diff --git a/modules/service/README.md b/modules/service/README.md
index 799e9993..4faaf8f1 100644
--- a/modules/service/README.md
+++ b/modules/service/README.md
@@ -294,6 +294,7 @@ module "ecs_service" {
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [task\_definition\_arn](#input\_task\_definition\_arn) | Existing task definition ARN. Required when `create_task_definition` is `false` | `string` | `null` | no |
| [task\_definition\_placement\_constraints](#input\_task\_definition\_placement\_constraints) | Configuration block for rules that are taken into consideration during task placement (up to max of 10). This is set at the task definition, see `placement_constraints` for setting at the service | `any` | `{}` | no |
+| [task\_exec\_iam\_policy\_path](#input\_task\_exec\_iam\_policy\_path) | Path for the iam role | `string` | `null` | no |
| [task\_exec\_iam\_role\_arn](#input\_task\_exec\_iam\_role\_arn) | Existing IAM role ARN | `string` | `null` | no |
| [task\_exec\_iam\_role\_description](#input\_task\_exec\_iam\_role\_description) | Description of the role | `string` | `null` | no |
| [task\_exec\_iam\_role\_max\_session\_duration](#input\_task\_exec\_iam\_role\_max\_session\_duration) | Maximum session duration (in seconds) for ECS task execution role. Default is 3600. | `number` | `null` | no |
diff --git a/modules/service/main.tf b/modules/service/main.tf
index 48434739..b7ecef9e 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -894,8 +894,8 @@ resource "aws_iam_policy" "task_exec" {
name_prefix = var.task_exec_iam_role_use_name_prefix ? "${local.task_exec_iam_role_name}-" : null
description = coalesce(var.task_exec_iam_role_description, "Task execution role IAM policy")
policy = data.aws_iam_policy_document.task_exec[0].json
-
- tags = merge(var.tags, var.task_exec_iam_role_tags)
+ path = var.task_exec_iam_policy_path
+ tags = merge(var.tags, var.task_exec_iam_role_tags)
}
resource "aws_iam_role_policy_attachment" "task_exec" {
diff --git a/modules/service/variables.tf b/modules/service/variables.tf
index 1c542e15..9a55e989 100644
--- a/modules/service/variables.tf
+++ b/modules/service/variables.tf
@@ -468,6 +468,12 @@ variable "task_exec_iam_statements" {
default = {}
}
+variable "task_exec_iam_policy_path" {
+ description = "Path for the iam role"
+ type = string
+ default = null
+}
+
################################################################################
# Tasks - IAM role
# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
diff --git a/wrappers/service/main.tf b/wrappers/service/main.tf
index 3dbd9e46..9a7d6aec 100644
--- a/wrappers/service/main.tf
+++ b/wrappers/service/main.tf
@@ -98,6 +98,7 @@ module "wrapper" {
tags = try(each.value.tags, var.defaults.tags, {})
task_definition_arn = try(each.value.task_definition_arn, var.defaults.task_definition_arn, null)
task_definition_placement_constraints = try(each.value.task_definition_placement_constraints, var.defaults.task_definition_placement_constraints, {})
+ task_exec_iam_policy_path = try(each.value.task_exec_iam_policy_path, var.defaults.task_exec_iam_policy_path, null)
task_exec_iam_role_arn = try(each.value.task_exec_iam_role_arn, var.defaults.task_exec_iam_role_arn, null)
task_exec_iam_role_description = try(each.value.task_exec_iam_role_description, var.defaults.task_exec_iam_role_description, null)
task_exec_iam_role_max_session_duration = try(each.value.task_exec_iam_role_max_session_duration, var.defaults.task_exec_iam_role_max_session_duration, null)