diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index a3f1d8e..0b76964 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/aws" {
version = "5.40.0"
constraints = ">= 4.5.0, >= 5.30.0"
hashes = [
+ "h1:KEqMoJwLw6Z9bTO4K8nPVvQQa6YiM+bvz89Sw7tNFJw=",
"h1:mLZbhNUyXQTWQXOCoHglI10XwcvqGqvnn21juy/Jk68=",
"zh:11f177a2385703740bd26d0652d3dba08575101d7639f386ce5637bdb0e29a13",
"zh:203fc43e69634f1bd487a9dc24b01944dfd568beac78e491f26677d103d343ed",
diff --git a/README.md b/README.md
index 35a6327..e44ff45 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
### Using the Repo Source
```hcl
-github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1
+github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z
```
### Alternative Installation Methods
@@ -26,7 +26,7 @@ Integrate this module like so:
```hcl
module "service" {
- source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1"
+ source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
# Required
hosted_zone = "example.com"
@@ -49,7 +49,7 @@ This module will create an ECS cluster if one is not provided. If you would like
```hcl
module "service" {
- source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1"
+ source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
# Required
hosted_zone = "example.com"
@@ -73,7 +73,7 @@ module "service" {
If this repo is added as a subtree, then the version of the module should be close to the version shown here:
-`6.1.1`
+`x.y.z`
Note, however that subtrees can be altered as desired within repositories.
@@ -271,6 +271,7 @@ Below is automatically generated documentation on this Terraform module using [t
| [target\_group\_name](#input\_target\_group\_name) | Target group name. Will default to product if not defined. | `string` | `null` | no |
| [target\_memory\_utilization](#input\_target\_memory\_utilization) | Target memory utilization for scaling | `number` | `50` | no |
| [task\_def\_arn](#input\_task\_def\_arn) | Task definition ARN. If null, task will be created with default values, except that image\_repo and image\_tag may be defined. | `string` | `null` | no |
+| [task\_execution\_role\_policy\_json](#input\_task\_execution\_role\_policy\_json) | IAM policy to attach to task execution role used for this task | `string` | `null` | no |
| [task\_family](#input\_task\_family) | (optional) task family for task. This is effectively the name of the task, without qualification of revision | `string` | `null` | no |
| [tcp\_port](#input\_tcp\_port) | NLB TCP port number. Ignored for application load balancers. | `number` | `null` | no |
| [use\_xray\_sidecar](#input\_use\_xray\_sidecar) | (optional) if set to null, will use the sidecar to trace the task if envoy is used, as that automatically implements tracing configs. | `bool` | `null` | no |
diff --git a/optional.tf b/optional.tf
index 4586da2..5b7f8bc 100644
--- a/optional.tf
+++ b/optional.tf
@@ -337,6 +337,12 @@ variable "role_policy_json" {
type = string
}
+variable "task_execution_role_policy_json" {
+ description = "IAM policy to attach to task execution role used for this task"
+ default = null
+ type = string
+}
+
variable "enable_execute_command" {
description = "Enables `ecs exec`. If null, will enable if not on prod"
default = null
diff --git a/task.tf b/task.tf
index b2244f8..756afd2 100644
--- a/task.tf
+++ b/task.tf
@@ -13,7 +13,8 @@ module "task" {
mesh_name = var.mesh_name
virtual_gateway = var.virtual_gateway
- role_policy_json = var.role_policy_json
+ role_policy_json = var.role_policy_json
+ task_execution_role_policy_json = var.task_execution_role_policy_json
service_name = local.name
task_family = local.task_family