diff --git a/.changelog/37019.txt b/.changelog/37019.txt
new file mode 100644
index 000000000000..80562c6857cb
--- /dev/null
+++ b/.changelog/37019.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_ecs_service: Add `volume_configuration` argument
+```
+
+```release-note:enhancement
+resource/aws_ecs_task_definition: Add `configure_at_launch` parameter in `volume` argument
+```
\ No newline at end of file
diff --git a/GNUmakefile b/GNUmakefile
index 517c7032e692..c1c051874db1 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -503,6 +503,7 @@ semgrep-code-quality: semgrep-validate ## [CI] Semgrep Checks / Code Quality Sca
 semgrep-constants: semgrep-validate ## Fix constants with Semgrep --autofix
 	@echo "make: Fix constants with Semgrep --autofix"
 	@semgrep $(SEMGREP_ARGS) --autofix \
+		$(if $(filter-out $(origin PKG), undefined),--include $(PKG_NAME),) \
 		--config .ci/.semgrep-constants.yml \
 		--config .ci/.semgrep-test-constants.yml
 
diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go
index 37d562f3a068..075efa7cb702 100644
--- a/internal/service/ecs/service.go
+++ b/internal/service/ecs/service.go
@@ -518,6 +518,69 @@ func ResourceService() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"volume_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						names.AttrName: {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"managed_ebs_volume": {
+							Type:     schema.TypeList,
+							Required: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									names.AttrRoleARN: {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: verify.ValidARN,
+									},
+									names.AttrEncrypted: {
+										Type:     schema.TypeBool,
+										Optional: true,
+										Default:  true,
+									},
+									"file_system_type": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										Default:      ecs.TaskFilesystemTypeXfs,
+										ValidateFunc: validation.StringInSlice(ecs.TaskFilesystemType_Values(), false),
+									},
+									names.AttrIOPS: {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									names.AttrKMSKeyID: {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"size_in_gb": {
+										Type:     schema.TypeInt,
+										Optional: true,
+									},
+									names.AttrSnapshotID: {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+									"throughput": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.IntBetween(0, 1000),
+									},
+									names.AttrVolumeType: {
+										Type:     schema.TypeString,
+										Optional: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 		},
 
 		CustomizeDiff: customdiff.Sequence(
@@ -625,6 +688,10 @@ func resourceServiceCreate(ctx context.Context, d *schema.ResourceData, meta int
 		input.ServiceConnectConfiguration = expandServiceConnectConfiguration(v.([]interface{}))
 	}
 
+	if v, ok := d.GetOk("volume_configuration"); ok && len(v.([]interface{})) > 0 {
+		input.VolumeConfigurations = expandVolumeConfigurations(v.([]interface{}))
+	}
+
 	serviceRegistries := d.Get("service_registries").([]interface{})
 	if len(serviceRegistries) > 0 {
 		srs := make([]*ecs.ServiceRegistry, 0, len(serviceRegistries))
@@ -956,6 +1023,10 @@ func resourceServiceUpdate(ctx context.Context, d *schema.ResourceData, meta int
 			input.ServiceConnectConfiguration = expandServiceConnectConfiguration(d.Get("service_connect_configuration").([]interface{}))
 		}
 
+		if d.HasChange("volume_configuration") {
+			input.VolumeConfigurations = expandVolumeConfigurations(d.Get("volume_configuration").([]interface{}))
+		}
+
 		if d.HasChange("service_registries") {
 			input.ServiceRegistries = expandServiceRegistries(d.Get("service_registries").([]interface{}))
 		}
@@ -1466,6 +1537,67 @@ func expandSecretOptions(sop []interface{}) []*ecs.Secret {
 	return out
 }
 
