diff --git a/.terraform-docs.yaml b/.terraform-docs.yaml
new file mode 100644
index 0000000..95cc671
--- /dev/null
+++ b/.terraform-docs.yaml
@@ -0,0 +1,69 @@
+formatter: "markdown"
+header-from: main.tf
+
+sort:
+  enabled: true
+  by: required
+
+content: |-
+  {{ .Header }}
+
+  ![GitHub release](https://img.shields.io/github/release/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) ![GitHub](https://img.shields.io/github/license/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square)
+
+  > A Terraform module for creating Amazon [ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html)
+
+  ## NOTICE
+
+  **THIS MODULE IS NOT COMPATIBLE WITH VERSIONS OF TERRAFORM LESS THAN v0.12.x. PLEASE REFER TO THE OFFICIAL [DOCUMENTATION](https://www.terraform.io/upgrade-guides/0-12.html) FOR UPGRADING TO THE LATEST VERSION OF TERRAFORM.**
+
+  ## Contents
+
+  - [Motivation](#motivation)
+    - [Use Cases](#use-cases)
+  - [Requirements](#requirements)
+  - [Usage](#usage)
+    - [Multiple Container Definitions](#multiple-container-definitions)
+  - [Inputs](#inputs)
+  - [Outputs](#outputs)
+  - [Testing](#testing)
+  - [License](#license)
+
+  ## Motivation
+
+  The purpose of this module is to generate a valid Amazon [ECS Task Definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html) dynamically. A task definition is required to run Docker containers in Amazon ECS. A task definition contains a list of [container definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definitions) received by the Docker daemon to create a container instance.
+
+  ### Use Cases
+
+  - Have Terraform generate valid task definitions dynamically
+  - Update the ECS task definition and trigger new [service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) deployments automatically (see [examples/ecs_update_service.tf](examples/ecs_update_service.tf))
+
+  ## Requirements
+
+  - [Terraform](https://www.terraform.io/downloads.html)
+  - [Go](https://golang.org/dl/) (for testing)
+  ## Usage
+  
+  {{ .Providers }}
+
+  {{ .Outputs }}
+
+  ## available tfvar inputs
+
+  ```hcl
+  # null are required inputs, 
+  # others are optional default values
+
+  {{ include "example.tfvars" }}
+  ```
+
+  {{ .Inputs }}
+
+  ---
+  README.md created by: `terraform-docs`
+
+output:
+  file: "./README.md"
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
diff --git a/README.md b/README.md
index 6cb8a29..7ae09d1 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
+<!-- BEGIN_TF_DOCS -->
+
+
 ![GitHub release](https://img.shields.io/github/release/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square) ![GitHub](https://img.shields.io/github/license/mongodb/terraform-aws-ecs-task-definition.svg?style=flat-square)
 
 > A Terraform module for creating Amazon [ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html)
@@ -31,155 +34,147 @@ The purpose of this module is to generate a valid Amazon [ECS Task Definition](h
 
 - [Terraform](https://www.terraform.io/downloads.html)
 - [Go](https://golang.org/dl/) (for testing)
-
 ## Usage
 
