flightcontrolhq · flybayer · Jun 12, 2026 · Jun 12, 2026 · Jun 12, 2026 · Jun 12, 2026
diff --git a/AGENTS.md b/AGENTS.md
@@ -269,6 +269,16 @@ Follow [Semantic Versioning](https://semver.org/):
 | **MINOR** | New features | New module, new optional variable, new output |
 | **PATCH** | Bug fixes | Documentation fix, validation fix, non-breaking default change |
 
+### Module Definition Release Metadata
+
+For changes to `*-definition.yml` files, update the top-level `release.version` and `release.description` according to semantic versioning when the branch has not already bumped that definition for the current change set.
+
+- Before bumping, inspect the current branch diff against its base branch and check whether `release.version` or `release.description` for that same definition has already changed.
+- If the branch already contains a release metadata bump for that definition, update the existing `release.description` only when needed to accurately summarize the combined branch changes; do not bump the version again.
+- If no bump exists yet on the branch, choose the semver bump from the authored version based on the user-facing impact: major for breaking config or behavior changes, minor for new modules/features/optional inputs/outputs, and patch for fixes or documentation-only corrections.
+- Keep `release.description` concise and user-facing. It should summarize the publishable change, not mention local publish attempts or implementation details.
+- After making module-definition changes, publish a local development version for testing unless the user explicitly says not to. Use `make publish-local-dev MODULE=<definition.type>` or the equivalent tooling path.
+
 For local development publishes, do **not** bump `release.version` just to publish a new local copy. The local publish tooling automatically appends the next numeric prerelease suffix to the authored version, such as `0.2.1-1`, `0.2.1-2`, and so on.
 
 ## Testing Requirements

diff --git a/compute/ecs_service/.terraform.lock.hcl b/compute/ecs_service/.terraform.lock.hcl
diff --git a/compute/ecs_service/README.md b/compute/ecs_service/README.md
@@ -16,7 +16,7 @@ This module creates an Amazon ECS service with a placeholder task definition, lo
 - Application Auto Scaling with target tracking and scheduled scaling
 - AWS Cloud Map service discovery integration
 - Blue/green deployment infrastructure (managed by an external deployment controller)
-- Support for EFS and Docker volume configurations
+- Support for EFS, S3 Files, Docker, and EC2 host path volume configurations
 - Capacity provider strategy support for mixed Fargate/EC2 deployments
 
 ## Usage
@@ -291,7 +291,7 @@ module "worker_service" {
 | network_mode | Docker networking mode (awsvpc, bridge, host, none) | `string` | `"awsvpc"` | no |
 | requires_compatibilities | Launch type compatibility requirements | `list(string)` | `["FARGATE"]` | no |
 | runtime_platform | Runtime platform configuration (OS family, CPU architecture) | `object` | `{}` | no |
-| volumes | List of volume definitions (EFS or Docker) | `list(object)` | `[]` | no |
+| volumes | List of volume definitions (EFS, S3 Files, Docker, or EC2 host path) | `list(object)` | `[]` | no |
 
 ### CloudWatch Logs
 
@@ -471,7 +471,7 @@ The `service_discovery` object includes:
 │  │                        Task Definition                                  │  │
 │  │  • Container definitions (placeholder)   • CPU/Memory allocation       │  │
 │  │  • Execution role                        • Task role                   │  │
-│  │  • Network mode (awsvpc)                 • Volumes (EFS/Docker)        │  │
+│  │  • Network mode (awsvpc)                 • Volumes (EFS/S3/Docker/Host)│  │
 │  └────────────────────────────────────────────────────────────────────────┘  │
 │                                     │                                         │
 │                                     ▼                                         │
@@ -613,7 +613,7 @@ The `service_discovery` object includes:
 ║    │                                    aws_ecs_task_definition.this                                             │    ║
 ║    ├─────────────────────────────────────────────────────────────────────────────────────────────────────────────┤    ║
 ║    │ Configures: family, CPU, memory, network mode, container definitions (placeholder),                         │    ║
-║    │             execution_role_arn, task_role_arn, runtime_platform, volumes (EFS/Docker)                       │    ║
+║    │             execution_role_arn, task_role_arn, runtime_platform, volumes (EFS/S3/Docker/Host)               │    ║
 ║    │ Lifecycle: ignore_changes = all (external deployment controller manages updates)                            │    ║
 ║    └──────────────────────────────────────────────────────────────────────┬──────────────────────────────────────┘    ║
 ║                                                                           │                                            ║
@@ -926,6 +926,44 @@ volumes = [
 
 Note: The placeholder task definition does not mount volumes. Your application task definition (deployed by the external controller) should include the volume mounts.
 
+### How do I attach S3 Files volumes to my tasks?
+
+Configure the `volumes` variable with an S3 Files configuration:
+
+```hcl
+volumes = [
+  {
+    name = "my-s3files-volume"
+    s3files_volume_configuration = {
+      file_system_arn         = "arn:aws:s3files:us-east-1:123456789012:file-system/fs-12345678"
+      root_directory          = "/"
+      access_point_arn        = "arn:aws:s3files:us-east-1:123456789012:file-system/fs-12345678/access-point/fsap-12345678"
+      transit_encryption_port = 2999
+    }
+  }
+]
+```
+
+The task definition must include a task IAM role with the permissions required to attach the S3 Files file system to ECS tasks. If `task_role_arn` is null, attach the required permissions with `task_role_policies` or `task_role_inline_policies`.
+
+### How do I attach an EC2 host path to my tasks?
+
+Configure the `volumes` variable with a `host_path`. Host path volumes are supported only for EC2-compatible ECS tasks.
+
+```hcl
+launch_type              = "EC2"
+requires_compatibilities = ["EC2"]
+
+volumes = [
+  {
+    name      = "host-data"
+    host_path = "/var/lib/app-data"
+  }
+]
+```
+
+Mount the named volume from your deployed application task definition using a container mount point. Data remains on the EC2 container instance path and does not move with the task if ECS places a replacement task on another instance.
+
 ### How do I enable ECS Exec for debugging?
 
 Set `execute_command_enabled = true`. This will: