feat: allowing an IAM Path for task_exec policy

rmolson · rmolson · commit 808e262c0477 · 2024-11-29T11:12:00.000-05:00
diff --git a/modules/service/README.md b/modules/service/README.md
@@ -294,6 +294,7 @@ module "ecs_service" {
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_task_definition_arn"></a> [task\_definition\_arn](#input\_task\_definition\_arn) | Existing task definition ARN. Required when `create_task_definition` is `false` | `string` | `null` | no |
 | <a name="input_task_definition_placement_constraints"></a> [task\_definition\_placement\_constraints](#input\_task\_definition\_placement\_constraints) | Configuration block for rules that are taken into consideration during task placement (up to max of 10). This is set at the task definition, see `placement_constraints` for setting at the service | `any` | `{}` | no |
+| <a name="input_task_exec_iam_policy_path"></a> [task\_exec\_iam\_policy\_path](#input\_task\_exec\_iam\_policy\_path) | Path for the iam role | `string` | `null` | no |
 | <a name="input_task_exec_iam_role_arn"></a> [task\_exec\_iam\_role\_arn](#input\_task\_exec\_iam\_role\_arn) | Existing IAM role ARN | `string` | `null` | no |
 | <a name="input_task_exec_iam_role_description"></a> [task\_exec\_iam\_role\_description](#input\_task\_exec\_iam\_role\_description) | Description of the role | `string` | `null` | no |
 | <a name="input_task_exec_iam_role_max_session_duration"></a> [task\_exec\_iam\_role\_max\_session\_duration](#input\_task\_exec\_iam\_role\_max\_session\_duration) | Maximum session duration (in seconds) for ECS task execution role. Default is 3600. | `number` | `null` | no |
diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf
@@ -98,6 +98,7 @@ module "wrapper" {
   tags                                    = try(each.value.tags, var.defaults.tags, {})
   task_definition_arn                     = try(each.value.task_definition_arn, var.defaults.task_definition_arn, null)
   task_definition_placement_constraints   = try(each.value.task_definition_placement_constraints, var.defaults.task_definition_placement_constraints, {})
+  task_exec_iam_policy_path               = try(each.value.task_exec_iam_policy_path, var.defaults.task_exec_iam_policy_path, null)
   task_exec_iam_role_arn                  = try(each.value.task_exec_iam_role_arn, var.defaults.task_exec_iam_role_arn, null)
   task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_max_session_duration = try(each.value.task_exec_iam_role_max_session_duration, var.defaults.task_exec_iam_role_max_session_duration, null)
@@ -110,7 +111,6 @@ module "wrapper" {
   task_exec_iam_statements                = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, {})
   task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
   task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
-  task_tags                               = try(each.value.task_tags, var.defaults.task_tags, {})
   tasks_iam_role_arn                      = try(each.value.tasks_iam_role_arn, var.defaults.tasks_iam_role_arn, null)
   tasks_iam_role_description              = try(each.value.tasks_iam_role_description, var.defaults.tasks_iam_role_description, null)
   tasks_iam_role_name                     = try(each.value.tasks_iam_role_name, var.defaults.tasks_iam_role_name, null)
@@ -120,6 +120,7 @@ module "wrapper" {
   tasks_iam_role_statements               = try(each.value.tasks_iam_role_statements, var.defaults.tasks_iam_role_statements, {})
   tasks_iam_role_tags                     = try(each.value.tasks_iam_role_tags, var.defaults.tasks_iam_role_tags, {})
   tasks_iam_role_use_name_prefix          = try(each.value.tasks_iam_role_use_name_prefix, var.defaults.tasks_iam_role_use_name_prefix, true)
+  task_tags                               = try(each.value.task_tags, var.defaults.task_tags, {})
   timeouts                                = try(each.value.timeouts, var.defaults.timeouts, {})
   triggers                                = try(each.value.triggers, var.defaults.triggers, {})
   volume                                  = try(each.value.volume, var.defaults.volume, {})
