From d0cbbc43c55b45e2a0df357e86b381b3dff36fca Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Fri, 5 Jan 2024 01:21:08 -0800 Subject: [PATCH 01/20] Add logic to name EFS Uniquely --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index ff312640..5e0c5f3f 100644 --- a/main.tf +++ b/main.tf @@ -467,7 +467,7 @@ module "efs" { version = "1.3.1" create = var.create && var.enable_efs - name = var.name + name = try(var.efs.name, var.name) # File system availability_zone_name = try(var.efs.availability_zone_name, null) From 39bde8eebb05094099a9a78d4097f28094e2c323 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 11:40:38 -0700 Subject: [PATCH 02/20] update module --- main.tf | 74 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/main.tf b/main.tf index 84317650..9a7a28a8 100644 --- a/main.tf +++ b/main.tf @@ -29,7 +29,7 @@ locals { module "alb" { source = "terraform-aws-modules/alb/aws" - version = "9.1.0" + version = "9.17.0" create = var.create && var.create_alb @@ -168,7 +168,7 @@ module "alb" { module "acm" { source = "terraform-aws-modules/acm/aws" - version = "5.0.0" + version = "6.1.0" create_certificate = var.create && var.create_certificate && var.create_alb @@ -199,18 +199,19 @@ locals { module "ecs_cluster" { source = "terraform-aws-modules/ecs/aws//modules/cluster" - version = "5.11.0" + version = "6.1.1" create = var.create && var.create_cluster # Cluster - cluster_name = try(var.cluster.name, var.name) - cluster_configuration = try(var.cluster.configuration, {}) - cluster_settings = try(var.cluster.settings, { - name = "containerInsights" - value = "enabled" + name = try(var.cluster.name, var.name) + configuration = try(var.cluster.configuration, {}) + setting = try(var.cluster.settings, [ + { + name = "containerInsights" + value = "enabled" } - ) + ]) # Cloudwatch log group create_cloudwatch_log_group = try(var.cluster.create_cloudwatch_log_group, true) @@ -219,20 +220,20 @@ module "ecs_cluster" { cloudwatch_log_group_tags = try(var.cluster.cloudwatch_log_group_tags, {}) # Capacity providers - fargate_capacity_providers = try(var.cluster.fargate_capacity_providers, {}) + default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {}) tags = var.tags } module "ecs_service" { source = "terraform-aws-modules/ecs/aws//modules/service" - version = "5.11.0" + version = "6.1.1" create = var.create # Service ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false) - alarms = try(var.service.alarms, {}) + alarms = try(var.service.alarms, { alarm_names = [] }) capacity_provider_strategy = try(var.service.capacity_provider_strategy, {}) cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn deployment_controller = try(var.service.deployment_controller, {}) @@ -264,7 +265,7 @@ module "ecs_service" { propagate_tags = try(var.service.propagate_tags, null) scheduling_strategy = try(var.service.scheduling_strategy, null) service_connect_configuration = lookup(var.service, "service_connect_configuration", {}) - service_registries = lookup(var.service, "service_registries", {}) + service_registries = try(var.service.service_registries, null) timeouts = try(var.service.timeouts, {}) triggers = try(var.service.triggers, {}) wait_for_steady_state = try(var.service.wait_for_steady_state, null) @@ -278,7 +279,7 @@ module "ecs_service" { iam_role_description = try(var.service.iam_role_description, null) iam_role_permissions_boundary = try(var.service.iam_role_permissions_boundary, null) iam_role_tags = try(var.service.iam_role_tags, {}) - iam_role_statements = lookup(var.service, "iam_role_statements", {}) + iam_role_statements = lookup(var.service, "iam_role_statements", []) # Task definition create_task_definition = try(var.service.create_task_definition, true) @@ -355,17 +356,15 @@ module "ecs_service" { }, lookup(var.service, "container_definitions", {}) ) - container_definition_defaults = lookup(var.service, "container_definition_defaults", {}) cpu = try(var.service.cpu, 1024) - ephemeral_storage = try(var.service.ephemeral_storage, {}) + ephemeral_storage = try(var.service.ephemeral_storage, null) family = try(var.service.family, null) - inference_accelerator = try(var.service.inference_accelerator, {}) ipc_mode = try(var.service.ipc_mode, null) memory = try(var.service.memory, 2048) network_mode = try(var.service.network_mode, "awsvpc") pid_mode = try(var.service.pid_mode, null) task_definition_placement_constraints = try(var.service.task_definition_placement_constraints, {}) - proxy_configuration = try(var.service.proxy_configuration, {}) + proxy_configuration = try(var.service.proxy_configuration, null) requires_compatibilities = try(var.service.requires_compatibilities, ["FARGATE"]) runtime_platform = try(var.service.runtime_platform, { operating_system_family = "LINUX" @@ -405,7 +404,7 @@ module "ecs_service" { create_task_exec_policy = try(var.service.create_task_exec_policy, true) task_exec_ssm_param_arns = try(var.service.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"]) task_exec_secret_arns = try(var.service.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"]) - task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", {}) + task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", []) # Tasks - IAM role create_tasks_iam_role = try(var.service.create_tasks_iam_role, true) @@ -417,7 +416,7 @@ module "ecs_service" { tasks_iam_role_permissions_boundary = try(var.service.tasks_iam_role_permissions_boundary, null) tasks_iam_role_tags = try(var.service.tasks_iam_role_tags, {}) tasks_iam_role_policies = lookup(var.service, "tasks_iam_role_policies", {}) - tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", {}) + tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", []) # Task set external_id = try(var.service.external_id, null) @@ -438,26 +437,27 @@ module "ecs_service" { security_group_name = try(var.service.security_group_name, null) security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true) security_group_description = try(var.service.security_group_description, null) - security_group_rules = merge( + security_group_ingress_rules = merge( + lookup(var.service, "security_group_ingress_rules", {}), { atlantis = { - type = "ingress" - from_port = local.atlantis_port - to_port = local.atlantis_port - protocol = "tcp" - source_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id - } - }, - lookup(var.service, "security_group_rules", { - egress = { - type = "egress" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + description = "Allow ALB to