From 16162ff6b679f6d084aae81d016756c7165ff461 Mon Sep 17 00:00:00 2001
From: Josh Hudson <382062+itmustbejj@users.noreply.github.com>
Date: Thu, 14 Jul 2022 12:55:45 -0700
Subject: [PATCH] feat: Add `task_execution_session_duration` for task
 execution role (#300)

---
 README.md    | 1 +
 main.tf      | 1 +
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index f2b57183..7cc9c812 100644
--- a/README.md
+++ b/README.md
@@ -370,6 +370,7 @@ allow_github_webhooks        = true
 | <a name="input_github_webhooks_ipv6_cidr_blocks"></a> [github\_webhooks\_ipv6\_cidr\_blocks](#input\_github\_webhooks\_ipv6\_cidr\_blocks) | List of IPv6 CIDR blocks used by GitHub webhooks | `list(string)` | <pre>[<br>  "2a0a:a440::/29",<br>  "2606:50c0::/32"<br>]</pre> | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | Whether the load balancer is internal or external | `bool` | `false` | no |
 | <a name="input_manage_default_security_group"></a> [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |
+| <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Maximum session duration (in seconds) for ecs task execution role. Default is 3600. | `number` | `null` | no |
 | <a name="input_mount_points"></a> [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional. | `list(any)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use on all resources created (VPC, ALB, etc) | `string` | `"atlantis"` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index d6654140..17f33155 100644
--- a/main.tf
+++ b/main.tf
@@ -530,6 +530,7 @@ data "aws_iam_policy_document" "ecs_tasks" {
 resource "aws_iam_role" "ecs_task_execution" {
   name                 = "${var.name}-ecs_task_execution"
   assume_role_policy   = data.aws_iam_policy_document.ecs_tasks.json
+  max_session_duration = var.max_session_duration
   permissions_boundary = var.permissions_boundary
 
   tags = local.tags
diff --git a/variables.tf b/variables.tf
index dd7cd254..ee3cb058 100644
--- a/variables.tf
+++ b/variables.tf
@@ -718,3 +718,9 @@ variable "runtime_platform" {
   type        = any
   default     = null
 }
+
+variable "max_session_duration" {
+  description = "Maximum session duration (in seconds) for ecs task execution role. Default is 3600."
+  type        = number
+  default     = null
+}