+func expandVolumeConfigurations(vc []interface{}) []*ecs.ServiceVolumeConfiguration {
+	if len(vc) == 0 {
+		return nil
+	}
+
+	vcs := make([]*ecs.ServiceVolumeConfiguration, 0)
+
+	for _, raw := range vc {
+		p := raw.(map[string]interface{})
+
+		config := &ecs.ServiceVolumeConfiguration{
+			Name: aws.String(p[names.AttrName].(string)),
+		}
+
+		if v, ok := p["managed_ebs_volume"].([]interface{}); ok && len(v) > 0 {
+			config.ManagedEBSVolume = expandManagedEBSVolume(v)
+		}
+		vcs = append(vcs, config)
+	}
+
+	return vcs
+}
+
+func expandManagedEBSVolume(ebs []interface{}) *ecs.ServiceManagedEBSVolumeConfiguration {
+	if len(ebs) == 0 {
+		return &ecs.ServiceManagedEBSVolumeConfiguration{}
+	}
+	raw := ebs[0].(map[string]interface{})
+
+	config := &ecs.ServiceManagedEBSVolumeConfiguration{}
+	if v, ok := raw[names.AttrRoleARN].(string); ok && v != "" {
+		config.RoleArn = aws.String(v)
+	}
+	if v, ok := raw[names.AttrEncrypted].(bool); ok {
+		config.Encrypted = aws.Bool(v)
+	}
+	if v, ok := raw["file_system_type"].(string); ok && v != "" {
+		config.FilesystemType = aws.String(v)
+	}
+	if v, ok := raw[names.AttrIOPS].(int); ok && v != 0 {
+		config.Iops = aws.Int64(int64(v))
+	}
+	if v, ok := raw[names.AttrKMSKeyID].(string); ok && v != "" {
+		config.KmsKeyId = aws.String(v)
+	}
+	if v, ok := raw["size_in_gb"].(int); ok && v != 0 {
+		config.SizeInGiB = aws.Int64(int64(v))
+	}
+	if v, ok := raw[names.AttrSnapshotID].(string); ok && v != "" {
+		config.SnapshotId = aws.String(v)
+	}
+	if v, ok := raw["throughput"].(int); ok && v != 0 {
+		config.Throughput = aws.Int64(int64(v))
+	}
+	if v, ok := raw[names.AttrVolumeType].(string); ok && v != "" {
+		config.VolumeType = aws.String(v)
+	}
+
+	return config
+}
+
 func expandServices(srv []interface{}) []*ecs.ServiceConnectService {
 	if len(srv) == 0 {
 		return nil
diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go
index c12af96e28f6..b53a26912c4a 100644
--- a/internal/service/ecs/service_test.go
+++ b/internal/service/ecs/service_test.go
@@ -307,6 +307,62 @@ func TestAccECSService_CapacityProviderStrategy_update(t *testing.T) {
 	})
 }
 
+func TestAccECSService_VolumeConfiguration_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	var service ecs.Service
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_ecs_service.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.ECSServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckServiceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccServiceConfig_volumeConfiguration_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceExists(ctx, resourceName, &service),
+				),
+			},
+		},
+	})
+}
+
+func TestAccECSService_VolumeConfiguration_update(t *testing.T) {
+	ctx := acctest.Context(t)
+	var service ecs.Service
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_ecs_service.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.ECSServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckServiceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp2", 8),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceExists(ctx, resourceName, &service),
+				),
+			},
+			{
+				Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp3", 8),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceExists(ctx, resourceName, &service),
+				),
+			},
+			{
+				Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp3", 16),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceExists(ctx, resourceName, &service),
+				),
+			},
+		},
+	})
+}
+
 func TestAccECSService_familyAndRevision(t *testing.T) {
 	ctx := acctest.Context(t)
 	var service ecs.Service
@@ -2088,6 +2144,195 @@ resource "aws_ecs_service" "test" {
 `, rName))
 }
 
