-1

I have a terraform configuration to create task definition in ECS Fargate.

The main.tf file looks like this:

...

data "template_file" "td_template" {
  template = td.tpl")
  vars = {   
    linux_capabilities = ""
  }
}

resource "aws_ecs_task_definition" "fargate" {
  family                   = "mytd"
  container_definitions    = data.template_file.td_template.rendered
  network_mode             = "awsvpc"
  cpu                      = "1024"
  memory                   = "2048"
  execution_role_arn       = "arn:aws:iam::xxxxx:role/ecs"
  task_role_arn            = "arn:aws:iam::xxxxx:role/ecs"
}

...

And, the td.tpl file looks like this:

[
  {
    "image": "xxxxx.dkr.ecr.eu-west-1.amazonaws.com/myserv:latest",
    "name": "myserv",
    "linuxParameters": {
      "capabilities": {
        "add": ["${linux_capabilities}"]
        }
      },
    "cpu": 1024,
    "memory": 2048
  }
]

I wanted to parameterize that linux capabilities thing. If I add some values(for eg: below snippet) to that linux_capabilities parameter in data statement, It works.

linux_capabilities = "SYS_PTRACE"

But, with empty "" doesn't work. It shows this error:

Error: error creating ECS Task Definition (missing-back-svc): ClientException: Unrecognized Linux capabilities in add: []

Does anyone has any idea about parameterizing(set and unset) those linux capabilities settings?

Any suggestions are appreciated.

Deependra Dangal
  • 1,145
  • 1
  • 13
  • 36
  • So when you define the capability it works? But you don't want to use it? Maybe set the value to null instead of an empty string and check if that works. – Marko E Mar 10 '22 at 14:06
  • You can see the example here that I have on how to pass list and map to tpl file: https://github.com/tomarv2/terraform-aws-ecs/blob/main/modules/ecs/container-definition.tf – tomarv2 Mar 10 '22 at 14:44

1 Answers1

1

The problem is the double quotes in the template. You have no way of creating the JSON "add": [] the best you can do is "add": [""] which is invalid. Passing null would give you "add": ["null"]

Also, you are using the deprecated template_file resource, instead of the newer built-in templatefile function.

I suggest switching to templatefile, and then adding a conditional directive in your template that completely removes the "capabilities": {} block if there is an empty string or null passed in.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Thanks @Mark B. I will try that. But, we have having our doubts with terraform deployment and planning to create a custom boto3 script for that. I will check the above one and Let you know. – Deependra Dangal Mar 10 '22 at 15:21