Support execute command configuration in ECS cluster config

HENNGE · Nov 2, 2023 · 5418f7f · 5418f7f
1 parent a683de6
commit 5418f7f
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -21,6 +21,33 @@ resource "aws_ecs_cluster" "main" {
     }
   }
 
+  dynamic "configuration" {
+    for_each = var.execute_command_configuration != null ? [1] : []
+
+    content {
+      dynamic "execute_command_configuration" {
+        for_each = [var.execute_command_configuration]
+
+        content {
+          kms_key_id = try(execute_command_configuration.value.kms_key_id, null)
+          logging    = try(execute_command_configuration.value.logging, null)
+
+          dynamic "log_configuration" {
+            for_each = try([execute_command_configuration.value.log_configuration], [])
+
+            content {
+              cloud_watch_encryption_enabled = try(log_configuration.value.cloud_watch_encryption_enabled, null)
+              cloud_watch_log_group_name     = try(log_configuration.value.cloud_watch_log_group_name, null)
+              s3_bucket_name                 = try(log_configuration.value.s3_bucket_name, null)
+              s3_bucket_encryption_enabled   = try(log_configuration.value.s3_bucket_encryption_enabled, null)
+              s3_key_prefix                  = try(log_configuration.value.s3_key_prefix, null)
+            }
+          }
+        }
+      }
+    }
+  }
+
   lifecycle {
     create_before_destroy = true
   }

diff --git a/variables.tf b/variables.tf
@@ -27,6 +27,22 @@ variable "enable_container_insights" {
   type        = bool
 }
 
+variable "execute_command_configuration" {
+  description = "Map with execute command configuration. [Terraform Docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster#execute_command_configuration)"
+  default     = null
+  type        = object({
+    kms_key_id = optional(string)
+    logging    = optional(string)
+    log_configuration = optional(object({
+      cloud_watch_encryption_enabled = optional(bool)
+      cloud_watch_log_group_name     = optional(string)
+      s3_bucket_name                 = optional(string)
+      s3_bucket_encryption_enabled   = optional(bool)
+      s3_key_prefix                  = optional(string)
+    }))
+  })
+}
+
 variable "tags" {
   description = "Key-value mapping of resource tags."
   default     = {}