Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify service module to support external ECS execution and task roles #106

Closed
wants to merge 9 commits into from
Closed

Modify service module to support external ECS execution and task roles #106

wants to merge 9 commits into from

Conversation

klejejs
Copy link
Contributor

@klejejs klejejs commented Sep 27, 2024
edited
Loading

This PR modifies the service module to support external ECS execution and task roles to be defined for the service and prevent module policy creation. This is useful for services like stun_server, which runs in multiple regions, but IAM roles need to be created only in one.

I tried defining policy creation in the service module (count value) based on the role variable values passed to the module; however, because roles have to be created first, Terraform could not determine the actual variable values during the run, and I had to implement a separate create_policies variable instead.

@klejejs klejejs force-pushed the fix/stun-server-policy branch from 017d623 to 94a462d Compare September 27, 2024 14:05
@klejejs klejejs force-pushed the fix/stun-server-policy branch from 94a462d to a30b406 Compare September 27, 2024 14:17
@klejejs klejejs marked this pull request as ready for review September 27, 2024 14:34
@klejejs klejejs requested review from bemble and ludeeus September 27, 2024 14:34
ludeeus
ludeeus reviewed Sep 30, 2024
View reviewed changes
.modules/service/variables.tf Outdated
@@ -65,3 +65,21 @@ variable "rolling_updates" {
default = false
type = bool
}

variable "create_policies" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be calculated, there should be no need to pass this and the ARN.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried it (described in the PR description), and it did not work. I'll check if it works if we pass the role name and use it a data source as you suggested.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like it works if a name is passed and used for the data source instead of passing the ARN directly. Thanks for the tip!

ludeeus
ludeeus reviewed Sep 30, 2024
View reviewed changes
.modules/service/variables.tf Outdated
type = bool
}

variable "external_ecs_execution_role_arn" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pass the role name and use the data source to fetch the arn, that makes the rest of the code more readable as that can determine which role to get (local/external) based on if this is passed or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we should rename the local role as well? E.g., add -local?

@bemble
Copy link
Member

bemble commented Sep 30, 2024

As policies are global, why keeping them into the module directory and try to find a workaround to get it working?

@klejejs klejejs mentioned this pull request Oct 1, 2024
Merged
@klejejs klejejs closed this Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ludeeus ludeeus ludeeus left review comments

@bemble bemble Awaiting requested review from bemble

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@klejejs @bemble @ludeeus