Tight Coupling Between Roles #61
Description
Currently, the execution_role_arn and task_role_arn parameters are unnecessarily coupled when both are not provided explicitly:
In particular, if one passes only the execution_role_arn, the deployment fails because the internal aws_iam_role resource is not created.
A simple solution would be creating independent internal aws_iam_role resources for task and exec roles, with conditional creation in their respective variables. For instance:
# main.tf
...
# AWS ECS Task Execution Role
#------------------------------------------------------------------------------
resource "aws_iam_role" "ecs_task_execution_role" {
count = var.execution_role_arn == null ? 1 : 0
...
# AWS ECS Task Role
#------------------------------------------------------------------------------
resource "aws_iam_role" "ecs_task_role" {
count = var.task_role_arn == null ? 1 : 0
...
# Task Definition
resource "aws_ecs_task_definition" "td" {
...
execution_role_arn = var.execution_role_arn == null ? aws_iam_role.ecs_task_execution_role[0].arn : var.execution_role_arn
...
task_role_arn = var.task_role_arn == null ? aws_iam_role.ecs_task_role[0].arn : var.task_role_arn