Skip to content

versionConsistency drift in container-definition moduleΒ #356

New issue
New issue
Open
Open
versionConsistency drift in container-definition module#356
Labels
question
@caiohasouza

Description

@caiohasouza
caiohasouza
opened on Oct 1, 2025

Description

When using the container-definition submodule, the variable version_consistency is always rendered into the container definition JSON, even when not wanted.
This causes drift in environments where ECS task definitions are also updated by CodePipeline (ECS Deploy action), because CodePipeline does not preserve the versionConsistency field when it registers a new revision.

As a result, terraform plan always shows a difference and forces replacement of the task definition.

If I clone the module locally and change the variable to nullable = true with default = null, then pass null, the module omits the field and the drift disappears.

I believe the module should support omitting this attribute when not explicitly set.

  • βœ‹ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

  • Cleared .terraform and reinitialized.
  • The issue persists with the latest module and provider.

Versions

  • Module version: terraform-aws-modules/ecs/aws v6.6.0
  • Terraform version: v1.12.x
  • Provider version(s): hashicorp/aws v6.14.1

Reproduction Code [Required]

module "container_definition" {
  source  = "terraform-aws-modules/ecs/aws//modules/container-definition"

  name  = "app"
  image = "nginx:latest"

  # Do not set version_consistency
}

Steps to reproduce:

  1. terraform init && terraform apply β†’ task definition created with "versionConsistency": "disabled".
  2. Run a deploy through CodePipeline with imagedefinitions.json β†’ a new revision is created without versionConsistency.
  3. terraform plan now shows a diff on container_definitions and forces replacement.

Expected behavior

  • If version_consistency is not provided, the module should omit the field entirely from the container definition JSON.
  • This avoids drift when other tools (like CodePipeline ECS Deploy action) do not include the field.

Actual behavior

  • The module always renders "versionConsistency": "disabled", even when unset.
  • This causes perpetual drift whenever CodePipeline creates a new task definition revision.

Terminal Output Screenshot(s)

  # module.ecs_service.aws_ecs_task_definition.this[0] must be replaced
+/- resource "aws_ecs_task_definition" "this" {
      ~ arn                      = "arn:aws:ecs:us-east-1:496610455293:task-definition/test-ecs:37" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:496610455293:task-definition/test-ecs" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                    name                   = "app"
                  + versionConsistency     = "disabled"
                    # (19 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "test-ecs" -> (known after apply)
      ~ revision                 = 37 -> (known after apply)
        tags                     = {
            "Name" = "test-ecs"
        }
        # (13 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Additional context

  • By patching the module locally to allow nullable = true and default = null, and omitting the value, the drift disappears.
  • Suggestion: adjust the variable definition and JSON merge logic so that versionConsistency is omitted when null, instead of always rendered.

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions