From 4635f46a4ffc3f871cbbdc567f1b46fc88c7d65c Mon Sep 17 00:00:00 2001 From: nikhil Date: Sat, 20 Apr 2024 23:03:23 +0100 Subject: [PATCH 01/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service.go | 126 ++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 37d562f3a068..07c3025d5637 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -518,6 +518,68 @@ func ResourceService() *schema.Resource { Optional: true, Default: false, }, + "volume_configuration": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeBool, + Required: true, + }, + "managed_ebs_volume": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_arn": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, + }, + "encrypted": { + Type: schema.TypeBool, + Optional: true, + }, + "file_system_type": { + Type: schema.TypeString, + Optional: true, + Default: ecs.TaskFilesystemTypeXfs, + ValidateFunc: validation.StringInSlice(ecs.TaskFilesystemType_Values(), false), + }, + "iops": { + Type: schema.TypeInt, + Optional: true, + }, + "kms_key_id": { + Type: schema.TypeString, + Optional: true, + }, + "size_in_gb": { + Type: schema.TypeInt, + Optional: true, + }, + "snapshot_id": { + Type: schema.TypeString, + Optional: true, + }, + "throughput": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IntBetween(0, 1000), + }, + "volume_type": { + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, + }, + }, + }, }, CustomizeDiff: customdiff.Sequence( @@ -625,6 +687,10 @@ func resourceServiceCreate(ctx context.Context, d *schema.ResourceData, meta int input.ServiceConnectConfiguration = expandServiceConnectConfiguration(v.([]interface{})) } + if v, ok := d.GetOk("volume_configuration"); ok && len(v.([]interface{})) > 0 { + input.VolumeConfigurations = expandVolumeConfigurations(v.([]interface{})) + } + serviceRegistries := d.Get("service_registries").([]interface{}) if len(serviceRegistries) > 0 { srs := make([]*ecs.ServiceRegistry, 0, len(serviceRegistries)) @@ -956,6 +1022,10 @@ func resourceServiceUpdate(ctx context.Context, d *schema.ResourceData, meta int input.ServiceConnectConfiguration = expandServiceConnectConfiguration(d.Get("service_connect_configuration").([]interface{})) } + if d.HasChange("volume_configuration") { + input.VolumeConfigurations = expandVolumeConfigurations(d.Get("volume_configuration").([]interface{})) + } + if d.HasChange("service_registries") { input.ServiceRegistries = expandServiceRegistries(d.Get("service_registries").([]interface{})) } @@ -1466,6 +1536,62 @@ func expandSecretOptions(sop []interface{}) []*ecs.Secret { return out } +func expandVolumeConfigurations(vc []interface{}) *ecs.ServiceVolumeConfiguration { + if len(vc) == 0 { + return nil + } + raw := vc[0].(map[string]interface{}) + + config := &ecs.ServiceVolumeConfiguration{} + if v, ok := raw["name"].(bool); ok { + config.Enabled = aws.Bool(v) + } + + if v, ok := raw["managed_ebs_volume"].([]interface{}); ok && len(v) > 0 { + config.ManagedEBSVolume = expandManagedEBSVolume(v) + } + + return config +} + +func expandManagedEBSVolume(ebs []interface{}) *ecs.ServiceManagedEBSVolumeConfiguration { + if len(ebs) == 0 { + return &ecs.ServiceManagedEBSVolumeConfiguration{} + } + raw := ebs[0].(map[string]interface{}) + + config := &ecs.ServiceManagedEBSVolumeConfiguration{} + if v, ok := raw["role_arn"].(string); ok && v != "" { + config.RoleArn = aws.String(v) + } + if v, ok := raw["encrypted"].(bool); ok && v != "" { + config.Encrypted = aws.Bool(v) + } + if v, ok := raw["file_system_type"].(string); ok && v != "" { + config.FilesystemType = aws.String(v) + } + if v, ok := raw["iops"].(int); ok && v != "" { + config.Iops = aws.Int32(int32(v)) + } + if v, ok := raw["kms_key_id"].(string); ok && v != "" { + config.KmsKeyId = aws.String(v) + } + if v, ok := raw["size_in_gb"].(int); ok && v != "" { + config.SizeInGiB = aws.Int32(int32(v)) + } + if v, ok := raw["snapshot_id"].(string); ok && v != "" { + config.SnapshotId = aws.String(v) + } + if v, ok := raw["throughput"].(int); ok && v != "" { + config.Throughput = aws.Int32(int32(v)) + } + if v, ok := raw["volume_type"].(string); ok && v != "" { + config.VolumeType = aws.String(v) + } + + return config +} + func expandServices(srv []interface{}) []*ecs.ServiceConnectService { if len(srv) == 0 { return nil From 425b5898d2a0c2e8c9b94d983d2064b36990b1d3 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 12:51:38 +0100 Subject: [PATCH 02/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service.go | 37 +++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 07c3025d5637..2a20481ee366 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -1536,22 +1536,27 @@ func expandSecretOptions(sop []interface{}) []*ecs.Secret { return out } -func expandVolumeConfigurations(vc []interface{}) *ecs.ServiceVolumeConfiguration { +func expandVolumeConfigurations(vc []interface{}) []*ecs.ServiceVolumeConfiguration { if len(vc) == 0 { return nil } - raw := vc[0].(map[string]interface{}) - config := &ecs.ServiceVolumeConfiguration{} - if v, ok := raw["name"].(bool); ok { - config.Enabled = aws.Bool(v) - } + vcs := make([]*ecs.ServiceVolumeConfiguration, 0) - if v, ok := raw["managed_ebs_volume"].([]interface{}); ok && len(v) > 0 { - config.ManagedEBSVolume = expandManagedEBSVolume(v) + for _, raw := range vc { + p := raw.(map[string]interface{}) + + config := &ecs.ServiceVolumeConfiguration{ + Name: aws.String(p["name"].(string)), + } + + if v, ok := p["managed_ebs_volume"].([]interface{}); ok && len(v) > 0 { + config.ManagedEBSVolume = expandManagedEBSVolume(v) + } + vcs = append(vcs, config) } - return config + return vcs } func expandManagedEBSVolume(ebs []interface{}) *ecs.ServiceManagedEBSVolumeConfiguration { @@ -1564,26 +1569,26 @@ func expandManagedEBSVolume(ebs []interface{}) *ecs.ServiceManagedEBSVolumeConfi if v, ok := raw["role_arn"].(string); ok && v != "" { config.RoleArn = aws.String(v) } - if v, ok := raw["encrypted"].(bool); ok && v != "" { + if v, ok := raw["encrypted"].(bool); ok { config.Encrypted = aws.Bool(v) } if v, ok := raw["file_system_type"].(string); ok && v != "" { config.FilesystemType = aws.String(v) } - if v, ok := raw["iops"].(int); ok && v != "" { - config.Iops = aws.Int32(int32(v)) + if v, ok := raw["iops"].(int); ok && v != 0 { + config.Iops = aws.Int64(int64(v)) } if v, ok := raw["kms_key_id"].(string); ok && v != "" { config.KmsKeyId = aws.String(v) } - if v, ok := raw["size_in_gb"].(int); ok && v != "" { - config.SizeInGiB = aws.Int32(int32(v)) + if v, ok := raw["size_in_gb"].(int); ok && v != 0 { + config.SizeInGiB = aws.Int64(int64(v)) } if v, ok := raw["snapshot_id"].(string); ok && v != "" { config.SnapshotId = aws.String(v) } - if v, ok := raw["throughput"].(int); ok && v != "" { - config.Throughput = aws.Int32(int32(v)) + if v, ok := raw["throughput"].(int); ok && v != 0 { + config.Throughput = aws.Int64(int64(v)) } if v, ok := raw["volume_type"].(string); ok && v != "" { config.VolumeType = aws.String(v) From cb26c76eae0760cf6a91f501a73d43531cce2ef0 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 13:33:04 +0100 Subject: [PATCH 03/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service_test.go | 64 ++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index c12af96e28f6..57fbcee1df8c 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -307,6 +307,28 @@ func TestAccECSService_CapacityProviderStrategy_update(t *testing.T) { }) } +func TestAccECSService_VolumeConfigurations_basic(t *testing.T) { + ctx := acctest.Context(t) + var service ecs.Service + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_ecs_service.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.ECSServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckServiceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccServiceConfig_volumeConfigurations_basic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckServiceExists(ctx, resourceName, &service), + ), + }, + }, + }) +} + func TestAccECSService_familyAndRevision(t *testing.T) { ctx := acctest.Context(t) var service ecs.Service @@ -2088,6 +2110,48 @@ resource "aws_ecs_service" "test" { `, rName)) } +func testAccServiceConfig_volumeConfigurations_basic(rName string) string { + return fmt.Sprintf(` +resource "aws_ecs_cluster" "test" { + name = %[1]q +} + +resource "aws_ecs_task_definition" "test" { + family = %[1]q + + container_definitions = < Date: Sun, 21 Apr 2024 13:35:27 +0100 Subject: [PATCH 04/23] f-aws_ecs_service: support for EBS --- .changelog/37019.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/37019.txt diff --git a/.changelog/37019.txt b/.changelog/37019.txt new file mode 100644 index 000000000000..09813975281e --- /dev/null +++ b/.changelog/37019.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_ecs_service: Add `volume_configuration` argument +``` \ No newline at end of file From 2ae17da9aa7f58bf565d3fe169923498ea8f3790 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 13:57:42 +0100 Subject: [PATCH 05/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 2a20481ee366..23b6a32dcc88 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -525,7 +525,7 @@ func ResourceService() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "name": { - Type: schema.TypeBool, + Type: schema.TypeString, Required: true, }, "managed_ebs_volume": { From 51ea7462734dadd398dcca3dd5436884c808bce0 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 14:01:11 +0100 Subject: [PATCH 06/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service_test.go | 121 +++++++++++++++++++++++++-- 1 file changed, 114 insertions(+), 7 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index 57fbcee1df8c..125afc1e8cd8 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -329,6 +329,40 @@ func TestAccECSService_VolumeConfigurations_basic(t *testing.T) { }) } +func TestAccECSService_VolumeConfigurations_update(t *testing.T) { + ctx := acctest.Context(t) + var service ecs.Service + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_ecs_service.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.ECSServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckServiceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp2", 8), + Check: resource.ComposeTestCheckFunc( + testAccCheckServiceExists(ctx, resourceName, &service), + ), + }, + { + Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp3", 8), + Check: resource.ComposeTestCheckFunc( + testAccCheckServiceExists(ctx, resourceName, &service), + ), + }, + { + Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp3", 16), + Check: resource.ComposeTestCheckFunc( + testAccCheckServiceExists(ctx, resourceName, &service), + ), + }, + }, + }) +} + func TestAccECSService_familyAndRevision(t *testing.T) { ctx := acctest.Context(t) var service ecs.Service @@ -2119,20 +2153,20 @@ resource "aws_ecs_cluster" "test" { resource "aws_ecs_task_definition" "test" { family = %[1]q - container_definitions = < Date: Sun, 21 Apr 2024 14:03:37 +0100 Subject: [PATCH 07/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index 125afc1e8cd8..bdebf0de4bbd 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -2250,8 +2250,8 @@ resource "aws_ecs_service" "test" { volume_configuration { name = "vol1" managed_ebs_volume { - role_arn = aws_iam_role.test.arn - size_in_gb = %[3]d + role_arn = aws_iam_role.test.arn + size_in_gb = %[3]d volume_type = %[2]q } } From b6c5fc133e716b67165a01e9cd393a470f5b1641 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:01:53 +0100 Subject: [PATCH 08/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service_test.go | 45 +++++++------------------ internal/service/ecs/task_definition.go | 13 +++++++ 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index bdebf0de4bbd..750cd9695994 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -2146,6 +2146,8 @@ resource "aws_ecs_service" "test" { func testAccServiceConfig_volumeConfigurations_basic(rName string) string { return fmt.Sprintf(` +data "aws_caller_identity" "current" {} + resource "aws_ecs_cluster" "test" { name = %[1]q } @@ -2169,8 +2171,8 @@ resource "aws_ecs_task_definition" "test" { TASK_DEFINITION volume { - name = "vol1" - host_path = "/host/vol1" + name = "vol1" + configure_at_launch = true } } @@ -2181,6 +2183,9 @@ resource "aws_ecs_service" "test" { desired_count = 1 volume_configuration { name = "vol1" + managed_ebs_volume { + role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" + } } } `, rName) @@ -2188,31 +2193,7 @@ resource "aws_ecs_service" "test" { func testAccServiceConfig_volumeConfigurations_update(rName, volumeType string, size int) string { return fmt.Sprintf(` -data "aws_partition" "current" {} - -resource "aws_iam_role" "test" { - name = %[1]q - - assume_role_policy = < 0 { l.DockerVolumeConfiguration = expandVolumesDockerVolume(v) } @@ -1056,6 +1065,10 @@ func flattenVolumes(list []*ecs.Volume) []map[string]interface{} { l["host_path"] = aws.StringValue(volume.Host.SourcePath) } + if volume.ConfiguredAtLaunch != nil { + l["configure_at_launch"] = aws.BoolValue(volume.ConfiguredAtLaunch) + } + if volume.DockerVolumeConfiguration != nil { l["docker_volume_configuration"] = flattenDockerVolumeConfiguration(volume.DockerVolumeConfiguration) } From 8634e432abc497258b600c2415b1c8f6110a33ee Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:08:27 +0100 Subject: [PATCH 09/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service.go | 2 +- internal/service/ecs/service_test.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 23b6a32dcc88..a00d22002902 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -530,7 +530,7 @@ func ResourceService() *schema.Resource { }, "managed_ebs_volume": { Type: schema.TypeList, - Optional: true, + Required: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index 750cd9695994..9ae018650b66 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -2185,6 +2185,7 @@ resource "aws_ecs_service" "test" { name = "vol1" managed_ebs_volume { role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" + size_in_gb = "8" } } } From 524c62834ff1792de58303802165e0dc86b7c8a1 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:10:28 +0100 Subject: [PATCH 10/23] f-aws_ecs_service: support for EBS --- .changelog/37019.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.changelog/37019.txt b/.changelog/37019.txt index 09813975281e..80562c6857cb 100644 --- a/.changelog/37019.txt +++ b/.changelog/37019.txt @@ -1,3 +1,7 @@ ```release-note:enhancement resource/aws_ecs_service: Add `volume_configuration` argument +``` + +```release-note:enhancement +resource/aws_ecs_task_definition: Add `configure_at_launch` parameter in `volume` argument ``` \ No newline at end of file From f6f06606225edc5acc2590fd7e8a1784daf4f7ba Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:13:38 +0100 Subject: [PATCH 11/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index 9ae018650b66..d7884871ddbc 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -2184,8 +2184,8 @@ resource "aws_ecs_service" "test" { volume_configuration { name = "vol1" managed_ebs_volume { - role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" - size_in_gb = "8" + role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" + size_in_gb = "8" } } } From 42e36fc8c103c2defdf467600e4c52a07c4079bc Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:41:22 +0100 Subject: [PATCH 12/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/service.go | 1 + website/docs/r/ecs_service.html.markdown | 22 +++++++++++++++++++ .../docs/r/ecs_task_definition.html.markdown | 1 + 3 files changed, 24 insertions(+) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index a00d22002902..09e0541cd4d4 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -542,6 +542,7 @@ func ResourceService() *schema.Resource { "encrypted": { Type: schema.TypeBool, Optional: true, + Default: true, }, "file_system_type": { Type: schema.TypeString, diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown index 1e529f406c4f..25e38799a0cd 100644 --- a/website/docs/r/ecs_service.html.markdown +++ b/website/docs/r/ecs_service.html.markdown @@ -152,6 +152,7 @@ The following arguments are optional: * `tags` - (Optional) Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. * `task_definition` - (Optional) Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used. * `triggers` - (Optional) Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `plantimestamp()`. See example above. +* `volume_configuration` - (Optional) The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. [See below](#volume_configuration). * `wait_for_steady_state` - (Optional) If `true`, Terraform will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`. ### alarms @@ -162,6 +163,27 @@ The `alarms` configuration block supports the following: * `enable` - (Required) Determines whether to use the CloudWatch alarm option in the service deployment process. * `rollback` - (Required) Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. +### volume_configuration + +The `volume_configuration` configuration block supports the following: + +* `name` - (Required) Name of the volume. +* `managed_ebs_volume` - (Required) Configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. [See below](#managed_ebs_volume). + +### managed_ebs_volume + +The `managed_ebs_volume` configuration block supports the following: + +* `role_arn` - (Required) Amazon ECS infrastructure IAM role that is used