Atlantis" + from_port = local.atlantis_port + to_port = local.atlantis_port + ip_protocol = "tcp" + referenced_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id } - }) + } ) + security_group_egress_rules = { + egress = { + description = "Allow all outbound traffic" + from_port = 0 + to_port = 0 + ip_protocol = "-1" + cidr_ipv4 = "0.0.0.0/0" + } + } security_group_tags = try(var.service.security_group_tags, {}) tags = var.tags @@ -469,7 +469,7 @@ module "ecs_service" { module "efs" { source = "terraform-aws-modules/efs/aws" - version = "1.3.1" + version = "1.7.0" create = var.create && var.enable_efs name = try(var.efs.name, var.name) From 4f5439598853151a207c9a9476d8a4fe23225bff Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 12:15:02 -0700 Subject: [PATCH 03/20] update module --- main.tf | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index 9a7a28a8..9cafc952 100644 --- a/main.tf +++ b/main.tf @@ -438,26 +438,31 @@ module "ecs_service" { security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true) security_group_description = try(var.service.security_group_description, null) security_group_ingress_rules = merge( - lookup(var.service, "security_group_ingress_rules", {}), { atlantis = { - description = "Allow ALB to Atlantis" - from_port = local.atlantis_port - to_port = local.atlantis_port - ip_protocol = "tcp" + description = "Allow traffic from ALB to Atlantis" + from_port = local.atlantis_port + to_port = local.atlantis_port + ip_protocol = "tcp" referenced_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id } - } + }, + lookup(var.service, "security_group_ingress_rules", {}) ) - security_group_egress_rules = { - egress = { - description = "Allow all outbound traffic" - from_port = 0 - to_port = 0 - ip_protocol = "-1" - cidr_ipv4 = "0.0.0.0/0" - } - } + + security_group_egress_rules = merge( + { + egress = { + description = "Allow all outbound traffic" + from_port = 0 + to_port = 0 + ip_protocol = "-1" + cidr_ipv4 = "0.0.0.0/0" + } + }, + lookup(var.service, "security_group_egress_rules", {}) + ) + security_group_tags = try(var.service.security_group_tags, {}) tags = var.tags From e4f1beccf58ae9b8a5867251723fabfeb9c378be Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 12:38:55 -0700 Subject: [PATCH 04/20] update module --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 9cafc952..ad47eec3 100644 --- a/main.tf +++ b/main.tf @@ -233,7 +233,7 @@ module "ecs_service" { # Service ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false) - alarms = try(var.service.alarms, { alarm_names = [] }) + alarms = try(var.service.alarms, { alarm_names = [] }) capacity_provider_strategy = try(var.service.capacity_provider_strategy, {}) cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn deployment_controller = try(var.service.deployment_controller, {}) From 23b17ebb2d0654b0c20617ffed55210c41f2f7dd Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 13:33:44 -0700 Subject: [PATCH 05/20] update module --- versions.tf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 7117131f..804856d1 100644 --- a/versions.tf +++ b/versions.tf @@ -1,3 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.4" + } + } } From 345f4cfa15f893090dd743576d67a10ad31d5893 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 13:39:34 -0700 Subject: [PATCH 06/20] update module --- README.md | 10 +++++----- versions.tf | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c0c0a24f..456c10cc 100644 --- a/README.md +++ b/README.md @@ -220,11 +220,11 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 5.0.0 | -| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 | -| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.11.0 | -| [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 5.11.0 | -| [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.3.1 | +| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 6.1.0 | +| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 | +| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 | +| [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 6.1.1 | +| [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.7.0 | ## Resources diff --git a/versions.tf b/versions.tf index 804856d1..b6a7b5af 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.5.7" + required_version = ">= 1.10" required_providers { aws = { From d48a2d76f942b8b0708ec73a045a2624b3d25619 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 16:29:45 -0700 Subject: [PATCH 07/20] update module --- .pre-commit-config.yaml | 2 +- main.tf | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a6cd3694..776bc243 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.99.4 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/main.tf b/main.tf index ad47eec3..e7de148e 100644 --- a/main.tf +++ b/main.tf @@ -220,7 +220,7 @@ module "ecs_cluster" { cloudwatch_log_group_tags = try(var.cluster.cloudwatch_log_group_tags, {}) # Capacity providers - default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {}) + default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {}) tags = var.tags } @@ -440,10 +440,10 @@ module "ecs_service" { security_group_ingress_rules = merge( { atlantis = { - description = "Allow traffic from ALB to Atlantis" - from_port = local.atlantis_port - to_port = local.atlantis_port - ip_protocol = "tcp" + description = "Allow traffic from ALB to Atlantis" + from_port = local.atlantis_port + to_port = local.atlantis_port + ip_protocol = "tcp" referenced_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id } }, From 7c34027ff7352ba5f9c8c5849976928308d999d2 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 16:38:21 -0700 Subject: [PATCH 08/20] update module --- README.md | 4 ++-- main.tf | 4 ++-- versions.