Merge pull request #350 from trussworks/optionally-enable-efs

chtakahashi · web-flow · commit 9b903175f34a · 2023-12-19T16:32:58.000-05:00
feat: enable use of efs volumes from ecs task definition
diff --git a/README.md b/README.md
@@ -157,7 +157,7 @@ No modules.
 | cloudwatch\_alarm\_name | Generic name used for CPU and Memory Cloudwatch Alarms | `string` | `""` | no |
 | container\_definitions | Container definitions provided as valid JSON document. Default uses golang:alpine running a simple hello world. | `string` | `""` | no |
 | container\_image | The image of the container. | `string` | `"golang:alpine"` | no |
-| container\_volumes | Volumes that containers in your task may use. | ```list( object({ name = string }) )``` | `[]` | no |
+| container\_volumes | Volumes that containers in your task may use. | `list` | `[]` | no |
 | ec2\_create\_task\_execution\_role | Set to true to create ecs task execution role to ECS EC2 Tasks. | `bool` | `false` | no |
 | ecr\_repo\_arns | The ARNs of the ECR repos.  By default, allows all repositories. | `list(string)` | ```[ "*" ]``` | no |
 | ecs\_cluster | ECS cluster object for this task. | ```object({ arn = string name = string })``` | n/a | yes |
@@ -167,6 +167,7 @@ No modules.
 | ecs\_subnet\_ids | Subnet IDs for the ECS tasks. | `list(string)` | n/a | yes |
 | ecs\_use\_fargate | Whether to use Fargate for the task definition. | `bool` | `false` | no |
 | ecs\_vpc\_id | VPC ID to be used by ECS. | `string` | n/a | yes |
+| efs\_instance\_id | ID of the EFS instance volume | `string` | `""` | no |
 | enable\_ecs\_managed\_tags | Specifies whether to enable Amazon ECS managed tags for the tasks within the service | `bool` | `false` | no |
 | environment | Environment tag, e.g prod. | `string` | n/a | yes |
 | fargate\_platform\_version | The platform version on which to run your service. Only applicable when using Fargate launch type. | `string` | `"LATEST"` | no |
diff --git a/main.tf b/main.tf
@@ -441,6 +441,21 @@ resource "aws_ecs_task_definition" "main" {
     for_each = var.container_volumes
     content {
       name = volume.value.name
+      dynamic "efs_volume_configuration" {
+        for_each = try([volume.value.efs_volume_configuration], [])
+
+        content {
+          authorization_config {
+            access_point_id = try(efs_volume_configuration.value.access_point_id, null)
+            iam             = try(efs_volume_configuration.value.iam, "ENABLED")
+          }
+
+          file_system_id          = var.efs_instance_id
+          root_directory          = try(efs_volume_configuration.value.root_directory, "/")
+          transit_encryption      = try(efs_volume_configuration.value.transit_encryption, "ENABLED")
+          transit_encryption_port = try(efs_volume_configuration.value.transit_encryption_port, null)
+        }
+      }
     }
   }
 
diff --git a/variables.tf b/variables.tf
@@ -209,12 +209,6 @@ variable "lb_target_groups" {
 variable "container_volumes" {
   description = "Volumes that containers in your task may use."
   default     = []
-  type = list(
-    object({
-      name = string
-    })
-  )
-
 }
 
 variable "hello_world_container_ports" {
@@ -269,3 +263,9 @@ variable "ecs_deployment_circuit_breaker" {
     rollback = false
   }
 }
+
+variable "efs_instance_id" {
+  description = "ID of the EFS instance volume"
+  type        = string
+  default     = ""
+}