to manage your Amazon Web Services infrastructure. Recommended using the Amazon ECS-managed `AmazonECSInfrastructureRolePolicyForVolumes` IAM policy with this role. +* `encrypted` - (Optional) Whether the volume should be encrypted. Default value is `true`. +* `file_system_type` - (Optional)Linux filesystem type for the volume. For volumes created from a snapshot, same filesystem type must be specified that the volume was using when the snapshot was created. Valid values are `ext3`, `ext4`, `xfs`. Default value is `xfs`. +* `iops` - (Optional) Number of I/O operations per second (IOPS). +* `kms_key_id` - (Optional) Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. +* `size_in_gb` - (Optional) The size of the volume in GiB. You must specify either a `size_in_gb` or a `snapshot_id`. You can optionally specify a volume size greater than or equal to the snapshot size. +* `snapshot_id` - (Optional) The snapshot that Amazon ECS uses to create the volume. You must specify either a `size_in_gb` or a `snapshot_id`. +* `throughput` - (Optional) The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. +* `volume_type` - (Optional) The volume type. + ### capacity_provider_strategy The `capacity_provider_strategy` configuration block supports the following: diff --git a/website/docs/r/ecs_task_definition.html.markdown b/website/docs/r/ecs_task_definition.html.markdown index c2738208f98b..d96682807571 100644 --- a/website/docs/r/ecs_task_definition.html.markdown +++ b/website/docs/r/ecs_task_definition.html.markdown @@ -260,6 +260,7 @@ The following arguments are optional: * `efs_volume_configuration` - (Optional) Configuration block for an [EFS volume](#efs_volume_configuration). Detailed below. * `fsx_windows_file_server_volume_configuration` - (Optional) Configuration block for an [FSX Windows File Server volume](#fsx_windows_file_server_volume_configuration). Detailed below. * `host_path` - (Optional) Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished. +* `configure_at_launch` - (Optional) Whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration. * `name` - (Required) Name of the volume. This name is referenced in the `sourceVolume` parameter of container definition in the `mountPoints` section. From b20252023176e02c2b1aee975c1db4c0c100c5eb Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:41:45 +0100 Subject: [PATCH 13/23] f-support for network_card_index --- internal/service/ecs/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 09e0541cd4d4..1931e062258f 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -542,7 +542,7 @@ func ResourceService() *schema.Resource { "encrypted": { Type: schema.TypeBool, Optional: true, - Default: true, + Default: true, }, "file_system_type": { Type: schema.TypeString, From d749795dd2deb3ba267c56519e01c4b50cc8a05a Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 15:43:29 +0100 Subject: [PATCH 14/23] update test to refer to partition --- internal/service/ecs/service_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index d7884871ddbc..f81a03e502f5 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -2147,6 +2147,7 @@ resource "aws_ecs_service" "test" { func testAccServiceConfig_volumeConfigurations_basic(rName string) string { return fmt.Sprintf(` data "aws_caller_identity" "current" {} +data "aws_partition" "current" {} resource "aws_ecs_cluster" "test" { name = %[1]q @@ -2184,7 +2185,7 @@ resource "aws_ecs_service" "test" { volume_configuration { name = "vol1" managed_ebs_volume { - role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" + role_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" size_in_gb = "8" } } @@ -2195,6 +2196,7 @@ resource "aws_ecs_service" "test" { func testAccServiceConfig_volumeConfigurations_update(rName, volumeType string, size int) string { return fmt.Sprintf(` data "aws_caller_identity" "current" {} +data "aws_partition" "current" {} resource "aws_ecs_cluster" "test" { name = %[1]q @@ -2232,7 +2234,7 @@ resource "aws_ecs_service" "test" { volume_configuration { name = "vol1" managed_ebs_volume { - role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" + role_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" size_in_gb = %[3]d volume_type = %[2]q } From 072c8377d8938bbf35588dd4733d9ee8c14a18e7 Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 16:32:55 +0100 Subject: [PATCH 15/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/task_definition.go | 2 +- internal/service/ecs/task_definition_test.go | 56 ++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/internal/service/ecs/task_definition.go b/internal/service/ecs/task_definition.go index 0be9370fc2a0..1cc930a87cb6 100644 --- a/internal/service/ecs/task_definition.go +++ b/internal/service/ecs/task_definition.go @@ -438,7 +438,7 @@ func ResourceTaskDefinition() *schema.Resource { "configure_at_launch": { Type: schema.TypeBool, Optional: true, - Computed: true, + ForceNew: true, }, }, }, diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go index 563bedf2dfa5..b38db4add056 100644 --- a/internal/service/ecs/task_definition_test.go +++ b/internal/service/ecs/task_definition_test.go @@ -137,6 +137,36 @@ func TestAccECSTaskDefinition_scratchVolume(t *testing.T) { }) } +func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) { + ctx := acctest.Context(t) + var def ecs.TaskDefinition + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_ecs_task_definition.