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 456c10cc..e0502ec4 100644 --- a/README.md +++ b/README.md @@ -210,8 +210,8 @@ module "atlantis" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | - +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.4 | ## Providers No providers. diff --git a/main.tf b/main.tf index e7de148e..adad815c 100644 --- a/main.tf +++ b/main.tf @@ -220,7 +220,7 @@ module "ecs_cluster" { cloudwatch_log_group_tags = try(var.cluster.cloudwatch_log_group_tags, {}) # Capacity providers - default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {}) + default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {}) tags = var.tags } @@ -233,7 +233,7 @@ module "ecs_service" { # Service ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false) - alarms = try(var.service.alarms, { alarm_names = [] }) + alarms = try(var.service.alarms, { alarm_names = [] }) capacity_provider_strategy = try(var.service.capacity_provider_strategy, {}) cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn deployment_controller = try(var.service.deployment_controller, {}) diff --git a/versions.tf b/versions.tf index b6a7b5af..745d7251 100644 --- a/versions.tf +++ b/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = ">= 6.4" } } From 1aafa48eaaa2698ed32a047a41c7b3c33fc09cf8 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 16:44:03 -0700 Subject: [PATCH 09/20] update module --- examples/github-complete/README.md | 4 ++-- examples/github-complete/versions.tf | 4 ++-- examples/github-separate/README.md | 6 +++--- examples/github-separate/versions.tf | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md index 6d1c2613..4c5662c9 100644 --- a/examples/github-complete/README.md +++ b/examples/github-complete/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.4 | | [github](#requirement\_github) | >= 5.0 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/github-complete/versions.tf b/examples/github-complete/versions.tf index e759c653..abc07c45 100644 --- a/examples/github-complete/versions.tf +++ b/examples/github-complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 6.4" } github = { diff --git a/examples/github-separate/README.md b/examples/github-separate/README.md index 15115f61..2bfc0fdc 100644 --- a/examples/github-separate/README.md +++ b/examples/github-separate/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [terraform](#requirement\_terraform) | >= 1.10 | +| [aws](#requirement\_aws) | >= 6.4 | | [github](#requirement\_github) | >= 5.0 | | [random](#requirement\_random) | >= 3.0 | @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 | +| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 | | [atlantis](#module\_atlantis) | ../../ | n/a | | [atlantis\_disabled](#module\_atlantis\_disabled) | ../../ | n/a | | [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.6.0 | diff --git a/examples/github-separate/versions.tf b/examples/github-separate/versions.tf index e759c653..abc07c45 100644 --- a/examples/github-separate/versions.tf +++ b/examples/github-separate/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 6.4" } github = { From c5628d868bfd0016250e4d3394129f0e8c4d8214 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 16:57:11 -0700 Subject: [PATCH 10/20] update module --- examples/github-complete/README.md | 2 +- examples/github-separate/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md index 4c5662c9..0c4af639 100644 --- a/examples/github-complete/README.md +++ b/examples/github-complete/README.md @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 6.4 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/github-separate/README.md b/examples/github-separate/README.md index 2bfc0fdc..7f265e32 100644 --- a/examples/github-separate/README.md +++ b/examples/github-separate/README.md @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 6.4 | | [random](#provider\_random) | >= 3.0 | ## Modules From 337bac9b2ed572af7ede21fdcfbaa3314e59e2b5 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 17:03:24 -0700 Subject: [PATCH 11/20] update module --- examples/github-separate/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/github-separate/main.tf b/examples/github-separate/main.tf index 4d25ea28..842c1181 100644 --- a/examples/github-separate/main.tf +++ b/examples/github-separate/main.tf @@ -105,11 +105,11 @@ module "atlantis_disabled" { module "ecs_cluster" { source = "terraform-aws-modules/ecs/aws//modules/cluster" - version = "5.6.0" + version = "6.1.1" # Cluster - cluster_name = local.name - cluster_settings = { + name = local.name + setting = { name = "containerInsights" value = "enabled" } @@ -119,7 +119,7 @@ module "ecs_cluster" { module "alb" { source = "terraform-aws-modules/alb/aws" - version = "9.1.0" + version = "9.17.0" name = local.name From af15df2372c0a8500069d6fc242f546d80653365 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 17:12:43 -0700 Subject: [PATCH 12/20] update module --- examples/github-complete/README.md | 4 ++-- examples/github-complete/main.tf | 4 ++-- examples/github-separate/README.md | 6 +++--- examples/github-separate/main.tf | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md index 0c4af639..5a0975b3 100644 --- a/examples/github-complete/README.md +++ b/examples/github-complete/README.md @@ -37,8 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [atlantis](#module\_atlantis) | ../../ | n/a | | [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a | -| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 | ## Resources diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf index cb387c72..df1dd65a 100644 --- a/examples/github-complete/main.tf +++ b/examples/github-complete/main.tf @@ -125,7 +125,7 @@ resource "random_password" "webhook_secret" { module "secrets_manager" { source = "terraform-aws-modules/secrets-manager/aws" - version = "~> 1.0" + version = "1.3.1" for_each = { github-token = { @@ -146,7 +146,7 @@ module "secrets_manager" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" + version = "6.0.1" name = local.name cidr = local.vpc_cidr diff --git a/examples/github-separate/README.md b/examples/github-separate/README.md index 7f265e32..71d6d29e 100644 --- a/examples/github-separate/README.md +++ b/examples/github-separate/README.md @@ -38,10 +38,10 @@ Note that this example may create resources which cost money. Run `terraform des | [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 | | [atlantis](#module\_atlantis) | ../../ | n/a | | [atlantis\_disabled](#module\_atlantis\_disabled) | ../../ | n/a | -| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.6.0 | +| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 | | [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a | -| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 | ## Resources diff --git a/examples/github-separate/main.tf b/examples/github-separate/main.tf index 842c1181..76eee21d 100644 --- a/examples/github-separate/main.tf +++ b/examples/github-separate/main.tf @@ -109,10 +109,10 @@ module "ecs_cluster" { # Cluster name = local.name - setting = { + setting = [{ name = "containerInsights" value = "enabled" - } + }] tags = local.tags } @@ -192,7 +192,7 @@ resource "random_password" "webhook_secret" { module "secrets_manager" { source = "terraform-aws-modules/secrets-manager/aws" - version = "~> 1.0" + version = "1.3.1" for_each = { github-token = { @@ -213,7 +213,7 @@ module "secrets_manager" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" + version = "6.0.1" name = local.name cidr = local.vpc_cidr From 67ef71c07d7d2670d2037bedc049aefd6d8a269e Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 17:27:56 -0700 Subject: [PATCH 13/20] update module --- modules/github-repository-webhook/README.md | 2 +- modules/github-repository-webhook/versions.tf | 2 +- modules/gitlab-repository-webhook/README.md | 2 +- modules/gitlab-repository-webhook/versions.