feat: rebase cloudposse (#10)

## Description
<!--- Describe your changes in detail -->

## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->

## Breaking Changes
<!-- Does this break backwards compatibility with the current major
version? -->
<!-- If so, please provide an explanation why it is necessary. -->

## How Has This Been Tested?
- [ ] I have updated at least one of the `examples/*` to demonstrate and
validate my change(s)
- [ ] I have tested and validated these changes using one or more of the
provided `examples/*` projects
<!--- Users should start with an existing example as its written, deploy
it, then check their changes against it -->
<!--- This will highlight breaking/disruptive changes. Once you have
checked, deploy your changes to verify -->
<!--- Please describe how you tested your changes -->
- [ ] I have executed `pre-commit run -a` on my pull request
<!--- Please see
https://github.com/antonbabenko/pre-commit-terraform#how-to-install for
how to install -->

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Joe Niland <joe@originalmind.com.au>
Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
Co-authored-by: Nuru <Nuru@users.noreply.github.com>
Co-authored-by: Max Lobur <max_lobur@outlook.com>
Co-authored-by: Yunchi Luo <mightyguava@gmail.com>
Co-authored-by: Jeremy White <jeremy.white@cloudposse.com>
Co-authored-by: Veronika Gnilitska <30597968+gberenice@users.noreply.github.com>
Co-authored-by: Lukas Deutz <5903157+lagerfeuer@users.noreply.github.com>
Co-authored-by: Kevin Mahoney <kevin@icecube.dog>
Co-authored-by: Michael Manganiello <adamantike@users.noreply.github.com>
Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <erik@cloudposse.com>
Co-authored-by: Cloud Posse Bot (CI/CD) <bot@cloudposse.com>
Co-authored-by: max-lobur <max-lobur@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: readme-action 📖 <actions@github.com>
Co-authored-by: Alex Kaplan <awkaplan@users.noreply.github.com>
Co-authored-by: Alex Kaplan <akaplan@akiliinteractive.com>
Co-authored-by: RoseSecurity <72598486+RoseSecurity@users.noreply.github.com>
Co-authored-by: Markiian Slipets <53615853+mslipets@users.noreply.github.com>
Co-authored-by: Dmitrij Nikitenko <dmitrij@nikitenko.lv>
Co-authored-by: Roman Kulaiev <kulayev.roman@gmail.com>

Author: 20 people

README.md

@@ -1,13 +1,13 @@
 output "ecs_exec_role_policy_id" {
   description = "The ECS service role policy ID, in the form of `role_name:role_policy_name`"
-  value = join("", [
+  value = one([
     for k, v in aws_iam_role_policy.ecs_exec : v.id
   ])
 }
 
 output "ecs_exec_role_policy_name" {
   description = "ECS service role name"
-  value = join("", [
+  value = one([
     for k, v in aws_iam_role_policy.ecs_exec : v.name
   ])
 }
@@ -24,55 +24,60 @@ output "service_arn" {
 
 output "service_role_arn" {
   description = "ECS Service role ARN"
-  value       = join("", aws_iam_role.ecs_service[*].arn)
+  value       = one(aws_iam_role.ecs_service[*]["arn"])
 }
 
 output "task_exec_role_name" {
   description = "ECS Task role name"
-  value       = join("", aws_iam_role.ecs_exec[*].name)
+  value       = one(aws_iam_role.ecs_exec[*]["name"])
 }
 
 output "task_exec_role_arn" {
   description = "ECS Task exec role ARN"
-  value       = length(local.task_exec_role_arn) > 0 ? local.task_exec_role_arn : join("", aws_iam_role.ecs_exec[*].arn)
+  value       = length(local.task_exec_role_arn) > 0 ? local.task_exec_role_arn : one(aws_iam_role.ecs_exec[*]["arn"])
 }
 
 output "task_exec_role_id" {
   description = "ECS Task exec role id"
-  value       = join("", aws_iam_role.ecs_exec[*].unique_id)
+  value       = one(aws_iam_role.ecs_exec[*]["unique_id"])
 }
 
 output "task_role_name" {
   description = "ECS Task role name"
-  value       = join("", aws_iam_role.ecs_task[*].name)
+  value       = one(aws_iam_role.ecs_task[*]["name"])
 }
 
 output "task_role_arn" {
   description = "ECS Task role ARN"
-  value       = length(local.task_role_arn) > 0 ? local.task_role_arn : join("", aws_iam_role.ecs_task[*].arn)
+  value       = length(local.task_role_arn) > 0 ? local.task_role_arn : one(aws_iam_role.ecs_task[*]["arn"])
 }
 
 output "task_role_id" {
   description = "ECS Task role id"
-  value       = join("", aws_iam_role.ecs_task[*].unique_id)
+  value       = one(aws_iam_role.ecs_task[*]["unique_id"])
 }
 
 output "service_security_group_id" {
   description = "Security Group ID of the ECS task"
-  value       = join("", aws_security_group.ecs_service[*].id)
+  value       = one(aws_security_group.ecs_service[*]["id"])
 }
 
 output "task_definition_family" {
   description = "ECS task definition family"
-  value       = join("", aws_ecs_task_definition.default[*].family)
+  value       = one(aws_ecs_task_definition.default[*]["family"])
 }
 
 output "task_definition_revision" {
   description = "ECS task definition revision"
-  value       = join("", aws_ecs_task_definition.default[*].revision)
+  value       = one(aws_ecs_task_definition.default[*]["revision"])
 }
 
