diff --git a/README.md b/README.md
index 3ba8fbe..4f2c08c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# AWS Fargate ECS Terraform Module
- [](https://registry.terraform.io/modules/stroeer/ecs-fargate/aws/0.36.1)  [](https://opensource.org/licenses/Apache-2.0)
+ [](https://registry.terraform.io/modules/stroeer/ecs-fargate/aws/0.37.0)  [](https://opensource.org/licenses/Apache-2.0)
Terraform module to create [Fargate ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html) resources on AWS.
@@ -222,6 +222,7 @@ for example.
| [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more. | list(object({
capacity_provider = string
weight = string
base = optional(string, null)
})) | `null` | no |
| [cloudwatch\_logs](#input\_cloudwatch\_logs) | CloudWatch logs configuration for the containers of this service. CloudWatch logs will be used as the default log configuration if Firelens is disabled and for the fluentbit and otel containers. | object({
enabled = optional(bool, true)
name = optional(string, "")
retention_in_days = optional(number, 7)
}) | `{}` | no |
| [cluster\_id](#input\_cluster\_id) | The ECS cluster id that should run this service | `string` | n/a | yes |
+| [code\_build\_log\_retention\_in\_days](#input\_code\_build\_log\_retention\_in\_days) | Log retention in days of the CodeBuild CloudWatch log group. | `number` | `7` | no |
| [code\_build\_role\_name](#input\_code\_build\_role\_name) | Use an existing role for codebuild permissions that can be reused for multiple services. Otherwise a separate role for this service will be created. | `string` | `""` | no |
| [code\_pipeline\_artifact\_bucket](#input\_code\_pipeline\_artifact\_bucket) | Use an existing bucket for codepipeline artifacts that can be reused for multiple services. Otherwise a separate bucket for each service will be created. | `string` | `""` | no |
| [code\_pipeline\_artifact\_bucket\_sse](#input\_code\_pipeline\_artifact\_bucket\_sse) | AWS KMS master key id for server-side encryption. | `any` | `{}` | no |
diff --git a/alb.tf b/alb.tf
index 4142de4..c4a98ee 100644
--- a/alb.tf
+++ b/alb.tf
@@ -10,8 +10,8 @@ resource "aws_alb_target_group" "main" {
vpc_id = var.vpc_id
port = lookup(var.target_groups[count.index], "backend_port", null)
- protocol = lookup(var.target_groups[count.index], "backend_protocol", null) != null ? upper(lookup(var.target_groups[count.index], "backend_protocol")) : null
- protocol_version = lookup(var.target_groups[count.index], "protocol_version", null) != null ? upper(lookup(var.target_groups[count.index], "protocol_version")) : null
+ protocol = lookup(var.target_groups[count.index], "backend_protocol", null) != null ? upper(lookup(var.target_groups[count.index], "backend_protocol", null)) : null
+ protocol_version = lookup(var.target_groups[count.index], "protocol_version", null) != null ? upper(lookup(var.target_groups[count.index], "protocol_version", null)) : null
target_type = lookup(var.target_groups[count.index], "target_type", null)
deregistration_delay = lookup(var.target_groups[count.index], "deregistration_delay", null)
@@ -23,7 +23,8 @@ resource "aws_alb_target_group" "main" {
dynamic "health_check" {
for_each = length(keys(lookup(var.target_groups[count.index], "health_check", {}))) == 0 ? [] : [
- lookup(var.target_groups[count.index], "health_check", {})]
+ lookup(var.target_groups[count.index], "health_check", {})
+ ]
content {
enabled = lookup(health_check.value, "enabled", null)
diff --git a/main.tf b/main.tf
index 368a694..b8c4e73 100644
--- a/main.tf
+++ b/main.tf
@@ -11,15 +11,15 @@ locals {
[
{
# allow backend_port traffic
- from_port = lookup(target, "backend_port")
- to_port = lookup(target, "backend_port")
+ from_port = lookup(target, "backend_port", null)
+ to_port = lookup(target, "backend_port", null)
protocol = "tcp"
