feat: add new vpc_id input

Sometimes, it happens that Terraform tries to recreate the security group of the ECS service whereas the VPC did not actually change. To avoid this issue, let's use the dependency inversion principle (described here https://developer.hashicorp.com/terraform/language/modules/develop/composition#dependency-inversion) by passing the VPC ID as an input.

Author: taufort

README.md

@@ -119,6 +119,8 @@ module "ecs" {
       }
 
       subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
+      vpc_id     = "vpc-jklmn789"
+
       security_group_ingress_rules = {
         alb_3000 = {
           description                  = "Service port"

examples/complete/main.tf

@@ -177,6 +177,7 @@ module "ecs" {
       ]
 
       subnet_ids                    = module.vpc.private_subnets
+      vpc_id                        = module.vpc.vpc_id
       availability_zone_rebalancing = "ENABLED"
       security_group_ingress_rules = {
         alb_3000 = {

modules/service/README.md

@@ -342,6 +342,7 @@ module "ecs_service" {
 | <a name="input_triggers"></a> [triggers](#input\_triggers) | Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `timestamp()` | `map(string)` | `null` | no |
 | <a name="input_volume"></a> [volume](#input\_volume) | Configuration block for volumes that containers in your task may use | <pre>map(object({<br/>    configure_at_launch = optional(bool)<br/>    docker_volume_configuration = optional(object({<br/>      autoprovision = optional(bool)<br/>      driver        = optional(string)<br/>      driver_opts   = optional(map(string))<br/>      labels        = optional(map(string))<br/>      scope         = optional(string)<br/>    }))<br/>    efs_volume_configuration = optional(object({<br/>      authorization_config = optional(object({<br/>        access_point_id = optional(string)<br/>        iam             = optional(string)<br/>      }))<br/>      file_system_id          = string<br/>      root_directory          = optional(string)<br/>      transit_encryption      = optional(string)<br/>      transit_encryption_port = optional(number)<br/>    }))<br/>    fsx_windows_file_server_volume_configuration = optional(object({<br/>      authorization_config = optional(object({<br/>        credentials_parameter = string<br/>        domain                = string<br/>      }))<br/>      file_system_id = string<br/>      root_directory = string<br/>    }))<br/>    host_path = optional(string)<br/>    name      = optional(string)<br/>  }))</pre> | `null` | no |
 | <a name="input_volume_configuration"></a> [volume\_configuration](#input\_volume\_configuration) | Configuration for a volume specified in the task definition as a volume that is configured at launch time | <pre>object({<br/>    name = string<br/>    managed_ebs_volume = object({<br/>      encrypted        = optional(bool)<br/>      file_system_type = optional(string)<br/>      iops             = optional(number)<br/>      kms_key_id       = optional(string)<br/>      size_in_gb       = optional(number)<br/>      snapshot_id      = optional(string)<br/>      tag_specifications = optional(list(object({<br/>        propagate_tags = optional(string, "TASK_DEFINITION")<br/>        resource_type  = string<br/>        tags           = optional(map(string))<br/>      })))<br/>      throughput  = optional(number)<br/>      volume_type = optional(string)<br/>    })<br/>  })</pre> | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID where to deploy the task or service. If not provided, the VPC ID is retrieved from the subnets. | `string` | `null` | no |
 | <a name="input_vpc_lattice_configurations"></a> [vpc\_lattice\_configurations](#input\_vpc\_lattice\_configurations) | The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs | <pre>object({<br/>    role_arn         = string<br/>    target_group_arn = string<br/>    port_name        = string<br/>  })</pre> | `null` | no |
 | <a name="input_wait_for_steady_state"></a> [wait\_for\_steady\_state](#input\_wait\_for\_steady\_state) | If true, Terraform will wait for the service to reach a steady state before continuing. Default is `false` | `bool` | `null` | no |
 | <a name="input_wait_until_stable"></a> [wait\_until\_stable](#input\_wait\_until\_stable) | Whether terraform should wait until the task set has reached `STEADY_STATE` | `bool` | `null` | no |

modules/service/main.tf

@@ -1651,7 +1651,7 @@ resource "aws_security_group" "this" {
   name        = var.security_group_use_name_prefix ? null : local.security_group_name
   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
   description = var.security_group_description
-  vpc_id      = data.aws_subnet.this[0].vpc_id
+  vpc_id      = var.vpc_id != null ? var.vpc_id : data.aws_subnet.this[0].vpc_id
 
   tags = merge(
     var.tags,

modules/service/variables.tf

@@ -208,6 +208,13 @@ variable "subnet_ids" {
   nullable    = false
 }
 
+variable "vpc_id" {
+  description = "The VPC ID where to deploy the task or service. If not provided, the VPC ID is retrieved from the subnets."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
 variable "ordered_placement_strategy" {
   description = "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence"
   type = map(object({

wrappers/service/main.tf

@@ -138,6 +138,7 @@ module "wrapper" {
   triggers                                = try(each.value.triggers, var.defaults.triggers, null)
   volume                                  = try(each.value.volume, var.defaults.volume, null)
   volume_configuration                    = try(each.value.volume_configuration, var.defaults.volume_configuration, null)
+  vpc_id                                  = try(each.value.vpc_id, var.defaults.vpc_id, null)
   vpc_lattice_configurations              = try(each.value.vpc_lattice_configurations, var.defaults.vpc_lattice_configurations, null)
   wait_for_steady_state                   = try(each.value.wait_for_steady_state, var.defaults.wait_for_steady_state, null)
   wait_until_stable                       = try(each.value.wait_until_stable, var.defaults.wait_until_stable, null)