diff --git a/.modules/service/ecs.tf b/.modules/service/ecs.tf index 8e1b961..fc920d1 100644 --- a/.modules/service/ecs.tf +++ b/.modules/service/ecs.tf @@ -20,8 +20,8 @@ resource "aws_ecs_task_definition" "task" { family = var.service_name cpu = var.ecs_cpu memory = var.ecs_memory - execution_role_arn = element(concat(aws_iam_role.ecs-execution.*.arn, tolist([var.ecs_execution_role_arn])), var.create_policy ? 0 : 1) - task_role_arn = element(concat(aws_iam_role.task-execution.*.arn, tolist([var.ecs_task_execution_role_arn])), var.create_policy ? 0 : 1) + execution_role_arn = element(concat(aws_iam_role.ecs-execution.*.arn, tolist([var.external_ecs_execution_role_arn])), var.create_policies ? 0 : 1) + task_role_arn = element(concat(aws_iam_role.task-execution.*.arn, tolist([var.external_ecs_task_execution_role_arn])), var.create_policies ? 0 : 1) network_mode = "awsvpc" requires_compatibilities = [var.launch_type] diff --git a/.modules/service/policy.tf b/.modules/service/policy.tf index f5c4f17..1e1c517 100644 --- a/.modules/service/policy.tf +++ b/.modules/service/policy.tf @@ -10,16 +10,16 @@ data "aws_iam_policy_document" "ecs-role-policy" { } resource "aws_iam_role" "ecs-execution" { - count = var.create_policy ? 1 : 0 + count = var.create_policies ? 1 : 0 name = "${var.service_name}-ExecutionRole-role" assume_role_policy = data.aws_iam_policy_document.ecs-role-policy.json } resource "aws_iam_role_policy_attachment" "ecs-execution-managed" { - count = var.create_policy ? 1 : 0 + count = var.create_policies ? 1 : 0 - role = element(concat(aws_iam_role.ecs-execution.*.id, tolist([""])), var.create_policy ? 0 : 1) + role = element(concat(aws_iam_role.ecs-execution.*.id, tolist([""])), var.create_policies ? 0 : 1) policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } @@ -50,15 +50,15 @@ data "aws_iam_policy_document" "task-assume-role" { } resource "aws_iam_role" "task-execution" { - count = var.create_policy ? 1 : 0 + count = var.create_policies ? 1 : 0 name = "${var.service_name}-TaskRole-role" assume_role_policy = data.aws_iam_policy_document.task-assume-role.json } resource "aws_iam_role_policy" "task-role" { - count = var.create_policy ? 1 : 0 + count = var.create_policies ? 1 : 0 policy = data.aws_iam_policy_document.task-policy.json - role = element(concat(aws_iam_role.task-execution.*.id, tolist([""])), var.create_policy ? 0 : 1) + role = element(concat(aws_iam_role.task-execution.*.id, tolist([""])), var.create_policies ? 0 : 1) } diff --git a/.modules/service/variables.tf b/.modules/service/variables.tf index c0341ff..083ddfa 100644 --- a/.modules/service/variables.tf +++ b/.modules/service/variables.tf @@ -66,20 +66,20 @@ variable "rolling_updates" { type = bool } -variable "create_policy" { - description = "Boolean to create the policy" +variable "create_policies" { + description = "Boolean whether to create the policy" default = true type = bool } -variable "ecs_execution_role_arn" { - description = "The ARN of the ECS execution role" +variable "external_ecs_execution_role_arn" { + description = "The ARN of an external ECS execution role to use" type = string default = "" } -variable "ecs_task_execution_role_arn" { - description = "The ARN of the ECS task role" +variable "external_ecs_task_execution_role_arn" { + description = "The ARN of an external ECS task execution role to use" type = string default = "" } diff --git a/stun_server/region/module.tf b/stun_server/region/module.tf index b09db0a..913316c 100644 --- a/stun_server/region/module.tf +++ b/stun_server/region/module.tf @@ -37,8 +37,8 @@ module "stun_server" { } ], } - webservice = true - create_policy = false - ecs_execution_role_arn = var.ecs_execution_role_arn - ecs_task_execution_role_arn = var.ecs_task_execution_role_arn + webservice = true + create_policies = false + external_ecs_execution_role_arn = var.ecs_execution_role_arn + external_ecs_task_execution_role_arn = var.ecs_task_execution_role_arn }