Fix terraform security groups (#48)

* fixed the security groups

* added service identifier

* reverted example to mocks

* allowing to override the ecr repo url

* renamed

* renamed

* moved to locals

deployment/terraform/aws/ecs/main.tf

@@ -1,3 +1,10 @@
+locals {
+  security_groups = concat(
+    var.additional_security_groups,
+    var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].security_groups : []
+  )
+}
+
 data "jsonschema_validator" "event_listener_validation" {
   document = jsonencode(var.event_listener)
   schema   = "${path.module}/defaults/event_listener.json"
@@ -18,8 +25,10 @@ module "port_ocean_ecs" {
   cluster_name = var.cluster_name
 
 
-  lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : ""
-  additional_security_groups   = var.additional_security_groups
+  lb_targ_group_arn          = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : ""
+  additional_security_groups = local.security_groups
+
+  image_registry = var.image_registry
 
   port = {
     client_id     = var.port.client_id

deployment/terraform/aws/ecs/modules/ecs_lb/outputs.tf

@@ -11,5 +11,7 @@ output "target_group_arn" {
 }
 
 output "security_groups" {
-  value = aws_lb.ocean_lb.security_groups
+  value = var.create_default_sg ? concat(
+    var.additional_security_groups, [aws_security_group.default_ocean_sg[0].id]
+  ) : var.additional_security_groups
 }

deployment/terraform/aws/ecs/modules/ecs_service/main.tf

@@ -64,7 +64,10 @@ data "aws_iam_policy_document" "ecs_assume_role_policy" {
 
     principals {
       type        = "Service"
-      identifiers = ["ecs-tasks.amazonaws.com"]
+      identifiers = [
+        "ecs-tasks.amazonaws.com",
+        "ecs.amazonaws.com"
+      ]
     }
   }
 }
@@ -153,7 +156,7 @@ resource "aws_ecs_task_definition" "service_task_definition" {
   container_definitions = jsonencode(
     [
       {
-        image       = "${var.ecr_repo_url}/port-ocean-${var.integration.type}:${var.integration_version}",
+        image       = "${var.image_registry}/port-ocean-${var.integration.type}:${var.integration_version}",
         cpu         = var.cpu,
         memory      = var.memory,
         name        = local.service_name,

deployment/terraform/aws/ecs/modules/ecs_service/variables.tf

@@ -1,4 +1,4 @@
-variable "ecr_repo_url" {
+variable "image_registry" {
   type    = string
   default = "ghcr.io/port-labs"
 }

deployment/terraform/aws/ecs/variables.tf

@@ -44,7 +44,7 @@ variable "egress_ports" {
   default = []
 }
 
-variable "ecr_repo_url" {
+variable "image_registry" {
   type    = string
   default = "ghcr.io/port-labs"
 }