 output "task_definition_arn" {
   description = "ECS task definition ARN"
-  value       = join("", aws_ecs_task_definition.default[*].arn)
+  value       = one(aws_ecs_task_definition.default[*]["arn"])
+}
+
+output "task_definition_arn_without_revision" {
+  description = "ECS task definition ARN without revision"
+  value       = one(aws_ecs_task_definition.default[*]["arn_without_revision"])
 }

docs/terraform.md

@@ -12,7 +12,7 @@ variable "ecs_load_balancers" {
   type = list(object({
     container_name   = string
     container_port   = number
-    elb_name         = string
+    elb_name         = optional(string)
     target_group_arn = string
   }))
   description = "A list of load balancer config objects for the ECS service; see [ecs_service#load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#load_balancer) docs"
@@ -276,6 +276,17 @@ variable "deployment_minimum_healthy_percent" {
   default     = 100
 }
 
+variable "availability_zone_rebalancing" {
+  type        = string
+  description = "ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`."
+  default     = "DISABLED"
+
+  validation {
+    condition     = contains(["ENABLED", "DISABLED"], var.availability_zone_rebalancing)
+    error_message = "The valid values are `ENABLED` and `DISABLED`."
+  }
+}
+
 variable "health_check_grace_period_seconds" {
   type        = number
   description = "Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers"
@@ -416,8 +427,47 @@ variable "service_registries" {
       `container_name = string`
       `container_port = number`
     EOT
+  default     = []
+}
 
-  default = []
+variable "service_connect_configurations" {
+  type = list(object({
+    enabled   = bool
+    namespace = optional(string, null)
+    log_configuration = optional(object({
+      log_driver = string
+      options    = optional(map(string), null)
+      secret_option = optional(list(object({
+        name       = string
+        value_from = string
+      })), [])
+    }), null)
+    service = optional(list(object({
+      client_alias = list(object({
+        dns_name = string
+        port     = number
+      }))
+      timeout = optional(list(object({
+        idle_timeout_seconds        = optional(number, null)
+        per_request_timeout_seconds = optional(number, null)
+      })), [])
+      tls = optional(list(object({
+        kms_key  = optional(string, null)
+        role_arn = optional(string, null)
+        issuer_cert_authority = object({
+          aws_pca_authority_arn = string
+        })
+      })), [])
+      discovery_name        = optional(string, null)
+      ingress_port_override = optional(number, null)
+      port_name             = string
+    })), [])
+  }))
+  description = <<-EOT
+    The list of Service Connect configurations.
+    See `service_connect_configuration` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#service_connect_configuration
+    EOT
+  default     = []
 }
 
 variable "permissions_boundary" {
@@ -505,10 +555,64 @@ variable "ecs_service_role_enabled" {
 
 variable "label_orders" {
   type = object({
-    ecs = optional(list(string)),
-    iam = optional(list(string)),
-    vpc = optional(list(string))
+    ecs             = optional(list(string)),
+    iam             = optional(list(string)),
+    service_connect = optional(list(string)),
+    vpc             = optional(list(string))
   })
   default     = {}
   description = "Overrides the `labels_order` for the different labels to modify ID elements appear in the `id`"
 }
+
+variable "ipc_mode" {
+  type        = string
+  description = <<-EOT
+    The IPC resource namespace to be used for the containers in the task.
+    The valid values are `host`, `task`, and `none`. If `host` is specified,
+    then all containers within the tasks that specified the `host` IPC mode on
+    the same container instance share the same IPC resources with the host
+    Amazon EC2 instance. If `task` is specified, all containers within the
+    specified task share the same IPC resources. If `none` is specified, then
+    IPC resources within the containers of a task are private and not shared
+    with other containers in a task or on the container instance. If no value
+    is specified, then the IPC resource namespace sharing depends on the
+    Docker daemon setting on the container instance. For more information, see
+    IPC settings in the Docker documentation."
+    EOT
+  default     = null
+  validation {
+    condition     = var.ipc_mode == null || contains(["host", "task", "none"], coalesce(var.ipc_mode, "null"))
+    error_message = "The ipc_mode value must be one of host, task, or none."
+  }
+}
+
+variable "pid_mode" {
+  type        = string
+  description = <<-EOT
+    The process namespace to use for the containers in the task. The valid
+    values are `host` and `task`. If `host` is specified, then all containers
+    within the tasks that specified the `host` PID mode on the same container
+    instance share the same process namespace with the host Amazon EC2 instanc
+    . If `task` is specified, all containers within the specified task share
+    the same process namespace. If no value is specified, then the process
+    namespace sharing depends on the Docker daemon setting on the container
+    instance. For more information, see PID settings in the Docker documentation.
+    EOT
+  default     = null
+  validation {
+    condition     = var.pid_mode == null || contains(["host", "task"], coalesce(var.pid_mode, "null"))
+    error_message = "The pid_mode value must be one of host or task."
+  }
+}
+
+variable "track_latest" {
+  type        = bool
+  description = "Whether should track latest task definition or the one created with the resource."
+  default     = false
+}
+
+variable "enable_fault_injection" {
+  type        = bool
+  description = "Enables fault injection and allows for fault injection requests to be accepted from the task's containers"
+  default     = false
+}

main.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40, != 5.71.0"
+      version = ">= 5.85"
     }
   }
 }