Skip to content

Commit ad7d987

Browse files
mbarrienmbarrien
committed
Add README warning about ecs service tags
1 parent 9a6fa5a commit ad7d987

File tree

4 files changed

+43
-4
lines changed

4 files changed

+43
-4
lines changed

aws-ecs-job-fargate/README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,15 @@ container definition external to Terraform (e.g. using [czecs](https://github.co
1313
Terraform will use a stub definition, but from that point forward will ignore any
1414
changes to the definition, allowing external task definition management.
1515

16+
## Migrating old ECS services
17+
Older ECS services were created with an ARN in an old format that did not include the ECS cluster name as part of the ARN. AWS began allowing opt-in to the new ARN format starting November 15, 2018, and will require the new format starting January 1, 2020. ECS only allows applying tags (such as cost tags) on services that have the new ARN format. Applying tags to older ECS services using the old ARN format will return the following error message:
18+
```
19+
InvalidParameterException: Long arn format must be used for tagging operations
20+
```
21+
This module by default will assume your organization has opted in to the new ARN format and will apply tags to the ECS service. Creating new services after the opt-in will work fine, but migrating an existing older ECS service to using this module (via a state mv or an import) will encounter the above error message the next time it is applied.
22+
23+
Since changing a service to use the new ARN requires destroying and recreating the service, this can result in downtime. In such cases, you can opt-out applying tags by passing `tag_service = false` as an argument to the module. It is recommended that at the next possible down time, the ECS service be replaced by running `terraform taint`, and if `manage_task_definition = false` restoring the ECS task definition version (the taint/replace will restore to only the last stub definition). After the service is destroy/replaced, the `tag_service = false` argument can be removed.
24+
1625
<!-- START -->
1726
## Inputs
1827

aws-ecs-job/README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,16 @@ container definition external to Terraform (e.g. using [czecs](https://github.co
1313
Terraform will use a stub definition, but from that point forward will ignore any
1414
changes to the definition, allowing external task definition management.
1515

16+
## Migrating old ECS services
17+
Older ECS services were created with an ARN in an old format that did not include the ECS cluster name as part of the ARN. AWS began allowing opt-in to the new ARN format starting November 15, 2018, and will require the new format starting January 1, 2020. ECS only allows applying tags (such as cost tags) on services that have the new ARN format. Applying tags to older ECS services using the old ARN format will return the following error message:
18+
```
19+
InvalidParameterException: Long arn format must be used for tagging operations
20+
```
21+
This module by default will assume your organization has opted in to the new ARN format and will apply tags to the ECS service. Creating new services after the opt-in will work fine, but migrating an existing older ECS service to using this module (via a state mv or an import) will encounter the above error message the next time it is applied.
22+
23+
Since changing a service to use the new ARN requires destroying and recreating the service, this can result in downtime. In such cases, you can opt-out applying tags by passing `tag_service = false` as an argument to the module. It is recommended that at the next possible down time, the ECS service be replaced by running `terraform taint`, and if `manage_task_definition = false` restoring the ECS task definition version (the taint/replace will restore to only the last stub definition). After the service is destroy/replaced, the `tag_
24+
service = false` argument can be removed.
25+
1626
<!-- START -->
1727
## Inputs
1828

aws-ecs-service-fargate/README.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ resource "aws_iam_role" "role" {
4242
}
4343
4444
module "role-policy" {
45-
source = "github.com/chanzuckerberg/cztack//aws-params-reader-policy?ref=v0.19.4"
45+
source = "github.com/chanzuckerberg/cztack//aws-params-reader-policy?ref=v0.21.3"
4646
project = var.project
4747
env = var.env
4848
service = var.component
@@ -90,7 +90,7 @@ data "aws_acm_certificate" "staging" {
9090
}
9191
9292
module "web-service" {
93-
source = "github.com/chanzuckerberg/cztack//aws-ecs-service-fargate?ref=v0.20.0"
93+
source = "github.com/chanzuckerberg/cztack//aws-ecs-service-fargate?ref=v0.21.3"
9494
9595
# this is the name of the service and many of the resources will have this name
9696
service = "myservice"
@@ -142,6 +142,16 @@ tasks with DNS via ECS service discovery. If with_service_discovery is true, a n
142142
DNS zone is created, and the tasks are registered in that DNS zone. The domain name is only
143143
resolvable from within the VPC; it is not publicly resolvable.
144144