+func testAccServiceConfig_volumeConfiguration_basic(rName string) string {
+	return fmt.Sprintf(`
+data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
+
+resource "aws_ecs_cluster" "test" {
+  name = %[1]q
+}
+
+resource "aws_ecs_task_definition" "test" {
+  family = %[1]q
+
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+    "cpu": 128,
+    "essential": true,
+    "image": "mongo:latest",
+    "memory": 128,
+    "name": "mongodb",
+    "mountPoints": [
+      {"sourceVolume": "vol1", "containerPath": "/vol1"}
+    ]
+  }
+]
+TASK_DEFINITION
+
+  volume {
+    name                = "vol1"
+    configure_at_launch = true
+  }
+}
+
+resource "aws_iam_role" "ecs_service" {
+  name = %[1]q
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {"AWS": "*"},
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "ecs_service" {
+  name = %[1]q
+  role = aws_iam_role.ecs_service.name
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:*",
+        "ec2:*",
+        "ecs:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_ecs_service" "test" {
+  name            = %[1]q
+  cluster         = aws_ecs_cluster.test.id
+  task_definition = aws_ecs_task_definition.test.arn
+  desired_count   = 1
+
+  volume_configuration {
+    name = "vol1"
+    managed_ebs_volume {
+      role_arn   = aws_iam_role.ecs_service.arn
+      size_in_gb = "8"
+    }
+  }
+
+  depends_on = [aws_iam_role_policy.ecs_service]
+}
+`, rName)
+}
+
+func testAccServiceConfig_volumeConfiguration_update(rName, volumeType string, size int) string {
+	return fmt.Sprintf(`
+data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
+
+resource "aws_ecs_cluster" "test" {
+  name = %[1]q
+}
+
+resource "aws_ecs_task_definition" "test" {
+  family = %[1]q
+
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+    "cpu": 128,
+    "essential": true,
+    "image": "mongo:latest",
+    "memory": 128,
+    "name": "mongodb",
+    "mountPoints": [
+      {"sourceVolume": "vol1", "containerPath": "/vol1"}
+    ]
+  }
+]
+TASK_DEFINITION
+
+  volume {
+    name                = "vol1"
+    configure_at_launch = true
+  }
+}
+
+resource "aws_iam_role" "ecs_service" {
+  name = %[1]q
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {"AWS": "*"},
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "ecs_service" {
+  name = %[1]q
+  role = aws_iam_role.ecs_service.name
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticloadbalancing:*",
+        "ec2:*",
+        "ecs:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_ecs_service" "test" {
+  name            = %[1]q
+  cluster         = aws_ecs_cluster.test.id
+  task_definition = aws_ecs_task_definition.test.arn
+  desired_count   = 1
+
+  volume_configuration {
+    name = "vol1"
+    managed_ebs_volume {
+      role_arn    = aws_iam_role.ecs_service.arn
+      size_in_gb  = %[3]d
+      volume_type = %[2]q
+    }
+  }
+
+  depends_on = [aws_iam_role_policy.ecs_service]
+}
+`, rName, volumeType, size)
+}
+
 func testAccServiceConfig_forceNewDeployment(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_ecs_cluster" "test" {
diff --git a/internal/service/ecs/task_definition.go b/internal/service/ecs/task_definition.go
index 8ce9793e9607..acaeb3477f76 100644
--- a/internal/service/ecs/task_definition.go
+++ b/internal/service/ecs/task_definition.go
@@ -435,6 +435,12 @@ func ResourceTaskDefinition() *schema.Resource {
 							Required: true,
 							ForceNew: true,
 						},
+						"configure_at_launch": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Computed: true,
+							ForceNew: true,
+						},
 					},
 				},
 				Set: resourceTaskDefinitionVolumeHash,
@@ -924,6 +930,10 @@ func expandVolumes(configured []interface{}) []*ecs.Volume {
 			}
 		}
 
+		if v, ok := data["configure_at_launch"].(bool); ok {
+			l.ConfiguredAtLaunch = aws.Bool(v)
+		}
+
 		if v, ok := data["docker_volume_configuration"].([]interface{}); ok && len(v) > 0 {
 			l.DockerVolumeConfiguration = expandVolumesDockerVolume(v)
 		}
@@ -1056,6 +1066,10 @@ func flattenVolumes(list []*ecs.Volume) []map[string]interface{} {
 			l["host_path"] = aws.StringValue(volume.Host.SourcePath)
 		}
 
