From 7b58beb5e5db1c3524543c5273d16f754c947d29 Mon Sep 17 00:00:00 2001
From: Chip Bell <cbell@pbs.org>
Date: Thu, 20 Feb 2025 15:41:44 -0500
Subject: [PATCH 1/2] Allowing task execution policy to also be provided

---
 .terraform.lock.hcl | 1 +
 optional.tf         | 6 ++++++
 task.tf             | 3 ++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index a3f1d8e..0b76964 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/aws" {
   version     = "5.40.0"
   constraints = ">= 4.5.0, >= 5.30.0"
   hashes = [
+    "h1:KEqMoJwLw6Z9bTO4K8nPVvQQa6YiM+bvz89Sw7tNFJw=",
     "h1:mLZbhNUyXQTWQXOCoHglI10XwcvqGqvnn21juy/Jk68=",
     "zh:11f177a2385703740bd26d0652d3dba08575101d7639f386ce5637bdb0e29a13",
     "zh:203fc43e69634f1bd487a9dc24b01944dfd568beac78e491f26677d103d343ed",
diff --git a/optional.tf b/optional.tf
index 4586da2..5b7f8bc 100644
--- a/optional.tf
+++ b/optional.tf
@@ -337,6 +337,12 @@ variable "role_policy_json" {
   type        = string
 }
 
+variable "task_execution_role_policy_json" {
+  description = "IAM policy to attach to task execution role used for this task"
+  default     = null
+  type        = string
+}
+
 variable "enable_execute_command" {
   description = "Enables `ecs exec`. If null, will enable if not on prod"
   default     = null
diff --git a/task.tf b/task.tf
index b2244f8..756afd2 100644
--- a/task.tf
+++ b/task.tf
@@ -13,7 +13,8 @@ module "task" {
   mesh_name       = var.mesh_name
   virtual_gateway = var.virtual_gateway
 
-  role_policy_json = var.role_policy_json
+  role_policy_json                = var.role_policy_json
+  task_execution_role_policy_json = var.task_execution_role_policy_json
 
   service_name   = local.name
   task_family    = local.task_family

From eb98359f6a4ad65a7f4c3aab487ff7fcc84a37c9 Mon Sep 17 00:00:00 2001
From: chipbell4 <chipbell4@users.noreply.github.com>
Date: Thu, 20 Feb 2025 20:45:00 +0000
Subject: [PATCH 2/2] Running document script

---
 README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 35a6327..e44ff45 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 ### Using the Repo Source
 
 ```hcl
-github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1
+github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z
 ```
 
 ### Alternative Installation Methods
@@ -26,7 +26,7 @@ Integrate this module like so:
 
 ```hcl
 module "service" {
-  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1"
+  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
 
   # Required
   hosted_zone = "example.com"
@@ -49,7 +49,7 @@ This module will create an ECS cluster if one is not provided. If you would like
 
 ```hcl
 module "service" {
-  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=6.1.1"
+  source = "github.com/pbs/terraform-aws-ecs-service-module?ref=x.y.z"
 
   # Required
   hosted_zone = "example.com"
@@ -73,7 +73,7 @@ module "service" {
 
 If this repo is added as a subtree, then the version of the module should be close to the version shown here:
 
-`6.1.1`
+`x.y.z`
 
 Note, however that subtrees can be altered as desired within repositories.
 
@@ -271,6 +271,7 @@ Below is automatically generated documentation on this Terraform module using [t
 | <a name="input_target_group_name"></a> [target\_group\_name](#input\_target\_group\_name) | Target group name. Will default to product if not defined. | `string` | `null` | no |
 | <a name="input_target_memory_utilization"></a> [target\_memory\_utilization](#input\_target\_memory\_utilization) | Target memory utilization for scaling | `number` | `50` | no |
 | <a name="input_task_def_arn"></a> [task\_def\_arn](#input\_task\_def\_arn) | Task definition ARN. If null, task will be created with default values, except that image\_repo and image\_tag may be defined. | `string` | `null` | no |
+| <a name="input_task_execution_role_policy_json"></a> [task\_execution\_role\_policy\_json](#input\_task\_execution\_role\_policy\_json) | IAM policy to attach to task execution role used for this task | `string` | `null` | no |
 | <a name="input_task_family"></a> [task\_family](#input\_task\_family) | (optional) task family for task. This is effectively the name of the task, without qualification of revision | `string` | `null` | no |
 | <a name="input_tcp_port"></a> [tcp\_port](#input\_tcp\_port) | NLB TCP port number. Ignored for application load balancers. | `number` | `null` | no |
 | <a name="input_use_xray_sidecar"></a> [use\_xray\_sidecar](#input\_use\_xray\_sidecar) | (optional) if set to null, will use the sidecar to trace the task if envoy is used, as that automatically implements tracing configs. | `bool` | `null` | no |