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/github-repository-webhook/README.md b/modules/github-repository-webhook/README.md index f7c2fca9..f9c7b16e 100644 --- a/modules/github-repository-webhook/README.md +++ b/modules/github-repository-webhook/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.10 | | [github](#requirement\_github) | >= 5.0 | ## Providers diff --git a/modules/github-repository-webhook/versions.tf b/modules/github-repository-webhook/versions.tf index 51af6b4f..59c89df8 100644 --- a/modules/github-repository-webhook/versions.tf +++ b/modules/github-repository-webhook/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.10" required_providers { github = { diff --git a/modules/gitlab-repository-webhook/README.md b/modules/gitlab-repository-webhook/README.md index e6ebc843..68ddb267 100644 --- a/modules/gitlab-repository-webhook/README.md +++ b/modules/gitlab-repository-webhook/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.1 | +| [terraform](#requirement\_terraform) | >= 1.10 | | [gitlab](#requirement\_gitlab) | >= 16.0 | ## Providers diff --git a/modules/gitlab-repository-webhook/versions.tf b/modules/gitlab-repository-webhook/versions.tf index d5e390fe..8700516a 100644 --- a/modules/gitlab-repository-webhook/versions.tf +++ b/modules/gitlab-repository-webhook/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.1" + required_version = ">= 1.10" required_providers { gitlab = { From b33e10573c15909a450d21e55cb9eaa98dfefd68 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Tue, 29 Jul 2025 17:29:41 -0700 Subject: [PATCH 14/20] update module --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e0502ec4..b37f34e7 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,7 @@ module "atlantis" { |------|---------| | [terraform](#requirement\_terraform) | >= 1.10 | | [aws](#requirement\_aws) | >= 6.4 | + ## Providers No providers. From 4f3449b9d22563ae32726c623cf9fc5cd044cbe2 Mon Sep 17 00:00:00 2001 From: Andrew <59451276+Andrews-repo@users.noreply.github.com> Date: Tue, 5 Aug 2025 09:07:02 -0700 Subject: [PATCH 15/20] Update examples/github-separate/main.tf Co-authored-by: Bryant Biggs --- examples/github-separate/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/github-separate/main.tf b/examples/github-separate/main.tf index 76eee21d..ae166792 100644 --- a/examples/github-separate/main.tf +++ b/examples/github-separate/main.tf @@ -119,7 +119,7 @@ module "ecs_cluster" { module "alb" { source = "terraform-aws-modules/alb/aws" - version = "9.17.0" + version = "~> 9.0" name = local.name From 18bab4d2afdcc6a4dfd7fa398adc41461630f327 Mon Sep 17 00:00:00 2001 From: Andrew <59451276+Andrews-repo@users.noreply.github.com> Date: Tue, 5 Aug 2025 09:07:15 -0700 Subject: [PATCH 16/20] Update examples/github-complete/main.tf Co-authored-by: Bryant Biggs --- examples/github-complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf index df1dd65a..fdffcb82 100644 --- a/examples/github-complete/main.tf +++ b/examples/github-complete/main.tf @@ -146,7 +146,7 @@ module "secrets_manager" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "6.0.1" + version = "~> 6.0" name = local.name cidr = local.vpc_cidr From fbad131f408225edbfe006c814c6056d80872814 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Wed, 27 Aug 2025 22:03:45 -0700 Subject: [PATCH 17/20] more updates --- main.tf | 144 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/main.tf b/main.tf index adad815c..f8e67474 100644 --- a/main.tf +++ b/main.tf @@ -190,7 +190,7 @@ locals { containerPath = local.mount_path sourceVolume = "efs" readOnly = false - }] : try(var.atlantis.mount_points, []) + }] : try(var.atlantis.mountPoints, []) # Ref https://github.com/terraform-aws-modules/terraform-aws-atlantis/issues/383 deployment_maximum_percent = var.enable_efs ? 100 : 200 @@ -233,17 +233,17 @@ module "ecs_service" { # Service ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false) - alarms = try(var.service.alarms, { alarm_names = [] }) - capacity_provider_strategy = try(var.service.capacity_provider_strategy, {}) + alarms = try(var.service.alarms, null) + capacity_provider_strategy = var.service.capacity_provider_strategy cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn - deployment_controller = try(var.service.deployment_controller, {}) + deployment_controller = var.service.deployment_controller deployment_maximum_percent = try(var.service.deployment_maximum_percent, local.deployment_maximum_percent) deployment_minimum_healthy_percent = try(var.service.deployment_minimum_healthy_percent, local.deployment_minimum_healthy_percent) desired_count = try(var.service.desired_count, 1) enable_ecs_managed_tags = try(var.service.enable_ecs_managed_tags, true) enable_execute_command = try(var.service.enable_execute_command, false) force_new_deployment = try(var.service.force_new_deployment, true) - health_check_grace_period_seconds = try(var.service.health_check_grace_period_seconds, null) + health_check_grace_period_seconds = var.service.health_check_grace_period_seconds launch_type = try(var.service.launch_type, "FARGATE") load_balancer = merge( { @@ -259,44 +259,44 @@ module "ecs_service" { assign_public_ip = try(var.service.assign_public_ip, false) security_group_ids = try(var.service.security_group_ids, []) subnet_ids = try(var.service.subnet_ids, var.service_subnets) - ordered_placement_strategy = try(var.service.ordered_placement_strategy, {}) - placement_constraints = try(var.service.placement_constraints, {}) - platform_version = try(var.service.platform_version, null) - propagate_tags = try(var.service.propagate_tags, null) - scheduling_strategy = try(var.service.scheduling_strategy, null) - service_connect_configuration = lookup(var.service, "service_connect_configuration", {}) - service_registries = try(var.service.service_registries, null) - timeouts = try(var.service.timeouts, {}) - triggers = try(var.service.triggers, {}) - wait_for_steady_state = try(var.service.wait_for_steady_state, null) + ordered_placement_strategy = var.service.ordered_placement_strategy + placement_constraints = var.service.placement_constraints + platform_version = var.service.platform_version + propagate_tags = var.service.propagate_tags + scheduling_strategy = var.service.scheduling_strategy + service_connect_configuration = var.service.service_connect_configuration + service_registries = var.service.service_registries + timeouts = var.service.timeouts + triggers = var.service.triggers + wait_for_steady_state = var.service.wait_for_steady_state # Service IAM role create_iam_role = try(var.service.create_iam_role, true) - iam_role_arn = try(var.service.iam_role_arn, null) - iam_role_name = try(var.service.iam_role_name, null) + iam_role_arn = var.service.iam_role_arn + iam_role_name = var.service.iam_role_name iam_role_use_name_prefix = try(var.service.iam_role_use_name_prefix, true) - iam_role_path = try(var.service.iam_role_path, null) - iam_role_description = try(var.service.iam_role_description, null) - iam_role_permissions_boundary = try(var.service.iam_role_permissions_boundary, null) + iam_role_path = var.service.iam_role_path + iam_role_description = var.service.iam_role_description + iam_role_permissions_boundary = var.service.iam_role_permissions_boundary iam_role_tags = try(var.service.iam_role_tags, {}) iam_role_statements = lookup(var.service, "iam_role_statements", []) # Task definition create_task_definition = try(var.service.create_task_definition, true) - task_definition_arn = try(var.service.task_definition_arn, null) + task_definition_arn = var.service.task_definition_arn container_definitions = merge( { atlantis = { command = try(var.atlantis.command, []) cpu = try(var.atlantis.cpu, 1024) - dependencies = try(var.atlantis.dependencies, []) # depends_on is a reserved word - disable_networking = try(var.atlantis.disable_networking, null) - dns_search_domains = try(var.atlantis.dns_search_domains, []) - dns_servers = try(var.atlantis.dns_servers, []) - docker_labels = try(var.atlantis.docker_labels, {}) - docker_security_options = try(var.atlantis.docker_security_options, []) + dependsOn = try(var.atlantis.depends_on, []) + disableNetworking = try(var.atlantis.disableNetworking, null) + dnsSearchDomains = try(var.atlantis.dnsSearchDomains, []) + dnsServers = try(var.atlantis.dnsServers, []) + dockerLabels = try(var.atlantis.dockerLabels, {}) + dockerSecurityOptions = try(var.atlantis.dockerSecurityOptions, []) enable_execute_command = try(var.atlantis.enable_execute_command, try(var.service.enable_execute_command, false)) - entrypoint = try(var.atlantis.entrypoint, []) + entryPoint = try(var.atlantis.entryPoint, []) environment = concat( [ { @@ -310,40 +310,40 @@ module "ecs_service" { ], lookup(var.atlantis, "environment", []) ) - environment_files = try(var.atlantis.environment_files, []) + environmentFiles = try(var.atlantis.environmentFiles, []) essential = try(var.atlantis.essential, true) - extra_hosts = try(var.atlantis.extra_hosts, []) - firelens_configuration = try(var.atlantis.firelens_configuration, {}) - health_check = try(var.atlantis.health_check, {}) + extraHosts = try(var.atlantis.extraHosts, []) + firelensConfiguration = try(var.atlantis.firelensConfiguration, {}) + healthCheck = try(var.atlantis.healthCheck, {}) hostname = try(var.atlantis.hostname, null) image = try(var.atlantis.image, "ghcr.io/runatlantis/atlantis:latest") interactive = try(var.atlantis.interactive, false) links = try(var.atlantis.links, []) - linux_parameters = try(var.atlantis.linux_parameters, {}) - log_configuration = lookup(var.atlantis, "log_configuration", {}) + linuxParameters = try(var.atlantis.linuxParameters, {}) + logConfiguration = lookup(var.atlantis, "logConfiguration", {}) memory = try(var.atlantis.memory, 2048) - memory_reservation = try(var.atlantis.memory_reservation, null) - mount_points = local.mount_points + memoryReservation = try(var.atlantis.memoryReservation, null) + mountPoints = local.mount_points name = "atlantis" - port_mappings = [{ + portMappings = [{ name = "atlantis" containerPort = local.atlantis_port hostPort = local.atlantis_port protocol = "tcp" }] privileged = try(var.atlantis.privileged, false) - pseudo_terminal = try(var.atlantis.pseudo_terminal, false) - readonly_root_filesystem = try(var.atlantis.readonly_root_filesystem, false) - repository_credentials = try(var.atlantis.repository_credentials, {}) - resource_requirements = try(var.atlantis.resource_requirements, []) + pseudoTerminal = try(var.atlantis.pseudoTerminal, false) + readonlyRootFilesystem = try(var.atlantis.readonlyRootFilesystem, false) + repositoryCredentials = try(var.atlantis.repositoryCredentials, {}) + resourceRequirements = try(var.atlantis.resourceRequirements, []) secrets = try(var.atlantis.secrets, []) - start_timeout = try(var.atlantis.start_timeout, 30) - stop_timeout = try(var.atlantis.stop_timeout, 120) - system_controls = try(var.atlantis.system_controls, []) + startTimeout = try(var.atlantis.startTimeout, 30) + stopTimeout = try(var.atlantis.stopTimeout, 120) + systemControls = try(var.atlantis.systemControls, []) ulimits = try(var.atlantis.ulimits, []) user = try(var.atlantis.user, "${var.atlantis_uid}:${var.atlantis_gid}") - volumes_from = try(var.atlantis.volumes_from, []) - working_directory = try(var.atlantis.working_directory, null) + volumesFrom = try(var.atlantis.volumesFrom, []) + workingDirectory = try(var.atlantis.workingDirectory, null) # CloudWatch Log Group service = var.name @@ -357,20 +357,20 @@ module "ecs_service" { lookup(var.service, "container_definitions", {}) ) cpu = try(var.service.cpu, 1024) - ephemeral_storage = try(var.service.ephemeral_storage, null) - family = try(var.service.family, null) - ipc_mode = try(var.service.ipc_mode, null) + ephemeral_storage = var.service.ephemeral_storage + family = var.service.family + ipc_mode = var.service.ipc_mode memory = try(var.service.memory, 2048) network_mode = try(var.service.network_mode, "awsvpc") - pid_mode = try(var.service.pid_mode, null) - task_definition_placement_constraints = try(var.service.task_definition_placement_constraints, {}) - proxy_configuration = try(var.service.proxy_configuration, null) + pid_mode = var.service.pid_mode + task_definition_placement_constraints = var.service.task_definition_placement_constraints + proxy_configuration = var.service.proxy_configuration requires_compatibilities = try(var.service.requires_compatibilities, ["FARGATE"]) runtime_platform = try(var.service.runtime_platform, { operating_system_family = "LINUX" cpu_architecture = "X86_64" }) - skip_destroy = try(var.service.skip_destroy, null) + skip_destroy = var.service.skip_destroy volume = { for k, v in merge( { efs = { @@ -390,40 +390,40 @@ module "ecs_service" { # Task execution IAM role create_task_exec_iam_role = try(var.service.create_task_exec_iam_role, true) - task_exec_iam_role_arn = try(var.service.task_exec_iam_role_arn, null) - task_exec_iam_role_name = try(var.service.task_exec_iam_role_name, null) + task_exec_iam_role_arn = var.service.task_exec_iam_role_arn + task_exec_iam_role_name = var.service.task_exec_iam_role_name task_exec_iam_role_use_name_prefix = try(var.service.task_exec_iam_role_use_name_prefix, true) - task_exec_iam_role_path = try(var.service.task_exec_iam_role_path, null) - task_exec_iam_role_description = try(var.service.task_exec_iam_role_description, null) - task_exec_iam_role_permissions_boundary = try(var.service.task_exec_iam_role_permissions_boundary, null) + task_exec_iam_role_path = var.service.task_exec_iam_role_path + task_exec_iam_role_description = var.service.task_exec_iam_role_description + task_exec_iam_role_permissions_boundary = var.service.task_exec_iam_role_permissions_boundary task_exec_iam_role_tags = try(var.service.task_exec_iam_role_tags, {}) task_exec_iam_role_policies = lookup(var.service, "task_exec_iam_role_policies", {}) - task_exec_iam_role_max_session_duration = try(var.service.task_exec_iam_role_max_session_duration, null) + task_exec_iam_role_max_session_duration = var.service.task_exec_iam_role_max_session_duration # Task execution IAM role policy create_task_exec_policy = try(var.service.create_task_exec_policy, true) - task_exec_ssm_param_arns = try(var.service.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"]) - task_exec_secret_arns = try(var.service.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"]) + task_exec_ssm_param_arns = try(var.service.task_exec_ssm_param_arns, []) + task_exec_secret_arns = try(var.service.task_exec_secret_arns, []) task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", []) # Tasks - IAM role create_tasks_iam_role = try(var.service.create_tasks_iam_role, true) - tasks_iam_role_arn = try(var.service.tasks_iam_role_arn, null) - tasks_iam_role_name = try(var.service.tasks_iam_role_name, null) + tasks_iam_role_arn = var.service.tasks_iam_role_arn + tasks_iam_role_name = var.service.tasks_iam_role_name tasks_iam_role_use_name_prefix = try(var.service.tasks_iam_role_use_name_prefix, true) - tasks_iam_role_path = try(var.service.tasks_iam_role_path, null) - tasks_iam_role_description = try(var.service.tasks_iam_role_description, null) - tasks_iam_role_permissions_boundary = try(var.service.tasks_iam_role_permissions_boundary, null) + tasks_iam_role_path = var.service.tasks_iam_role_path + tasks_iam_role_description = var.service.tasks_iam_role_description + tasks_iam_role_permissions_boundary = var.service.tasks_iam_role_permissions_boundary tasks_iam_role_tags = try(var.service.tasks_iam_role_tags, {}) tasks_iam_role_policies = lookup(var.service, "tasks_iam_role_policies", {}) tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", []) # Task set - external_id = try(var.service.external_id, null) - scale = try(var.service.scale, {}) - force_delete = try(var.service.force_delete, null) + external_id = var.service.external_id + scale = var.service.scale + force_delete = var.service.force_delete wait_until_stable = try(var.service.wait_until_stable, null) - wait_until_stable_timeout = try(var.service.wait_until_stable_timeout, null) + wait_until_stable_timeout = var.service.wait_until_stable_timeout # Autoscaling enable_autoscaling = try(var.service.enable_autoscaling, false) @@ -434,9 +434,9 @@ module "ecs_service" { # Security Group create_security_group = try(var.service.create_security_group, true) - security_group_name = try(var.service.security_group_name, null) + security_group_name = var.service.security_group_name security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true) - security_group_description = try(var.service.security_group_description, null) + security_group_description = var.service.security_group_description security_group_ingress_rules = merge( { atlantis = { From 26a3f395c4b1e3cea1869801ef015dfdf6a17144 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Wed, 27 Aug 2025 22:21:34 -0700 Subject: [PATCH 18/20] Fix Terraform formatting issues - applied terraform fmt to align attribute assignments in main.tf --- main.tf | 76 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/main.tf b/main.tf index f8e67474..a1ebceea 100644 --- a/main.tf +++ b/main.tf @@ -287,16 +287,16 @@ module "ecs_service" { container_definitions = merge( { atlantis = { - command = try(var.atlantis.command, []) - cpu = try(var.atlantis.cpu, 1024) - dependsOn = try(var.atlantis.depends_on, []) - disableNetworking = try(var.atlantis.disableNetworking, null) - dnsSearchDomains = try(var.atlantis.dnsSearchDomains, []) - dnsServers = try(var.atlantis.dnsServers, []) - dockerLabels = try(var.atlantis.dockerLabels, {}) - dockerSecurityOptions = try(var.atlantis.dockerSecurityOptions, []) - enable_execute_command = try(var.atlantis.enable_execute_command, try(var.service.enable_execute_command, false)) - entryPoint = try(var.atlantis.entryPoint, []) + command = try(var.atlantis.command, []) + cpu = try(var.atlantis.cpu, 1024) + dependsOn = try(var.atlantis.depends_on, []) + disableNetworking = try(var.atlantis.disableNetworking, null) + dnsSearchDomains = try(var.atlantis.dnsSearchDomains, []) + dnsServers = try(var.atlantis.dnsServers, []) + dockerLabels = try(var.atlantis.dockerLabels, {}) + dockerSecurityOptions = try(var.atlantis.dockerSecurityOptions, []) + enable_execute_command = try(var.atlantis.enable_execute_command, try(var.service.enable_execute_command, false)) + entryPoint = try(var.atlantis.entryPoint, []) environment = concat( [ { @@ -310,40 +310,40 @@ module "ecs_service" { ], lookup(var.atlantis, "environment", []) ) - environmentFiles = try(var.atlantis.environmentFiles, []) - essential = try(var.atlantis.essential, true) - extraHosts = try(var.atlantis.extraHosts, []) - firelensConfiguration = try(var.atlantis.firelensConfiguration, {}) - healthCheck = try(var.atlantis.healthCheck, {}) - hostname = try(var.atlantis.hostname, null) - image = try(var.atlantis.image, "ghcr.io/runatlantis/atlantis:latest") - interactive = try(var.atlantis.interactive, false) - links = try(var.atlantis.links, []) - linuxParameters = try(var.atlantis.linuxParameters, {}) - logConfiguration = lookup(var.atlantis, "logConfiguration", {}) - memory = try(var.atlantis.memory, 2048) - memoryReservation = try(var.atlantis.memoryReservation, null) - mountPoints = local.mount_points - name = "atlantis" + environmentFiles = try(var.atlantis.environmentFiles, []) + essential = try(var.atlantis.essential, true) + extraHosts = try(var.atlantis.extraHosts, []) + firelensConfiguration = try(var.atlantis.firelensConfiguration, {}) + healthCheck = try(var.atlantis.healthCheck, {}) + hostname = try(var.atlantis.hostname, null) + image = try(var.atlantis.image, "ghcr.io/runatlantis/atlantis:latest") + interactive = try(var.atlantis.interactive, false) + links = try(var.atlantis.links, []) + linuxParameters = try(var.atlantis.linuxParameters, {}) + logConfiguration = lookup(var.atlantis, "logConfiguration", {}) + memory = try(var.atlantis.memory, 2048) + memoryReservation = try(var.atlantis.memoryReservation, null) + mountPoints = local.mount_points + name = "atlantis" portMappings = [{ name = "atlantis" containerPort = local.atlantis_port hostPort = local.atlantis_port protocol = "tcp" }] - privileged = try(var.atlantis.privileged, false) - pseudoTerminal = try(var.atlantis.pseudoTerminal, false) - readonlyRootFilesystem = try(var.atlantis.readonlyRootFilesystem, false) - repositoryCredentials = try(var.atlantis.repositoryCredentials, {}) - resourceRequirements = try(var.atlantis.resourceRequirements, []) - secrets = try(var.atlantis.secrets, []) - startTimeout = try(var.atlantis.startTimeout, 30) - stopTimeout = try(var.atlantis.stopTimeout, 120) - systemControls = try(var.atlantis.systemControls, []) - ulimits = try(var.atlantis.ulimits, []) - user = try(var.atlantis.user, "${var.atlantis_uid}:${var.atlantis_gid}") - volumesFrom = try(var.atlantis.volumesFrom, []) - workingDirectory = try(var.atlantis.workingDirectory, null) + privileged = try(var.atlantis.privileged, false) + pseudoTerminal = try(var.atlantis.pseudoTerminal, false) + readonlyRootFilesystem = try(var.atlantis.readonlyRootFilesystem, false) + repositoryCredentials = try(var.atlantis.repositoryCredentials, {}) + resourceRequirements = try(var.atlantis.resourceRequirements, []) + secrets = try(var.atlantis.secrets, []) + startTimeout = try(var.atlantis.startTimeout, 30) + stopTimeout = try(var.atlantis.stopTimeout, 120) + systemControls = try(var.atlantis.systemControls, []) + ulimits = try(var.atlantis.ulimits, []) + user = try(var.atlantis.user, "${var.atlantis_uid}:${var.atlantis_gid}") + volumesFrom = try(var.atlantis.volumesFrom, []) + workingDirectory = try(var.atlantis.workingDirectory, null) # CloudWatch Log Group service = var.name From c91b5e7121fffddf25454a3b969ee34ab6e27e89 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Wed, 27 Aug 2025 22:33:45 -0700 Subject: [PATCH 19/20] Update README documentation to match module versions --- examples/github-complete/README.md | 2 +- examples/github-separate/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md index 5a0975b3..2fb591f0 100644 --- a/examples/github-complete/README.md +++ b/examples/github-complete/README.md @@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des | [atlantis](#module\_atlantis) | ../../ | n/a | | [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a | | [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 | ## Resources diff --git a/examples/github-separate/README.md b/examples/github-separate/README.md index 71d6d29e..a2140afa 100644 --- a/examples/github-separate/README.md +++ b/examples/github-separate/README.md @@ -35,7 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 | +| [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 9.0 | | [atlantis](#module\_atlantis) | ../../ | n/a | | [atlantis\_disabled](#module\_atlantis\_disabled) | ../../ | n/a | | [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 | From c094bc1878914a253e89f182bea28297c5bf5b30 Mon Sep 17 00:00:00 2001 From: Andrews-repo Date: Thu, 28 Aug 2025 09:45:06 -0700 Subject: [PATCH 20/20] Add try() wrappers for optional service variables to prevent errors when undefined --- main.tf | 86 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/main.tf b/main.tf index a1ebceea..3fff1876 100644 --- a/main.tf +++ b/main.tf @@ -234,16 +234,16 @@ module "ecs_service" { # Service ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false) alarms = try(var.service.alarms, null) - capacity_provider_strategy = var.service.capacity_provider_strategy + capacity_provider_strategy = try(var.service.capacity_provider_strategy, null) cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn - deployment_controller = var.service.deployment_controller + deployment_controller = try(var.service.deployment_controller, null) deployment_maximum_percent = try(var.service.deployment_maximum_percent, local.deployment_maximum_percent) deployment_minimum_healthy_percent = try(var.service.deployment_minimum_healthy_percent, local.deployment_minimum_healthy_percent) desired_count = try(var.service.desired_count, 1) enable_ecs_managed_tags = try(var.service.enable_ecs_managed_tags, true) enable_execute_command = try(var.service.enable_execute_command, false) force_new_deployment = try(var.service.force_new_deployment, true) - health_check_grace_period_seconds = var.service.health_check_grace_period_seconds + health_check_grace_period_seconds = try(var.service.health_check_grace_period_seconds, null) launch_type = try(var.service.launch_type, "FARGATE") load_balancer = merge( { @@ -259,31 +259,31 @@ module "ecs_service" { assign_public_ip = try(var.service.assign_public_ip, false) security_group_ids = try(var.service.security_group_ids, []) subnet_ids = try(var.service.subnet_ids, var.service_subnets) - ordered_placement_strategy = var.service.ordered_placement_strategy - placement_constraints = var.service.placement_constraints - platform_version = var.service.platform_version - propagate_tags = var.service.propagate_tags - scheduling_strategy = var.service.scheduling_strategy - service_connect_configuration = var.service.service_connect_configuration - service_registries = var.service.service_registries - timeouts = var.service.timeouts - triggers = var.service.triggers - wait_for_steady_state = var.service.wait_for_steady_state + ordered_placement_strategy = try(var.service.ordered_placement_strategy, null) + placement_constraints = try(var.service.placement_constraints, null) + platform_version = try(var.service.platform_version, null) + propagate_tags = try(var.service.propagate_tags, null) + scheduling_strategy = try(var.service.scheduling_strategy, null) + service_connect_configuration = try(var.service.service_connect_configuration, null) + service_registries = try(var.service.service_registries, null) + timeouts = try(var.service.timeouts, null) + triggers = try(var.service.triggers, null) + wait_for_steady_state = try(var.service.wait_for_steady_state, null) # Service IAM role create_iam_role = try(var.service.create_iam_role, true) - iam_role_arn = var.service.iam_role_arn - iam_role_name = var.service.iam_role_name + iam_role_arn = try(var.service.iam_role_arn, null) + iam_role_name = try(var.service.iam_role_name, null) iam_role_use_name_prefix = try(var.service.iam_role_use_name_prefix, true) - iam_role_path = var.service.iam_role_path - iam_role_description = var.service.iam_role_description - iam_role_permissions_boundary = var.service.iam_role_permissions_boundary + iam_role_path = try(var.service.iam_role_path, null) + iam_role_description = try(var.service.iam_role_description, null) + iam_role_permissions_boundary = try(var.service.iam_role_permissions_boundary, null) iam_role_tags = try(var.service.iam_role_tags, {}) iam_role_statements = lookup(var.service, "iam_role_statements", []) # Task definition create_task_definition = try(var.service.create_task_definition, true) - task_definition_arn = var.service.task_definition_arn + task_definition_arn = try(var.service.task_definition_arn, null) container_definitions = merge( { atlantis = { @@ -357,20 +357,20 @@ module "ecs_service" { lookup(var.service, "container_definitions", {}) ) cpu = try(var.service.cpu, 1024) - ephemeral_storage = var.service.ephemeral_storage - family = var.service.family - ipc_mode = var.service.ipc_mode + ephemeral_storage = try(var.service.ephemeral_storage, null) + family = try(var.service.family, null) + ipc_mode = try(var.service.ipc_mode, null) memory = try(var.service.memory, 2048) network_mode = try(var.service.network_mode, "awsvpc") - pid_mode = var.service.pid_mode - task_definition_placement_constraints = var.service.task_definition_placement_constraints - proxy_configuration = var.service.proxy_configuration + pid_mode = try(var.service.pid_mode, null) + task_definition_placement_constraints = try(var.service.task_definition_placement_constraints, null) + proxy_configuration = try(var.service.proxy_configuration, null) requires_compatibilities = try(var.service.requires_compatibilities, ["FARGATE"]) runtime_platform = try(var.service.runtime_platform, { operating_system_family = "LINUX" cpu_architecture = "X86_64" }) - skip_destroy = var.service.skip_destroy + skip_destroy = try(var.service.skip_destroy, null) volume = { for k, v in merge( { efs = { @@ -390,15 +390,15 @@ module "ecs_service" { # Task execution IAM role create_task_exec_iam_role = try(var.service.create_task_exec_iam_role, true) - task_exec_iam_role_arn = var.service.task_exec_iam_role_arn - task_exec_iam_role_name = var.service.task_exec_iam_role_name + task_exec_iam_role_arn = try(var.service.task_exec_iam_role_arn, null) + task_exec_iam_role_name = try(var.service.task_exec_iam_role_name, null) task_exec_iam_role_use_name_prefix = try(var.service.task_exec_iam_role_use_name_prefix, true) - task_exec_iam_role_path = var.service.task_exec_iam_role_path - task_exec_iam_role_description = var.service.task_exec_iam_role_description - task_exec_iam_role_permissions_boundary = var.service.task_exec_iam_role_permissions_boundary + task_exec_iam_role_path = try(var.service.task_exec_iam_role_path, null) + task_exec_iam_role_description = try(var.service.task_exec_iam_role_description, null) + task_exec_iam_role_permissions_boundary = try(var.service.task_exec_iam_role_permissions_boundary, null) task_exec_iam_role_tags = try(var.service.task_exec_iam_role_tags, {}) task_exec_iam_role_policies = lookup(var.service, "task_exec_iam_role_policies", {}) - task_exec_iam_role_max_session_duration = var.service.task_exec_iam_role_max_session_duration + task_exec_iam_role_max_session_duration = try(var.service.task_exec_iam_role_max_session_duration, null) # Task execution IAM role policy create_task_exec_policy = try(var.service.create_task_exec_policy, true) @@ -408,22 +408,22 @@ module "ecs_service" { # Tasks - IAM role create_tasks_iam_role = try(var.service.create_tasks_iam_role, true) - tasks_iam_role_arn = var.service.tasks_iam_role_arn - tasks_iam_role_name = var.service.tasks_iam_role_name + tasks_iam_role_arn = try(var.service.tasks_iam_role_arn, null) + tasks_iam_role_name = try(var.service.tasks_iam_role_name, null) tasks_iam_role_use_name_prefix = try(var.service.tasks_iam_role_use_name_prefix, true) - tasks_iam_role_path = var.service.tasks_iam_role_path - tasks_iam_role_description = var.service.tasks_iam_role_description - tasks_iam_role_permissions_boundary = var.service.tasks_iam_role_permissions_boundary + tasks_iam_role_path = try(var.service.tasks_iam_role_path, null) + tasks_iam_role_description = try(var.service.tasks_iam_role_description, null) + tasks_iam_role_permissions_boundary = try(var.service.tasks_iam_role_permissions_boundary, null) tasks_iam_role_tags = try(var.service.tasks_iam_role_tags, {}) tasks_iam_role_policies = lookup(var.service, "tasks_iam_role_policies", {}) tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", []) # Task set - external_id = var.service.external_id - scale = var.service.scale - force_delete = var.service.force_delete + external_id = try(var.service.external_id, null) + scale = try(var.service.scale, null) + force_delete = try(var.service.force_delete, null) wait_until_stable = try(var.service.wait_until_stable, null) - wait_until_stable_timeout = var.service.wait_until_stable_timeout + wait_until_stable_timeout = try(var.service.wait_until_stable_timeout, null) # Autoscaling enable_autoscaling = try(var.service.enable_autoscaling, false) @@ -434,9 +434,9 @@ module "ecs_service" { # Security Group create_security_group = try(var.service.create_security_group, true) - security_group_name = var.service.security_group_name + security_group_name = try(var.service.security_group_name, null) security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true) - security_group_description = var.service.security_group_description + security_group_description = try(var.service.security_group_description, null) security_group_ingress_rules = merge( { atlantis = {