional(list(string), [])
      interval    = optional(number, 30)
      retries     = optional(number, 3)
      startPeriod = optional(number)
      timeout     = optional(number, 5)
    }))
    hostname    = optional(string)
    image       = optional(string)
    interactive = optional(bool)
    links       = optional(list(string))
    linuxParameters = optional(object({
      capabilities = optional(object({
        add  = optional(list(string))
        drop = optional(list(string))
      }))
      devices = optional(list(object({
        containerPath = optional(string)
        hostPath      = optional(string)
        permissions   = optional(list(string))
      })))
      initProcessEnabled = optional(bool)
      maxSwap            = optional(number)
      sharedMemorySize   = optional(number)
      swappiness         = optional(number)
      tmpfs = optional(list(object({
        containerPath = string
        mountOptions  = optional(list(string))
        size          = number
      })))
    }))
    logConfiguration = optional(object({
      logDriver = optional(string)
      options   = optional(map(string))
      secretOptions = optional(list(object({
        name      = string
        valueFrom = string
      })))
    }))
    memory            = optional(number)
    memoryReservation = optional(number)
    mountPoints = optional(list(object({
      containerPath = optional(string)
      readOnly      = optional(bool)
      sourceVolume  = optional(string)
    })))
    name = optional(string)
    portMappings = optional(list(object({
      appProtocol        = optional(string)
      containerPort      = optional(number)
      containerPortRange = optional(string)
      hostPort           = optional(number)
      name               = optional(string)
      protocol           = optional(string)
    })))
    privileged             = optional(bool)
    pseudoTerminal         = optional(bool)
    readonlyRootFilesystem = optional(bool)
    repositoryCredentials = optional(object({
      credentialsParameter = optional(string)
    }))
    resourceRequirements = optional(list(object({
      type  = string
      value = string
    })))
    restartPolicy = optional(object({
      enabled              = optional(bool)
      ignoredExitCodes     = optional(list(number))
      restartAttemptPeriod = optional(number)
      }),
      # Default
      {
        enabled = true
      }
    )
    secrets = optional(list(object({
      name      = string
      valueFrom = string
    })))
    startTimeout = optional(number, 30)
    stopTimeout  = optional(number, 120)
    systemControls = optional(list(object({
      namespace = optional(string)
      value     = optional(string)
    })))
    ulimits = optional(list(object({
      hardLimit = number
      name      = string
      softLimit = number
    })))
    user               = optional(string)
    versionConsistency = optional(string)
    volumesFrom = optional(list(object({
      readOnly        = optional(bool)
      sourceContainer = optional(string)
    })))
    workingDirectory = optional(string)

    # Cloudwatch Log Group
    service                                = optional(string)
    enable_cloudwatch_logging              = optional(bool)
    create_cloudwatch_log_group            = optional(bool)
    cloudwatch_log_group_name              = optional(string)
    cloudwatch_log_group_use_name_prefix   = optional(bool)
    cloudwatch_log_group_class             = optional(string)
    cloudwatch_log_group_retention_in_days = optional(number)
    cloudwatch_log_group_kms_key_id        = optional(string)
  }))
| `{}` | no | +| [container\_definitions](#input\_container\_definitions) | A map of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). Please note that you should only provide values that are part of the container definition document | 
map(object({
    create                  = optional(bool, true)
    operating_system_family = optional(string)
    tags                    = optional(map(string))

    # Container definition
    command = optional(list(string))
    cpu     = optional(number)
    dependsOn = optional(list(object({
      condition     = string
      containerName = string
    })))
    disableNetworking     = optional(bool)
    dnsSearchDomains      = optional(list(string))
    dnsServers            = optional(list(string))
    dockerLabels          = optional(map(string))
    dockerSecurityOptions = optional(list(string))
    # enable_execute_command = optional(bool, false) Set in standalone variable
    entrypoint = optional(list(string))
    environment = optional(list(object({
      name  = string
      value = string
    })))
    environmentFiles = optional(list(object({
      type  = string
      value = string
    })))
    essential = optional(bool)
    extraHosts = optional(list(object({
      hostname  = string
      ipAddress = string
    })))
    firelensConfiguration = optional(object({
      options = optional(map(string))
      type    = optional(string)
    }))
    healthCheck = optional(object({
      command     = optional(list(string), [])
      interval    = optional(number, 30)
      retries     = optional(number, 3)
      startPeriod = optional(number)
      timeout     = optional(number, 5)
    }))
    hostname    = optional(string)
    image       = optional(string)
    interactive = optional(bool)
    links       = optional(list(string))
    linuxParameters = optional(object({
      capabilities = optional(object({
        add  = optional(list(string))
        drop = optional(list(string))
      }))
      devices = optional(list(object({
        containerPath = optional(string)
        hostPath      = optional(string)
        permissions   = optional(list(string))
      })))
      initProcessEnabled = optional(bool)
      maxSwap            = optional(number)
      sharedMemorySize   = optional(number)
      swappiness         = optional(number)
      tmpfs = optional(list(object({
        containerPath = string
        mountOptions  = optional(list(string))
        size          = number
      })))
    }))
    logConfiguration = optional(object({
      logDriver = optional(string)
      options   = optional(map(string))
      secretOptions = optional(list(object({
        name      = string
        valueFrom = string
      })))
    }))
    memory            = optional(number)
    memoryReservation = optional(number)
    mountPoints = optional(list(object({
      containerPath = optional(string)
      readOnly      = optional(bool)
      sourceVolume  = optional(string)
    })))
    name = optional(string)
    portMappings = optional(list(object({
      appProtocol        = optional(string)
      containerPort      = optional(number)
      containerPortRange = optional(string)
      hostPort           = optional(number)
      name               = optional(string)
      protocol           = optional(string)
    })))
    privileged             = optional(bool)
    pseudoTerminal         = optional(bool)
    readonlyRootFilesystem = optional(bool)
    repositoryCredentials = optional(object({
      credentialsParameter = optional(string)
    }))
    resourceRequirements = optional(list(object({
      type  = string
      value = string
    })))
    restartPolicy = optional(object({
      enabled              = optional(bool)
      ignoredExitCodes     = optional(list(number))
      restartAttemptPeriod = optional(number)
      })
    )
    secrets = optional(list(object({
      name      = string
      valueFrom = string
    })))
    startTimeout = optional(number, 30)
    stopTimeout  = optional(number, 120)
    systemControls = optional(list(object({
      namespace = optional(string)
      value     = optional(string)
    })))
    ulimits = optional(list(object({
      hardLimit = number
      name      = string
      softLimit = number
    })))
    user               = optional(string)
    versionConsistency = optional(string)
    volumesFrom = optional(list(object({
      readOnly        = optional(bool)
      sourceContainer = optional(string)
    })))
    workingDirectory = optional(string)

