Parameterize Terraform Child Module

terraform/main.tf

@@ -19,6 +19,18 @@ provider "aws" {
 
 data "aws_caller_identity" "current" {}
 
+data "aws_efs_file_system" "input" {
+  creation_token = "${var.prefix}-input"
+}
+
+data "aws_iam_role" "job" {
+  name = "${var.prefix}-batch-job-role"
+}
+
+data "aws_iam_role" "exec" {
+  name = "${var.prefix}-ecs-exe-task-role"
+}
+
 locals {
   account_id = sensitive(data.aws_caller_identity.current.account_id)
   default_tags = length(var.default_tags) == 0 ? {
@@ -29,11 +41,16 @@ locals {
 }
 
 module "confluence-input" {
-  source      = "./modules/input"
-  api_key     = var.api_key
-  app_name    = var.app_name
+  source = "./modules/input"
+  api_key = var.api_key
+  app_name = var.app_name
   app_version = var.app_version
-  aws_region  = var.aws_region
+  aws_region = var.aws_region
+  efs_file_system_ids = {
+    input = data.aws_efs_file_system.input.file_system_id
+  }
   environment = var.environment
-  prefix      = var.prefix
-}
+  iam_execution_role_arn = data.aws_iam_role.exec.arn
+  iam_job_role_arn = data.aws_iam_role.job.arn
+  prefix = var.prefix
+}

terraform/modules/input/confluence-input.tf

@@ -1,50 +1,55 @@
 # Job Definition
 resource "aws_batch_job_definition" "generate_batch_jd_input" {
-  name                  = "${var.prefix}-input"
-  type                  = "container"
-  container_properties  = <<CONTAINER_PROPERTIES
-  {
-    "image": "${local.account_id}.dkr.ecr.us-west-2.amazonaws.com/${var.prefix}-input",
-    "executionRoleArn": "${data.aws_iam_role.exe_role.arn}",
-    "jobRoleArn": "${data.aws_iam_role.job_role.arn}",
-    "fargatePlatformConfiguration": { "platformVersion": "LATEST" },
-    "logConfiguration": {
-      "logDriver" : "awslogs",
-      "options": {
-        "awslogs-group" : "${data.aws_cloudwatch_log_group.cw_log_group.name}"
-      }
-    },
-    "resourceRequirements": [
-      {"type": "MEMORY", "value": "1024"},
-      {"type": "VCPU", "value": "0.5"}
-    ],
-    "mountPoints": [
-      {
-        "sourceVolume": "input",
-        "containerPath": "/mnt/data"
+  name = "${var.prefix}-input"
+  type = "container"
+  platform_capabilities = ["FARGATE"]
+  propagate_tags = true
+  tags = { "job_definition" : "${var.prefix}-input" }
+
+  container_properties = jsonencode({
+    image = "${local.account_id}.dkr.ecr.us-west-2.amazonaws.com/${var.prefix}-input:${var.image_tag}"
+    executionRoleArn = var.iam_execution_role_arn
+    jobRoleArn = var.iam_job_role_arn
+    fargatePlatformConfiguration = {
+      platformVersion = "LATEST"
+    }
+    logConfiguration = {
+      logDriver = "awslogs"
+      options = {
+        awslogs-group = aws_cloudwatch_log_group.cw_log_group.name
       }
-    ],
-    "volumes": [
-      {
-        "name": "input",
-        "efsVolumeConfiguration": {
-          "fileSystemId": "${data.aws_efs_file_system.aws_efs_input.file_system_id}",
-          "rootDirectory": "/"
-        }
+    }
+    resourceRequirements = [{
+      type = "MEMORY"
+      value = "1024"
+    }, {
+      type = "VCPU",
+      value = "0.5"
+    }]
+    mountPoints = [{
+      sourceVolume = "input",
+      containerPath = "/mnt/data"
+      readOnly = false
+    }]
+    volumes = [{
+      name = "input"
+      efsVolumeConfiguration = {
+        fileSystemId = var.efs_file_system_ids["input"]
+        rootDirectory = "/"
       }
-    ]
-  }
-  CONTAINER_PROPERTIES
-  platform_capabilities = ["FARGATE"]
-  propagate_tags        = true
-  tags                  = { "job_definition" : "${var.prefix}-input" }
+    }]
+  })
 }
 
 # API key parameter
 resource "aws_ssm_parameter" "hydrocron_key_parameter" {
-  name        = "${var.prefix}-hydrocron-key"
+  name = "${var.prefix}-hydrocron-key"
   description = "Hydrocron confluence API key"
-  type        = "SecureString"
-  value       = var.api_key
-  overwrite   = true
-}
+  type = "SecureString"
+  value = var.api_key
+}
+
+# Log group
+resource "aws_cloudwatch_log_group" "cw_log_group" {
+  name = "/aws/batch/job/${var.prefix}-input/"
+}

terraform/modules/input/main.tf

@@ -1,28 +1,7 @@
 # Data sources
 data "aws_caller_identity" "current" {}
 
-data "aws_cloudwatch_log_group" "cw_log_group" {
-  name = "/aws/batch/job/${var.prefix}-input/"
-}
-
-data "aws_efs_file_system" "aws_efs_input" {
-  creation_token = "${var.prefix}-input"
-}
-
-data "aws_iam_role" "job_role" {
-  name = "${var.prefix}-batch-job-role"
-}
-
-data "aws_iam_role" "exe_role" {
-  name = "${var.prefix}-ecs-exe-task-role"
-}
-
 # Local variables
 locals {
   account_id = data.aws_caller_identity.current.account_id
-  default_tags = length(var.default_tags) == 0 ? {
-    application : var.app_name,
-    environment : lower(var.environment),
-    version : var.app_version
-  } : var.default_tags
-}
+}

terraform/modules/input/variables.tf

@@ -25,11 +25,32 @@ variable "default_tags" {
   default = {}
 }
 
+variable "efs_file_system_ids" {
+  type        = map(string)
+  description = "Map of EFS file system ids to pass to the container definition"
+}
+
 variable "environment" {
   type        = string
   description = "The environment in which to deploy to"
 }
 
+variable "iam_execution_role_arn" {
+  type        = string
+  description = "The IAM ARN of the execution role"
+}
+
+variable "iam_job_role_arn" {
+  type        = string
+  description = "The IAM ARN of the job role"
+}
+
+variable "image_tag" {
+  type        = string
+  description = "The container image tag to utilize"
+  default     = "latest"
+}
+
 variable "prefix" {
   type        = string
   description = "Prefix to add to all AWS resources as a unique identifier"

terraform/variables.tf

@@ -21,8 +21,8 @@ variable "aws_region" {
 }
 
 variable "default_tags" {
-  type    = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }
 
 variable "environment" {