feat: allow users to set security groups on scheduled tasks; (#17)

Co-authored-by: Bogdan Finn <[email protected]>
justtrackio · Mar 29, 2023 · b3cc8b2 · b3cc8b2
1 parent 6001d87
commit b3cc8b2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -84,6 +84,7 @@ Terraform module which creates a scheduled ecs task
 | <a name="input_role_tags_enabled"></a> [role\_tags\_enabled](#input\_role\_tags\_enabled) | Enable/disable tags on ECS roles | `string` | `true` | no |
 | <a name="input_runtime_platform"></a> [runtime\_platform](#input\_runtime\_platform) | Zero or one runtime platform configurations that containers in your task may use.<br>Map of strings with optional keys `operating_system_family` and `cpu_architecture`.<br>See `runtime_platform` docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform | `list(map(string))` | `[]` | no |
 | <a name="input_schedule_expression"></a> [schedule\_expression](#input\_schedule\_expression) | The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes). At least one of schedule\_expression or event\_pattern is required. Can only be used on the default event bus. | `string` | `""` | no |
+| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. | `list(string)` | `[]` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to associate with the task or service | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -313,7 +313,8 @@ resource "aws_cloudwatch_event_target" "default" {
     dynamic "network_configuration" {
       for_each = var.network_mode == "awsvpc" ? ["true"] : []
       content {
-        subnets = var.subnet_ids
+        subnets         = var.subnet_ids
+        security_groups = var.security_groups
       }
     }
     task_count          = var.task_count

diff --git a/variables.tf b/variables.tf
@@ -44,6 +44,12 @@ variable "subnet_ids" {
   default     = []
 }
 
+variable "security_groups" {
+  type        = list(string)
+  description = "The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used."
+  default     = []
+}
+
 variable "task_cpu" {
   type        = number
   description = "The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size)"
@@ -107,7 +113,9 @@ variable "cloudwatch_event_role_arn" {
 variable "cloudwatch_event_policy_arns" {
   type        = list(string)
   description = "A list of IAM Policy ARNs to attach to the generated cloudwatch event role."
-  default     = ["arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole"]
+  default = [
+    "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole"
+  ]
 }
 
 variable "runtime_platform" {