+		if volume.ConfiguredAtLaunch != nil {
+			l["configure_at_launch"] = aws.BoolValue(volume.ConfiguredAtLaunch)
+		}
+
 		if volume.DockerVolumeConfiguration != nil {
 			l["docker_volume_configuration"] = flattenDockerVolumeConfiguration(volume.DockerVolumeConfiguration)
 		}
diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go
index 563bedf2dfa5..3d81ecde66c5 100644
--- a/internal/service/ecs/task_definition_test.go
+++ b/internal/service/ecs/task_definition_test.go
@@ -137,6 +137,37 @@ func TestAccECSTaskDefinition_scratchVolume(t *testing.T) {
 	})
 }
 
+func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) {
+	ctx := acctest.Context(t)
+	var def ecs.TaskDefinition
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_ecs_task_definition.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.ECSServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckTaskDefinitionDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTaskDefinitionConfig_configuredAtLaunch(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTaskDefinitionExists(ctx, resourceName, &def),
+					resource.TestCheckResourceAttr(resourceName, "volume.#", acctest.Ct1),
+					resource.TestCheckResourceAttr(resourceName, "volume.0.configure_at_launch", "true"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateIdFunc:       testAccTaskDefinitionImportStateIdFunc(resourceName),
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{names.AttrSkipDestroy, "track_latest"},
+			},
+		},
+	})
+}
+
 func TestAccECSTaskDefinition_DockerVolume_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 	var def ecs.TaskDefinition
@@ -1793,6 +1824,35 @@ TASK_DEFINITION
 `, rName)
 }
 
+func testAccTaskDefinitionConfig_configuredAtLaunch(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_ecs_task_definition" "test" {
+  family = %[1]q
+
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+    "name": "sleep",
+    "image": "busybox",
+    "cpu": 10,
+    "command": ["sleep","360"],
+    "memory": 10,
+    "essential": true,
+    "mountPoints": [
+      {"sourceVolume": %[1]q, "containerPath": "/"}
+    ]
+  }
+]
+TASK_DEFINITION
+
+  volume {
+    name                = %[1]q
+    configure_at_launch = true
+  }
+}
+`, rName)
+}
+
 func testAccTaskDefinitionConfig_dockerVolumes(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_ecs_task_definition" "test" {
diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown
index 1e529f406c4f..563e16aecfdf 100644
--- a/website/docs/r/ecs_service.html.markdown
+++ b/website/docs/r/ecs_service.html.markdown
@@ -134,8 +134,8 @@ The following arguments are optional:
 * `deployment_maximum_percent` - (Optional) Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy.
 * `deployment_minimum_healthy_percent` - (Optional) Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.
 * `desired_count` - (Optional) Number of instances of the task definition to place and keep running. Defaults to 0. Do not specify if using the `DAEMON` scheduling strategy.
-* `enable_ecs_managed_tags` - (Optional) Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
-* `enable_execute_command` - (Optional) Specifies whether to enable Amazon ECS Exec for the tasks within the service.
+* `enable_ecs_managed_tags` - (Optional) Whether to enable Amazon ECS managed tags for the tasks within the service.
+* `enable_execute_command` - (Optional) Whether to enable Amazon ECS Exec for the tasks within the service.
 * `force_new_deployment` - (Optional) Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g., `myimage:latest`), roll Fargate tasks onto a newer platform version, or immediately deploy `ordered_placement_strategy` and `placement_constraints` updates.
 * `health_check_grace_period_seconds` - (Optional) Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers.
 * `iam_role` - (Optional) ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the `awsvpc` network mode. If using `awsvpc` network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here.
@@ -145,13 +145,14 @@ The following arguments are optional:
 * `ordered_placement_strategy` - (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.
 * `placement_constraints` - (Optional) Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.
 * `platform_version` - (Optional) Platform version on which to run your service. Only applicable for `launch_type` set to `FARGATE`. Defaults to `LATEST`. More information about Fargate platform versions can be found in the [AWS ECS User Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).
-* `propagate_tags` - (Optional) Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`.
+* `propagate_tags` - (Optional) Whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`.
 * `scheduling_strategy` - (Optional) Scheduling strategy to use for the service. The valid values are `REPLICA` and `DAEMON`. Defaults to `REPLICA`. Note that [*Tasks using the Fargate launch type or the `CODE_DEPLOY` or `EXTERNAL` deployment controller types don't support the `DAEMON` scheduling strategy*](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html).
-* `service_connect_configuration` - (Optional) The ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below.
+* `service_connect_configuration` - (Optional) ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below.
 * `service_registries` - (Optional) Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.
 * `tags` - (Optional) Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `task_definition` - (Optional) Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used.
 * `triggers` - (Optional) Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `plantimestamp()`. See example above.
+* `volume_configuration` - (Optional) Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. [See below](#volume_configuration).
 * `wait_for_steady_state` - (Optional) If `true`, Terraform will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.
 
 ### alarms
@@ -159,8 +160,29 @@ The following arguments are optional:
 The `alarms` configuration block supports the following:
 
 * `alarm_names` - (Required) One or more CloudWatch alarm names.
-* `enable` - (Required) Determines whether to use the CloudWatch alarm option in the service deployment process.
-* `rollback` - (Required) Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
+* `enable` - (Required) Whether to use the CloudWatch alarm option in the service deployment process.
+* `rollback` - (Required) Whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
+
+### volume_configuration
+
+The `volume_configuration` configuration block supports the following:
+
+* `name` - (Required) Name of the volume.
+* `managed_ebs_volume` - (Required) Configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. [See below](#managed_ebs_volume).
+
+### managed_ebs_volume
+
+The `managed_ebs_volume` configuration block supports the following:
+
+* `role_arn` - (Required) Amazon ECS infrastructure IAM role that is used to manage your Amazon Web Services infrastructure. Recommended using the Amazon ECS-managed `AmazonECSInfrastructureRolePolicyForVolumes` IAM policy with this role.
+* `encrypted` - (Optional) Whether the volume should be encrypted. Default value is `true`.
+* `file_system_type` - (Optional) Linux filesystem type for the volume. For volumes created from a snapshot, same filesystem type must be specified that the volume was using when the snapshot was created. Valid values are `ext3`, `ext4`, `xfs`. Default value is `xfs`.
+* `iops` - (Optional) Number of I/O operations per second (IOPS).
+* `kms_key_id` - (Optional) Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption.
+* `size_in_gb` - (Optional) Size of the volume in GiB. You must specify either a `size_in_gb` or a `snapshot_id`. You can optionally specify a volume size greater than or equal to the snapshot size.
+* `snapshot_id` - (Optional) Snapshot that Amazon ECS uses to create the volume. You must specify either a `size_in_gb` or a `snapshot_id`.
+* `throughput` - (Optional) Throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s.
+* `volume_type` - (Optional) Volume type.
 
 ### capacity_provider_strategy
 
@@ -236,64 +258,64 @@ For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonEC
 
 `service_connect_configuration` supports the following:
 
-* `enabled` - (Required) Specifies whether to use Service Connect with this service.
-* `log_configuration` - (Optional) The log configuration for the container. See below.
-* `namespace` - (Optional) The namespace name or ARN of the [`aws_service_discovery_http_namespace`](/docs/providers/aws/r/service_discovery_http_namespace.html) for use with Service Connect.
-* `service` - (Optional) The list of Service Connect service objects. See below.
+* `enabled` - (Required) Whether to use Service Connect with this service.
+* `log_configuration` - (Optional) Log configuration for the container. See below.
+* `namespace` - (Optional) Namespace name or ARN of the [`aws_service_discovery_http_namespace`](/docs/providers/aws/r/service_discovery_http_namespace.html) for use with Service Connect.
+* `service` - (Optional) List of Service Connect service objects. See below.
 
 ### log_configuration
 
 `log_configuration` supports the following:
 
-* `log_driver` - (Required) The log driver to use for the container.
-* `options` - (Optional) The configuration options to send to the log driver.
-* `secret_option` - (Optional) The secrets to pass to the log configuration. See below.
+* `log_driver` - (Required) Log driver to use for the container.
+* `options` - (Optional) Configuration options to send to the log driver.
+* `secret_option` - (Optional) Secrets to pass to the log configuration. See below.
 
 ### secret_option
 
 `secret_option` supports the following:
 
-* `name` - (Required) The name of the secret.
-* `value_from` - (Required) The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
+* `name` - (Required) Name of the secret.
+* `value_from` - (Required) Secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
 
 ### service
 
 `service` supports the following:
 
-* `client_alias` - (Optional) The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. See below.
-* `discovery_name` - (Optional) The name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service.
-* `ingress_port_override` - (Optional) The port number for the Service Connect proxy to listen on.
-* `port_name` - (Required) The name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service.
+* `client_alias` - (Optional) List of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. See below.
+* `discovery_name` - (Optional) Name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service.
+* `ingress_port_override` - (Optional) Port number for the Service Connect proxy to listen on.
+* `port_name` - (Required) Name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service.
 * `timeout` - (Optional) Configuration timeouts for Service Connect
-* `tls` - (Optional) The configuration for enabling Transport Layer Security (TLS)
+* `tls` - (Optional) Configuration for enabling Transport Layer Security (TLS)
 
 ### timeout
 
 `timeout` supports the following:
 
-* `idle_timeout_seconds` - (Optional) The amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout.
-* `per_request_timeout_seconds` - (Optional) The amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP.
+* `idle_timeout_seconds` - (Optional) Amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout.
+* `per_request_timeout_seconds` - (Optional) Amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP.
 
 ### tls
 
 `tls` supports the following:
 
-* `issuer_cert_authority` - (Required) The details of the certificate authority which will issue the certificate.
-* `kms_key` - (Optional) The KMS key used to encrypt the private key in Secrets Manager.
-* `role_arn` - (Optional) The ARN of the IAM Role that's associated with the Service Connect TLS.
+* `issuer_cert_authority` - (Required) Details of the certificate authority which will issue the certificate.
+* `kms_key` - (Optional) KMS key used to encrypt the private key in Secrets Manager.
+* `role_arn` - (Optional) ARN of the IAM Role that's associated with the Service Connect TLS.
 
 ### issuer_cert_authority
 
 `issuer_cert_authority` supports the following:
 
-* `aws_pca_authority_arn` - (Optional) The ARN of the [`aws_acmpca_certificate_authority`](/docs/providers/aws/r/acmpca_certificate_authority.html) used to create the TLS Certificates.
+* `aws_pca_authority_arn` - (Optional) ARN of the [`aws_acmpca_certificate_authority`](/docs/providers/aws/r/acmpca_certificate_authority.html) used to create the TLS Certificates.
 
 ### client_alias
 
 `client_alias` supports the following:
 
-* `dns_name` - (Optional) The name that you use in the applications of client tasks to connect to this service.
-* `port` - (Required) The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace.
+* `dns_name` - (Optional) Name that you use in the applications of client tasks to connect to this service.
+* `port` - (Required) Listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace.
 
 ## Attribute Reference
 
diff --git a/website/docs/r/ecs_task_definition.html.markdown b/website/docs/r/ecs_task_definition.html.markdown
index c2738208f98b..d96682807571 100644
--- a/website/docs/r/ecs_task_definition.html.markdown
+++ b/website/docs/r/ecs_task_definition.html.markdown
@@ -260,6 +260,7 @@ The following arguments are optional:
 * `efs_volume_configuration` - (Optional) Configuration block for an [EFS volume](#efs_volume_configuration). Detailed below.
 * `fsx_windows_file_server_volume_configuration` - (Optional) Configuration block for an [FSX Windows File Server volume](#fsx_windows_file_server_volume_configuration). Detailed below.
 * `host_path` - (Optional) Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished.
+* `configure_at_launch` - (Optional) Whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration.
 * `name` - (Required) Name of the volume. This name is referenced in the `sourceVolume`
 parameter of container definition in the `mountPoints` section.