Fixed examples (ECS related)

Author: antonbabenko

examples/complete/README.md

@@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | <a name="module_bucket"></a> [bucket](#module\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../ | n/a |
-| <a name="module_ecs"></a> [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | ~> 3.0 |
+| <a name="module_ecs"></a> [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | ~> 6.0 |
 | <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | n/a |
 | <a name="module_lambda"></a> [lambda](#module\_lambda) | terraform-aws-modules/lambda/aws | ~> 8.0 |
 | <a name="module_sns"></a> [sns](#module\_sns) | terraform-aws-modules/sns/aws | ~> 6.0 |
@@ -50,19 +50,16 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|------|
 | [aws_cloudtrail.trail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
 | [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_ecs_service.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
 | [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource |
 | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_subnets.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

examples/complete/main.tf

@@ -38,7 +38,7 @@ module "eventbridge" {
   append_rule_postfix = false
 
   attach_ecs_policy = true
-  ecs_target_arns   = [aws_ecs_task_definition.hello_world.arn]
+  ecs_target_arns   = [module.ecs.services.hello-world.task_definition_arn]
 
   rules = {
     orders = {
@@ -114,11 +114,11 @@ module "eventbridge" {
       },
       {
         name            = "process-email-with-ecs-task",
-        arn             = module.ecs.ecs_cluster_arn,
+        arn             = module.ecs.cluster_arn,
         attach_role_arn = true
         ecs_target = {
           task_count          = 1
-          task_definition_arn = aws_ecs_task_definition.hello_world.arn
+          task_definition_arn = module.ecs.services.hello-world.task_definition_arn
         }
       }
     ]
@@ -229,6 +229,19 @@ locals {
     EOF
   }
 }
+#############################################################
+# Data sources to get VPC and default security group details
+#############################################################
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
 
 ##################
 # Extra resources
@@ -314,37 +327,36 @@ module "step_function" {
 
 module "ecs" {
   source  = "terraform-aws-modules/ecs/aws"
-  version = "~> 3.0"
-
-  name = random_pet.this.id
-
-  capacity_providers = ["FARGATE", "FARGATE_SPOT"]
-}
-
-resource "aws_ecs_service" "hello_world" {
-  name            = "hello_world-${random_pet.this.id}"
-  cluster         = module.ecs.ecs_cluster_id
-  task_definition = aws_ecs_task_definition.hello_world.arn
-
-  desired_count = 1
+  version = "~> 6.0"
 
-  deployment_maximum_percent         = 100
-  deployment_minimum_healthy_percent = 0
-}
+  cluster_name = random_pet.this.id
 
-resource "aws_ecs_task_definition" "hello_world" {
-  family = "hello_world-${random_pet.this.id}"
+  default_capacity_provider_strategy = {
+    FARGATE = {
+      weight = 100
+      base   = 20
+    }
+    FARGATE_SPOT = {
+      weight = 100
+    }
+  }
 
-  container_definitions = <<EOF
-[
-  {
-    "name": "hello_world-${random_pet.this.id}",
-    "image": "hello-world",
-    "cpu": 0,
-    "memory": 128
+  services = {
+    hello-world = {
+      subnet_ids                         = data.aws_subnets.default.ids
+      desired_count                      = 1
+      deployment_maximum_percent         = 100
+      deployment_minimum_healthy_percent = 0
+
+      container_definitions = {
+        hello-world = {
+          image  = "hello-world",
+          cpu    = 0,
+          memory = 128
+        }
+      }
+    }
   }
-]
-EOF
 }
 
 #############################################
@@ -357,7 +369,7 @@ module "lambda" {
 
   function_name = "${random_pet.this.id}-lambda"
   handler       = "index.lambda_handler"
-  runtime       = "python3.12"
+  runtime       = "python3.13"
 
   create_package         = false
   local_existing_package = local.downloaded
@@ -432,84 +444,13 @@ resource "aws_cloudtrail" "trail" {
 # s3
 #######
 
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
 module "bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 5.0"
 
-  bucket        = "${random_pet.this.id}-bucket"
-  attach_policy = true
-  policy        = data.aws_iam_policy_document.bucket_policy.json
-
-  force_destroy = true
-}
-
-# https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html
-data "aws_iam_policy_document" "bucket_policy" {
-  statement {
-    sid = "AWSCloudTrailAclCheck"
-    principals {
-      identifiers = ["cloudtrail.amazonaws.com"]
-      type        = "Service"
-    }
-    actions = ["s3:GetBucketAcl"]
-    resources = [
-      "arn:aws:s3:::${random_pet.this.id}-bucket"
-    ]
-    condition {
-      test     = "StringEquals"
-      values   = ["arn:aws:cloudtrail:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:trail/${random_pet.this.id}-trail"]
-      variable = "aws:SourceArn"
-    }
-  }
+  bucket = "${random_pet.this.id}-bucket"
 
-  statement {
-    sid = "AWSCloudTrailWrite"
-    principals {
-      identifiers = ["cloudtrail.amazonaws.com"]
-      type        = "Service"
-    }
-    actions = ["s3:PutObject"]
-    resources = [
-      "arn:aws:s3:::${random_pet.this.id}-bucket/*"
-    ]
-    condition {
-      test     = "StringEquals"
-      values   = ["bucket-owner-full-control"]
-      variable = "s3:x-amz-acl"
-    }
-    condition {
-      test     = "StringEquals"
-      values   = ["arn:aws:cloudtrail:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:trail/${random_pet.this.id}-trail"]
-      variable = "aws:SourceArn"
-    }
-  }
+  attach_cloudtrail_log_delivery_policy = true
 
+  force_destroy = true
 }
-
-#######
-## Lambda
-#######
-#module "lambda" {
-#  source  = "terraform-aws-modules/lambda/aws"
-#  version = "~> 8.0"
-#
-#  function_name = "dev-cron-job"
-#  description   = "Lambda Serverless Job"
-#  handler       = "index.handler"
-#  runtime       = "nodejs14.x"
-#  timeout       = 900
-#
-#  source_path = "../with-lambda-shceduling/lambda"
-#}
-#
-#resource "aws_lambda_permission" "crons_invoke" {
-#  statement_id  = "AllowExecutionFromCloudWatch"
-#  action        = "lambda:InvokeFunction"
-#  function_name = module.lambda.lambda_function_name
-#  principal     = "events.amazonaws.com"
-#  source_arn    = module.eventbridge.eventbridge_rule_arns.orders
-#}

examples/complete/outputs.tf

@@ -32,6 +32,7 @@ output "eventbridge_permissions" {
 output "eventbridge_connections" {
   description = "The EventBridge Connections created and their attributes"
   value       = module.eventbridge.eventbridge_connections
+  sensitive   = true
 }
 
 output "eventbridge_api_destinations" {

examples/with-ecs-scheduling/README.md

@@ -34,7 +34,7 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 5.0 |
+| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 6.0 |
 | <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | n/a |
 
 ## Resources

examples/with-ecs-scheduling/main.tf

@@ -106,20 +106,17 @@ module "eventbridge" {
 
 module "ecs_cluster" {
   source  = "terraform-aws-modules/ecs/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   cluster_name = random_pet.this.id
 
-  fargate_capacity_providers = {
+  default_capacity_provider_strategy = {
     FARGATE = {
-      default_capacity_provider_strategy = {
-        weight = 100
-      }
+      weight = 100
+      base   = 20
     }
     FARGATE_SPOT = {
-      default_capacity_provider_strategy = {
-        weight = 100
-      }
+      weight = 100
     }
   }