feat: add managed storage configuration support to ECS cluster module

Author: haru-mamburu

README.md

@@ -197,6 +197,7 @@ No resources.
 | <a name="input_create_task_exec_policy"></a> [create\_task\_exec\_policy](#input\_create\_task\_exec\_policy) | Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters | `bool` | `true` | no |
 | <a name="input_default_capacity_provider_use_fargate"></a> [default\_capacity\_provider\_use\_fargate](#input\_default\_capacity\_provider\_use\_fargate) | Determines whether to use Fargate or autoscaling for default capacity provider strategy | `bool` | `true` | no |
 | <a name="input_fargate_capacity_providers"></a> [fargate\_capacity\_providers](#input\_fargate\_capacity\_providers) | Map of Fargate capacity provider definitions to use for the cluster | `any` | `{}` | no |
+| <a name="input_managed_storage_configuration"></a> [managed\_storage\_configuration](#input\_managed\_storage\_configuration) | Configuration for the managed storage | `any` | `{}` | no |
 | <a name="input_services"></a> [services](#input\_services) | Map of service definitions to create | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_task_exec_iam_role_description"></a> [task\_exec\_iam\_role\_description](#input\_task\_exec\_iam\_role\_description) | Description of the role | `string` | `null` | no |

main.tf

@@ -12,7 +12,7 @@ module "cluster" {
   cluster_configuration            = var.cluster_configuration
   cluster_settings                 = var.cluster_settings
   cluster_service_connect_defaults = var.cluster_service_connect_defaults
-
+  managed_storage_configuration    = var.managed_storage_configuration
   # Cluster Cloudwatch log group
   create_cloudwatch_log_group            = var.create_cloudwatch_log_group
   cloudwatch_log_group_name              = var.cloudwatch_log_group_name

modules/cluster/README.md

@@ -181,6 +181,7 @@ No modules.
 | <a name="input_create_task_exec_policy"></a> [create\_task\_exec\_policy](#input\_create\_task\_exec\_policy) | Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters | `bool` | `true` | no |
 | <a name="input_default_capacity_provider_use_fargate"></a> [default\_capacity\_provider\_use\_fargate](#input\_default\_capacity\_provider\_use\_fargate) | Determines whether to use Fargate or autoscaling for default capacity provider strategy | `bool` | `true` | no |
 | <a name="input_fargate_capacity_providers"></a> [fargate\_capacity\_providers](#input\_fargate\_capacity\_providers) | Map of Fargate capacity provider definitions to use for the cluster | `any` | `{}` | no |
+| <a name="input_managed_storage_configuration"></a> [managed\_storage\_configuration](#input\_managed\_storage\_configuration) | Configuration for the managed storage | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_task_exec_iam_role_description"></a> [task\_exec\_iam\_role\_description](#input\_task\_exec\_iam\_role\_description) | Description of the role | `string` | `null` | no |
 | <a name="input_task_exec_iam_role_name"></a> [task\_exec\_iam\_role\_name](#input\_task\_exec\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |

modules/cluster/main.tf

@@ -40,6 +40,15 @@ resource "aws_ecs_cluster" "this" {
           }
         }
       }
+
+      dynamic "managed_storage_configuration" {
+        for_each = try([var.managed_storage_configuration], [])
+
+        content {
+          fargate_ephemeral_storage_kms_key_id = try(managed_storage_configuration.value.fargate_ephemeral_storage_kms_key_id, null)
+          kms_key_id                           = try(managed_storage_configuration.value.kms_key_id, null)
+        }
+      }
     }
   }
 
@@ -67,6 +76,15 @@ resource "aws_ecs_cluster" "this" {
           }
         }
       }
+
+      dynamic "managed_storage_configuration" {
+        for_each = try([var.managed_storage_configuration], [])
+
+        content {
+          fargate_ephemeral_storage_kms_key_id = try(managed_storage_configuration.value.fargate_ephemeral_storage_kms_key_id, null)
+          kms_key_id                           = try(managed_storage_configuration.value.kms_key_id, null)
+        }
+      }
     }
   }
 

modules/cluster/variables.tf

@@ -43,6 +43,12 @@ variable "cluster_service_connect_defaults" {
   default     = {}
 }
 
+variable "managed_storage_configuration" {
+  description = "Configuration for the managed storage"
+  type        = any
+  default     = {}
+}
+
 ################################################################################
 # CloudWatch Log Group
 ################################################################################

variables.tf

@@ -49,6 +49,12 @@ variable "cluster_tags" {
   default     = {}
 }
 
+variable "managed_storage_configuration" {
+  description = "Configuration for the managed storage"
+  type        = any
+  default     = {}
+}
+
 ################################################################################
 # CloudWatch Log Group
 ################################################################################

wrappers/cluster/main.tf

@@ -23,6 +23,7 @@ module "wrapper" {
   create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
   default_capacity_provider_use_fargate   = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
   fargate_capacity_providers              = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
+  managed_storage_configuration           = try(each.value.managed_storage_configuration, var.defaults.managed_storage_configuration, {})
   tags                                    = try(each.value.tags, var.defaults.tags, {})
   task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
   task_exec_iam_role_name                 = try(each.value.task_exec_iam_role_name, var.defaults.task_exec_iam_role_name, null)

wrappers/main.tf

@@ -24,6 +24,7 @@ module "wrapper" {
   create_task_exec_policy                 = try(each.value.create_task_exec_policy, var.defaults.create_task_exec_policy, true)
   default_capacity_provider_use_fargate   = try(each.value.default_capacity_provider_use_fargate, var.defaults.default_capacity_provider_use_fargate, true)
   fargate_capacity_providers              = try(each.value.fargate_capacity_providers, var.defaults.fargate_capacity_providers, {})
+  managed_storage_configuration           = try(each.value.managed_storage_configuration, var.defaults.managed_storage_configuration, {})
   services                                = try(each.value.services, var.defaults.services, {})
   tags                                    = try(each.value.tags, var.defaults.tags, {})
   task_exec_iam_role_description          = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)