AWS ECS Terraform module
Upstream version 7.5.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/ecs/aws60 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
capacity_providers | map({...}) | null | Map of capacity provider definitions to create for the cluster |
cloudwatch_log_group_class | string | null | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` |
cloudwatch_log_group_kms_key_id | string | null | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) |
cloudwatch_log_group_name | string | null | Custom name of CloudWatch Log Group for ECS cluster |
cloudwatch_log_group_retention_in_days | number | 90 | Number of days to retain log events |
cloudwatch_log_group_tags | map(string) | {} | A map of additional tags to add to the log group created |
cluster_capacity_providers | list(string) | [] | List of capacity provider names to associate with the ECS cluster. Note: any capacity providers created by this module will be automatically added |
cluster_configuration | object({...}) | {...} | The execute command configuration for the cluster |
cluster_name | string | "" | Name of the cluster (up to 255 letters, numbers, hyphens, and underscores) |
cluster_service_connect_defaults | object({...}) | null | Configures a default Service Connect namespace |
cluster_setting | list({...}) | [...] | List of configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster |
cluster_tags | map(string) | {} | A map of additional tags to add to the cluster |
create | bool | true | Determines whether resources will be created (affects all resources) |
create_cloudwatch_log_group | bool | true | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled |
create_infrastructure_iam_role | bool | true | Determines whether the ECS infrastructure IAM role should be created |
create_node_iam_instance_profile | bool | true | Determines whether an IAM instance profile is created or to use an existing IAM instance profile |
create_security_group | bool | true | Determines if a security group is created |
create_task_exec_iam_role | bool | false | Determines whether the ECS task definition IAM role should be created |
create_task_exec_policy | bool | true | Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters |
default_capacity_provider_strategy | map({...}) | null | Map of default capacity provider strategy definitions to use for the cluster |
disable_v7_default_name_description | bool | false | [DEPRECATED - will be removed in v8.0] Determines whether to disable the default postfix added to resource names and descriptions added in v7.0 |
infrastructure_iam_role_description | string | null | Description of the role |
infrastructure_iam_role_name | string | null | Name to use on IAM role created |
infrastructure_iam_role_override_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` |
infrastructure_iam_role_path | string | null | IAM role path |
infrastructure_iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the IAM role |
infrastructure_iam_role_source_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s |
infrastructure_iam_role_statements | map({...}) | null | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage |
infrastructure_iam_role_tags | map(string) | {} | A map of additional tags to add to the IAM role created |
infrastructure_iam_role_use_name_prefix | bool | true | Determines whether the IAM role name (`iam_role_name`) is used as a prefix |
node_iam_role_additional_policies | map(string) | {} | Additional policies to be added to the IAM role |
node_iam_role_description | string | "ECS Managed Instances node IAM role" | Description of the role |
node_iam_role_name | string | null | Name to use on IAM role/instance profile created |
node_iam_role_override_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` |
node_iam_role_path | string | null | IAM role/instance profile path |
node_iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the IAM role |
node_iam_role_source_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s |
node_iam_role_statements | map({...}) | null | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage |
node_iam_role_tags | map(string) | {} | A map of additional tags to add to the IAM role/instance profile created |
node_iam_role_use_name_prefix | bool | true | Determines whether the IAM role/instance profile name (`node_iam_role_name`) is used as a prefix |
region | string | null | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration |
security_group_description | string | null | Description of the security group created |
security_group_egress_rules | map({...}) | {...} | Security group egress rules to add to the security group created |
security_group_ingress_rules | map({...}) | {} | Security group ingress rules to add to the security group created |
security_group_name | string | null | Name to use on security group created |
security_group_tags | map(string) | {} | A map of additional tags to add to the security group created |
security_group_use_name_prefix | bool | true | Determines whether the security group name (`security_group_name`) is used as a prefix |
services | map({...}) | null | Map of service definitions to create |
tags | map(string) | {} | A map of tags to add to all resources |
task_exec_iam_role_description | string | null | Description of the role |
task_exec_iam_role_name | string | null | Name to use on IAM role created |
task_exec_iam_role_path | string | null | IAM role path |
task_exec_iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the IAM role |
task_exec_iam_role_policies | map(string) | {} | Map of IAM role policy ARNs to attach to the IAM role |
task_exec_iam_role_tags | map(string) | {} | A map of additional tags to add to the IAM role created |
task_exec_iam_role_use_name_prefix | bool | true | Determines whether the IAM role name (`task_exec_iam_role_name`) is used as a prefix |
task_exec_iam_statements | map({...}) | null | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage |
task_exec_secret_arns | list(string) | [] | List of SecretsManager secret ARNs the task execution role will be permitted to get/read |
task_exec_ssm_param_arns | list(string) | [] | List of SSM parameter ARNs the task execution role will be permitted to get/read |
vpc_id | string | null | The ID of the VPC where the security group will be created |