feat: add separate task definition

examples/task/README.md

@@ -0,0 +1,62 @@
+# ECS Task Definition Example
+
+Configuration in this directory creates:
+
+- ECS Task Definition using the standalone task module
+- ECS Cluster with a task definition using the complete module
+- Associated IAM roles for task execution and tasks
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
+
+<!-- BEGIN_TF_DOCS -->
+
+## Requirements
+
+| Name                                                                     | Version  |
+| ------------------------------------------------------------------------ | -------- |
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement_aws)                   | >= 6.4   |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name                                                                    | Source             | Version |
+| ----------------------------------------------------------------------- | ------------------ | ------- |
+| <a name="module_ecs_complete"></a> [ecs_complete](#module_ecs_complete) | ../../             | n/a     |
+| <a name="module_ecs_task"></a> [ecs_task](#module_ecs_task)             | ../../modules/task | n/a     |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name                                                                                                  | Description                               |
+| ----------------------------------------------------------------------------------------------------- | ----------------------------------------- |
+| <a name="output_cluster_arn"></a> [cluster_arn](#output_cluster_arn)                                  | ARN that identifies the cluster           |
+| <a name="output_cluster_id"></a> [cluster_id](#output_cluster_id)                                     | ID that identifies the cluster            |
+| <a name="output_cluster_name"></a> [cluster_name](#output_cluster_name)                               | Name that identifies the cluster          |
+| <a name="output_task_definition_arn"></a> [task_definition_arn](#output_task_definition_arn)          | Full ARN of the task definition           |
+| <a name="output_task_definition_family"></a> [task_definition_family](#output_task_definition_family) | The unique name of the task definition    |
+| <a name="output_task_exec_iam_role_arn"></a> [task_exec_iam_role_arn](#output_task_exec_iam_role_arn) | Task execution IAM role ARN               |
+| <a name="output_tasks"></a> [tasks](#output_tasks)                                                    | Map of tasks created and their attributes |
+| <a name="output_tasks_iam_role_arn"></a> [tasks_iam_role_arn](#output_tasks_iam_role_arn)             | Tasks IAM role ARN                        |
+
+<!-- END_TF_DOCS -->

examples/task/main.tf

@@ -0,0 +1,111 @@
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  region = "us-east-1"
+  name   = "ex-${basename(path.cwd)}"
+
+  tags = {
+    Name       = local.name
+    Example    = local.name
+    Repository = "https://github.com/terraform-aws-modules/terraform-aws-ecs"
+  }
+}
+
+################################################################################
+# ECS Module - Task Only
+################################################################################
+
+module "ecs_task" {
+  source = "../../modules/task"
+
+  name = "${local.name}-task"
+
+  # Container definitions
+  container_definitions = {
+    nginx = {
+      cpu       = 256
+      memory    = 512
+      essential = true
+      image     = "public.ecr.aws/nginx/nginx:latest"
+      portMappings = [
+        {
+          name          = "nginx"
+          containerPort = 80
+          protocol      = "tcp"
+        }
+      ]
+
+      # Enable logging
+      enable_cloudwatch_logging              = true
+      create_cloudwatch_log_group            = true
+      cloudwatch_log_group_retention_in_days = 1
+    }
+  }
+
+  cpu                      = 512
+  memory                   = 1024
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+
+  runtime_platform = {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
+  }
+
+  # Task execution role
+  create_task_exec_iam_role = true
+
+  # Task role
+  create_tasks_iam_role = true
+
+  tags = local.tags
+}
+
+################################################################################
+# ECS Module - Complete (Cluster + Task)
+################################################################################
+
+module "ecs_complete" {
+  source = "../../"
+
+  cluster_name = local.name
+
+  # Task definitions
+  tasks = {
+    standalone-task = {
+      name = "${local.name}-standalone"
+
+      container_definitions = {
+        httpd = {
+          cpu       = 256
+          memory    = 512
+          essential = true
+          image     = "public.ecr.aws/docker/library/httpd:latest"
+          portMappings = [
+            {
+              name          = "httpd"
+              containerPort = 80
+              protocol      = "tcp"
+            }
+          ]
+
+          enable_cloudwatch_logging              = true
+          create_cloudwatch_log_group            = true
+          cloudwatch_log_group_retention_in_days = 1
+        }
+      }
+
+      cpu                      = 512
+      memory                   = 1024
+      requires_compatibilities = ["FARGATE"]
+      network_mode             = "awsvpc"
+
+      create_task_exec_iam_role = true
+      create_tasks_iam_role     = true
+    }
+  }
+
+  tags = local.tags
+}

