every resource should be turned off

Author: ivankatliarchuk

README.md

@@ -177,6 +177,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | ECS Cluster ARN. | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | ECS Cluster name. | `string` | n/a | yes |
+| <a name="input_create"></a> [create](#input\_create) | Controls if resources should be created (affects nearly all resources) | `bool` | `true` | no |
 | <a name="input_iam"></a> [iam](#input\_iam) | IAM actions and resource permissions. | `any` | `{}` | no |
 | <a name="input_lb"></a> [lb](#input\_lb) | The Load Balancer configuration for the service. A health block containing health check settings for the ALB target groups. See https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#health_check for defaults. | `any` | `{}` | no |
 | <a name="input_log_configuration"></a> [log\_configuration](#input\_log\_configuration) | The log configuration for the service. | `any` | `{}` | no |

ecs.tf

@@ -1,5 +1,5 @@
 resource "aws_ecs_task_definition" "this" {
-  count = try(var.service.create, false) ? 1 : 0
+  count = var.create && try(var.service.create, false) ? 1 : 0
 
   family                   = try(var.service.family, format("%s-task", var.name_prefix))
   network_mode             = try(var.service.network_mode, local.defaults.network_mode)
@@ -16,7 +16,7 @@ resource "aws_ecs_task_definition" "this" {
 }
 
 resource "aws_ecs_service" "this" {
-  count = try(var.service.create, false) ? 1 : 0
+  count = var.create && try(var.service.create, false) ? 1 : 0
 
   name                               = local.service_name
   cluster                            = local.cluster_id

iam.tf

@@ -2,7 +2,7 @@
 # IAM Actions
 ################################################################################
 resource "aws_iam_role" "task_execution_role" {
-  count = try(var.iam.create, false) ? 1 : 0
+  count = var.create && try(var.iam.create, false) ? 1 : 0
   name  = format("%s-ecs-task-execution-role", var.name_prefix)
   tags  = var.tags
 
@@ -24,13 +24,13 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "task_execution_role_policy_attachment" {
-  for_each   = { for k, v in local.iam_role_policies : k => v if var.iam.create }
+  for_each   = { for k, v in local.iam_role_policies : k => v if var.create && var.iam.create }
   role       = aws_iam_role.task_execution_role[0].id
   policy_arn = each.value
 }
 
 resource "aws_iam_role" "task_role" {
-  count = try(var.iam.create, false) ? 1 : 0
+  count = var.create && try(var.iam.create, false) ? 1 : 0
   name  = format("%s-ecs-task-role", var.name_prefix)
   tags  = var.tags
 
@@ -53,7 +53,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "task_additional_policies_attach" {
-  for_each = { for k, v in var.iam.additional_policies : k => v if var.iam.create }
+  for_each = { for k, v in var.iam.additional_policies : k => v if var.create && var.iam.create }
 
   name   = format("%s-%s-ecs-task-service-permissions", var.name_prefix, each.key)
   role   = aws_iam_role.task_role[0].name
@@ -64,14 +64,14 @@ resource "aws_iam_role_policy" "task_additional_policies_attach" {
 # ECS Autoscaling
 ################################################################################
 resource "aws_iam_role" "autoscaling" {
-  count = try(var.scaling.create, false) && try(var.scaling.create_iam_role, false) ? 1 : 0
+  count = var.create && try(var.scaling.create, false) && try(var.scaling.create_iam_role, false) ? 1 : 0
 
   name               = format("%s-appautoscaling-role", local.service_name)
   assume_role_policy = file("${path.module}/templates/autoscaling-role.json")
 }
 
 resource "aws_iam_role_policy" "autoscaling" {
-  count = try(var.scaling.create, false) && try(var.scaling.create_iam_role, false) ? 1 : 0
+  count = var.create && try(var.scaling.create, false) && try(var.scaling.create_iam_role, false) ? 1 : 0
 
   name   = format("%s-appautoscaling-policy", local.service_name)
   policy = file("${path.module}/templates/autoscaling-policy.json")

lb.tf

@@ -9,7 +9,7 @@ resource "random_string" "tg" {
 }
 
 resource "aws_lb_target_group" "this" {
-  count = try(var.lb.create, false) ? 1 : 0
+  count = var.create && try(var.lb.create, false) ? 1 : 0
   # "name" cannot be longer than 32 characters
   name        = substr(format("%s-%s-tg-ecs", var.name_prefix, random_string.tg.id), 0, 32)
   port        = var.lb.port
@@ -46,7 +46,7 @@ resource "aws_lb_target_group" "this" {
 }
 
 resource "aws_lb_listener_rule" "this" {
-  count = try(var.lb.create, false) ? 1 : 0
+  count = var.create && try(var.lb.create, false) ? 1 : 0
 
   listener_arn = var.lb.listener_arn
   priority     = var.lb.priority

scaling.tf

@@ -1,5 +1,5 @@
 resource "aws_appautoscaling_target" "this" {
-  count = try(var.scaling.create, false) ? 1 : 0
+  count = var.create && try(var.scaling.create, false) ? 1 : 0
 
   resource_id        = format("service/%s/%s", local.cluster_name, local.service_name)
   min_capacity       = var.scaling.min_capacity
@@ -12,7 +12,7 @@ resource "aws_appautoscaling_target" "this" {
 }
 
 resource "aws_appautoscaling_policy" "ecs_cpu_policy" {
-  count = try(var.scaling.create, false) ? 1 : 0
+  count = var.create && try(var.scaling.create, false) ? 1 : 0
 
   name               = format("%s-%s-cpu-autoscaling", local.cluster_name, local.service_name)
   policy_type        = "TargetTrackingScaling"

service-discovery.tf

@@ -1,5 +1,5 @@
 resource "aws_service_discovery_service" "this" {
-  count = try(var.sds.create, false) ? 1 : 0
+  count = var.create && try(var.sds.create, false) ? 1 : 0
 
   name        = var.name
   description = format("Service Discovery Service for --%s--.", var.name)

sg.tf

@@ -1,5 +1,5 @@
 resource "aws_security_group" "this" {
-  count = try(var.sg.create, false) ? 1 : 0
+  count = var.create && try(var.sg.create, false) ? 1 : 0
 
   name        = format("%s-sg-task", var.name_prefix)
   vpc_id      = var.vpc_id
@@ -11,7 +11,7 @@ resource "aws_security_group" "this" {
 }
 
 resource "aws_security_group_rule" "cluster" {
-  for_each = { for k, v in var.sg.group_rules : k => v if var.sg.create }
+  for_each = { for k, v in var.sg.group_rules : k => v if var.create && var.sg.create }
 
   # Required
   security_group_id = aws_security_group.this[0].id

telemetry.tf

@@ -1,6 +1,7 @@
 resource "aws_cloudwatch_log_group" "this" {
 
-  for_each = var.log_configuration.log_group_names
+  for_each = { for k, v in var.service.container_definitions : k => v.logConfiguration
+  if var.create && v.logConfiguration.logDriver == "awslogs" }
 
   name              = each.value.options.awslogs-group
   retention_in_days = try(var.log_configuration.retention_in_days, local.defaults.retention_in_days)

vars.tf

@@ -1,3 +1,9 @@
+variable "create" {
+  description = "Controls if resources should be created (affects nearly all resources)"
+  type        = bool
+  default     = true
+}
+
 variable "name" {
   description = "Resource names that do not require prefix"
   type        = string