Skip to content

fix: Update linuxParameters conditional and defaults #330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

fix: Update linuxParameters conditional and defaults #330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cffde5a
update linuxParameters conditional and defaults
magreenbaum Aug 2, 2025
d79f52b
terraform fmt
magreenbaum Aug 3, 2025
8bdb945
pre-commit
magreenbaum Aug 3, 2025
8b045fb
Merge branch 'master' into fix/initProcessEnabled_conditional
magreenbaum Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/container-definition/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ No modules.
| <a name="input_image"></a> [image](#input\_image) | The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either `repository-url/image:tag` or `repository-url/image@digest` | `string` | `null` | no |
| <a name="input_interactive"></a> [interactive](#input\_interactive) | When this parameter is `true`, you can deploy containerized applications that require `stdin` or a `tty` to be allocated | `bool` | `false` | no |
| <a name="input_links"></a> [links](#input\_links) | The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is `bridge` | `list(string)` | `null` | no |
| <a name="input_linuxParameters"></a> [linuxParameters](#input\_linuxParameters) | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html) | <pre>object({<br/> capabilities = optional(object({<br/> add = optional(list(string))<br/> drop = optional(list(string))<br/> }))<br/> devices = optional(list(object({<br/> containerPath = optional(string)<br/> hostPath = optional(string)<br/> permissions = optional(list(string))<br/> })))<br/> initProcessEnabled = optional(bool, false)<br/> maxSwap = optional(number)<br/> sharedMemorySize = optional(number)<br/> swappiness = optional(number)<br/> tmpfs = optional(list(object({<br/> containerPath = string<br/> mountOptions = optional(list(string))<br/> size = number<br/> })))<br/> })</pre> | <pre>{<br/> "initProcessEnabled": false<br/>}</pre> | no |
| <a name="input_linuxParameters"></a> [linuxParameters](#input\_linuxParameters) | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more information see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html) | <pre>object({<br/> capabilities = optional(object({<br/> add = optional(list(string))<br/> drop = optional(list(string))<br/> }))<br/> devices = optional(list(object({<br/> containerPath = optional(string)<br/> hostPath = optional(string)<br/> permissions = optional(list(string))<br/> })))<br/> initProcessEnabled = optional(bool)<br/> maxSwap = optional(number)<br/> sharedMemorySize = optional(number)<br/> swappiness = optional(number)<br/> tmpfs = optional(list(object({<br/> containerPath = string<br/> mountOptions = optional(list(string))<br/> size = number<br/> })))<br/> })</pre> | `{}` | no |
| <a name="input_logConfiguration"></a> [logConfiguration](#input\_logConfiguration) | The log configuration for the container. For more information see [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) | <pre>object({<br/> logDriver = optional(string)<br/> options = optional(map(string))<br/> secretOptions = optional(list(object({<br/> name = string<br/> valueFrom = string<br/> })))<br/> })</pre> | `{}` | no |
| <a name="input_memory"></a> [memory](#input\_memory) | The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task `memory` value, if one is specified | `number` | `null` | no |
| <a name="input_memoryReservation"></a> [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the `memory` parameter (if applicable), or all of the available memory on the container instance | `number` | `null` | no |
Expand Down
8 changes: 6 additions & 2 deletions modules/container-definition/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,12 @@ locals {
{ for k, v in var.logConfiguration : k => v if v != null }
)

base_linux_parameters = {
for k, v in var.linuxParameters : k => v if v != null
}

# tflint-ignore: terraform_naming_convention
linuxParameters = var.enable_execute_command ? merge({ "initProcessEnabled" : true }, var.linuxParameters) : merge({ "initProcessEnabled" : false }, var.linuxParameters)
linuxParameters = var.enable_execute_command ? merge({ "initProcessEnabled" : true }, local.base_linux_parameters) : merge({ "initProcessEnabled" : false }, local.base_linux_parameters)