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.ECSServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckTaskDefinitionDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: TestAccECSTaskDefinition_configuredAtLaunch(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), + resource.TestCheckResourceAttr(resourceName, "configure_at_launch", "true"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: testAccTaskDefinitionImportStateIdFunc(resourceName), + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"skip_destroy", "track_latest"}, + }, + }, + }) +} + func TestAccECSTaskDefinition_DockerVolume_basic(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition @@ -1793,6 +1823,32 @@ TASK_DEFINITION `, rName) } +func TestAccECSTaskDefinition_configuredAtLaunch(rName string) string { + return fmt.Sprintf(` +resource "aws_ecs_task_definition" "test" { + family = %[1]q + + container_definitions = < Date: Sun, 21 Apr 2024 16:35:37 +0100 Subject: [PATCH 16/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/task_definition_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go index b38db4add056..f8e710bdb638 100644 --- a/internal/service/ecs/task_definition_test.go +++ b/internal/service/ecs/task_definition_test.go @@ -150,7 +150,7 @@ func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) { CheckDestroy: testAccCheckTaskDefinitionDestroy(ctx), Steps: []resource.TestStep{ { - Config: TestAccECSTaskDefinition_configuredAtLaunch(rName), + Config: testAccTaskDefinitionConfig_configuredAtLaunch(rName), Check: resource.ComposeTestCheckFunc( testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "configure_at_launch", "true"), @@ -1823,7 +1823,7 @@ TASK_DEFINITION `, rName) } -func TestAccECSTaskDefinition_configuredAtLaunch(rName string) string { +func testAccTaskDefinitionConfig_configuredAtLaunch(rName string) string { return fmt.Sprintf(` resource "aws_ecs_task_definition" "test" { family = %[1]q From f314063d3ea558d0ed58335a074c0e7e5e919f6a Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 16:54:24 +0100 Subject: [PATCH 17/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/task_definition_test.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go index f8e710bdb638..e356e0ac5d5e 100644 --- a/internal/service/ecs/task_definition_test.go +++ b/internal/service/ecs/task_definition_test.go @@ -153,7 +153,8 @@ func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) { Config: testAccTaskDefinitionConfig_configuredAtLaunch(rName), Check: resource.ComposeTestCheckFunc( testAccCheckTaskDefinitionExists(ctx, resourceName, &def), - resource.TestCheckResourceAttr(resourceName, "configure_at_launch", "true"), + resource.TestCheckResourceAttr(resourceName, "volume.#", "1"), + resource.TestCheckResourceAttr(resourceName, "volume.0.configure_at_launch", "true"), ), }, { @@ -1836,7 +1837,10 @@ resource "aws_ecs_task_definition" "test" { "cpu": 10, "command": ["sleep","360"], "memory": 10, - "essential": true + "essential": true, + "mountPoints": [ + {"sourceVolume": %[1]q, "containerPath": "/"} + ] } ] TASK_DEFINITION From e4ff2afdf4b0a62b3f21c2d824be2c3419ae76bb Mon Sep 17 00:00:00 2001 From: nikhil Date: Sun, 21 Apr 2024 18:42:42 +0100 Subject: [PATCH 18/23] f-aws_ecs_service: support for EBS --- internal/service/ecs/task_definition.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/service/ecs/task_definition.go b/internal/service/ecs/task_definition.go index 1cc930a87cb6..acaeb3477f76 100644 --- a/internal/service/ecs/task_definition.go +++ b/internal/service/ecs/task_definition.go @@ -438,6 +438,7 @@ func ResourceTaskDefinition() *schema.Resource { "configure_at_launch": { Type: schema.TypeBool, Optional: true, + Computed: true, ForceNew: true, }, }, From f48e6e4ad8ec432d746d2887046ee65fe691eab7 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Thu, 23 May 2024 18:26:08 -0400 Subject: [PATCH 19/23] make: Respect PKG in semgrep-constants --- GNUmakefile | 1 + 1 file changed, 1 insertion(+) diff --git a/GNUmakefile b/GNUmakefile index 517c7032e692..c1c051874db1 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -503,6 +503,7 @@ semgrep-code-quality: semgrep-validate ## [CI] Semgrep Checks / Code Quality Sca semgrep-constants: semgrep-validate ## Fix constants with Semgrep --autofix @echo "make: Fix constants with Semgrep --autofix" @semgrep $(SEMGREP_ARGS) --autofix \ + $(if $(filter-out $(origin PKG), undefined),--include $(PKG_NAME),) \ --config .ci/.semgrep-constants.yml \ --config .ci/.semgrep-test-constants.yml From 5177e750837b8868697da4a41231b90193bb01dc Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Thu, 23 May 2024 18:26:30 -0400 Subject: [PATCH 20/23] ecs/service: Use consts --- internal/service/ecs/service.go | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 1931e062258f..075efa7cb702 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -524,7 +524,7 @@ func ResourceService() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + names.AttrName: { Type: schema.TypeString, Required: true, }, @@ -534,12 +534,12 @@ func ResourceService() *schema.Resource { MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "role_arn": { + names.AttrRoleARN: { Type: schema.TypeString, Required: true, ValidateFunc: verify.ValidARN, }, - "encrypted": { + names.AttrEncrypted: { Type: schema.TypeBool, Optional: true, Default: true, @@ -550,11 +550,11 @@ func ResourceService() *schema.Resource { Default: ecs.TaskFilesystemTypeXfs, ValidateFunc: validation.StringInSlice(ecs.TaskFilesystemType_Values(), false), }, - "iops": { + names.AttrIOPS: { Type: schema.TypeInt, Optional: true, }, - "kms_key_id": { + names.AttrKMSKeyID: { Type: schema.TypeString, Optional: true, }, @@ -562,7 +562,7 @@ func ResourceService() *schema.Resource { Type: schema.TypeInt, Optional: true, }, - "snapshot_id": { + names.AttrSnapshotID: { Type: schema.TypeString, Optional: true, }, @@ -571,7 +571,7 @@ func ResourceService() *schema.Resource { Optional: true, ValidateFunc: validation.IntBetween(0, 1000), }, - "volume_type": { + names.AttrVolumeType: { Type: schema.TypeString, Optional: true, }, @@ -1548,7 +1548,7 @@ func expandVolumeConfigurations(vc []interface{}) []*ecs.ServiceVolumeConfigurat p := raw.