Merge branch 'main' into dependabot/github_actions/hashicorp/setup-te…

…rraform-3

README.md

@@ -1,6 +1,6 @@
 # AWS Fargate ECS Terraform Module
 
-![CI](https://github.com/stroeer/terraform-aws-ecs-fargate/workflows/static%20analysis/badge.svg) [![Terraform Registry](https://img.shields.io/badge/Terraform%20Registry-0.36.1-blue.svg)](https://registry.terraform.io/modules/stroeer/ecs-fargate/aws/0.36.1) ![Terraform Version](https://img.shields.io/badge/Terraform-1.3+-green.svg) [![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-yellow.svg)](https://opensource.org/licenses/Apache-2.0)
+![CI](https://github.com/stroeer/terraform-aws-ecs-fargate/workflows/static%20analysis/badge.svg) [![Terraform Registry](https://img.shields.io/badge/Terraform%20Registry-0.37.0-blue.svg)](https://registry.terraform.io/modules/stroeer/ecs-fargate/aws/0.37.0) ![Terraform Version](https://img.shields.io/badge/Terraform-1.3+-green.svg) [![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-yellow.svg)](https://opensource.org/licenses/Apache-2.0)
 
 Terraform module to create [Fargate ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html) resources on AWS.
 
@@ -222,6 +222,7 @@ for example.
 | <a name="input_capacity_provider_strategy"></a> [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more. | <pre>list(object({<br>    capacity_provider = string<br>    weight            = string<br>    base              = optional(string, null)<br>  }))</pre> | `null` | no |
 | <a name="input_cloudwatch_logs"></a> [cloudwatch\_logs](#input\_cloudwatch\_logs) | CloudWatch logs configuration for the containers of this service. CloudWatch logs will be used as the default log configuration if Firelens is disabled and for the fluentbit and otel containers. | <pre>object({<br>    enabled           = optional(bool, true)<br>    name              = optional(string, "")<br>    retention_in_days = optional(number, 7)<br>  })</pre> | `{}` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ECS cluster id that should run this service | `string` | n/a | yes |
+| <a name="input_code_build_log_retention_in_days"></a> [code\_build\_log\_retention\_in\_days](#input\_code\_build\_log\_retention\_in\_days) | Log retention in days of the CodeBuild CloudWatch log group. | `number` | `7` | no |
 | <a name="input_code_build_role_name"></a> [code\_build\_role\_name](#input\_code\_build\_role\_name) | Use an existing role for codebuild permissions that can be reused for multiple services. Otherwise a separate role for this service will be created. | `string` | `""` | no |
 | <a name="input_code_pipeline_artifact_bucket"></a> [code\_pipeline\_artifact\_bucket](#input\_code\_pipeline\_artifact\_bucket) | Use an existing bucket for codepipeline artifacts that can be reused for multiple services. Otherwise a separate bucket for each service will be created. | `string` | `""` | no |
 | <a name="input_code_pipeline_artifact_bucket_sse"></a> [code\_pipeline\_artifact\_bucket\_sse](#input\_code\_pipeline\_artifact\_bucket\_sse) | AWS KMS master key id for server-side encryption. | `any` | `{}` | no |

alb.tf

@@ -10,8 +10,8 @@ resource "aws_alb_target_group" "main" {
 
   vpc_id           = var.vpc_id
   port             = lookup(var.target_groups[count.index], "backend_port", null)
-  protocol         = lookup(var.target_groups[count.index], "backend_protocol", null) != null ? upper(lookup(var.target_groups[count.index], "backend_protocol")) : null
-  protocol_version = lookup(var.target_groups[count.index], "protocol_version", null) != null ? upper(lookup(var.target_groups[count.index], "protocol_version")) : null
+  protocol         = lookup(var.target_groups[count.index], "backend_protocol", null) != null ? upper(lookup(var.target_groups[count.index], "backend_protocol", null)) : null
+  protocol_version = lookup(var.target_groups[count.index], "protocol_version", null) != null ? upper(lookup(var.target_groups[count.index], "protocol_version", null)) : null
   target_type      = lookup(var.target_groups[count.index], "target_type", null)
 
   deregistration_delay               = lookup(var.target_groups[count.index], "deregistration_delay", null)
@@ -23,7 +23,8 @@ resource "aws_alb_target_group" "main" {
 
