Currently, the execution_role_arn and task_role_arn parameters are unnecessarily coupled when both are not provided explicitly:
In particular, if one passes only the execution_role_arn, the deployment fails because the internal aws_iam_role resource is not created.
A simple solution would be creating independent internal aws_iam_role resources for task and exec roles, with conditional creation in their respective variables. For instance:
Currently, the
execution_role_arn
andtask_role_arn
parameters are unnecessarily coupled when both are not provided explicitly:In particular, if one passes only the
execution_role_arn
, the deployment fails because the internal aws_iam_role resource is not created.A simple solution would be creating independent internal aws_iam_role resources for task and exec roles, with conditional creation in their respective variables. For instance: