Add example,fix vars and add conditional creation for module

Author: marcincuber

README.md

@@ -1,5 +1,5 @@
 # terraform-aws-ecs-fargate-task-definition
-Terraform module to create AWS ECS Fargate Task Definition
+Terraform module to create AWS ECS Fargate Task Definition.
 
 ## Terraform versions
 
@@ -9,7 +9,23 @@ Terraform 0.12. Pin module version to `~> v1.0`. Submit pull-requests to `master
 
 ```hcl
 module "ecs-task-definition" {
-	...
+  source = "umotif-public/ecs-fargate-task-definition/aws"
+  version = "~> 1.0"
+
+  enabled              = true
+  name_prefix          = "test-container"
+  task_container_image = "httpd:2.4"
+
+  container_name      = "test-container-name"
+  task_container_port = "80"
+  task_host_port      = "80"
+
+  task_definition_cpu    = "512"
+  task_definition_memory = "1024"
+
+  task_container_environment = {
+    "ENVIRONEMNT" = "Test"
+  }
 }
 ```
 
@@ -19,7 +35,7 @@ Module is to be used with Terraform > 0.12.
 
 ## Examples
 
-* [Example]()
+* [ECS Fargate Task Definition](https://github.com/umotif-public/terraform-aws-ecs-fargate-task-definition/tree/master/examples/core)
 
 ## Authors
 
@@ -30,8 +46,10 @@ Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](http
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| cloudwatch\_log\_group\_name | CloudWatch log group name required to enabled logDriver in container definitions for ecs task. | map(string) | n/a | yes |
+| cloudwatch\_log\_group\_name | CloudWatch log group name required to enabled logDriver in container definitions for ecs task. | string | `""` | no |
 | container\_name | Optional name for the container to be used instead of name\_prefix. | string | `""` | no |
+| docker\_volume\_configuration | \(Optional\) Used to configure a docker volume option "docker\_volume\_configuration". Full set of options can be found at https://www.terraform.io/docs/providers/aws/r/ecs\_task\_definition.html | list | `[]` | no |
+| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `"true"` | no |
 | name\_prefix | A prefix used for naming resources. | string | n/a | yes |
 | placement\_constraints | \(Optional\) A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. This is a list of maps, where each map should contain "type" and "expression" | list | `[]` | no |
 | proxy\_configuration | \(Optional\) The proxy configuration details for the App Mesh proxy. This is a list of maps, where each map should contain "container\_name", "properties" and "type" | list | `[]` | no |
@@ -59,7 +77,7 @@ Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](http
 | execution\_role\_unique\_id | The stable and unique string identifying the role. |
 | task\_definition\_arn | Full ARN of the Task Definition \(including both family and revision\). |
 | task\_definition\_family | The family of the Task Definition. |
-| task\_definition\_td\_revision | The revision of the task in a particular family. |
+| task\_definition\_revision | The revision of the task in a particular family. |
 | task\_role\_arn | The Amazon Resource Name \(ARN\) specifying the ECS service role. |
 | task\_role\_create\_date | The creation date of the IAM role. |
 | task\_role\_id | The ID of the role. |

examples/core/main.tf

@@ -3,19 +3,27 @@ provider "aws" {
 }
 
 #####
-# VPC and subnets
+# task definition
 #####
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 2.21"
+module "ecs-task-definition" {
+  source = "../.."
 
-  name = "simple-vpc"
+  enabled              = true
+  name_prefix          = "test-container"
+  task_container_image = "httpd:2.4"
 
-  cidr = "10.0.0.0/16"
+  container_name      = "test-container-name"
+  task_container_port = "80"
+  task_host_port      = "80"
 
-  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
-  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+  task_definition_cpu    = "512"
+  task_definition_memory = "1024"
 
