v6.0.2

6.0.2 (2025-07-09)

Bug Fixes

• Remove coalesce() to ensure value precedence is honored (#307) (da354d9)

v6.0.1

6.0.1 (2025-07-07)

Bug Fixes

• Pass missing versionConsistency argument, correct conditions to condition (#303) (e90f761)

v6.0.0

6.0.0 (2025-07-07)

⚠ BREAKING CHANGES

• Upgrade AWS provider and min required Terraform version to 6.0 and 1.5.7 respectively (#217)

List of backwards incompatible changes

See the docs/UPGRADE-6.0.md guide for further details

• Terraform v1.5.7 is now minimum supported version
• AWS provider v6.0.0 is now minimum supported version
• The attributes used to construct the container definition(s) have been changed from HCL's norm of snake_case to camelCase to match the AWS API. There currently isn't a resource nor data source for the container definition, so one is constructed entirely from HCL in the container-definition sub-module. This definition is then rendered as JSON when presented to the task definition (or task set) APIs. Previously, the variable names used were snake_case and then internally converted to camelCase. However, this does not allow for using the container-definition sub-module on its own due to the mismatch between casing. Its probably going to trip a few folks up, but hopefully we'll remove this for a data source in the future.
• security_group_rules has been split into security_group_ingress_rules and security_group_egress_rules to better match the AWS API and allow for more flexibility in defining security group rules.
• Default permissive permissions for SSM parameter ARNs and Secrets Manager secret ARNs have been removed throughout. While this made it easier for users since it "just worked", it was not secure and could lead to unexpected access to resources. Users should now explicitly define the permissions they need in their IAM policies.
• The "hack" put in place to track the task definition version when updating outside of the module has been removed. Instead, users should rely on the track_latest variable to ensure that the latest task definition is used when updating the service. Any issues with tracking the task definition version should be reported to the ECS service team as it is a limitation of the AWS ECS service/API and not the module itself.
• The inline policy for the Tasks role of the service sub-module has been replaced with a standalone IAM policy. In some organizations, inline policies are not allowed.
• The default for the container-definition user has been changed from 0 to null.

Additional changes

Added

• Support for region parameter to specify the AWS region for the resources created if different from the provider region.
• Support for ECS infrastructure IAM role creation in the service sub-module. This role is used to manage ECS infrastructure resources https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html

Modified

• Variable definitions now contain detailed object types in place of the previously used any type.

Variable and output changes

1. Removed variables:

   • default_capacity_provider_use_fargate

   • fargate_capacity_providers

   • cluster sub-module

     • fargate_capacity_providers; part of default_capacity_provider_strategy now
     • default_capacity_provider_use_fargate

   • container-definition sub-module

     • None

   • service sub-module

     • inference_accelerator

2. Renamed variables:

   • cluster_settings -> cluster_setting

   • cluster sub-module

     • cluster_configuration - configuration
     • cluster_settings - setting
     • cluster_service_connect_defaults - service_connect_defaults

   • container-definition sub-module

     • dependencies - dependsOn
     • disable_networking - disableNetworking
     • dns_search_domains - dnsSearchDomains
     • dns_servers - dnsServers
     • docker_labels - dockerLabels
     • docker_security_options - dockerSecurityOptions
     • environment_files - environmentFiles
     • extra_hosts - extraHosts
     • firelens_configuration - firelensConfiguration
     • health_check - healthCheck
     • linux_parameters - linuxParameters
     • log_configuration - logConfiguration
     • memory_reservation - memoryReservation
     • mount_points - mountPoints
     • port_mappings - portMappings
     • psuedo_terminal - pseudoTerminal
     • readonly_root_filesystem - readonlyRootFilesystem
     • repository_credentials - repositoryCredentials
     • start_timeout - startTimeout
     • system_controls - systemControls
     • volumes_from - volumesFrom
     • working_directory - workingDirectory

   • service sub-module

     • None

3. Added variables:

   • cloudwatch_log_group_class

   • default_capacity_provider_strategy

   • cluster sub-module

     • cloudwatch_log_group_class
     • default_capacity_provider_strategy - replaces fargate_capacity_providers and default_capacity_provider_use_fargate functionality

   • container-definition sub-module

     • log_group_class
     • restartPolicy - defaults to enabled = true
     • versionConsistency - defaults to "disabled" aws/containers-roadmap#2394

   • service sub-module

     • availability_zone_rebalancing
     • volume_configuration
     • vpc_lattice_configurations
     • enable_fault_injection
     • track_latest
     • create_infrastructure_iam_role
     • infrastructure_iam_role_arn
     • infrastructure_iam_role_name
     • infrastructure_iam_role_use_name_prefix
     • infrastructure_iam_role_path
     • infrastructure_iam_role_description
     • infrastructure_iam_role_permissions_boundary
     • infrastructure_iam_role_tags

4. Removed outputs:

   • cluster sub-module
     • None
   • container-definition sub-module
     • None
   • service sub-module
     • task_definition_family_revision

5. Renamed outputs:

   • cluster sub-module
     • None
   • container-definition sub-module
     • None
   • service sub-module
     • None

6. Added outputs:

   • cluster sub-module
     • None
   • container-definition sub-module
     • None
   • service sub-module
     • infrastructure_iam_role_arn
     • infrastructure_iam_role_name

v5.12.1

5.12.1 (2025-04-18)

Bug Fixes

• Ensure both ECS service definitions use the same settings/configurations (#277) (6f4feab)

v5.12.0

5.12.0 (2024-11-29)

Features

• Allow task exec IAM policy to have an IAM path (#243) (c9dc889)

Bug Fixes

• Update CI workflow versions to latest (#236) (fd0f0ec)

v5.11.4

5.11.4 (2024-08-07)

Bug Fixes

• Local cluster_name error when var.cluster_arn is empty (#218) (42f11fe)

v5.11.3

5.11.3 (2024-07-05)

Bug Fixes

• Add missing pid_mode to root module (#204) (c9cab6f)

v5.11.2

5.11.2 (2024-05-31)

Bug Fixes

• Make service, task, and task sets wait for their respective policy attachment to ensure permissions are available (#201) (2033858)

v5.11.1

5.11.1 (2024-04-10)

Bug Fixes

• Add aws to required providers (#181) (59fd4fa)

v5.11.0

5.11.0 (2024-04-03)

Features

• Allow configuring max_session_duration for the ECS Task Execution role (#186) (1b8cad1)