definition = {
command = var.command
Expand All @@ -46,7 +50,7 @@ locals {
image = var.image
interactive = var.interactive
links = local.is_not_windows ? var.links : null
linuxParameters = local.is_not_windows ? { for k, v in local.linuxParameters : k => v if v != null } : null
linuxParameters = local.is_not_windows ? local.linuxParameters : null
logConfiguration = length(local.logConfiguration) > 0 ? local.logConfiguration : null
memory = var.memory
memoryReservation = var.memoryReservation
Expand Down
6 changes: 2 additions & 4 deletions modules/container-definition/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ variable "linuxParameters" {
hostPath = optional(string)
permissions = optional(list(string))
})))
initProcessEnabled = optional(bool, false)
initProcessEnabled = optional(bool)
maxSwap = optional(number)
sharedMemorySize = optional(number)
swappiness = optional(number)
Expand All @@ -194,9 +194,7 @@ variable "linuxParameters" {
size = number
})))
})
default = {
initProcessEnabled = false
}
default = {}
}

# tflint-ignore: terraform_naming_convention
Expand Down
2 changes: 1 addition & 1 deletion modules/service/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ module "ecs_service" {
| <a name="input_availability_zone_rebalancing"></a> [availability\_zone\_rebalancing](#input\_availability\_zone\_rebalancing) | ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`. Defaults to `DISABLED` | `string` | `null` | no |
| <a name="input_capacity_provider_strategy"></a> [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more | <pre>map(object({<br/> base = optional(number)<br/> capacity_provider = string<br/> weight = optional(number)<br/> }))</pre> | `null` | no |
| <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ARN of the ECS cluster where the resources will be provisioned | `string` | `""` | no |
| <a name="input_container_definitions"></a> [container\_definitions](#input\_container\_definitions) | A map of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). Please note that you should only provide values that are part of the container definition document | <pre>map(object({<br/> create = optional(bool, true)<br/> operating_system_family = optional(string, "LINUX")<br/> tags = optional(map(string), {})<br/><br/> # Container definition<br/> command = optional(list(string))<br/> cpu = optional(number)<br/> dependsOn = optional(list(object({<br/> condition = string<br/> containerName = string<br/> })))<br/> disableNetworking = optional(bool)<br/> dnsSearchDomains = optional(list(string))<br/> dnsServers = optional(list(string))<br/> dockerLabels = optional(map(string))<br/> dockerSecurityOptions = optional(list(string))<br/> # enable_execute_command = optional(bool, false) Set in standalone variable<br/> entrypoint = optional(list(string))<br/> environment = optional(list(object({<br/> name = string<br/> value = string<br/> })), [])<br/> environmentFiles = optional(list(object({<br/> type = string<br/> value = string<br/> })))<br/> essential = optional(bool)<br/> extraHosts = optional(list(object({<br/> hostname = string<br/> ipAddress = string<br/> })))<br/> firelensConfiguration = optional(object({<br/> options = optional(map(string))<br/> type = optional(string)<br/> }))<br/> healthCheck = optional(object({<br/> command = optional(list(string), [])<br/> interval = optional(number, 30)<br/> retries = optional(number, 3)<br/> startPeriod = optional(number)<br/> timeout = optional(number, 5)<br/> }))<br/> hostname = optional(string)<br/> image = optional(string)<br/> interactive = optional(bool, false)<br/> links = optional(list(string))<br/> linuxParameters = optional(object({<br/> capabilities = optional(object({<br/> add = optional(list(string))<br/> drop = optional(list(string))<br/> }))<br/> devices = optional(list(object({<br/> containerPath = optional(string)<br/> hostPath = optional(string)<br/> permissions = optional(list(string))<br/> })))<br/> initProcessEnabled = optional(bool, false)<br/> maxSwap = optional(number)<br/> sharedMemorySize = optional(number)<br/> swappiness = optional(number)<br/> tmpfs = optional(list(object({<br/> containerPath = string<br/> mountOptions = optional(list(string))<br/> size = number<br/> })))<br/> }),<br/> # Default<br/> {<br/> initProcessEnabled = false<br/> }<br/> )<br/> logConfiguration = optional(object({<br/> logDriver = optional(string)<br/> options = optional(map(string))<br/> secretOptions = optional(list(object({<br/> name = string<br/> valueFrom = string<br/> })))<br/> }), {})<br/> memory = optional(number)<br/> memoryReservation = optional(number)<br/> mountPoints = optional(list(object({<br/> containerPath = optional(string)<br/> readOnly = optional(bool)<br/> sourceVolume = optional(string)<br/> })), [])<br/> name = optional(string)<br/> portMappings = optional(list(object({<br/> appProtocol = optional(string)<br/> containerPort = optional(number)<br/> containerPortRange = optional(string)<br/> hostPort = optional(number)<br/> name = optional(string)<br/> protocol = optional(string)<br/> })))<br/> privileged = optional(bool, false)<br/> pseudoTerminal = optional(bool, false)<br/> readonlyRootFilesystem = optional(bool, true)<br/> repositoryCredentials = optional(object({<br/> credentialsParameter = optional(string)<br/> }))<br/> resourceRequirements = optional(list(object({<br/> type = string<br/> value = string<br/> })))<br/> restartPolicy = optional(object({<br/> enabled = optional(bool, true)<br/> ignoredExitCodes = optional(list(number))<br/> restartAttemptPeriod = optional(number)<br/> }),<br/> # Default<br/> {<br/> enabled = true<br/> }<br/> )<br/> secrets = optional(list(object({<br/> name = string<br/> valueFrom = string<br/> })))<br/> startTimeout = optional(number, 30)<br/> stopTimeout = optional(number, 120)<br/> systemControls = optional(list(object({<br/> namespace = optional(string)<br/> value = optional(string)<br/> })), [])<br/> ulimits = optional(list(object({<br/> hardLimit = number<br/> name = string<br/> softLimit = number<br/> })))<br/> user = optional(string)<br/> versionConsistency = optional(string, "disabled")<br/> volumesFrom = optional(list(object({<br/> readOnly = optional(bool)<br/> sourceContainer = optional(string)<br/> })), [])<br/> workingDirectory = optional(string)<br/><br/> # Cloudwatch Log Group<br/> service = optional(string, "")<br/> enable_cloudwatch_logging = optional(bool, true)<br/> create_cloudwatch_log_group = optional(bool, true)<br/> cloudwatch_log_group_name = optional(string)<br/> cloudwatch_log_group_use_name_prefix = optional(bool, false)<br/> cloudwatch_log_group_class = optional(string)<br/> cloudwatch_log_group_retention_in_days = optional(number, 14)<br/> cloudwatch_log_group_kms_key_id = optional(string)<br/> }))</pre> | `{}` | no |
| <a name="input_container_definitions"></a> [container\_definitions](#input\_container\_definitions) | A map of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). Please note that you should only provide values that are part of the container definition document | <pre>map(object({<br/> create = optional(bool, true)<br/> operating_system_family = optional(string, "LINUX")<br/> tags = optional(map(string), {})<br/><br/> # Container definition<br/> command = optional(list(string))<br/> cpu = optional(number)<br/> dependsOn = optional(list(object({<br/> condition = string<br/> containerName = string<br/> })))<br/> disableNetworking = optional(bool)<br/> dnsSearchDomains = optional(list(string))<br/> dnsServers = optional(list(string))<br/> dockerLabels = optional(map(string))<br/> dockerSecurityOptions = optional(list(string))<br/> # enable_execute_command = optional(bool, false) Set in standalone variable<br/> entrypoint = optional(list(string))<br/> environment = optional(list(object({<br/> name = string<br/> value = string<br/> })), [])<br/> environmentFiles = optional(list(object({<br/> type = string<br/> value = string<br/> })))<br/> essential = optional(bool)<br/> extraHosts = optional(list(object({<br/> hostname = string<br/> ipAddress = string<br/> })))<br/> firelensConfiguration = optional(object({<br/> options = optional(map(string))<br/> type = optional(string)<br/> }))<br/> healthCheck = optional(object({<br/> command = optional(list(string), [])<br/> interval = optional(number, 30)<br/> retries = optional(number, 3)<br/> startPeriod = optional(number)<br/> timeout = optional(number, 5)<br/> }))<br/> hostname = optional(string)<br/> image = optional(string)<br/> interactive = optional(bool, false)<br/> links = optional(list(string))<br/> linuxParameters = optional(object({<br/> capabilities = optional(object({<br/> add = optional(list(string))<br/> drop = optional(list(string))<br/> }))<br/> devices = optional(list(object({<br/> containerPath = optional(string)<br/> hostPath = optional(string)<br/> permissions = optional(list(string))<br/> })))<br/> initProcessEnabled = optional(bool)<br/> maxSwap = optional(number)<br/> sharedMemorySize = optional(number)<br/> swappiness = optional(number)<br/> tmpfs = optional(list(object({<br/> containerPath = string<br/> mountOptions = optional(list(string))<br/> size = number<br/> })))<br/> }), {})<br/> logConfiguration = optional(object({<br/> logDriver = optional(string)<br/> options = optional(map(string))<br/> secretOptions = optional(list(object({<br/> name = string<br/> valueFrom = string<br/> })))<br/> }), {})<br/> memory = optional(number)<br/> memoryReservation = optional(number)<br/> mountPoints = optional(list(object({<br/> containerPath = optional(string)<br/> readOnly = optional(bool)<br/> sourceVolume = optional(string)<br/> })), [])<br/> name = optional(string)<br/> portMappings = optional(list(object({<br/> appProtocol = optional(string)<br/> containerPort = optional(number)<br/> containerPortRange = optional(string)<br/> hostPort = optional(number)<br/> name = optional(string)<br/> protocol = optional(string)<br/> })))<br/> privileged = optional(bool, false)<br/> pseudoTerminal = optional(bool, false)<br/> readonlyRootFilesystem = optional(bool, true)<br/> repositoryCredentials = optional(object({<br/> credentialsParameter = optional(string)<br/> }))<br/> resourceRequirements = optional(list(object({<br/> type = string<br/> value = string<br/> })))<br/> restartPolicy = optional(object({<br/> enabled = optional(bool, true)<br/> ignoredExitCodes = optional(list(number))<br/> restartAttemptPeriod = optional(number)<br/> }),<br/> # Default<br/> {<br/> enabled = true<br/> }<br/> )<br/> secrets = optional(list(object({<br/> name = string<br/> valueFrom = string<br/> })))<br/> startTimeout = optional(number, 30)<br/> stopTimeout = optional(number, 120)<br/> systemControls = optional(list(object({<br/> namespace = optional(string)<br/> value = optional(string)<br/> })), [])<br/> ulimits = optional(list(object({<br/> hardLimit = number<br/> name = string<br/> softLimit = number<br/> })))<br/> user = optional(string)<br/> versionConsistency = optional(string, "disabled")<br/> volumesFrom = optional(list(object({<br/> readOnly = optional(bool)<br/> sourceContainer = optional(string)<br/> })), [])<br/> workingDirectory = optional(string)<br/><br/> # Cloudwatch Log Group<br/> service = optional(string, "")<br/> enable_cloudwatch_logging = optional(bool, true)<br/> create_cloudwatch_log_group = optional(bool, true)<br/> cloudwatch_log_group_name = optional(string)<br/> cloudwatch_log_group_use_name_prefix = optional(bool, false)<br/> cloudwatch_log_group_class = optional(string)<br/> cloudwatch_log_group_retention_in_days = optional(number, 14)<br/> cloudwatch_log_group_kms_key_id = optional(string)<br/> }))</pre> | `{}` | no |
| <a name="input_cpu"></a> [cpu](#input\_cpu) | Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required | `number` | `1024` | no |
| <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
| <a name="input_create_iam_role"></a> [create\_iam\_role](#input\_create\_iam\_role) | Determines whether the ECS service IAM role should be created | `bool` | `true` | no |
Expand Down
9 changes: 2 additions & 7 deletions modules/service/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ variable "container_definitions" {
hostPath = optional(string)
permissions = optional(list(string))
})))
initProcessEnabled = optional(bool, false)
initProcessEnabled = optional(bool)
maxSwap = optional(number)
sharedMemorySize = optional(number)
swappiness = optional(number)
Expand All @@ -505,12 +505,7 @@ variable "container_definitions" {
mountOptions = optional(list(string))
size = number
})))
}),
# Default
{
initProcessEnabled = false
}
)
}), {})
logConfiguration = optional(object({
logDriver = optional(string)
options = optional(map(string))
Expand Down
Loading