- source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn")].security_groups)[0]
+ source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn", null)].security_groups)[0]
prefix = "backend_port"
}
],
lookup(target, "health_check", null) != null &&
- lookup(target["health_check"], "port", "traffic-port") != lookup(target, "backend_port", ) &&
+ lookup(target["health_check"], "port", "traffic-port") != lookup(target, "backend_port", null) &&
lookup(target["health_check"], "port", "traffic-port") != "traffic-port"
? [
{
@@ -27,7 +27,7 @@ locals {
from_port = target["health_check"]["port"]
to_port = target["health_check"]["port"]
protocol = "tcp"
- source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn")].security_groups)[0]
+ source_security_group_id = tolist(data.aws_lb.public[lookup(target, "load_balancer_arn", null)].security_groups)[0]
prefix = "health_check_port"
}
] : []
@@ -237,6 +237,7 @@ module "code_deploy" {
ecr_image_tag = var.ecr_image_tag
service_name = var.service_name
code_build_role = var.code_build_role_name
+ code_build_log_retention_in_days = var.code_build_log_retention_in_days
code_pipeline_role = var.code_pipeline_role_name
artifact_bucket = var.code_pipeline_artifact_bucket
artifact_bucket_server_side_encryption = var.code_pipeline_artifact_bucket_sse
@@ -268,7 +269,7 @@ resource "aws_appautoscaling_policy" "ecs" {
service_namespace = aws_appautoscaling_target.ecs[count.index].service_namespace
target_tracking_scaling_policy_configuration {
- target_value = lookup(var.appautoscaling_settings, "target_value")
+ target_value = lookup(var.appautoscaling_settings, "target_value", null)
disable_scale_in = lookup(var.appautoscaling_settings, "disable_scale_in", false)
scale_in_cooldown = lookup(var.appautoscaling_settings, "scale_in_cooldown", 300)
scale_out_cooldown = lookup(var.appautoscaling_settings, "scale_out_cooldown", 30)
diff --git a/modules/deployment/code_build.tf b/modules/deployment/code_build.tf
index ea3c471..e48aa47 100644
--- a/modules/deployment/code_build.tf
+++ b/modules/deployment/code_build.tf
@@ -1,6 +1,6 @@
resource "aws_cloudwatch_log_group" "this" {
name = "/aws/codebuild/${var.service_name}-deployment"
- retention_in_days = 7
+ retention_in_days = var.code_build_log_retention_in_days
tags = merge(var.tags, {
tf_module = basename(path.module)
diff --git a/modules/deployment/variables.tf b/modules/deployment/variables.tf
index 156fc6b..394798d 100644
--- a/modules/deployment/variables.tf
+++ b/modules/deployment/variables.tf
@@ -52,6 +52,12 @@ variable "code_build_role" {
type = string
}
+variable "code_build_log_retention_in_days" {
+ default = 7
+ description = "Log retention in days of the CodeBuild CloudWatch log group."
+ type = number
+}
+
variable "codestar_notifications_detail_type" {
default = "BASIC"
description = "The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL."
diff --git a/otel.tf b/otel.tf
index 35aaab4..4e447cb 100644
--- a/otel.tf
+++ b/otel.tf
@@ -2,7 +2,7 @@ locals {
// optional AWS Distro for OpenTelemetry container
otel_container_defaults = {
essential = false
- image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/ecr-public/aws-observability/aws-otel-collector:v0.29.0"
+ image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/ecr-public/aws-observability/aws-otel-collector:v0.36.0"
name = "otel"
readonlyRootFilesystem = false
mountPoints = []
diff --git a/variables.tf b/variables.tf
index e0e8a03..df65090 100644
--- a/variables.tf
+++ b/variables.tf
@@ -155,6 +155,12 @@ variable "code_build_role_name" {
type = string
}
+variable "code_build_log_retention_in_days" {
+ default = 7
+ description = "Log retention in days of the CodeBuild CloudWatch log group."
+ type = number
+}
+
variable "codestar_notifications_detail_type" {
default = "BASIC"
description = "The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL."