fix: ignore changes no replace

Update task_def.tf
ministryofjustice · Nov 20, 2024 · e0c518d · e0c518d
1 parent d72a821
commit e0c518d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 106 deletions.
diff --git a/service/service.tf b/service/service.tf
@@ -1,6 +1,4 @@
 resource "aws_ecs_service" "default" {
-  count = var.ignore_changes ? 0 : 1
-
   name = var.name
 
   cluster = var.cluster_arn
@@ -48,58 +46,7 @@ resource "aws_ecs_service" "default" {
 
 }
 
-resource "aws_ecs_service" "ignore_changes" {
-  count = var.ignore_changes ? 1 : 0
-
-  name = var.name
-
-  cluster = var.cluster_arn
-
-  task_definition = var.ignore_changes ? "${aws_ecs_task_definition.ignore_changes[0].id}:${aws_ecs_task_definition.ignore_changes[0].revision}" : "${aws_ecs_task_definition.default[0].id}:${aws_ecs_task_definition.default[0].revision}"
-
-  launch_type = "FARGATE"
-  network_configuration {
-    subnets          = var.subnets
-    security_groups  = var.security_groups
-    assign_public_ip = false
-  }
-
-  desired_count                      = var.desired_count
-  deployment_maximum_percent         = var.deployment_maximum_percent
-  deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent
-
-  enable_execute_command = var.enable_execute_command
-
-  force_new_deployment = var.force_new_deployment
-
-  triggers = var.force_new_deployment ? {
-    update = plantimestamp() # force update in-place every apply
-  } : null
-  dynamic "load_balancer" {
-    for_each = var.service_load_balancers
-    content {
-      container_name   = load_balancer.value.container_name
-      container_port   = load_balancer.value.container_port
-      elb_name         = lookup(load_balancer.value, "elb_name", null)
-      target_group_arn = lookup(load_balancer.value, "target_group_arn", null)
-    }
-  }
-
-  deployment_circuit_breaker {
-    enable   = var.deployment_circuit_breaker.enable
-    rollback = var.deployment_circuit_breaker.rollback
-  }
-
-  health_check_grace_period_seconds = var.health_check_grace_period_seconds
-
-  wait_for_steady_state = var.wait_for_steady_state
-
-  tags = var.tags
-
-  lifecycle {
-    ignore_changes = [
-      task_definition,
-    ]
-  }
-
+moved {
+  from = "aws_ecs_service.ignore_changes"
+  to   = "aws_ecs_service.default"
 }
diff --git a/service/task_def.tf b/service/task_def.tf
@@ -1,6 +1,5 @@
 resource "aws_ecs_task_definition" "default" {
   #checkov:skip=CKV_AWS_97:EFS transit_encryption is configurable in the module as part of the efs_volumes variable
-  count                 = var.ignore_changes ? 0 : 1
   container_definitions = var.container_definitions
   family                = var.name
 
@@ -9,55 +8,10 @@ resource "aws_ecs_task_definition" "default" {
 
   network_mode = "awsvpc"
 
-  cpu    = var.task_cpu
-  memory = var.task_memory
-  dynamic "volume" {
-    for_each = var.efs_volumes
-    content {
-      host_path = lookup(volume.value, "host_path", null)
-      name      = volume.value.name
-
-      dynamic "efs_volume_configuration" {
-        for_each = lookup(volume.value, "efs_volume_configuration", [])
-
-        content {
-          file_system_id          = lookup(efs_volume_configuration.value, "file_system_id", null)
-          root_directory          = lookup(efs_volume_configuration.value, "root_directory", null)
-          transit_encryption      = lookup(efs_volume_configuration.value, "transit_encryption", null)
-          transit_encryption_port = lookup(efs_volume_configuration.value, "transit_encryption_port", null)
-
-          dynamic "authorization_config" {
-            for_each = lookup(efs_volume_configuration.value, "authorization_config", [])
-            content {
-              access_point_id = lookup(authorization_config.value, "access_point_id", null)
-              iam             = lookup(authorization_config.value, "iam", null)
-            }
-          }
-        }
-      }
-    }
-  }
-  tags = var.tags
-}
-
-resource "aws_ecs_task_definition" "ignore_changes" {
-  #checkov:skip=CKV_AWS_97:EFS transit_encryption is configurable in the module as part of the efs_volumes variable
-  count                 = var.ignore_changes ? 1 : 0
-  container_definitions = var.container_definitions
-  family                = var.name
-
-  task_role_arn      = var.task_role_arn
-  execution_role_arn = var.task_exec_role_arn
-
-  network_mode = "awsvpc"
+  track_latest = true
 
   cpu    = var.task_cpu
   memory = var.task_memory
-
-  ephemeral_storage {
-    size_in_gib = var.ephemeral_storage_size_in_gib
-  }
-
   dynamic "volume" {
     for_each = var.efs_volumes
     content {
@@ -85,8 +39,9 @@ resource "aws_ecs_task_definition" "ignore_changes" {
     }
   }
   tags = var.tags
+}
 
-  lifecycle {
-    ignore_changes = [container_definitions]
-  }
+moved {
+  from = "aws_ecs_task_definition.ignore_changes"
+  to   = "aws_ecs_task_definition.default"
 }