examples/task/outputs.tf

@@ -0,0 +1,47 @@
+################################################################################
+# Task Module
+################################################################################
+
+output "task_definition_arn" {
+  description = "Full ARN of the task definition"
+  value       = module.ecs_task.task_definition_arn
+}
+
+output "task_definition_family" {
+  description = "The unique name of the task definition"
+  value       = module.ecs_task.task_definition_family
+}
+
+output "task_exec_iam_role_arn" {
+  description = "Task execution IAM role ARN"
+  value       = module.ecs_task.task_exec_iam_role_arn
+}
+
+output "tasks_iam_role_arn" {
+  description = "Tasks IAM role ARN"
+  value       = module.ecs_task.tasks_iam_role_arn
+}
+
+################################################################################
+# Complete Module
+################################################################################
+
+output "cluster_arn" {
+  description = "ARN that identifies the cluster"
+  value       = module.ecs_complete.cluster_arn
+}
+
+output "cluster_id" {
+  description = "ID that identifies the cluster"
+  value       = module.ecs_complete.cluster_id
+}
+
+output "cluster_name" {
+  description = "Name that identifies the cluster"
+  value       = module.ecs_complete.cluster_name
+}
+
+output "tasks" {
+  description = "Map of tasks created and their attributes"
+  value       = module.ecs_complete.tasks
+}

examples/task/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.5.7"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 6.4"
+    }
+  }
+}

main.tf

@@ -192,3 +192,70 @@ module "service" {
 
   tags = merge(var.tags, each.value.tags)
 }
+
+################################################################################
+# Task(s)
+################################################################################
+
+module "task" {
+  source = "./modules/task"
+
+  for_each = var.create && var.tasks != null ? var.tasks : {}
+
+  create = each.value.create
+  region = var.region
+
+  # Task definition
+  name                                  = coalesce(each.value.name, each.key)
+  enable_execute_command                = each.value.enable_execute_command
+  create_task_definition                = each.value.create_task_definition
+  task_definition_arn                   = each.value.task_definition_arn
+  container_definitions                 = each.value.container_definitions
+  cpu                                   = each.value.cpu
+  enable_fault_injection                = each.value.enable_fault_injection
+  ephemeral_storage                     = each.value.ephemeral_storage
+  family                                = each.value.family
+  ipc_mode                              = each.value.ipc_mode
+  memory                                = each.value.memory
+  network_mode                          = each.value.network_mode
+  pid_mode                              = each.value.pid_mode
+  proxy_configuration                   = each.value.proxy_configuration
+  requires_compatibilities              = each.value.requires_compatibilities
+  runtime_platform                      = each.value.runtime_platform
+  skip_destroy                          = each.value.skip_destroy
+  task_definition_placement_constraints = each.value.task_definition_placement_constraints
+  track_latest                          = each.value.track_latest
+  volume                                = each.value.volume
+  task_tags                             = each.value.task_tags
+
+  # Task Execution IAM role
+  create_task_exec_iam_role               = each.value.create_task_exec_iam_role
+  task_exec_iam_role_arn                  = each.value.task_exec_iam_role_arn
+  task_exec_iam_role_name                 = each.value.task_exec_iam_role_name
+  task_exec_iam_role_use_name_prefix      = each.value.task_exec_iam_role_use_name_prefix
+  task_exec_iam_role_path                 = each.value.task_exec_iam_role_path
+  task_exec_iam_role_description          = each.value.task_exec_iam_role_description
+  task_exec_iam_role_permissions_boundary = each.value.task_exec_iam_role_permissions_boundary
+  task_exec_iam_role_tags                 = each.value.task_exec_iam_role_tags
+  task_exec_iam_role_policies             = each.value.task_exec_iam_role_policies
+  task_exec_iam_role_max_session_duration = each.value.task_exec_iam_role_max_session_duration
+  create_task_exec_policy                 = each.value.create_task_exec_policy
+  task_exec_ssm_param_arns                = each.value.task_exec_ssm_param_arns
+  task_exec_secret_arns                   = each.value.task_exec_secret_arns
+  task_exec_iam_statements                = each.value.task_exec_iam_statements
+  task_exec_iam_policy_path               = each.value.task_exec_iam_policy_path
+
+  # Tasks IAM role
+  create_tasks_iam_role               = each.value.create_tasks_iam_role
+  tasks_iam_role_arn                  = each.value.tasks_iam_role_arn
+  tasks_iam_role_name                 = each.value.tasks_iam_role_name
+  tasks_iam_role_use_name_prefix      = each.value.tasks_iam_role_use_name_prefix
+  tasks_iam_role_path                 = each.value.tasks_iam_role_path
+  tasks_iam_role_description          = each.value.tasks_iam_role_description
+  tasks_iam_role_permissions_boundary = each.value.tasks_iam_role_permissions_boundary
+  tasks_iam_role_tags                 = each.value.tasks_iam_role_tags
+  tasks_iam_role_policies             = each.value.tasks_iam_role_policies
+  tasks_iam_role_statements           = each.value.tasks_iam_role_statements
+
+  tags = merge(var.tags, each.value.tags)
+}