From 14541014fa299d0e1c816e39433a7754ad2a8e1b Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Mon, 10 Apr 2023 17:39:56 -0700 Subject: [PATCH 1/9] i think the module is ready --- modules/hcp-ecs-client/services.tf | 70 ++++++++++++++++++------------ 1 file changed, 42 insertions(+), 28 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index 6846148..eb5da1a 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -3,23 +3,24 @@ module "acl-controller" { source = "hashicorp/consul-ecs/aws//modules/acl-controller" - version = "0.4.2" + version = "0.6.0" log_configuration = { logDriver = "awslogs" options = { awslogs-group = aws_cloudwatch_log_group.log_group.name awslogs-region = var.region - awslogs-stream-prefix = "consul-acl-controller" + awslogs-stream-prefix = "consul-acl-controller-hcp" } } consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn + consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn ecs_cluster_arn = aws_ecs_cluster.clients.arn region = var.region subnets = var.private_subnet_ids - + #security_groups = [aws_security_group.disney_sg.id] name_prefix = local.secret_prefix } @@ -59,7 +60,7 @@ resource "aws_iam_role" "frontend-execution-role" { module "frontend" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.6.0" family = "frontend" task_role = aws_iam_role.frontend-task-role @@ -113,14 +114,16 @@ module "frontend" { retry_join = var.client_retry_join consul_datacenter = var.datacenter consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" - + consul_partition = "default" + consul_namespace = "default" tls = true consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix + #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn + #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "frontend" { @@ -181,7 +184,7 @@ resource "aws_iam_role" "public-api-execution-role" { module "public-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.6.0" family = "public-api" task_role = aws_iam_role.public-api-task-role @@ -254,14 +257,16 @@ module "public-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" - + consul_partition = "default" + consul_namespace = "default" tls = true consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix + #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn + #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "public-api" { @@ -322,7 +327,7 @@ resource "aws_iam_role" "payment-api-execution-role" { module "payment-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.6.0" family = "payment-api" task_role = aws_iam_role.payment-api-task-role @@ -365,17 +370,20 @@ module "payment-api" { port = local.payment_api_port + retry_join = var.client_retry_join consul_datacenter = var.datacenter consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" - + consul_partition = "default" + consul_namespace = "default" tls = true consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix + #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn + #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "payment-api" { @@ -430,7 +438,7 @@ resource "aws_iam_role" "product-api-execution-role" { module "product-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.6.0" family = "product-api" task_role = aws_iam_role.product-api-task-role @@ -490,17 +498,20 @@ module "product-api" { port = local.product_api_port + retry_join = var.client_retry_join consul_datacenter = var.datacenter consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" - + consul_partition = "default" + consul_namespace = "default" tls = true consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix + #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn + #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-api" { @@ -555,7 +566,7 @@ resource "aws_iam_role" "product-db-execution-role" { module "product-db" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.6.0" family = "product-db" task_role = aws_iam_role.product-db-task-role @@ -612,17 +623,20 @@ module "product-db" { port = local.product_db_port + retry_join = var.client_retry_join consul_datacenter = var.datacenter consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" - + consul_partition = "default" + consul_namespace = "default" tls = true consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix + #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn + #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-db" { From a8dda48d6bde4de91fcdd6abde6bf8686eada4ad Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Mon, 10 Apr 2023 18:13:26 -0700 Subject: [PATCH 2/9] lets try again --- modules/hcp-ecs-client/services.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index eb5da1a..ff367f2 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -14,6 +14,8 @@ module "acl-controller" { } } + #consul_http_addr = var.consul_url + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn From d4a63a04452a9931838782991835f77a6bbec96a Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Tue, 11 Apr 2023 14:56:10 -0700 Subject: [PATCH 3/9] updating acl_controller to use consul_http_addr --- modules/hcp-ecs-client/services.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index ff367f2..c2b2b3a 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -14,11 +14,11 @@ module "acl-controller" { } } - #consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn - consul_server_http_addr = var.consul_url + consul_http_addr = var.consul_url + consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn - consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn ecs_cluster_arn = aws_ecs_cluster.clients.arn region = var.region subnets = var.private_subnet_ids From 465664cb4d9f434309cf5f429356057498a4c9a0 Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Tue, 11 Apr 2023 15:58:55 -0700 Subject: [PATCH 4/9] reverting wrong changes and adding sg --- modules/hcp-ecs-client/services.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index c2b2b3a..f903d85 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -14,15 +14,15 @@ module "acl-controller" { } } - consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn - #consul_server_http_addr = var.consul_url + #consul_http_addr = var.consul_url + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn - #consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn ecs_cluster_arn = aws_ecs_cluster.clients.arn region = var.region subnets = var.private_subnet_ids - #security_groups = [aws_security_group.disney_sg.id] + security_groups = [var.security_group_id] name_prefix = local.secret_prefix } From 471ac5e23aa0354b725ed7589da16ae4b679379c Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Tue, 11 Apr 2023 18:36:01 -0700 Subject: [PATCH 5/9] removing consul_https_ca_cert_arn --- modules/hcp-ecs-client/services.