fix: ignore changes causes replacement of service (#326)

* fix: ignore changes no replace Update task_def.tf * terraform-docs: automated action * fix: ignore changes no replace Update task_def.tf * Update service.tf * Update outputs.tf * index * Update service.tf --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ministryofjustice · Nov 21, 2024 · b8a9764 · b8a9764
1 parent cc8faf6
commit b8a9764
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 118 deletions.
diff --git a/service/README.md b/service/README.md
@@ -77,9 +77,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_ecs_service.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
-| [aws_ecs_service.ignore_changes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
 | [aws_ecs_task_definition.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
-| [aws_ecs_task_definition.ignore_changes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
 
 ## Inputs
 

diff --git a/service/outputs.tf b/service/outputs.tf
@@ -1,15 +1,14 @@
 output "service_arn" {
-  value       = var.ignore_changes ? aws_ecs_service.ignore_changes[0].id : aws_ecs_service.default[0].id
+  value       = aws_ecs_service.default.id
   description = "The ARN for the ECS Service"
 }
 
 output "task_definition_arn" {
-  value       = var.ignore_changes ? aws_ecs_task_definition.ignore_changes[*].arn : aws_ecs_task_definition.default[*].arn
+  value       = aws_ecs_task_definition.default.arn
   description = "The ARN for the ECS Task Definition"
 }
 
 output "task_definition_string" {
-  value       = var.ignore_changes ? "${aws_ecs_task_definition.ignore_changes[0].id}:${aws_ecs_task_definition.ignore_changes[0].revision}" : "${aws_ecs_task_definition.default[0].id}:${aws_ecs_task_definition.default[0].revision}"
+  value       = "${aws_ecs_task_definition.default.id}:${aws_ecs_task_definition.default.revision}"
   description = "The JSON formatted container definition"
 }
-
diff --git a/service/service.tf b/service/service.tf
@@ -1,11 +1,9 @@
 resource "aws_ecs_service" "default" {
-  count = var.ignore_changes ? 0 : 1
-
   name = var.name
 
   cluster = var.cluster_arn
 
-  task_definition = var.ignore_changes ? aws_ecs_task_definition.ignore_changes[0].arn : aws_ecs_task_definition.default[0].arn
+  task_definition = aws_ecs_task_definition.default.arn
 
   launch_type = "FARGATE"
   network_configuration {
@@ -22,7 +20,7 @@ resource "aws_ecs_service" "default" {
 
   force_new_deployment = var.force_new_deployment
   triggers = var.force_new_deployment ? {
-    update = plantimestamp() # force update in-place every apply
+    update = plantimestamp() # force update in-place every apply that has force_new_deployment set to true
   } : null
 
   dynamic "load_balancer" {
@@ -45,61 +43,4 @@ resource "aws_ecs_service" "default" {
   wait_for_steady_state = var.wait_for_steady_state
 
   tags = var.tags
-
-}
-
-resource "aws_ecs_service" "ignore_changes" {
-  count = var.ignore_changes ? 1 : 0
-
-  name = var.name
-
-  cluster = var.cluster_arn
-
-  task_definition = var.ignore_changes ? "${aws_ecs_task_definition.ignore_changes[0].id}:${aws_ecs_task_definition.ignore_changes[0].revision}" : "${aws_ecs_task_definition.default[0].id}:${aws_ecs_task_definition.default[0].revision}"
-
-  launch_type = "FARGATE"
-  network_configuration {
-    subnets          = var.subnets
-    security_groups  = var.security_groups
-    assign_public_ip = false
-  }
-
-  desired_count                      = var.desired_count
-  deployment_maximum_percent         = var.deployment_maximum_percent
-  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
-
-  enable_execute_command = var.enable_execute_command
-
-  force_new_deployment = var.force_new_deployment
-
-  triggers = var.force_new_deployment ? {
-    update = plantimestamp() # force update in-place every apply
-  } : null
-  dynamic "load_balancer" {
-    for_each = var.service_load_balancers
-    content {
-      container_name   = load_balancer.value.container_name
-      container_port   = load_balancer.value.container_port
-      elb_name         = lookup(load_balancer.value, "elb_name", null)
-      target_group_arn = lookup(load_balancer.value, "target_group_arn", null)
-    }
-  }
-
-  deployment_circuit_breaker {
-    enable   = var.deployment_circuit_breaker.enable
-    rollback = var.deployment_circuit_breaker.rollback
-  }
-
-  health_check_grace_period_seconds = var.health_check_grace_period_seconds
-
-  wait_for_steady_state = var.wait_for_steady_state
-
-  tags = var.tags
-
-  lifecycle {
-    ignore_changes = [
-      task_definition,
-    ]
-  }
-
 }
diff --git a/service/task_def.tf b/service/task_def.tf
@@ -1,6 +1,5 @@
 resource "aws_ecs_task_definition" "default" {
   #checkov:skip=CKV_AWS_97:EFS transit_encryption is configurable in the module as part of the efs_volumes variable
-  count                 = var.ignore_changes ? 0 : 1
   container_definitions = var.container_definitions
   family                = var.name
 
@@ -9,55 +8,10 @@ resource "aws_ecs_task_definition" "default" {
 
   network_mode = "awsvpc"
 
-  cpu    = var.task_cpu
-  memory = var.task_memory
-  dynamic "volume" {
-    for_each = var.efs_volumes
-    content {
-      host_path = lookup(volume.value, "host_path", null)
-      name      = volume.value.name
-
-      dynamic "efs_volume_configuration" {
-        for_each = lookup(volume.value, "efs_volume_configuration", [])
-
-        content {
-          file_system_id          = lookup(efs_volume_configuration.value, "file_system_id", null)
-          root_directory          = lookup(efs_volume_configuration.value, "root_directory", null)
-          transit_encryption      = lookup(efs_volume_configuration.value, "transit_encryption", null)
-          transit_encryption_port = lookup(efs_volume_configuration.value, "transit_encryption_port", null)
-
-          dynamic "authorization_config" {
-            for_each = lookup(efs_volume_configuration.value, "authorization_config", [])
-            content {
-              access_point_id = lookup(authorization_config.value, "access_point_id", null)
-              iam             = lookup(authorization_config.value, "iam", null)
-            }
-          }
-        }
-      }
-    }
-  }
-  tags = var.tags
-}
-
-resource "aws_ecs_task_definition" "ignore_changes" {
-  #checkov:skip=CKV_AWS_97:EFS transit_encryption is configurable in the module as part of the efs_volumes variable
-  count                 = var.ignore_changes ? 1 : 0
-  container_definitions = var.container_definitions
-  family                = var.name
-
-  task_role_arn      = var.task_role_arn
-  execution_role_arn = var.task_exec_role_arn
-
-  network_mode = "awsvpc"
+  track_latest = true
 
   cpu    = var.task_cpu
   memory = var.task_memory
-
-  ephemeral_storage {
-    size_in_gib = var.ephemeral_storage_size_in_gib
-  }
-
   dynamic "volume" {
     for_each = var.efs_volumes
     content {
@@ -85,8 +39,4 @@ resource "aws_ecs_task_definition" "ignore_changes" {
     }
   }
   tags = var.tags
-
-  lifecycle {
-    ignore_changes = [container_definitions]
-  }
 }