GetSSMParams empty? #338
Description
Description
Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.
If your request is for a new feature, please use the Feature request template.
- ✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]:
6.2.1 -
Terraform version:
tofu@fe6462a35296:/$ tofu providers -version
OpenTofu v1.10.5
on linux_amd64 -
Provider version(s):
tofu@fe6462a35296:/$ tofu providers -version
OpenTofu v1.10.5
on linux_amd64
Reproduction Code [Required]
inputs = {
cluster_name = "ecs-cluster-${local.environment}"
capacity_providers = ["FARGATE", "FARGATE_SPOT"]
container_insights = true
task_exec_ssm_param_arns = [
"arn:aws:ssm:${local.aws_region}:${local.aws_account_id}:parameter/rds/mlflow/user",
"arn:aws:ssm:${local.aws_region}:${local.aws_account_id}:parameter/rds/mlflow/pass",
"arn:aws:ssm:${local.aws_region}:${local.aws_account_id}:parameter/rds/mlflow/endpoint"
]
Steps to reproduce the behavior:
I'm using opentofu and terragrunt
Expected behavior
Task Role are empy
Task Execution Role have only CloudWatch and ECR permissions without SSM Action:
terraform-aws-ecs/modules/service/main.tf
Line 1083 in 2afaaaf
{
"Statement": [
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Logs"
},
{
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECR"
}
],
"Version": "2012-10-17"
}