fix: adds variable to customize ECS task security group IDs (#16)

GiamPy5 · web-flow · commit 0c32d218c127 · 2025-03-14T21:23:23.000+01:00
diff --git a/README.md b/README.md
@@ -171,6 +171,7 @@ Before using this module, ensure you have the following:
 | <a name="input_cpu"></a> [cpu](#input\_cpu) | The number of CPU units to reserve for the Directus service | `number` | `2048` | no |
 | <a name="input_create_cloudwatch_logs_group"></a> [create\_cloudwatch\_logs\_group](#input\_create\_cloudwatch\_logs\_group) | Whether to create a CloudWatch Logs group | `bool` | `false` | no |
 | <a name="input_create_s3_bucket"></a> [create\_s3\_bucket](#input\_create\_s3\_bucket) | Whether to create an S3 bucket | `bool` | `false` | no |
+| <a name="input_ecs_security_group_ids"></a> [ecs\_security\_group\_ids](#input\_ecs\_security\_group\_ids) | The IDs of the security groups to attach to the ECS service | `list(string)` | `[]` | no |
 | <a name="input_ecs_service_enable_execute_command"></a> [ecs\_service\_enable\_execute\_command](#input\_ecs\_service\_enable\_execute\_command) | Whether to enable ECS service execute command | `bool` | `false` | no |
 | <a name="input_enable_alb_access_logs"></a> [enable\_alb\_access\_logs](#input\_enable\_alb\_access\_logs) | Whether to enable access logs of the Load Balancer | `bool` | `false` | no |
 | <a name="input_enable_cognito_authentication"></a> [enable\_cognito\_authentication](#input\_enable\_cognito\_authentication) | Whether to enable Cognito authentication | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
@@ -472,7 +472,7 @@ resource "aws_ecs_service" "directus" {
   network_configuration {
     assign_public_ip = false
     subnets          = var.private_subnet_ids
-    security_groups  = [aws_security_group.ecs_sg.id]
+    security_groups  = concat([aws_security_group.ecs_sg.id], var.ecs_security_group_ids)
   }
 
   lifecycle {
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,12 @@ variable "public_url" {
   default     = ""
 }
 
+variable "ecs_security_group_ids" {
+  description = "The IDs of the security groups to attach to the ECS service"
+  type        = list(string)
+  default     = []
+}
+
 variable "enable_cognito_authentication" {
   description = "Whether to enable Cognito authentication"
   type        = bool

Original file line number	Diff line number	Diff line change
`@@ -472,7 +472,7 @@ resource "aws_ecs_service" "directus" {`
`472`	`472`	`network_configuration {`
`473`	`473`	`assign_public_ip = false`
`474`	`474`	`subnets = var.private_subnet_ids`
`475`		`- security_groups = [aws_security_group.ecs_sg.id]`
	`475`	`+ security_groups = concat([aws_security_group.ecs_sg.id], var.ecs_security_group_ids)`
`476`	`476`	`}`
`477`	`477`
`478`	`478`	`lifecycle {`