Tight Coupling Between Roles

Currently, the execution_role_arn and task_role_arn parameters are unnecessarily coupled when both are not provided explicitly:

In particular, if one passes only the execution_role_arn, the deployment fails because the internal aws_iam_role resource is not created.

A simple solution would be creating independent internal aws_iam_role resources for task and exec roles, with conditional creation in their respective variables. For instance:


# main.tf
...
    # AWS ECS Task Execution Role
    #------------------------------------------------------------------------------
    resource "aws_iam_role" "ecs_task_execution_role" {
          count = var.execution_role_arn == null ? 1 : 0

    ...

    # AWS ECS Task Role
    #------------------------------------------------------------------------------
    resource "aws_iam_role" "ecs_task_role" {
          count  = var.task_role_arn == null ? 1 : 0

    ...

    # Task Definition
    resource "aws_ecs_task_definition" "td" {

    ...

          execution_role_arn  = var.execution_role_arn == null ? aws_iam_role.ecs_task_execution_role[0].arn : var.execution_role_arn

    ...

          task_role_arn  = var.task_role_arn == null ? aws_iam_role.ecs_task_role[0].arn : var.task_role_arn

cn-terraform / terraform-aws-ecs-fargate-task-definition

Tight Coupling Between Roles #61