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index f903d85..16385f7 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -122,7 +122,7 @@ module "frontend" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn #acl_secret_name_prefix = local.secret_prefix @@ -265,7 +265,7 @@ module "public-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn #acl_secret_name_prefix = local.secret_prefix @@ -382,7 +382,7 @@ module "payment-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn #acl_secret_name_prefix = local.secret_prefix @@ -510,7 +510,7 @@ module "product-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn #acl_secret_name_prefix = local.secret_prefix @@ -635,7 +635,7 @@ module "product-db" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn acls = true #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn #acl_secret_name_prefix = local.secret_prefix From fe8d681b713dfabd8e73b34f041a483975dd6b4f Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Wed, 12 Apr 2023 09:44:12 -0700 Subject: [PATCH 6/9] removing server CA --- modules/hcp-ecs-client/services.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index 16385f7..a679ac0 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -18,7 +18,7 @@ module "acl-controller" { #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn - consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn ecs_cluster_arn = aws_ecs_cluster.clients.arn region = var.region subnets = var.private_subnet_ids From 4540c433585544d8ec54b4f6003a6862888371de Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Wed, 12 Apr 2023 15:43:44 -0700 Subject: [PATCH 7/9] updating enterprise versions --- modules/hcp-ecs-client/services.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index a679ac0..546db48 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -115,7 +115,7 @@ module "frontend" { retry_join = var.client_retry_join consul_datacenter = var.datacenter - consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" + consul_image = "public.ecr.aws/hashicorp/consul-enterprise:${var.consul_version}-ent" consul_partition = "default" consul_namespace = "default" tls = true @@ -258,7 +258,7 @@ module "public-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter - consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" + consul_image = "public.ecr.aws/hashicorp/consul-enterprise:${var.consul_version}-ent" consul_partition = "default" consul_namespace = "default" tls = true @@ -375,7 +375,7 @@ module "payment-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter - consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" + consul_image = "public.ecr.aws/hashicorp/consul-enterprise:${var.consul_version}-ent" consul_partition = "default" consul_namespace = "default" tls = true @@ -503,7 +503,7 @@ module "product-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter - consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" + consul_image = "public.ecr.aws/hashicorp/consul-enterprise:${var.consul_version}-ent" consul_partition = "default" consul_namespace = "default" tls = true @@ -628,7 +628,7 @@ module "product-db" { retry_join = var.client_retry_join consul_datacenter = var.datacenter - consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" + consul_image = "public.ecr.aws/hashicorp/consul-enterprise:${var.consul_version}-ent" consul_partition = "default" consul_namespace = "default" tls = true From ce9fb01f628da905e0329d4bc47fcd99bde6e5ab Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Mon, 17 Apr 2023 15:27:24 -0700 Subject: [PATCH 8/9] little clean up before PR --- modules/hcp-ecs-client/services.tf | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index 546db48..1f514bc 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -13,12 +13,9 @@ module "acl-controller" { awslogs-stream-prefix = "consul-acl-controller-hcp" } } - - #consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn consul_server_http_addr = var.consul_url consul_bootstrap_token_secret_arn = aws_secretsmanager_secret.bootstrap_token.arn - #consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP ecs_cluster_arn = aws_ecs_cluster.clients.arn region = var.region subnets = var.private_subnet_ids @@ -122,10 +119,8 @@ module "frontend" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP acls = true - #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "frontend" { @@ -265,10 +260,8 @@ module "public-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP acls = true - #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "public-api" { @@ -382,10 +375,8 @@ module "payment-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP acls = true - #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "payment-api" { @@ -510,10 +501,8 @@ module "product-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP acls = true - #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-api" { @@ -635,10 +624,8 @@ module "product-db" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn consul_http_addr = var.consul_url - #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn + #consul_https_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn #Do not configure for HCP acls = true - #consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - #acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-db" { From e9a2131450ccd09f539a575a5764373a0a376e16 Mon Sep 17 00:00:00 2001 From: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com> Date: Fri, 2 Jun 2023 12:10:56 -0700 Subject: [PATCH 9/9] udpating aws_ecs_cluster for version 0.5.0+ --- modules/hcp-ecs-client/main.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/hcp-ecs-client/main.tf b/modules/hcp-ecs-client/main.tf index 5d3153b..4b2868f 100644 --- a/modules/hcp-ecs-client/main.tf +++ b/modules/hcp-ecs-client/main.tf @@ -42,9 +42,18 @@ resource "aws_security_group_rule" "allow_http_inbound" { resource "aws_ecs_cluster" "clients" { name = "hcp-ecs-cluster-${random_id.id.dec}" + #capacity_providers = ["FARGATE"] removed as it is no longer an option as of 0.5.0 + + depends_on = [var.nat_public_ips] +} + +#new resource as aws_ecs_cluster 0.5.0+ removed capacity_providers option + +resource "aws_ecs_cluster_capacity_providers" "clients" { + cluster_name = aws_ecs_cluster.clients.name + capacity_providers = ["FARGATE"] - depends_on = [var.nat_public_ips] } resource "random_id" "id" {