   dynamic "health_check" {
     for_each = length(keys(lookup(var.target_groups[count.index], "health_check", {}))) == 0 ? [] : [
-    lookup(var.target_groups[count.index], "health_check", {})]
+      lookup(var.target_groups[count.index], "health_check", {})
+    ]
 
     content {
       enabled             = lookup(health_check.value, "enabled", null)

main.tf

@@ -11,23 +11,23 @@ locals {
           [
             {
               # allow backend_port traffic
-              from_port                = lookup(target, "backend_port")
-              to_port                  = lookup(target, "backend_port")
+              from_port                = lookup(target, "backend_port", null)
+              to_port                  = lookup(target, "backend_port", null)
               protocol                 = "tcp"
-              source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn")].security_groups)[0]
+              source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn", null)].security_groups)[0]
               prefix                   = "backend_port"
             }
           ],
           lookup(target, "health_check", null) != null &&
-          lookup(target["health_check"], "port", "traffic-port") != lookup(target, "backend_port", ) &&
+          lookup(target["health_check"], "port", "traffic-port") != lookup(target, "backend_port", null) &&
           lookup(target["health_check"], "port", "traffic-port") != "traffic-port"
           ? [
             {
               # if health_check_port set and different from backend_port, also allow traffic
               from_port                = target["health_check"]["port"]
               to_port                  = target["health_check"]["port"]
               protocol                 = "tcp"
-              source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn")].security_groups)[0]
+              source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn", null)].security_groups)[0]
               prefix                   = "health_check_port"
             }
           ] : []
@@ -237,6 +237,7 @@ module "code_deploy" {
   ecr_image_tag                           = var.ecr_image_tag
   service_name                            = var.service_name
   code_build_role                         = var.code_build_role_name
+  code_build_log_retention_in_days        = var.code_build_log_retention_in_days
   code_pipeline_role                      = var.code_pipeline_role_name
   artifact_bucket                         = var.code_pipeline_artifact_bucket
   artifact_bucket_server_side_encryption  = var.code_pipeline_artifact_bucket_sse
@@ -268,7 +269,7 @@ resource "aws_appautoscaling_policy" "ecs" {
   service_namespace  = aws_appautoscaling_target.ecs[count.index].service_namespace
 
   target_tracking_scaling_policy_configuration {
-    target_value       = lookup(var.appautoscaling_settings, "target_value")
+    target_value       = lookup(var.appautoscaling_settings, "target_value", null)
     disable_scale_in   = lookup(var.appautoscaling_settings, "disable_scale_in", false)
     scale_in_cooldown  = lookup(var.appautoscaling_settings, "scale_in_cooldown", 300)
     scale_out_cooldown = lookup(var.appautoscaling_settings, "scale_out_cooldown", 30)

modules/deployment/code_build.tf

@@ -1,6 +1,6 @@
 resource "aws_cloudwatch_log_group" "this" {
   name              = "/aws/codebuild/${var.service_name}-deployment"
-  retention_in_days = 7
+  retention_in_days = var.code_build_log_retention_in_days
 
   tags = merge(var.tags, {
     tf_module = basename(path.module)

modules/deployment/variables.tf

@@ -52,6 +52,12 @@ variable "code_build_role" {
   type        = string
 }
 
+variable "code_build_log_retention_in_days" {
+  default     = 7
+  description = "Log retention in days of the CodeBuild CloudWatch log group."
+  type        = number
+}
+
 variable "codestar_notifications_detail_type" {
   default     = "BASIC"
   description = "The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL."

otel.tf

@@ -2,7 +2,7 @@ locals {
   // optional AWS Distro for OpenTelemetry container
   otel_container_defaults = {
     essential              = false
-    image                  = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/ecr-public/aws-observability/aws-otel-collector:v0.29.0"
+    image                  = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/ecr-public/aws-observability/aws-otel-collector:v0.36.0"
     name                   = "otel"
     readonlyRootFilesystem = false
     mountPoints            = []

variables.tf

@@ -155,6 +155,12 @@ variable "code_build_role_name" {
   type        = string
 }
 
+variable "code_build_log_retention_in_days" {
+  default     = 7
+  description = "Log retention in days of the CodeBuild CloudWatch log group."
+  type        = number
+}
+
 variable "codestar_notifications_detail_type" {
   default     = "BASIC"
   description = "The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL."