5.5.1

ENHANCEMENTS

• Adding outbound SG rule to S3 endpoint when used

5.5.0

ENHANCEMENTS

• New parameter security_group_ecs_nodes_outbound_cidrs that controls outbound cidrs for ECS nodes SG

5.4.0

ENHANCEMENTS

• Adding parameter alb_sg_allow_test_listener to control SG around the ALB test listener

5.3.0

FEATURES

• Option alb_http_listener to disable HTTP listeners in the public ALB (leaving only the HTTPS listeners)

5.2.1

FEATURES

• Allow passing multiple certificates

5.2.0

FEATURES

• Allow passing multiple certificates

ENHANCEMENTS

• Add S3 policy to allow ECS get images from S3 when using VPC Endpoints

5.1.0

ENHANCEMENTS

• Restricting internal ALB security group rules to only private subnet traffic instead of 0/0

FEATURES

• Adding deletion protection for ALBs

5.0.1

FEATURES

• Allow customisation of internal ALB ssl policy with new parameter alb_internal_ssl_policy

5.0.0

FEATURES

• Adding fargate and fargate_spot support
• Parameter fargate_only will prevent creating EC2 resources: ASG and EFS

⚠️ BREAKING CHANGES AND HOW TO FIX ⚠️

Some resources like aws_efs_file_system now have a count parameter on them. An upgrade will cause terraform to recreate those resources because the key in the state file changed to aws_efs_file_system.ecs to aws_efs_file_system.ecs[0].

To prevent this problem, follow the steps:

1. Backup your state file: terraform state pull > terraform-state-bkp1.tfstate
2. Rename all drifted resources to add the [0] suffix to it by using the example below. Notice that the resource prefix needs to be changed (from both sides) to reflect your setup:

terraform state mv module.ecs_cluster[\"dev-workers\"].aws_iam_role_policy_attachment.ecs_ecs          module.ecs_cluster[\"dev-workers\"].aws_iam_role_policy_attachment.ecs_ecs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_iam_role_policy_attachment.ecs_ssm          module.ecs_cluster[\"dev-workers\"].aws_iam_role_policy_attachment.ecs_ssm[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_security_group_rule.nfs_from_ecs_to_efs     module.ecs_cluster[\"dev-workers\"].aws_security_group_rule.nfs_from_ecs_to_efs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_security_group.efs                          module.ecs_cluster[\"dev-workers\"].aws_security_group.efs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_autoscaling_group.ecs                       module.ecs_cluster[\"dev-workers\"].aws_autoscaling_group.ecs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_launch_template.ecs                         module.ecs_cluster[\"dev-workers\"].aws_launch_template.ecs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_iam_instance_profile.ecs                    module.ecs_cluster[\"dev-workers\"].aws_iam_instance_profile.ecs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_ecs_capacity_provider.ecs_capacity_provider module.ecs_cluster[\"dev-workers\"].aws_ecs_capacity_provider.ecs_capacity_provider[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_efs_file_system.ecs                         module.ecs_cluster[\"dev-workers\"].aws_efs_file_system.ecs[0]
terraform state mv module.ecs_cluster[\"dev-workers\"].aws_iam_role.ecs                                module.ecs_cluster[\"dev-workers\"].aws_iam_role.ecs[0]

In the example above, the prefix is module.ecs_cluster[\"dev-workers\"], which is the name given to this module in the terraform stack.

4.9.3

ENHANCEMENTS

• Create ECS CodeDeploy IAM Role for Blue/Green Deployment on Cluster level

Additional information:
Previously ECS CodeDeploy IAM Role for Blue/Green Deployment was being created on ECS APP Module, meaning each ECS service was creating the role with exactly same permissions, creating unnecessary duplication.