chore: Updates from PR review

README.md

@@ -20,7 +20,7 @@ This project supports creating resources through individual sub-modules, or thro
 
 ```hcl
 module "ecs" {
-  source = "terraform-aws-modules/ecs"
+  source = "terraform-aws-modules/ecs/aws"
 
   cluster_name = "ecs-integrated"
 

docs/README.md

@@ -118,7 +118,7 @@ Since Terraform does not support variables within `lifecycle {}` blocks, its not
   }
 
   module "ecs_service" {
-    source = "terraform-aws-modules/ecs//modules/service"
+    source = "terraform-aws-modules/ecs/aws//modules/service"
 
     # ... omitted for brevity
 
@@ -201,7 +201,7 @@ The default behavior of the container definition module is to create the CloudWa
 
    ```hcl
    module "ecs_service" {
-     source = "terraform-aws-modules/ecs//modules/service"
+     source = "terraform-aws-modules/ecs/aws//modules/service"
 
      # ... omitted for brevity
 
@@ -218,7 +218,7 @@ The default behavior of the container definition module is to create the CloudWa
 
    ```hcl
    module "ecs_service" {
-     source = "terraform-aws-modules/ecs//modules/service"
+     source = "terraform-aws-modules/ecs/aws//modules/service"
 
      # ... omitted for brevity
 
@@ -235,7 +235,7 @@ The default behavior of the container definition module is to create the CloudWa
 
    ```hcl
    module "ecs_service" {
-     source = "terraform-aws-modules/ecs//modules/service"
+     source = "terraform-aws-modules/ecs/aws//modules/service"
 
      # ... omitted for brevity
 
@@ -255,7 +255,7 @@ The default behavior of the container definition module is to create the CloudWa
    }
 
    module "ecs_service" {
-     source = "terraform-aws-modules/ecs//modules/service"
+     source = "terraform-aws-modules/ecs/aws//modules/service"
 
      # ... omitted for brevity
 

examples/complete/README.md

@@ -53,7 +53,6 @@ Note that this example may create resources which will incur monetary charges on
 |------|------|
 | [aws_service_discovery_http_namespace.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_http_namespace) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
-| [aws_ssm_parameter.fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 
 ## Inputs
 

examples/complete/main.tf

@@ -57,7 +57,7 @@ module "ecs" {
           cpu       = 512
           memory    = 1024
           essential = true
-          image     = data.aws_ssm_parameter.fluentbit.value
+          image     = "public.ecr.aws/aws-observability/aws-for-fluent-bit:2.31.9"
           firelens_configuration = {
             type = "fluentbit"
           }
@@ -167,15 +167,11 @@ module "service_disabled" {
 ################################################################################
 
 resource "aws_service_discovery_http_namespace" "this" {
-  name        = "development"
-  description = "example"
+  name        = local.name
+  description = "CloudMap namespace for ${local.name}"
   tags        = local.tags
 }
 
-data "aws_ssm_parameter" "fluentbit" {
-  name = "/aws/service/aws-for-fluent-bit/stable"
-}
-
 module "alb_sg" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 4.0"

examples/complete/outputs.tf

@@ -34,5 +34,4 @@ output "cluster_autoscaling_capacity_providers" {
 output "services" {
   description = "Map of services created and their attributes"
   value       = module.ecs.services
-  sensitive   = true
 }

examples/ec2-autoscaling/outputs.tf

@@ -59,7 +59,6 @@ output "service_iam_role_unique_id" {
 output "service_container_definitions" {
   description = "Container definitions"
   value       = module.ecs_service.container_definitions
-  sensitive   = true
 }
 
 output "service_task_definition_arn" {

examples/fargate/README.md

@@ -51,7 +51,6 @@ Note that this example may create resources which will incur monetary charges on
 |------|------|
 | [aws_service_discovery_http_namespace.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_http_namespace) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
-| [aws_ssm_parameter.fluentbit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 
 ## Inputs
 

examples/fargate/main.tf

@@ -68,7 +68,7 @@ module "ecs_service" {
       cpu       = 512
       memory    = 1024
       essential = true
-      image     = data.aws_ssm_parameter.fluentbit.value
+      image     = "public.ecr.aws/aws-observability/aws-for-fluent-bit:2.31.9"
       firelens_configuration = {
         type = "fluentbit"
       }
@@ -158,15 +158,11 @@ module "ecs_service" {
 ################################################################################
 
 resource "aws_service_discovery_http_namespace" "this" {
-  name        = "development"
-  description = "example"
+  name        = local.name
+  description = "CloudMap namespace for ${local.name}"
   tags        = local.tags
 }
 
-data "aws_ssm_parameter" "fluentbit" {
-  name = "/aws/service/aws-for-fluent-bit/stable"
-}
-
 module "alb_sg" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 4.0"

examples/fargate/outputs.tf

@@ -59,7 +59,6 @@ output "service_iam_role_unique_id" {
 output "service_container_definitions" {
   description = "Container definitions"
   value       = module.ecs_service.container_definitions
-  sensitive   = true
 }
 
 output "service_task_definition_arn" {