(map[string]interface{}) config := &ecs.ServiceVolumeConfiguration{ - Name: aws.String(p["name"].(string)), + Name: aws.String(p[names.AttrName].(string)), } if v, ok := p["managed_ebs_volume"].([]interface{}); ok && len(v) > 0 { @@ -1567,31 +1567,31 @@ func expandManagedEBSVolume(ebs []interface{}) *ecs.ServiceManagedEBSVolumeConfi raw := ebs[0].(map[string]interface{}) config := &ecs.ServiceManagedEBSVolumeConfiguration{} - if v, ok := raw["role_arn"].(string); ok && v != "" { + if v, ok := raw[names.AttrRoleARN].(string); ok && v != "" { config.RoleArn = aws.String(v) } - if v, ok := raw["encrypted"].(bool); ok { + if v, ok := raw[names.AttrEncrypted].(bool); ok { config.Encrypted = aws.Bool(v) } if v, ok := raw["file_system_type"].(string); ok && v != "" { config.FilesystemType = aws.String(v) } - if v, ok := raw["iops"].(int); ok && v != 0 { + if v, ok := raw[names.AttrIOPS].(int); ok && v != 0 { config.Iops = aws.Int64(int64(v)) } - if v, ok := raw["kms_key_id"].(string); ok && v != "" { + if v, ok := raw[names.AttrKMSKeyID].(string); ok && v != "" { config.KmsKeyId = aws.String(v) } if v, ok := raw["size_in_gb"].(int); ok && v != 0 { config.SizeInGiB = aws.Int64(int64(v)) } - if v, ok := raw["snapshot_id"].(string); ok && v != "" { + if v, ok := raw[names.AttrSnapshotID].(string); ok && v != "" { config.SnapshotId = aws.String(v) } if v, ok := raw["throughput"].(int); ok && v != 0 { config.Throughput = aws.Int64(int64(v)) } - if v, ok := raw["volume_type"].(string); ok && v != "" { + if v, ok := raw[names.AttrVolumeType].(string); ok && v != "" { config.VolumeType = aws.String(v) } From 806add065e5ec281de779c050bec389b15c56db9 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Thu, 23 May 2024 18:26:42 -0400 Subject: [PATCH 21/23] ecs/task_def: Use consts --- internal/service/ecs/task_definition_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go index e356e0ac5d5e..3d81ecde66c5 100644 --- a/internal/service/ecs/task_definition_test.go +++ b/internal/service/ecs/task_definition_test.go @@ -153,7 +153,7 @@ func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) { Config: testAccTaskDefinitionConfig_configuredAtLaunch(rName), Check: resource.ComposeTestCheckFunc( testAccCheckTaskDefinitionExists(ctx, resourceName, &def), - resource.TestCheckResourceAttr(resourceName, "volume.#", "1"), + resource.TestCheckResourceAttr(resourceName, "volume.#", acctest.Ct1), resource.TestCheckResourceAttr(resourceName, "volume.0.configure_at_launch", "true"), ), }, @@ -162,7 +162,7 @@ func TestAccECSTaskDefinition_configuredAtLaunch(t *testing.T) { ImportState: true, ImportStateIdFunc: testAccTaskDefinitionImportStateIdFunc(resourceName), ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"skip_destroy", "track_latest"}, + ImportStateVerifyIgnore: []string{names.AttrSkipDestroy, "track_latest"}, }, }, }) From 307a991f355db321188330616d440b7800eb7d50 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Thu, 23 May 2024 18:39:19 -0400 Subject: [PATCH 22/23] docs/ecs/service: Clean up --- website/docs/r/ecs_service.html.markdown | 68 ++++++++++++------------ 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown index 25e38799a0cd..563e16aecfdf 100644 --- a/website/docs/r/ecs_service.html.markdown +++ b/website/docs/r/ecs_service.html.markdown @@ -134,8 +134,8 @@ The following arguments are optional: * `deployment_maximum_percent` - (Optional) Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy. * `deployment_minimum_healthy_percent` - (Optional) Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. * `desired_count` - (Optional) Number of instances of the task definition to place and keep running. Defaults to 0. Do not specify if using the `DAEMON` scheduling strategy. -* `enable_ecs_managed_tags` - (Optional) Specifies whether to enable Amazon ECS managed tags for the tasks within the service. -* `enable_execute_command` - (Optional) Specifies whether to enable Amazon ECS Exec for the tasks within the service. +* `enable_ecs_managed_tags` - (Optional) Whether to enable Amazon ECS managed tags for the tasks within the service. +* `enable_execute_command` - (Optional) Whether to enable Amazon ECS Exec for the tasks within the service. * `force_new_deployment` - (Optional) Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g., `myimage:latest`), roll Fargate tasks onto a newer platform version, or immediately deploy `ordered_placement_strategy` and `placement_constraints` updates. * `health_check_grace_period_seconds` - (Optional) Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers. * `iam_role` - (Optional) ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the `awsvpc` network mode. If using `awsvpc` network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here. @@ -145,14 +145,14 @@ The following arguments are optional: * `ordered_placement_strategy` - (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below. * `placement_constraints` - (Optional) Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below. * `platform_version` - (Optional) Platform version on which to run your service. Only applicable for `launch_type` set to `FARGATE`. Defaults to `LATEST`. More information about Fargate platform versions can be found in the [AWS ECS User Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). -* `propagate_tags` - (Optional) Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`. +* `propagate_tags` - (Optional) Whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`. * `scheduling_strategy` - (Optional) Scheduling strategy to use for the service. The valid values are `REPLICA` and `DAEMON`. Defaults to `REPLICA`. Note that [*Tasks using the Fargate launch type or the `CODE_DEPLOY` or `EXTERNAL` deployment controller types don't