Updating dependencies

Author: jnonino

main.tf

@@ -23,42 +23,42 @@ module "container_definition" {
   container_image              = var.container_image
   container_memory             = var.container_memory
   container_memory_reservation = var.container_memory_reservation
-  # container_definition = var.container_definition
-  port_mappings     = var.port_mappings
-  healthcheck       = var.healthcheck
-  container_cpu     = var.container_cpu
-  essential         = var.essential
-  entrypoint        = var.entrypoint
-  command           = var.command
-  working_directory = var.working_directory
-  environment       = var.environment
-  # extra_hosts = var.extra_hosts
-  # map_environment = var.map_environment
-  # environment_files = var.environment_files
-  secrets                  = var.secrets
-  readonly_root_filesystem = var.readonly_root_filesystem
-  linux_parameters         = var.linux_parameters
-  log_configuration        = var.log_configuration
-  firelens_configuration   = var.firelens_configuration
-  mount_points             = var.mount_points
-  dns_servers              = var.dns_servers
-  # dns_search_domains = var.dns_search_domains
-  ulimits                = var.ulimits
-  repository_credentials = var.repository_credentials
-  volumes_from           = var.volumes_from
-  links                  = var.links
-  user                   = var.user
-  container_depends_on   = var.container_depends_on
-  docker_labels          = var.docker_labels
-  start_timeout          = var.start_timeout
-  stop_timeout           = var.stop_timeout
-  # privileged = var.
-  system_controls = var.system_controls
-  # hostname = var.hostname
-  # disable_networking = var.disable_networking
-  # interactive = var.interactive
-  # pseudo_terminal = var.pseudo_terminal
-  # docker_security_options = var.docker_security_options
+  container_definition         = var.container_definition
+  port_mappings                = var.port_mappings
+  healthcheck                  = var.healthcheck
+  container_cpu                = var.container_cpu
+  essential                    = var.essential
+  entrypoint                   = var.entrypoint
+  command                      = var.command
+  working_directory            = var.working_directory
+  environment                  = var.environment
+  extra_hosts                  = var.extra_hosts
+  map_environment              = var.map_environment
+  environment_files            = var.environment_files
+  secrets                      = var.secrets
+  readonly_root_filesystem     = var.readonly_root_filesystem
+  linux_parameters             = var.linux_parameters
+  log_configuration            = var.log_configuration
+  firelens_configuration       = var.firelens_configuration
+  mount_points                 = var.mount_points
+  dns_servers                  = var.dns_servers
+  dns_search_domains           = var.dns_search_domains
+  ulimits                      = var.ulimits
+  repository_credentials       = var.repository_credentials
+  volumes_from                 = var.volumes_from
+  links                        = var.links
+  user                         = var.user
+  container_depends_on         = var.container_depends_on
+  docker_labels                = var.docker_labels
+  start_timeout                = var.start_timeout
+  stop_timeout                 = var.stop_timeout
+  privileged                   = var.privileged
+  system_controls              = var.system_controls
+  hostname                     = var.hostname
+  disable_networking           = var.disable_networking
+  interactive                  = var.interactive
+  pseudo_terminal              = var.pseudo_terminal
+  docker_security_options      = var.docker_security_options
 }
 
 # Task Definition

variables.tf

@@ -11,25 +11,33 @@ variable "name_prefix" {
 
 
 variable "container_name" {
+  type        = string
   description = "The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed)"
 }
 
 variable "container_image" {
-  description = "The image used to start the container."
+  type        = string
+  description = "The image used to start the container. Images in the Docker Hub registry available by default"
 }
 
 variable "container_memory" {
-  # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html#fargate-task-defs
+  type        = number
   description = "(Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value"
-  default     = 8192 # 8 GB
+  default     = 4096 # 4 GB
 }
 
 variable "container_memory_reservation" {
-  # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html#fargate-task-defs
+  type        = number
   description = "(Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit"
   default     = 2048 # 2 GB
 }
 
