From 9bec95335c778ae18ccb88141e8bead293098769 Mon Sep 17 00:00:00 2001
From: Wayne <53596635+wayne-root@users.noreply.github.com>
Date: Tue, 13 Dec 2022 15:29:34 +0800
Subject: [PATCH] Add ECS Exec (#7)
---
README.md | 5 ++++-
main.tf | 2 ++
modules/cluster/README.md | 1 +
modules/cluster/outputs.tf | 5 +++++
modules/service/README.md | 1 +
modules/service/main.tf | 1 +
modules/service/variables.tf | 6 ++++++
outputs.tf | 4 ++++
variables.tf | 6 ++++++
9 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 outputs.tf
diff --git a/README.md b/README.md
index df13c52..74cae7f 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,7 @@ No resources.
| [asg\_wait\_for\_capacity\_timeout](#input\_asg\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `null` | no |
| [assign\_public\_ip](#input\_assign\_public\_ip) | Enable a public IP address for the container | `bool` | `false` | no |
| [create\_launch\_template](#input\_create\_launch\_template) | Create a launch template | `bool` | `true` | no |
+| [enable\_execute\_command](#input\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no |
| [launch\_type](#input\_launch\_type) | The launch type on which to run your task.(EC2\|FARGATE) | `string` | `"EC2"` | no |
| [link\_ecs\_to\_asg\_capacity\_provider](#input\_link\_ecs\_to\_asg\_capacity\_provider) | Specify whether to link ECS to autoscaling group capacity provider | `bool` | `false` | no |
| [name](#input\_name) | Name of the product/project/application | `string` | `null` | no |
@@ -68,5 +69,7 @@ No resources.
## Outputs
-No outputs.
+| Name | Description |
+|------|-------------|
+| [ecs\_cluster\_kms\_arn](#output\_ecs\_cluster\_kms\_arn) | The AWS Key Management Service key ID to encrypt the data between the local client and the container |
diff --git a/main.tf b/main.tf
index 302669f..2a22249 100644
--- a/main.tf
+++ b/main.tf
@@ -65,6 +65,8 @@ module "service" {
docker_volumes = lookup(each.value, "docker_volumes", [])
assign_public_ip = var.assign_public_ip
+
+ enable_execute_command = var.enable_execute_command
}
module "service_cpu_autoscaling_policy" {
diff --git a/modules/cluster/README.md b/modules/cluster/README.md
index 89b3dcb..d35539a 100644
--- a/modules/cluster/README.md
+++ b/modules/cluster/README.md
@@ -60,5 +60,6 @@ No modules.
|------|-------------|
| [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | ARN of the ECS Cluster |
| [ecs\_cluster\_id](#output\_ecs\_cluster\_id) | ID of the ECS Cluster |
+| [ecs\_cluster\_kms\_arn](#output\_ecs\_cluster\_kms\_arn) | The AWS Key Management Service key ID to encrypt the data between the local client and the container |
| [ecs\_cluster\_name](#output\_ecs\_cluster\_name) | The name of the ECS cluster |
diff --git a/modules/cluster/outputs.tf b/modules/cluster/outputs.tf
index 6daec15..f4113f4 100644
--- a/modules/cluster/outputs.tf
+++ b/modules/cluster/outputs.tf
@@ -12,3 +12,8 @@ output "ecs_cluster_name" {
description = "The name of the ECS cluster"
value = try(aws_ecs_cluster.this.name, "")
}
+
+output "ecs_cluster_kms_arn" {
+ description = "The AWS Key Management Service key ID to encrypt the data between the local client and the container"
+ value = try(aws_kms_key.cluster.arn, "")
+}
diff --git a/modules/service/README.md b/modules/service/README.md
index 332a21d..8263389 100644
--- a/modules/service/README.md
+++ b/modules/service/README.md
@@ -39,6 +39,7 @@ No modules.
| [ecs\_load\_balancers](#input\_ecs\_load\_balancers) | Configuration block for load balancers. | `list(any)` | `[]` | no |
| [efs\_volumes](#input\_efs\_volumes) | Task EFS volume definitions as list of configuration objects. You cannot define both Docker volumes and EFS volumes on the same task definition. | `list(any)` | `[]` | no |
| [enable\_ecs\_managed\_tags](#input\_enable\_ecs\_managed\_tags) | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `true` | no |
+| [enable\_execute\_command](#input\_enable\_execute\_command) | Specifies whether to enable Amazon ECS Exec for the tasks within the service | `bool` | `false` | no |
| [execution\_role\_arn](#input\_execution\_role\_arn) | ECS excution role arn | `string` | `""` | no |
| [launch\_type](#input\_launch\_type) | Launch type | `string` | `"EC2"` | no |
| [name](#input\_name) | The Service name | `string` | n/a | yes |
diff --git a/modules/service/main.tf b/modules/service/main.tf
index df529f7..298e040 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -85,6 +85,7 @@ resource "aws_ecs_service" "this" {
platform_version = var.launch_type == "FARGATE" ? var.platform_version : null
desired_count = var.desired_count
enable_ecs_managed_tags = var.enable_ecs_managed_tags
+ enable_execute_command = var.enable_execute_command
propagate_tags = var.propagate_tags
deployment_maximum_percent = var.deployment_maximum_percent
diff --git a/modules/service/variables.tf b/modules/service/variables.tf
index 8852a73..ab95190 100644
--- a/modules/service/variables.tf
+++ b/modules/service/variables.tf
@@ -35,6 +35,12 @@ variable "enable_ecs_managed_tags" {
default = true
}
+variable "enable_execute_command" {
+ description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service"
+ type = bool
+ default = false
+}
+
variable "propagate_tags" {
description = "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION"
type = string
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..c2e38d9
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "ecs_cluster_kms_arn" {
+ description = "The AWS Key Management Service key ID to encrypt the data between the local client and the container"
+ value = try(module.cluster.ecs_cluster_kms_arn, "")
+}
diff --git a/variables.tf b/variables.tf
index 6bea3c4..2adaa5c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -76,6 +76,12 @@ variable "assign_public_ip" {
default = false
}
+variable "enable_execute_command" {
+ description = "Specifies whether to enable Amazon ECS Exec for the tasks within the service"
+ type = bool
+ default = false
+}
+
################################################################################
# Autoscaling group
################################################################################