support the `DAEMON` scheduling strategy*](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html). -* `service_connect_configuration` - (Optional) The ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below. +* `service_connect_configuration` - (Optional) ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below. * `service_registries` - (Optional) Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below. * `tags` - (Optional) Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. * `task_definition` - (Optional) Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used. * `triggers` - (Optional) Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `plantimestamp()`. See example above. -* `volume_configuration` - (Optional) The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. [See below](#volume_configuration). +* `volume_configuration` - (Optional) Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. [See below](#volume_configuration). * `wait_for_steady_state` - (Optional) If `true`, Terraform will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`. ### alarms @@ -160,8 +160,8 @@ The following arguments are optional: The `alarms` configuration block supports the following: * `alarm_names` - (Required) One or more CloudWatch alarm names. -* `enable` - (Required) Determines whether to use the CloudWatch alarm option in the service deployment process. -* `rollback` - (Required) Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. +* `enable` - (Required) Whether to use the CloudWatch alarm option in the service deployment process. +* `rollback` - (Required) Whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. ### volume_configuration @@ -176,13 +176,13 @@ The `managed_ebs_volume` configuration block supports the following: * `role_arn` - (Required) Amazon ECS infrastructure IAM role that is used to manage your Amazon Web Services infrastructure. Recommended using the Amazon ECS-managed `AmazonECSInfrastructureRolePolicyForVolumes` IAM policy with this role. * `encrypted` - (Optional) Whether the volume should be encrypted. Default value is `true`. -* `file_system_type` - (Optional)Linux filesystem type for the volume. For volumes created from a snapshot, same filesystem type must be specified that the volume was using when the snapshot was created. Valid values are `ext3`, `ext4`, `xfs`. Default value is `xfs`. +* `file_system_type` - (Optional) Linux filesystem type for the volume. For volumes created from a snapshot, same filesystem type must be specified that the volume was using when the snapshot was created. Valid values are `ext3`, `ext4`, `xfs`. Default value is `xfs`. * `iops` - (Optional) Number of I/O operations per second (IOPS). * `kms_key_id` - (Optional) Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. -* `size_in_gb` - (Optional) The size of the volume in GiB. You must specify either a `size_in_gb` or a `snapshot_id`. You can optionally specify a volume size greater than or equal to the snapshot size. -* `snapshot_id` - (Optional) The snapshot that Amazon ECS uses to create the volume. You must specify either a `size_in_gb` or a `snapshot_id`. -* `throughput` - (Optional) The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. -* `volume_type` - (Optional) The volume type. +* `size_in_gb` - (Optional) Size of the volume in GiB. You must specify either a `size_in_gb` or a `snapshot_id`. You can optionally specify a volume size greater than or equal to the snapshot size. +* `snapshot_id` - (Optional) Snapshot that Amazon ECS uses to create the volume. You must specify either a `size_in_gb` or a `snapshot_id`. +* `throughput` - (Optional) Throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. +* `volume_type` - (Optional) Volume type. ### capacity_provider_strategy @@ -258,64 +258,64 @@ For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonEC `service_connect_configuration` supports the following: -* `enabled` - (Required) Specifies whether to use Service Connect with this service. -* `log_configuration` - (Optional) The log configuration for the container. See below. -* `namespace` - (Optional) The namespace name or ARN of the [`aws_service_discovery_http_namespace`](/docs/providers/aws/r/service_discovery_http_namespace.html) for use with Service Connect. -* `service` - (Optional) The list of Service Connect service objects. See below. +* `enabled` - (Required) Whether to use Service Connect with this service. +* `log_configuration` - (Optional) Log configuration for the container. See below. +* `namespace` - (Optional) Namespace name or ARN of the [`aws_service_discovery_http_namespace`](/docs/providers/aws/r/service_discovery_http_namespace.html) for use with Service Connect. +* `service` - (Optional) List of Service Connect service objects. See below. ### log_configuration `log_configuration` supports the following: -* `log_driver` - (Required) The log driver to use for the container. -* `options` - (Optional) The configuration options to send to the log driver. -* `secret_option` - (Optional) The secrets to pass to the log configuration. See below. +* `log_driver` - (Required) Log driver to use for the container. +* `options` - (Optional) Configuration options to send to the log driver. +* `secret_option` - (Optional) Secrets to pass to the log configuration. See below. ### secret_option `secret_option` supports the following: -* `name` - (Required) The name of the secret. -* `value_from` - (Required) The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store. +* `name` - (Required) Name of the secret. +* `value_from` - (Required) Secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store. ### service `service` supports the following: -* `client_alias` - (Optional) The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. See