From 2840e58e18a25152571e7987c2436a4b021a2b68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Stru=C3=9F?=
 <31846129+applike-ss@users.noreply.github.com>
Date: Mon, 15 Apr 2024 11:35:33 +0200
Subject: [PATCH] feat: add more flexibility to naming pattern (#36)

## Description
<!--- Describe your changes in detail -->

## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->

## Breaking Changes
<!-- Does this break backwards compatibility with the current major
version? -->
<!-- If so, please provide an explanation why it is necessary. -->

## How Has This Been Tested?
- [ ] I have updated at least one of the `examples/*` to demonstrate and
validate my change(s)
- [ ] I have tested and validated these changes using one or more of the
provided `examples/*` projects
<!--- Users should start with an existing example as its written, deploy
it, then check their changes against it -->
<!--- This will highlight breaking/disruptive changes. Once you have
checked, deploy your changes to verify -->
<!--- Please describe how you tested your changes -->
- [ ] I have executed `pre-commit run -a` on my pull request
<!--- Please see
https://github.com/antonbabenko/pre-commit-terraform#how-to-install for
how to install -->
---
 README.md    |   8 +++-
 main.tf      | 130 ++++++++++++++++++++++++++++++++-------------------
 variables.tf |  13 ++++++
 3 files changed, 100 insertions(+), 51 deletions(-)

diff --git a/README.md b/README.md
index 2a2c123..2fd27e0 100644
--- a/README.md
+++ b/README.md
@@ -19,14 +19,16 @@ Terraform module which creates a redis on ecs
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_container_definition"></a> [container\_definition](#module\_container\_definition) | cloudposse/ecs-container-definition/aws | 0.61.1 |
 | <a name="module_ecs_label"></a> [ecs\_label](#module\_ecs\_label) | justtrackio/label/null | 0.26.0 |
-| <a name="module_service"></a> [service](#module\_service) | terraform-aws-modules/ecs/aws//modules/service | 5.0.1 |
+| <a name="module_service"></a> [service](#module\_service) | justtrackio/ecs-alb-service-task/aws | 1.3.0 |
 | <a name="module_this"></a> [this](#module\_this) | justtrackio/label/null | 0.26.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_log_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_service_discovery_service.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource |
 | [aws_ecs_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecs_cluster) | data source |
 | [aws_service_discovery_dns_namespace.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_discovery_dns_namespace) | data source |
@@ -39,6 +41,8 @@ Terraform module which creates a redis on ecs
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | AWS account id | `string` | `null` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region | `string` | `null` | no |
+| <a name="input_cloudwatch_log_group_enabled"></a> [cloudwatch\_log\_group\_enabled](#input\_cloudwatch\_log\_group\_enabled) | A boolean to disable cloudwatch log group creation | `bool` | `true` | no |
+| <a name="input_cloudwatch_log_retention_in_days"></a> [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | The number of days to retain logs for the log group | `number` | `1` | no |
 | <a name="input_container_cpu"></a> [container\_cpu](#input\_container\_cpu) | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container\_cpu of all containers in a task will need to be lower than the task-level cpu value | `number` | `25` | no |
 | <a name="input_container_image_repository"></a> [container\_image\_repository](#input\_container\_image\_repository) | The image repository used to start the container. Images in the Docker Hub registry available by default | `string` | `"redis"` | no |
 | <a name="input_container_image_tag"></a> [container\_image\_tag](#input\_container\_image\_tag) | The image tag used to start the container. Images in the Docker Hub registry available by default | `string` | `"7-alpine"` | no |
@@ -54,7 +58,7 @@ Terraform module which creates a redis on ecs
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
-| <a name="input_label_orders"></a> [label\_orders](#input\_label\_orders) | Overrides the `labels_order` for the different labels to modify ID elements appear in the `id` | <pre>object({<br>    ecs = optional(list(string), ["stage", "tenant", "name"])<br>  })</pre> | `{}` | no |
+| <a name="input_label_orders"></a> [label\_orders](#input\_label\_orders) | Overrides the `labels_order` for the different labels to modify ID elements appear in the `id` | <pre>object({<br>    ecs = optional(list(string), ["stage", "tenant", "name"])<br>    iam = optional(list(string)),<br>  })</pre> | `{}` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | <a name="input_launch_type"></a> [launch\_type](#input\_launch\_type) | The launch type on which to run your service. Valid values are `EC2` and `FARGATE` | `string` | `"EC2"` | no |
diff --git a/main.tf b/main.tf
index d837bad..eaf363e 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,9 @@
 locals {
+  container_definitions = "[${module.container_definition.json_map_encoded}]"
+  default_policies = [
+    "arn:aws:iam::aws:policy/CloudWatchFullAccessV2",
+    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+  ]
   service_discovery_name = var.service_discovery_name == null ? "${module.this.name}.${module.this.stage}" : var.service_discovery_name
 }
 
@@ -10,67 +15,94 @@ module "ecs_label" {
   label_order = var.label_orders.ecs
 }
 
