From d3354e4f462402189f4884686b6c20e1308d4f85 Mon Sep 17 00:00:00 2001
From: Maor Davidov <maor@dcode.tech>
Date: Wed, 7 Dec 2022 23:26:55 +0200
Subject: [PATCH] Add readonlyRootFilesystem

---
 main.tf      | 3 ++-
 variables.tf | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 2f8386c..1ecac21 100644
--- a/main.tf
+++ b/main.tf
@@ -256,7 +256,8 @@ resource "aws_ecs_task_definition" "task" {
   "pseudoTerminal": ${var.task_pseudo_terminal},
   %{~endif}
   "environment": ${jsonencode(local.task_environment)},
-  "environmentFiles": ${jsonencode(local.task_environment_files)}
+  "environmentFiles": ${jsonencode(local.task_environment_files)},
+  "readonlyRootFilesystem": ${var.readonlyRootFilesystem ? true : false}
 }]
 EOF
 
diff --git a/variables.tf b/variables.tf
index 5e38da3..b628ba8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -333,3 +333,8 @@ variable "cpu_architecture" {
   default     = "X86_64"
   type        = string
 }
+
+variable "readonlyRootFilesystem" {
+  default     = false
+  description = "When this parameter is true, the container is given read-only access to its root file system"
+}