below. -* `discovery_name` - (Optional) The name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service. -* `ingress_port_override` - (Optional) The port number for the Service Connect proxy to listen on. -* `port_name` - (Required) The name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service. +* `client_alias` - (Optional) List of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. See below. +* `discovery_name` - (Optional) Name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service. +* `ingress_port_override` - (Optional) Port number for the Service Connect proxy to listen on. +* `port_name` - (Required) Name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service. * `timeout` - (Optional) Configuration timeouts for Service Connect -* `tls` - (Optional) The configuration for enabling Transport Layer Security (TLS) +* `tls` - (Optional) Configuration for enabling Transport Layer Security (TLS) ### timeout `timeout` supports the following: -* `idle_timeout_seconds` - (Optional) The amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout. -* `per_request_timeout_seconds` - (Optional) The amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP. +* `idle_timeout_seconds` - (Optional) Amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout. +* `per_request_timeout_seconds` - (Optional) Amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP. ### tls `tls` supports the following: -* `issuer_cert_authority` - (Required) The details of the certificate authority which will issue the certificate. -* `kms_key` - (Optional) The KMS key used to encrypt the private key in Secrets Manager. -* `role_arn` - (Optional) The ARN of the IAM Role that's associated with the Service Connect TLS. +* `issuer_cert_authority` - (Required) Details of the certificate authority which will issue the certificate. +* `kms_key` - (Optional) KMS key used to encrypt the private key in Secrets Manager. +* `role_arn` - (Optional) ARN of the IAM Role that's associated with the Service Connect TLS. ### issuer_cert_authority `issuer_cert_authority` supports the following: -* `aws_pca_authority_arn` - (Optional) The ARN of the [`aws_acmpca_certificate_authority`](/docs/providers/aws/r/acmpca_certificate_authority.html) used to create the TLS Certificates. +* `aws_pca_authority_arn` - (Optional) ARN of the [`aws_acmpca_certificate_authority`](/docs/providers/aws/r/acmpca_certificate_authority.html) used to create the TLS Certificates. ### client_alias `client_alias` supports the following: -* `dns_name` - (Optional) The name that you use in the applications of client tasks to connect to this service. -* `port` - (Required) The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. +* `dns_name` - (Optional) Name that you use in the applications of client tasks to connect to this service. +* `port` - (Required) Listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. ## Attribute Reference From d29615b7d91806f1c715602041791e910e3166ad Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Thu, 23 May 2024 19:27:01 -0400 Subject: [PATCH 23/23] ecs/service: Fix permissions for volume configuration --- internal/service/ecs/service_test.go | 110 ++++++++++++++++++++++++--- 1 file changed, 100 insertions(+), 10 deletions(-) diff --git a/internal/service/ecs/service_test.go b/internal/service/ecs/service_test.go index f81a03e502f5..b53a26912c4a 100644 --- a/internal/service/ecs/service_test.go +++ b/internal/service/ecs/service_test.go @@ -307,7 +307,7 @@ func TestAccECSService_CapacityProviderStrategy_update(t *testing.T) { }) } -func TestAccECSService_VolumeConfigurations_basic(t *testing.T) { +func TestAccECSService_VolumeConfiguration_basic(t *testing.T) { ctx := acctest.Context(t) var service ecs.Service rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -320,7 +320,7 @@ func TestAccECSService_VolumeConfigurations_basic(t *testing.T) { CheckDestroy: testAccCheckServiceDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccServiceConfig_volumeConfigurations_basic(rName), + Config: testAccServiceConfig_volumeConfiguration_basic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckServiceExists(ctx, resourceName, &service), ), @@ -329,7 +329,7 @@ func TestAccECSService_VolumeConfigurations_basic(t *testing.T) { }) } -func TestAccECSService_VolumeConfigurations_update(t *testing.T) { +func TestAccECSService_VolumeConfiguration_update(t *testing.T) { ctx := acctest.Context(t) var service ecs.Service rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -342,19 +342,19 @@ func TestAccECSService_VolumeConfigurations_update(t *testing.T) { CheckDestroy: testAccCheckServiceDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp2", 8), + Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp2", 8), Check: resource.ComposeTestCheckFunc( testAccCheckServiceExists(ctx, resourceName, &service), ), }, { - Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp3", 8), + Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp3", 8), Check: resource.ComposeTestCheckFunc( testAccCheckServiceExists(ctx, resourceName, &service), ), }, { - Config: testAccServiceConfig_volumeConfigurations_update(rName, "gp3", 16), + Config: testAccServiceConfig_volumeConfiguration_update(rName, "gp3", 16), Check: resource.ComposeTestCheckFunc( testAccCheckServiceExists(ctx, resourceName, &service), ), @@ -2144,7 +2144,7 @@ resource "aws_ecs_service" "test" { `, rName)) } -func testAccServiceConfig_volumeConfigurations_basic(rName string) string { +func testAccServiceConfig_volumeConfiguration_basic(rName string) string { return fmt.Sprintf(` data "aws_caller_identity" "current" {} data "aws_partition" "current" {} @@ -2177,23 +2177,68 @@ TASK_DEFINITION } } +resource "aws_iam_role" "ecs_service" { + name = %[1]q + + assume_role_policy = <