145+
## Migrating old ECS services
146+
Older ECS services were created with an ARN in an old format that did not include the ECS cluster name as part of the ARN. AWS began allowing opt-in to the new ARN format starting November 15, 2018, and will require the new format starting January 1, 2020. ECS only allows applying tags (such as cost tags) on services that have the new ARN format. Applying tags to older ECS services using the old ARN format will return the following error message:
147+
```
148+
InvalidParameterException: Long arn format must be used for tagging operations
149+
```
150+
This module by default will assume your organization has opted in to the new ARN format and will apply tags to the ECS service. Creating new services after the opt-in will work fine, but migrating an existing older ECS service to using this module (via a state mv or an import) will encounter the above error message the next time it is applied.
151+
152+
Since changing a service to use the new ARN requires destroying and recreating the service, this can result in downtime. In such cases, you can opt-out applying tags by passing `tag_service = false` as an argument to the module. It is recommended that at the next possible down time, the ECS service be replaced by running `terraform taint`, and if `manage_task_definition = false` restoring the ECS task definition version (the taint/replace will restore to only the last stub definition). After the service is destroy/replaced, the `tag_
153+
service = false` argument can be removed.
154+
145155
<!-- START -->
146156
## Inputs
147157

aws-ecs-service/README.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ resource "aws_iam_role" "role" {
3838
}
3939
4040
module "role-policy" {
41-
source = "github.com/chanzuckerberg/cztack//aws-params-reader-policy?ref=v0.19.4"
41+
source = "github.com/chanzuckerberg/cztack//aws-params-reader-policy?ref=v0.21.3"
4242
project = var.project
4343
env = var.env
4444
service = var.component
@@ -86,7 +86,7 @@ data "aws_acm_certificate" "staging" {
8686
}
8787
8888
module "web-service" {
89-
source = "github.com/chanzuckerberg/cztack//aws-ecs-service?ref=v0.20.0"
89+
source = "github.com/chanzuckerberg/cztack//aws-ecs-service?ref=v0.21.3"
9090
9191
# this is the name of the service and many of the resources will have this name
9292
service = "myservice"
@@ -134,6 +134,16 @@ tasks with DNS via ECS service discovery. If with_service_discovery is true, a n
134134
DNS zone is created, and the tasks are registered in that DNS zone. The domain name is only
135135
resolvable from within the VPC; it is not publicly resolvable.
136136

137+
## Migrating old ECS services
138+
Older ECS services were created with an ARN in an old format that did not include the ECS cluster name as part of the ARN. AWS began allowing opt-in to the new ARN format starting November 15, 2018, and will require the new format starting January 1, 2020. ECS only allows applying tags (such as cost tags) on services that have the new ARN format. Applying tags to older ECS services using the old ARN format will return the following error message:
139+
```
140+
InvalidParameterException: Long arn format must be used for tagging operations
141+
```
142+
This module by default will assume your organization has opted in to the new ARN format and will apply tags to the ECS service. Creating new services after the opt-in will work fine, but migrating an existing older ECS service to using this module (via a state mv or an import) will encounter the above error message the next time it is applied.
143+
144+
Since changing a service to use the new ARN requires destroying and recreating the service, this can result in downtime. In such cases, you can opt-out applying tags by passing `tag_service = false` as an argument to the module. It is recommended that at the next possible down time, the ECS service be replaced by running `terraform taint`, and if `manage_task_definition = false` restoring the ECS task definition version (the taint/replace will restore to only the last stub definition). After the service is destroy/replaced, the `tag_
145+
service = false` argument can be removed.
146+
137147
<!-- START -->
138148
## Inputs
139149

0 commit comments

Comments
 (0)