AWS: ECS Task Execution Role and ECR repository URL output (#25)

aws/ecr-repo/outputs.tf

@@ -3,6 +3,11 @@ output "ecr_repo_arn" {
   description = "The ARN of the ECR repository"
 }
 
+output "ecr_repo_url" {
+  value       = aws_ecr_repository.main.repository_url
+  description = "The URL of the ECR repository"
+}
+
 output "iam_policy_read_only" {
   value       = aws_iam_policy.read_only.arn
   description = "The ARN of the read-only IAM policy"

aws/ecs-task-execution-role/main.tf

@@ -0,0 +1,23 @@
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "main" {
+  name               = var.name
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+  tags               = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "main" {
+  count = length(var.policies)
+
+  role       = aws_iam_role.main.name
+  policy_arn = var.policies[count.index]
+}

aws/ecs-task-execution-role/outputs.tf

@@ -0,0 +1,3 @@
+output "role_arn" {
+  value = aws_iam_role.main.arn
+}

aws/ecs-task-execution-role/variables.tf

@@ -0,0 +1,20 @@
+variable "name" {
+  type        = string
+  description = "The name of the IAM Role to create"
+  nullable    = false
+}
+
+variable "policies" {
+  type        = list(string)
+  description = "The ARNs of the IAM Policies to attach to the IAM role"
+  default = [
+    "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+  ]
+}
+
+
+variable "tags" {
+  type        = map(string)
+  description = "Tags of the IAM Role to create"
+  default     = {}
+}