From bf182f5a6fe2dd208ddda55644670aaeae7c6887 Mon Sep 17 00:00:00 2001 From: Krisjanis Lejejs Date: Fri, 27 Sep 2024 16:38:49 +0300 Subject: [PATCH] Modify code to use external roles conditionally --- .modules/service/ecs.tf | 4 ++-- .modules/service/policy.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.modules/service/ecs.tf b/.modules/service/ecs.tf index fbd3031..696d508 100644 --- a/.modules/service/ecs.tf +++ b/.modules/service/ecs.tf @@ -20,8 +20,8 @@ resource "aws_ecs_task_definition" "task" { family = var.service_name cpu = var.ecs_cpu memory = var.ecs_memory - execution_role_arn = coalesce(var.ecs_execution_role_arn, aws_iam_role.ecs-execution.arn) - task_role_arn = coalesce(var.ecs_task_execution_role_arn, aws_iam_role.task-execution.arn) + execution_role_arn = var.ecs_execution_role_arn != "" ? var.ecs_execution_role_arn : aws_iam_role.ecs-execution.arn + task_role_arn = var.ecs_task_execution_role_arn != "" ? var.ecs_task_execution_role_arn : aws_iam_role.task-execution.arn network_mode = "awsvpc" requires_compatibilities = [var.launch_type] diff --git a/.modules/service/policy.tf b/.modules/service/policy.tf index 3cdeec4..6b4035d 100644 --- a/.modules/service/policy.tf +++ b/.modules/service/policy.tf @@ -19,7 +19,7 @@ resource "aws_iam_role" "ecs-execution" { resource "aws_iam_role_policy_attachment" "ecs-execution-managed" { count = var.ecs_execution_role_arn == "" ? 1 : 0 - role = aws_iam_role.ecs-execution.id + role = var.ecs_execution_role_arn == "" ? aws_iam_role.ecs-execution.id : "" policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } @@ -60,5 +60,5 @@ resource "aws_iam_role_policy" "task-role" { count = var.ecs_task_execution_role_arn == "" ? 1 : 0 policy = data.aws_iam_policy_document.task-policy.json - role = aws_iam_role.task-execution.id + role = var.ecs_task_execution_role_arn == "" ? aws_iam_role.task-execution.id : "" }