    # Cloudwatch Log Group
    service                                = optional(string)
    enable_cloudwatch_logging              = optional(bool)
    create_cloudwatch_log_group            = optional(bool)
    cloudwatch_log_group_name              = optional(string)
    cloudwatch_log_group_use_name_prefix   = optional(bool)
    cloudwatch_log_group_class             = optional(string)
    cloudwatch_log_group_retention_in_days = optional(number)
    cloudwatch_log_group_kms_key_id        = optional(string)
  }))
| `{}` | no | | [cpu](#input\_cpu) | Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required | `number` | `1024` | no | | [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no | | [create\_iam\_role](#input\_create\_iam\_role) | Determines whether the ECS service IAM role should be created | `bool` | `true` | no | diff --git a/modules/service/variables.tf b/modules/service/variables.tf index 121a3fe..c0cb7d2 100644 --- a/modules/service/variables.tf +++ b/modules/service/variables.tf @@ -561,11 +561,7 @@ variable "container_definitions" { enabled = optional(bool) ignoredExitCodes = optional(list(number)) restartAttemptPeriod = optional(number) - }), - # Default - { - enabled = true - } + }) ) secrets = optional(list(object({ name = string diff --git a/wrappers/container-definition/main.tf b/wrappers/container-definition/main.tf index 16b8919..c187ddd 100644 --- a/wrappers/container-definition/main.tf +++ b/wrappers/container-definition/main.tf @@ -19,9 +19,9 @@ module "wrapper" { dockerSecurityOptions = try(each.value.dockerSecurityOptions, var.defaults.dockerSecurityOptions, null) enable_cloudwatch_logging = try(each.value.enable_cloudwatch_logging, var.defaults.enable_cloudwatch_logging, true) enable_execute_command = try(each.value.enable_execute_command, var.defaults.enable_execute_command, false) - entrypoint = try(each.value.entrypoint, var.defaults.entrypoint, []) - environment = try(each.value.environment, var.defaults.environment, []) - environmentFiles = try(each.value.environmentFiles, var.defaults.environmentFiles, []) + entrypoint = try(each.value.entrypoint, var.defaults.entrypoint, null) + environment = try(each.value.environment, var.defaults.environment, null) + environmentFiles = try(each.value.environmentFiles, var.defaults.environmentFiles, null) essential = try(each.value.essential, var.defaults.essential, null) extraHosts = try(each.value.extraHosts, var.defaults.extraHosts, null) firelensConfiguration = try(each.value.firelensConfiguration, var.defaults.firelensConfiguration, null) @@ -34,7 +34,7 @@ module "wrapper" { logConfiguration = try(each.value.logConfiguration, var.defaults.logConfiguration, {}) memory = try(each.value.memory, var.defaults.memory, null) memoryReservation = try(each.value.memoryReservation, var.defaults.memoryReservation, null) - mountPoints = try(each.value.mountPoints, var.defaults.mountPoints, []) + mountPoints = try(each.value.mountPoints, var.defaults.mountPoints, null) name = try(each.value.name, var.defaults.name, null) operating_system_family = try(each.value.operating_system_family, var.defaults.operating_system_family, "LINUX") portMappings = try(each.value.portMappings, var.defaults.portMappings, null) @@ -51,11 +51,11 @@ module "wrapper" { service = try(each.value.service, var.defaults.service, null) startTimeout = try(each.value.startTimeout, var.defaults.startTimeout, 30) stopTimeout = try(each.value.stopTimeout, var.defaults.stopTimeout, 120) - systemControls = try(each.value.systemControls, var.defaults.systemControls, []) + systemControls = try(each.value.systemControls, var.defaults.systemControls, null) tags = try(each.value.tags, var.defaults.tags, {}) ulimits = try(each.value.ulimits, var.defaults.ulimits, null) user = try(each.value.user, var.defaults.user, null) versionConsistency = try(each.value.versionConsistency, var.defaults.versionConsistency, "disabled") - volumesFrom = try(each.value.volumesFrom, var.defaults.volumesFrom, []) + volumesFrom = try(each.value.volumesFrom, var.defaults.volumesFrom, null) workingDirectory = try(each.value.workingDirectory, var.defaults.workingDirectory, null) }