-  enable_nat_gateway = false
+  task_container_environment = {
+    "ENVIRONEMNT" = "Test"
+  }
+
+  cloudwatch_log_group_name = "/test-cloudwatch/log-group"
+  task_container_command    = ["/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground\""]
 }
+

examples/core/outputs.tf

@@ -0,0 +1,55 @@
+output "task_role_arn" {
+  value = module.ecs-task-definition.task_role_arn
+}
+
+output "task_role_name" {
+  value = module.ecs-task-definition.task_role_name
+}
+
+output "task_role_create_date" {
+  value = module.ecs-task-definition.task_role_create_date
+}
+
+output "task_role_id" {
+  value = module.ecs-task-definition.task_role_id
+}
+
+output "task_role_unique_id" {
+  value = module.ecs-task-definition.task_role_unique_id
+}
+
+output "execution_role_arn" {
+  value = module.ecs-task-definition.execution_role_arn
+}
+
+output "execution_role_name" {
+  value = module.ecs-task-definition.execution_role_name
+}
+
+output "execution_role_create_date" {
+  value = module.ecs-task-definition.execution_role_create_date
+}
+
+output "execution_role_id" {
+  value = module.ecs-task-definition.execution_role_id
+}
+
+output "execution_role_unique_id" {
+  value = module.ecs-task-definition.execution_role_unique_id
+}
+
+output "task_definition_arn" {
+  value = module.ecs-task-definition.task_definition_arn
+}
+
+output "task_definition_family" {
+  value = module.ecs-task-definition.task_definition_family
+}
+
+output "task_definition_revision" {
+  value = module.ecs-task-definition.task_definition_revision
+}
+
+output "container_port" {
+  value = module.ecs-task-definition.container_port
+}

main.tf

@@ -2,38 +2,46 @@
 # Execution IAM Role
 #####
 resource "aws_iam_role" "execution" {
+  count = var.enabled ? 1 : 0
+
   name               = "${var.name_prefix}-execution-role"
   assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
 
   tags = var.tags
 }
 
 resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy_attach" {
-  role       = aws_iam_role.execution.name
+  count = var.enabled ? 1 : 0
+
+  role       = aws_iam_role.execution[0].name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
 
 resource "aws_iam_role_policy" "read_repository_credentials" {
-  count = length(var.repository_credentials) != 0 ? 1 : 0
+  count = length(var.repository_credentials) != 0 && var.enabled ? 1 : 0
 
   name   = "${var.name_prefix}-read-repository-credentials"
-  role   = aws_iam_role.execution.id
+  role   = aws_iam_role.execution[0].id
   policy = data.aws_iam_policy_document.read_repository_credentials.json
 }
 
 #####
 # IAM - Task role, basic. Append policies to this role for S3, DynamoDB etc.
 #####
 resource "aws_iam_role" "task" {
+  count = var.enabled ? 1 : 0
+
   name               = "${var.name_prefix}-task-role"
   assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
 
   tags = var.tags
 }
 
 resource "aws_iam_role_policy" "log_agent" {
+  count = var.enabled ? 1 : 0
+
   name   = "${var.name_prefix}-log-permissions"
-  role   = aws_iam_role.task.id
+  role   = aws_iam_role.task[0].id
   policy = data.aws_iam_policy_document.task_permissions.json
 }
 
@@ -51,13 +59,15 @@ locals {
 }
 
 resource "aws_ecs_task_definition" "task" {
+  count = var.enabled ? 1 : 0
+
   family                   = var.name_prefix
-  execution_role_arn       = aws_iam_role.execution.arn
+  execution_role_arn       = aws_iam_role.execution[0].arn
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
   cpu                      = var.task_definition_cpu
   memory                   = var.task_definition_memory
-  task_role_arn            = aws_iam_role.task.arn
+  task_role_arn            = aws_iam_role.task[0].arn
 
   container_definitions = <<EOF
 [{
@@ -113,18 +123,27 @@ EOF
   dynamic "volume" {
     for_each = var.volume
     content {
-      name                        = volume.value.name
-      host_path                   = lookup(volume.value, "host_path", null)
-      docker_volume_configuration = lookup(volume.value, "docker_volume_configuration", null)
+      name      = volume.value.name
+      host_path = lookup(volume.value, "host_path", null)
+
+      dynamic "docker_volume_configuration" {
+        for_each = var.docker_volume_configuration
+        content {
+          scope         = lookup(docker_volume_configuration.value, "scope", null)
+          autoprovision = lookup(docker_volume_configuration.value, "autoprovision", null)
+          driver        = lookup(docker_volume_configuration.value, "driver", null)
+          driver_opts   = lookup(docker_volume_configuration.value, "driver_opts", null)
+          labels        = lookup(docker_volume_configuration.value, "labels", null)
+        }
+      }
     }
   }
 