+variable "container_definition" {
+  type        = map
+  description = "Container definition overrides which allows for extra keys or overriding existing keys."
+  default     = {}
+}
+
 variable "port_mappings" {
   description = "The port mappings to configure for the container. This is a list of maps. Each map should contain \"containerPort\", \"hostPort\", and \"protocol\", where \"protocol\" is one of \"tcp\" or \"udp\". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort"
   type = list(object({
@@ -61,61 +69,86 @@ variable "healthcheck" {
 
 variable "container_cpu" {
   # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html#fargate-task-defs
+  type        = number
   description = "(Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value"
   default     = 1024 # 1 vCPU
 }
 
 variable "essential" {
-  description = "(Optional) Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value"
   type        = bool
+  description = "Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value"
   default     = true
 }
 
 variable "entrypoint" {
-  description = "(Optional) The entry point that is passed to the container"
   type        = list(string)
+  description = "The entry point that is passed to the container"
   default     = null
 }
 
 variable "command" {
-  description = "(Optional) The command that is passed to the container"
   type        = list(string)
+  description = "The command that is passed to the container"
   default     = null
 }
 
 variable "working_directory" {
-  description = "(Optional) The working directory to run commands inside the container"
   type        = string
+  description = "The working directory to run commands inside the container"
   default     = null
 }
 
 variable "environment" {
-  description = "(Optional) The environment variables to pass to the container. This is a list of maps"
   type = list(object({
     name  = string
     value = string
   }))
-  default = []
+  description = "The environment variables to pass to the container. This is a list of maps. map_environment overrides environment"
+  default     = []
+}
+
+variable "extra_hosts" {
+  type = list(object({
+    ipAddress = string
+    hostname  = string
+  }))
+  description = "A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This is a list of maps"
+  default     = null
+}
+
+variable "map_environment" {
+  type        = map(string)
+  description = "The environment variables to pass to the container. This is a map of string: {key: value}. map_environment overrides environment"
+  default     = null
+}
+
+# https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_EnvironmentFile.html
+variable "environment_files" {
+  type = list(object({
+    value = string
+    type  = string
+  }))
+  description = "One or more files containing the environment variables to pass to the container. This maps to the --env-file option to docker run. The file must be hosted in Amazon S3. This option is only available to tasks using the EC2 launch type. This is a list of maps"
+  default     = null
 }
 
 variable "secrets" {
-  description = "(Optional) The secrets to pass to the container. This is a list of maps"
   type = list(object({
     name      = string
     valueFrom = string
   }))
-  default = null
+  description = "The secrets to pass to the container. This is a list of maps"
+  default     = null
 }
 
 variable "readonly_root_filesystem" {
-  description = "(Optional) Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value"
   type        = bool
+  description = "Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value"
   default     = false
 }
 
 # https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html
 variable "linux_parameters" {
-  description = "Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html"
   type = object({
     capabilities = object({
       add  = list(string)
@@ -136,115 +169,149 @@ variable "linux_parameters" {
       size          = number
     }))
   })
-
-  default = null
+  description = "Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html"
+  default     = null
 }
 
 # https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html
 variable "log_configuration" {
-  description = "(Optional) Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html"
-  type = object({
-    logDriver = string
-    options   = map(string)
-    secretOptions = list(object({
-      name      = string
-      valueFrom = string
-    }))
-  })
-  default = null
+  type        = any
+  description = "Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html"
+  default     = null
 }
 