main.tf

@@ -7,20 +7,24 @@ module "cluster" {
 
   create = var.create
 
+  # Cluster
   cluster_name                     = var.cluster_name
   cluster_configuration            = var.cluster_configuration
   cluster_settings                 = var.cluster_settings
   cluster_service_connect_defaults = var.cluster_service_connect_defaults
 
+  # Cluster Cloudwatch log group
   create_cloudwatch_log_group            = var.create_cloudwatch_log_group
   cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention_in_days
   cloudwatch_log_group_kms_key_id        = var.cloudwatch_log_group_kms_key_id
   cloudwatch_log_group_tags              = var.cloudwatch_log_group_tags
 
+  # Cluster capacity providers
   default_capacity_provider_use_fargate = var.default_capacity_provider_use_fargate
   fargate_capacity_providers            = var.fargate_capacity_providers
   autoscaling_capacity_providers        = var.autoscaling_capacity_providers
 
+  # Task execution IAM role
   create_task_exec_iam_role               = var.create_task_exec_iam_role
   task_exec_iam_role_name                 = var.task_exec_iam_role_name
   task_exec_iam_role_use_name_prefix      = var.task_exec_iam_role_use_name_prefix
@@ -29,10 +33,12 @@ module "cluster" {
   task_exec_iam_role_permissions_boundary = var.task_exec_iam_role_permissions_boundary
   task_exec_iam_role_tags                 = var.task_exec_iam_role_tags
   task_exec_iam_role_policies             = var.task_exec_iam_role_policies
-  create_task_exec_policy                 = var.create_task_exec_policy
-  task_exec_ssm_param_arns                = var.task_exec_ssm_param_arns
-  task_exec_secret_arns                   = var.task_exec_secret_arns
-  task_exec_iam_statements                = var.task_exec_iam_statements
+
+  # Task execution IAM role policy
+  create_task_exec_policy  = var.create_task_exec_policy
+  task_exec_ssm_param_arns = var.task_exec_ssm_param_arns
+  task_exec_secret_arns    = var.task_exec_secret_arns
+  task_exec_iam_statements = var.task_exec_iam_statements
 
   tags = merge(var.tags, var.cluster_tags)
 }
@@ -79,7 +85,7 @@ module "service" {
   triggers                           = try(each.value.triggers, {})
   wait_for_steady_state              = try(each.value.wait_for_steady_state, null)
 
-  # Service - IAM Role
+  # Service IAM role
   create_iam_role               = try(each.value.create_iam_role, true)
   iam_role_arn                  = lookup(each.value, "iam_role_arn", null)
   iam_role_name                 = try(each.value.iam_role_name, null)
@@ -90,7 +96,7 @@ module "service" {
   iam_role_tags                 = try(each.value.iam_role_tags, {})
   iam_role_statements           = lookup(each.value, "iam_role_statements", {})
 
-  # Task Definition
+  # Task definition
   create_task_definition        = try(each.value.create_task_definition, true)
   task_definition_arn           = lookup(each.value, "task_definition_arn", null)
   container_definitions         = try(each.value.container_definitions, {})
@@ -112,7 +118,7 @@ module "service" {
   volume       = try(each.value.volume, {})
   task_tags    = try(each.value.task_tags, {})
 
-  # Task Execution - IAM Role
+  # Task execution IAM role
   create_task_exec_iam_role               = try(each.value.create_task_exec_iam_role, true)
   task_exec_iam_role_arn                  = lookup(each.value, "task_exec_iam_role_arn", null)
   task_exec_iam_role_name                 = try(each.value.task_exec_iam_role_name, null)
@@ -122,10 +128,12 @@ module "service" {
   task_exec_iam_role_permissions_boundary = try(each.value.task_exec_iam_role_permissions_boundary, null)
   task_exec_iam_role_tags                 = try(each.value.task_exec_iam_role_tags, {})
   task_exec_iam_role_policies             = try(each.value.task_exec_iam_role_policies, {})
-  create_task_exec_policy                 = try(each.value.create_task_exec_policy, true)
-  task_exec_ssm_param_arns                = lookup(each.value, "task_exec_ssm_param_arns", ["arn:aws:ssm:*:*:parameter/*"])
-  task_exec_secret_arns                   = lookup(each.value, "task_exec_secret_arns", ["arn:aws:secretsmanager:*:*:secret:*"])
-  task_exec_iam_statements                = lookup(each.value, "task_exec_iam_statements", {})
+
+  # Task execution IAM role policy
+  create_task_exec_policy  = try(each.value.create_task_exec_policy, true)
+  task_exec_ssm_param_arns = lookup(each.value, "task_exec_ssm_param_arns", ["arn:aws:ssm:*:*:parameter/*"])
+  task_exec_secret_arns    = lookup(each.value, "task_exec_secret_arns", ["arn:aws:secretsmanager:*:*:secret:*"])
+  task_exec_iam_statements = lookup(each.value, "task_exec_iam_statements", {})
 
   # Tasks - IAM role
   create_tasks_iam_role               = try(each.value.create_tasks_iam_role, true)

modules/cluster/README.md

@@ -1,6 +1,6 @@
-# AWS ECS Terraform module
+# Amazon ECS Cluster Terraform Module
 
-Terraform module which creates ECS (Elastic Container Service) resources on AWS.
+Terraform module which creates Amazon ECS (Elastic Container Service) cluster resources on AWS.
 
 ## Available Features
 
@@ -17,7 +17,7 @@ For more details see the [design doc](https://github.com/terraform-aws-modules/t
 