+resource "aws_cloudwatch_log_group" "default" {
+  count = var.cloudwatch_log_group_enabled ? 1 : 0
+
+  name              = module.this.id
+  tags              = module.this.tags
+  retention_in_days = var.cloudwatch_log_retention_in_days
+}
+
+module "container_definition" {
+  source  = "cloudposse/ecs-container-definition/aws"
+  version = "0.61.1"
+
+  container_name               = var.container_name
+  container_cpu                = var.container_cpu
+  container_memory_reservation = var.container_memory_reservation
+  container_image              = "${var.container_image_repository}:${var.container_image_tag}"
+
+  port_mappings = [
+    {
+      name          = "redis"
+      containerPort = 6379
+      protocol      = "tcp"
+    }
+  ]
+
+  command = [
+    "--maxmemory ${var.redis_maxmemory}mb",
+    "--maxmemory-policy ${var.redis_maxmemory_policy}"
+  ]
+
+  log_configuration = {
+    logDriver = "awslogs"
+    options = {
+      awslogs-group  = try(aws_cloudwatch_log_group.default[0].name, ""),
+      awslogs-region = module.this.aws_region
+    }
+  }
+
+  readonly_root_filesystem = true
+}
+
+moved {
+  from = module.service.aws_ecs_service.this
+  to   = module.service.aws_ecs_service.ignore_changes_task_definition
+}
+
+moved {
+  from = module.service.aws_ecs_task_definition.this
+  to   = module.service.aws_ecs_task_definition.default
+}
+
+moved {
+  from = module.service.aws_iam_role.task_exec
+  to   = module.service.aws_iam_role.ecs_exec
+}
+
+moved {
+  from = module.service.aws_iam_role.tasks
+  to   = module.service.aws_iam_role.ecs_task
+}
+
 module "service" {
-  source  = "terraform-aws-modules/ecs/aws//modules/service"
-  version = "5.0.1"
+  source  = "justtrackio/ecs-alb-service-task/aws"
+  version = "1.3.0"
 
-  name                               = module.ecs_label.id
-  cluster_arn                        = data.aws_ecs_cluster.default.arn
-  cpu                                = null
-  memory                             = null
-  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+  container_definition_json          = local.container_definitions
   deployment_maximum_percent         = var.deployment_maximum_percent
+  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
+  desired_count                      = 1
+  ecs_cluster_arn                    = data.aws_ecs_cluster.default.arn
   launch_type                        = var.launch_type
   network_mode                       = var.network_mode
-  enable_autoscaling                 = false
-
-  security_group_use_name_prefix     = false
-  iam_role_use_name_prefix           = false
-  task_exec_iam_role_use_name_prefix = false
-  tasks_iam_role_use_name_prefix     = false
-
-  security_group_name     = module.this.id
-  iam_role_name           = module.this.id
-  task_exec_iam_role_name = "${module.this.id}-exec"
-  tasks_iam_role_name     = "${module.this.id}-task"
-
-  service_registries = {
+  service_placement_constraints      = var.service_placement_constraints
+  service_registries = [{
     registry_arn   = aws_service_discovery_service.default.arn
     container_name = var.container_name
     container_port = 6379
-  }
-
-  tags = module.this.tags
-
-  placement_constraints = length(var.service_placement_constraints) != 0 ? var.service_placement_constraints : module.this.environment == "prod" ? [{
+  }]
+  task_exec_policy_arns = local.default_policies
+  task_policy_arns      = local.default_policies
+  task_placement_constraints = length(var.service_placement_constraints) != 0 ? var.service_placement_constraints : module.this.environment == "prod" ? [{
     type       = "memberOf"
     expression = "attribute:spotinst.io/container-instance-lifecycle==od"
   }] : []
+  vpc_id = "" # not needed, but can't be omitted
 
-  container_definitions = {
-    redis = {
-      name               = var.container_name
-      cpu                = var.container_cpu
-      memory_reservation = var.container_memory_reservation
-      image              = "${var.container_image_repository}:${var.container_image_tag}"
-
-      port_mappings = [
-        {
-          name          = "redis"
-          containerPort = 6379
-          protocol      = "tcp"
-        }
-      ]
-
-      command = [
-        "--maxmemory ${var.redis_maxmemory}mb",
-        "--maxmemory-policy ${var.redis_maxmemory_policy}"
-      ]
-    }
-  }
-
-  requires_compatibilities = []
-  runtime_platform         = {}
+  label_orders = var.label_orders
+  context      = module.this.context
 }
 
 resource "aws_service_discovery_service" "default" {
diff --git a/variables.tf b/variables.tf
index 59fb2a3..58b5442 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,15 @@
+variable "cloudwatch_log_group_enabled" {
+  type        = bool
+  description = "A boolean to disable cloudwatch log group creation"
+  default     = true
+}
+
+variable "cloudwatch_log_retention_in_days" {
+  type        = number
+  description = "The number of days to retain logs for the log group"
+  default     = 1
+}
+
 variable "container_cpu" {
   type        = number
   description = "The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value"
@@ -43,6 +55,7 @@ variable "deployment_minimum_healthy_percent" {
 variable "label_orders" {
   type = object({
     ecs = optional(list(string), ["stage", "tenant", "name"])
+    iam = optional(list(string)),
   })
   default     = {}
   description = "Overrides the `labels_order` for the different labels to modify ID elements appear in the `id`"