 # https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html
 variable "firelens_configuration" {
-  description = "(Optional) The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html"
   type = object({
     type    = string
     options = map(string)
   })
-  default = null
+  description = "The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html"
+  default     = null
 }
 
 variable "mount_points" {
-  description = "(Optional) Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`"
-  type = list(object({
-    containerPath = string
-    sourceVolume  = string
-  }))
-  default = []
+  type = list
+
+  description = "Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional."
+  default     = []
 }
 
 variable "dns_servers" {
   type        = list(string)
-  description = "(Optional) Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers"
+  description = "Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers"
+  default     = null
+}
+
+variable "dns_search_domains" {
+  type        = list(string)
+  description = "Container DNS search domains. A list of DNS search domains that are presented to the container"
   default     = null
 }
 
 variable "ulimits" {
-  description = "(Optional) Container ulimit settings. This is a list of maps, where each map should contain \"name\", \"hardLimit\" and \"softLimit\""
   type = list(object({
     name      = string
     hardLimit = number
     softLimit = number
   }))
-  default = null
+  description = "Container ulimit settings. This is a list of maps, where each map should contain \"name\", \"hardLimit\" and \"softLimit\""
+  default     = null
 }
 
 variable "repository_credentials" {
-  description = "(Optional) Container repository credentials; required when using a private repo.  This map currently supports a single key; \"credentialsParameter\", which should be the ARN of a Secrets Manager's secret holding the credentials"
   type        = map(string)
+  description = "Container repository credentials; required when using a private repo.  This map currently supports a single key; \"credentialsParameter\", which should be the ARN of a Secrets Manager's secret holding the credentials"
   default     = null
 }
 
 variable "volumes_from" {
-  description = "(Optional) A list of VolumesFrom maps which contain \"sourceContainer\" (name of the container that has the volumes to mount) and \"readOnly\" (whether the container can write to the volume)"
   type = list(object({
     sourceContainer = string
     readOnly        = bool
   }))
-  default = null
+  description = "A list of VolumesFrom maps which contain \"sourceContainer\" (name of the container that has the volumes to mount) and \"readOnly\" (whether the container can write to the volume)"
+  default     = []
 }
 
 variable "links" {
-  description = "(Optional) List of container names this container can communicate with without port mappings"
   type        = list(string)
+  description = "List of container names this container can communicate with without port mappings"
   default     = null
 }
 
 variable "user" {
-  description = "(Optional) The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group"
   type        = string
+  description = "The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set."
   default     = null
 }
 
 variable "container_depends_on" {
-  description = "(Optional) The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed"
   type = list(object({
     containerName = string
     condition     = string
   }))
-  default = null
+  description = "The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. The condition can be one of START, COMPLETE, SUCCESS or HEALTHY"
+  default     = null
 }
 
 variable "docker_labels" {
-  description = "(Optional) The configuration options to send to the `docker_labels`"
   type        = map(string)
+  description = "The configuration options to send to the `docker_labels`"
   default     = null
 }
 
 variable "start_timeout" {
-  description = "(Optional) Time duration (in seconds) to wait before giving up on resolving dependencies for a container."
-  default     = 30
+  type        = number
+  description = "Time duration (in seconds) to wait before giving up on resolving dependencies for a container"
+  default     = null
 }
 
 variable "stop_timeout" {
-  description = "(Optional) Timeout in seconds between sending SIGTERM and SIGKILL to container"
   type        = number
-  default     = 30
+  description = "Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own"
+  default     = null
+}
+
+variable "privileged" {
+  type        = bool
+  description = "When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type."
+  default     = null
 }
 
 variable "system_controls" {
-  description = "(Optional) A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = \"\", value = \"\"}"
   type        = list(map(string))
+  description = "A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = \"\", value = \"\"}"
+  default     = null
+}
+
+variable "hostname" {
+  type        = string
+  description = "The hostname to use for your container."
+  default     = null
+}
+
+variable "disable_networking" {
+  type        = bool
+  description = "When this parameter is true, networking is disabled within the container."
+  default     = null
+}
+
+variable "interactive" {
+  type        = bool
+  description = "When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated."
+  default     = null
+}
+
+variable "pseudo_terminal" {
+  type        = bool
+  description = "When this parameter is true, a TTY is allocated. "
+  default     = null
+}
+
+variable "docker_security_options" {
+  type        = list(string)
+  description = "A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems."
   default     = null
 }