terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/complete/main.tf‎
Lines changed: 4 additions & 2 deletions b/‎examples/complete/main.tf‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎main.tf‎
Lines changed: 1 addition & 0 deletions b/‎main.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎modules/service/README.md‎
Lines changed: 1 addition & 0 deletions b/‎modules/service/README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎modules/service/main.tf‎
Lines changed: 1 addition & 0 deletions b/‎modules/service/main.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎modules/service/variables.tf‎
Lines changed: 6 additions & 0 deletions b/‎modules/service/variables.tf‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎variables.tf‎
Lines changed: 1 addition & 0 deletions b/‎variables.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎wrappers/service/main.tf‎
Lines changed: 1 addition & 0 deletions b/‎wrappers/service/main.tf‎
Lines changed: 1 addition & 0 deletions
@@ -226,8 +226,10 @@ module "ecs" {
  }
  }
 
- tasks_iam_role_name = "${local.name}-tasks"
- tasks_iam_role_description = "Example tasks IAM role for ${local.name}"
+ tasks_iam_role_name = "${local.name}-tasks"
+ tasks_iam_role_description = "Example tasks IAM role for ${local.name}"
+ tasks_iam_role_max_session_duration = 7200
+
  tasks_iam_role_policies = {
  ReadOnlyAccess = "arn:aws:iam::aws:policy/ReadOnlyAccess"
  }
 
@@ -158,6 +158,7 @@ module "service" {
  tasks_iam_role_tags = each.value.tasks_iam_role_tags
  tasks_iam_role_policies = each.value.tasks_iam_role_policies
  tasks_iam_role_statements = each.value.tasks_iam_role_statements
+ tasks_iam_role_max_session_duration = each.value.tasks_iam_role_max_session_duration
 
  # Task set
  external_id = each.value.external_id
 
@@ -331,6 +331,7 @@ module "ecs_service" {
 | <a name="input_task_tags"></a> [task\_tags](#input\_task\_tags) | A map of additional tags to add to the task definition/set created | `map(string)` | `{}` | no |
 | <a name="input_tasks_iam_role_arn"></a> [tasks\_iam\_role\_arn](#input\_tasks\_iam\_role\_arn) | Existing IAM role ARN | `string` | `null` | no |
 | <a name="input_tasks_iam_role_description"></a> [tasks\_iam\_role\_description](#input\_tasks\_iam\_role\_description) | Description of the role | `string` | `null` | no |
+| <a name="input_tasks_iam_role_max_session_duration"></a> [tasks\_iam\_role\_max\_session\_duration](#input\_tasks\_iam\_role\_max\_session\_duration) | Maximum session duration (in seconds) for ECS tasks role. Default is 3600. | `number` | `null` | no |
 | <a name="input_tasks_iam_role_name"></a> [tasks\_iam\_role\_name](#input\_tasks\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |
 | <a name="input_tasks_iam_role_path"></a> [tasks\_iam\_role\_path](#input\_tasks\_iam\_role\_path) | IAM role path | `string` | `null` | no |
 | <a name="input_tasks_iam_role_permissions_boundary"></a> [tasks\_iam\_role\_permissions\_boundary](#input\_tasks\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
 
@@ -1247,6 +1247,7 @@ resource "aws_iam_role" "tasks" {
  description = var.tasks_iam_role_description
 
  assume_role_policy = data.aws_iam_policy_document.tasks_assume[0].json
+ max_session_duration = var.tasks_iam_role_max_session_duration
  permissions_boundary = var.tasks_iam_role_permissions_boundary
  force_detach_policies = true
 
 
@@ -977,6 +977,12 @@ variable "tasks_iam_role_statements" {
  default = null
 }
 
+variable "tasks_iam_role_max_session_duration" {
+ description = "Maximum session duration (in seconds) for ECS tasks role. Default is 3600."
+ type = number
+ default = null
+}
+
 ################################################################################
 # Task Set
 ################################################################################
 
@@ -690,6 +690,7 @@ variable "services" {
  tasks_iam_role_permissions_boundary = optional(string)
  tasks_iam_role_tags = optional(map(string))
  tasks_iam_role_policies = optional(map(string))
+ tasks_iam_role_max_session_duration = optional(number)
  tasks_iam_role_statements = optional(list(object({
  sid = optional(string)
  actions = optional(list(string))
 
@@ -127,6 +127,7 @@ module "wrapper" {
  task_tags = try(each.value.task_tags, var.defaults.task_tags, {})
  tasks_iam_role_arn = try(each.value.tasks_iam_role_arn, var.defaults.tasks_iam_role_arn, null)
  tasks_iam_role_description = try(each.value.tasks_iam_role_description, var.defaults.tasks_iam_role_description, null)
+ tasks_iam_role_max_session_duration = try(each.value.tasks_iam_role_max_session_duration, var.defaults.tasks_iam_role_max_session_duration, null)
  tasks_iam_role_name = try(each.value.tasks_iam_role_name, var.defaults.tasks_iam_role_name, null)
  tasks_iam_role_path = try(each.value.tasks_iam_role_path, var.defaults.tasks_iam_role_path, null)
  tasks_iam_role_permissions_boundary = try(each.value.tasks_iam_role_permissions_boundary, var.defaults.tasks_iam_role_permissions_boundary, null)
Original file line number	Diff line number	Diff line change
`@@ -226,8 +226,10 @@ module "ecs" {`
`226`	`226`	`}`
`227`	`227`	`}`
`228`	`228`
`229`		`- tasks_iam_role_name = "${local.name}-tasks"`
`230`		`- tasks_iam_role_description = "Example tasks IAM role for ${local.name}"`
	`229`	`+ tasks_iam_role_name = "${local.name}-tasks"`
	`230`	`+ tasks_iam_role_description = "Example tasks IAM role for ${local.name}"`
	`231`	`+ tasks_iam_role_max_session_duration = 7200`
	`232`	`+`
`231`	`233`	`tasks_iam_role_policies = {`
`232`	`234`	`ReadOnlyAccess = "arn:aws:iam::aws:policy/ReadOnlyAccess"`
`233`	`235`	`}`