 ```hcl
 module "ecs_cluster" {
-  source = "terraform-aws-modules/ecs//modules/cluster"
+  source = "terraform-aws-modules/ecs/aws//modules/cluster"
 
   cluster_name = "ecs-fargate"
 
@@ -54,7 +54,7 @@ module "ecs_cluster" {
 
 ```hcl
 module "ecs_cluster" {
-  source = "terraform-aws-modules/ecs//modules/cluster"
+  source = "terraform-aws-modules/ecs/aws//modules/cluster"
 
   cluster_name = "ecs-ec2"
 
@@ -114,7 +114,7 @@ The following values are provided to toggle on/off creation of the associated re
 
 ```hcl
 module "ecs_cluster" {
-  source = "terraform-aws-modules/ecs//modules/cluster"
+  source = "terraform-aws-modules/ecs/aws//modules/cluster"
 
   # Disable creation of cluster and all resources
   create = false

modules/container-definition/README.md

@@ -1,6 +1,6 @@
-# ECS Container Definition Module
+# Amazon ECS Container Definition Module
 
-Configuration in this directory creates an ECS container definition.
+Configuration in this directory creates an Amazon ECS container definition.
 
 The module defaults to creating and utilizing a CloudWatch log group. You can disable this behavior by setting `enable_cloudwatch_logging` = `false` - useful for scenarios where Firelens is used for log forwarding.
 

modules/service/README.md

@@ -1,6 +1,6 @@
-# ECS Service Module
+# Amazon ECS Service Module
 
-Configuration in this directory creates an ECS Service and associated resources.
+Configuration in this directory creates an Amazon ECS Service and associated resources.
 
 Some notable configurations to be aware of when using this module:
 1. `desired_count`/`scale` is always ignored; the module is designed to utilize autoscaling by default (though it can be disabled)

modules/service/outputs.tf

@@ -38,7 +38,6 @@ output "iam_role_unique_id" {
 output "container_definitions" {
   description = "Container definitions"
   value       = module.container_definition
-  sensitive   = true
 }
 
 ################################################################################

outputs.tf

@@ -59,5 +59,4 @@ output "task_exec_iam_role_unique_id" {
 output "services" {
   description = "Map of services created and their attributes"
   value       = module.service
-  sensitive   = true
 }

wrappers/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  sensitive   = true # At least one sensitive module output (services) found (requires Terraform 0.14+)
+  # sensitive = false # No sensitive module output found
 }

wrappers/service/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  sensitive   = true # At least one sensitive module output (container_definitions) found (requires Terraform 0.14+)
+  # sensitive = false # No sensitive module output found
 }