terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎main.tf‎
Lines changed: 1 addition & 0 deletions b/‎main.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎variables.tf‎
Lines changed: 6 additions & 0 deletions b/‎variables.tf‎
Lines changed: 6 additions & 0 deletions
@@ -370,6 +370,7 @@ allow_github_webhooks = true
 | <a name="input_github_webhooks_ipv6_cidr_blocks"></a> [github\_webhooks\_ipv6\_cidr\_blocks](#input\_github\_webhooks\_ipv6\_cidr\_blocks) | List of IPv6 CIDR blocks used by GitHub webhooks | `list(string)` | <pre>[<br> "2a0a:a440::/29",<br> "2606:50c0::/32"<br>]</pre> | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | Whether the load balancer is internal or external | `bool` | `false` | no |
 | <a name="input_manage_default_security_group"></a> [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |
+| <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Maximum session duration (in seconds) for ecs task execution role. Default is 3600. | `number` | `null` | no |
 | <a name="input_mount_points"></a> [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional. | `list(any)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use on all resources created (VPC, ALB, etc) | `string` | `"atlantis"` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
 
@@ -530,6 +530,7 @@ data "aws_iam_policy_document" "ecs_tasks" {
 resource "aws_iam_role" "ecs_task_execution" {
  name = "${var.name}-ecs_task_execution"
  assume_role_policy = data.aws_iam_policy_document.ecs_tasks.json
+ max_session_duration = var.max_session_duration
  permissions_boundary = var.permissions_boundary
 
  tags = local.tags
 
@@ -718,3 +718,9 @@ variable "runtime_platform" {
  type = any
  default = null
 }
+
+variable "max_session_duration" {
+ description = "Maximum session duration (in seconds) for ecs task execution role. Default is 3600."
+ type = number
+ default = null
+}