Refactor code

.modules/service/ecs.tf

@@ -20,8 +20,8 @@ resource "aws_ecs_task_definition" "task" {
   family                   = var.service_name
   cpu                      = var.ecs_cpu
   memory                   = var.ecs_memory
-  execution_role_arn       = element(concat(aws_iam_role.ecs-execution.*.arn, tolist([var.ecs_execution_role_arn])), var.create_policy ? 0 : 1)
-  task_role_arn            = element(concat(aws_iam_role.task-execution.*.arn, tolist([var.ecs_task_execution_role_arn])), var.create_policy ? 0 : 1)
+  execution_role_arn       = element(concat(aws_iam_role.ecs-execution.*.arn, tolist([var.external_ecs_execution_role_arn])), var.create_policies ? 0 : 1)
+  task_role_arn            = element(concat(aws_iam_role.task-execution.*.arn, tolist([var.external_ecs_task_execution_role_arn])), var.create_policies ? 0 : 1)
   network_mode             = "awsvpc"
   requires_compatibilities = [var.launch_type]
 

.modules/service/policy.tf

@@ -10,16 +10,16 @@ data "aws_iam_policy_document" "ecs-role-policy" {
 }
 
 resource "aws_iam_role" "ecs-execution" {
-  count = var.create_policy ? 1 : 0
+  count = var.create_policies ? 1 : 0
 
   name               = "${var.service_name}-ExecutionRole-role"
   assume_role_policy = data.aws_iam_policy_document.ecs-role-policy.json
 }
 
 resource "aws_iam_role_policy_attachment" "ecs-execution-managed" {
-  count = var.create_policy ? 1 : 0
+  count = var.create_policies ? 1 : 0
 
-  role       = element(concat(aws_iam_role.ecs-execution.*.id, tolist([""])), var.create_policy ? 0 : 1)
+  role       = element(concat(aws_iam_role.ecs-execution.*.id, tolist([""])), var.create_policies ? 0 : 1)
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
 
@@ -50,15 +50,15 @@ data "aws_iam_policy_document" "task-assume-role" {
 }
 
 resource "aws_iam_role" "task-execution" {
-  count = var.create_policy ? 1 : 0
+  count = var.create_policies ? 1 : 0
 
   name               = "${var.service_name}-TaskRole-role"
   assume_role_policy = data.aws_iam_policy_document.task-assume-role.json
 }
 
 resource "aws_iam_role_policy" "task-role" {
-  count = var.create_policy ? 1 : 0
+  count = var.create_policies ? 1 : 0
 
   policy = data.aws_iam_policy_document.task-policy.json
-  role   = element(concat(aws_iam_role.task-execution.*.id, tolist([""])), var.create_policy ? 0 : 1)
+  role   = element(concat(aws_iam_role.task-execution.*.id, tolist([""])), var.create_policies ? 0 : 1)
 }

.modules/service/variables.tf

@@ -66,20 +66,20 @@ variable "rolling_updates" {
   type        = bool
 }
 
-variable "create_policy" {
-  description = "Boolean to create the policy"
+variable "create_policies" {
+  description = "Boolean whether to create the policy"
   default     = true
   type        = bool
 }
 
-variable "ecs_execution_role_arn" {
-  description = "The ARN of the ECS execution role"
+variable "external_ecs_execution_role_arn" {
+  description = "The ARN of an external ECS execution role to use"
   type        = string
   default     = ""
 }
 
-variable "ecs_task_execution_role_arn" {
-  description = "The ARN of the ECS task role"
+variable "external_ecs_task_execution_role_arn" {
+  description = "The ARN of an external ECS task execution role to use"
   type        = string
   default     = ""
 }

stun_server/region/module.tf

@@ -37,8 +37,8 @@ module "stun_server" {
       }
     ],
   }
-  webservice                  = true
-  create_policy               = false
-  ecs_execution_role_arn      = var.ecs_execution_role_arn
-  ecs_task_execution_role_arn = var.ecs_task_execution_role_arn
+  webservice                           = true
+  create_policies                      = false
+  external_ecs_execution_role_arn      = var.ecs_execution_role_arn
+  external_ecs_task_execution_role_arn = var.ecs_task_execution_role_arn
 }