-
   tags = merge(
     var.tags,
     {
       Name = var.container_name != "" ? var.container_name : var.name_prefix
-    },
+    }
   )
 }
 

outputs.tf

@@ -1,66 +1,66 @@
 output "task_role_arn" {
   description = "The Amazon Resource Name (ARN) specifying the ECS service role."
-  value       = aws_iam_role.task.arn
+  value       = join("", aws_iam_role.task.*.arn)
 }
 
 output "task_role_name" {
   description = "The name of the Fargate task service role."
-  value       = aws_iam_role.task.name
+  value       = join("", aws_iam_role.task.*.name)
 }
 
 output "task_role_create_date" {
   description = "The creation date of the IAM role."
-  value       = aws_iam_role.task.create_date
+  value       = join("", aws_iam_role.task.*.create_date)
 }
 
 output "task_role_id" {
   description = "The ID of the role."
-  value       = aws_iam_role.task.id
+  value       = join("", aws_iam_role.task.*.id)
 }
 
 output "task_role_unique_id" {
   description = "The stable and unique string identifying the role."
-  value       = aws_iam_role.task.unique_id
+  value       = join("", aws_iam_role.task.*.unique_id)
 }
 
 output "execution_role_arn" {
   description = "The Amazon Resource Name (ARN) of execution role."
-  value       = aws_iam_role.execution.arn
+  value       = join("", aws_iam_role.execution.*.arn)
 }
 
 output "execution_role_name" {
   description = "The name of the execution service role."
-  value       = aws_iam_role.execution.name
+  value       = join("", aws_iam_role.execution.*.name)
 }
 
 output "execution_role_create_date" {
   description = "The creation date of the IAM role."
-  value       = aws_iam_role.execution.create_date
+  value       = join("", aws_iam_role.execution.*.create_date)
 }
 
 output "execution_role_id" {
   description = "The ID of the execution role."
-  value       = aws_iam_role.execution.id
+  value       = join("", aws_iam_role.execution.*.id)
 }
 
 output "execution_role_unique_id" {
   description = "The stable and unique string identifying the role."
-  value       = aws_iam_role.execution.unique_id
+  value       = join("", aws_iam_role.execution.*.unique_id)
 }
 
 output "task_definition_arn" {
   description = "Full ARN of the Task Definition (including both family and revision)."
-  value       = aws_ecs_task_definition.task.arn
+  value       = join("", aws_ecs_task_definition.task.*.arn)
 }
 
 output "task_definition_family" {
   description = "The family of the Task Definition."
-  value       = aws_ecs_task_definition.task.family
+  value       = join("", aws_ecs_task_definition.task.*.family)
 }
 
-output "task_definition_td_revision" {
+output "task_definition_revision" {
   description = "The revision of the task in a particular family."
-  value       = aws_ecs_task_definition.task.revision
+  value       = join("", aws_ecs_task_definition.task.*.revision)
 }
 
 output "container_port" {

variables.tf

@@ -1,3 +1,8 @@
+variable "enabled" {
+  type        = bool
+  description = "Whether to create the resources. Set to `false` to prevent the module from creating any resources"
+  default     = true
+}
 
 variable "name_prefix" {
   description = "A prefix used for naming resources."
@@ -52,7 +57,8 @@ variable "task_container_environment" {
 
 variable "cloudwatch_log_group_name" {
   description = "CloudWatch log group name required to enabled logDriver in container definitions for ecs task."
-  type        = map(string)
+  type        = string
+  default     = ""
 }
 
 variable "tags" {
@@ -92,3 +98,8 @@ variable "volume" {
   default     = []
 }
 
+variable "docker_volume_configuration" {
+  type        = list
+  description = "(Optional) Used to configure a docker volume option \"docker_volume_configuration\". Full set of options can be found at https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html"
+  default     = []
+}