terraform-aws-modules · zahorniak · Oct 2, 2025 · bryantbiggs · Oct 2, 2025 · zahorniak
diff --git a/README.md b/README.md
diff --git a/main.tf b/main.tf
@@ -81,6 +81,7 @@ module "service" {
   assign_public_ip                   = each.value.assign_public_ip
   security_group_ids                 = each.value.security_group_ids
   subnet_ids                         = each.value.subnet_ids
+  vpc_id                             = each.value.vpc_id
   ordered_placement_strategy         = each.value.ordered_placement_strategy
   placement_constraints              = each.value.placement_constraints
   platform_version                   = each.value.platform_version

diff --git a/modules/service/main.tf b/modules/service/main.tf
@@ -1638,7 +1638,7 @@ locals {
 }
 
 data "aws_subnet" "this" {
-  count = local.create_security_group && var.vpc_id != null ? 1 : 0
+  count = local.create_security_group ? 1 : 0
-  count = local.create_security_group ? 1 : 0
+  count = local.create_security_group && var.vpc_id == null ? 1 : 0
-  count = local.create_security_group ? 1 : 0
+  count = local.create_security_group && var.vpc_id == null ? 1 : 0
 
   region = var.region
 
@@ -1653,7 +1653,7 @@ resource "aws_security_group" "this" {
   name        = var.security_group_use_name_prefix ? null : local.security_group_name
   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
   description = var.security_group_description
-  vpc_id      = try(data.aws_subnet.this[0].vpc_id, var.vpc_id)
+  vpc_id      = coalesce(var.vpc_id, data.aws_subnet.this[0].vpc_id)
 
   tags = merge(
     var.tags,

diff --git a/variables.tf b/variables.tf
@@ -318,6 +318,7 @@ variable "services" {
     assign_public_ip   = optional(bool)
     security_group_ids = optional(list(string))
     subnet_ids         = optional(list(string))
+    vpc_id             = optional(string)
     ordered_placement_strategy = optional(map(object({
       field = optional(string)
       type  = string

diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf
@@ -123,7 +123,6 @@ module "wrapper" {
   task_exec_iam_statements                = try(each.value.task_exec_iam_statements, var.defaults.task_exec_iam_statements, null)
   task_exec_secret_arns                   = try(each.value.task_exec_secret_arns, var.defaults.task_exec_secret_arns, [])
   task_exec_ssm_param_arns                = try(each.value.task_exec_ssm_param_arns, var.defaults.task_exec_ssm_param_arns, [])
-  task_tags                               = try(each.value.task_tags, var.defaults.task_tags, {})
   tasks_iam_role_arn                      = try(each.value.tasks_iam_role_arn, var.defaults.tasks_iam_role_arn, null)
   tasks_iam_role_description              = try(each.value.tasks_iam_role_description, var.defaults.tasks_iam_role_description, null)
   tasks_iam_role_name                     = try(each.value.tasks_iam_role_name, var.defaults.tasks_iam_role_name, null)
@@ -133,6 +132,7 @@ module "wrapper" {
   tasks_iam_role_statements               = try(each.value.tasks_iam_role_statements, var.defaults.tasks_iam_role_statements, null)
   tasks_iam_role_tags                     = try(each.value.tasks_iam_role_tags, var.defaults.tasks_iam_role_tags, {})
   tasks_iam_role_use_name_prefix          = try(each.value.tasks_iam_role_use_name_prefix, var.defaults.tasks_iam_role_use_name_prefix, true)
+  task_tags                               = try(each.value.task_tags, var.defaults.task_tags, {})
   timeouts                                = try(each.value.timeouts, var.defaults.timeouts, null)
   track_latest                            = try(each.value.track_latest, var.defaults.track_latest, true)
   triggers                                = try(each.value.triggers, var.defaults.triggers, null)