-This module uses the same parameters as the [`ContainerDefinition`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) object. Given the following Terraform configuration:
-
-```hcl
-provider "aws" {}
-
-module "mongo-task-definition" {
-  source = "github.com/mongodb/terraform-aws-ecs-task-definition"
-
-  family = "mongo"
-  image  = "mongo:3.6"
-  memory = 512
-  name   = "mongo"
-
-  portMappings = [
-    {
-      containerPort = 27017
-    },
-  ]
-}
-```
-
-Invoking the commands defined below creates an ECS task definition with the following [`containerDefinitions`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RegisterTaskDefinition.html#ECS-RegisterTaskDefinition-request-containerDefinitions):
-
-    $ terraform init
-    $ terraform apply
-
-```json
-[
-  {
-    "command": null,
-    "cpu": null,
-    "disableNetworking": false,
-    "dnsSearchDomains": null,
-    "dnsServers": null,
-    "dockerLabels": null,
-    "dockerSecurityOptions": null,
-    "entryPoint": null,
-    "environment": null,
-    "essential": true,
-    "extraHosts": null,
-    "healthCheck": null,
-    "hostname": null,
-    "image": "mongo:3.6",
-    "interactive": false,
-    "links": null,
-    "linuxParameters": null,
-    "logConfiguration": null,
-    "memory": 512,
-    "memoryReservation": null,
-    "mountPoints": null,
-    "name": "mongo",
-    "portMappings": [{"containerPort":27017}],
-    "privileged": false,
-    "pseudoTerminal": false,
-    "readonlyRootFilesystem": false,
-    "repositoryCredentials": null,
-    "resourceRequirements": null,
-    "secrets": null,
-    "systemControls": null,
-    "ulimits": null,
-    "user": null,
-    "volumesFrom": null,
-    "workingDirectory": null
-  }
-]
-```
-
-### Multiple Container Definitions
-
-By default, this module creates a task definition with a single container definition. To create a task definition with multiple container definitions, refer to the documentation of the [`merge`](modules/merge) module.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
-| template | n/a |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
-| command | The command that is passed to the container | `list(string)` | `[]` | no |
-| cpu | The number of cpu units reserved for the container | `number` | `0` | no |
-| disableNetworking | When this parameter is true, networking is disabled within the container | `bool` | `false` | no |
-| dnsSearchDomains | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no |
-| dnsServers | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no |
-| dockerLabels | A key/value map of labels to add to the container | `map(string)` | `{}` | no |
-| dockerSecurityOptions | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no |
-| entryPoint | The entry point that is passed to the container | `list(string)` | `[]` | no |
-| environment | The environment variables to pass to a container | `list(map(string))` | `[]` | no |
-| essential | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no |
-| execution\_role\_arn | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no |
-| extraHosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | `list(string)` | `[]` | no |
-| family | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes |
-| healthCheck | The health check command and associated configuration parameters for the container | `any` | `{}` | no |
-| hostname | The hostname to use for your container | `string` | `""` | no |
-| image | The image used to start a container | `string` | `""` | no |
-| interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no |
-| ipc\_mode | The IPC resource namespace to use for the containers in the task | `string` | `"host"` | no |
-| links | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no |
-| linuxParameters | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no |
-| logConfiguration | The log configuration specification for the container | `any` | `{}` | no |
-| memory | The hard limit (in MiB) of memory to present to the container | `number` | `0` | no |
-| memoryReservation | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no |
-| mountPoints | The mount points for data volumes in your container | `list(any)` | `[]` | no |
-| name | The name of a container | `string` | `""` | no |
-| network\_mode | The Docker networking mode to use for the containers in the task | `string` | `"bridge"` | no |
-| pid\_mode | The process namespace to use for the containers in the task | `string` | `"host"` | no |
-| placement\_constraints | An array of placement constraint objects to use for the task | `list(string)` | `[]` | no |
-| portMappings | The list of port mappings for the container | `list(any)` | `[]` | no |
-| privileged | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no |
-| pseudoTerminal | When this parameter is true, a TTY is allocated | `bool` | `false` | no |
-| readonlyRootFilesystem | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no |
-| register\_task\_definition | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no |
-| repositoryCredentials | The private repository authentication credentials to use | `map(string)` | `{}` | no |
-| requires\_compatibilities | The launch type required by the task | `list(string)` | `[]` | no |
-| resourceRequirements | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no |
-| secrets | The secrets to pass to the container | `list(map(string))` | `[]` | no |
-| systemControls | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no |
-| tags | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no |
-| task\_role\_arn | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no |
-| ulimits | A list of ulimits to set in the container | `list(any)` | `[]` | no |
-| user | The user name to use inside the container | `string` | `""` | no |
-| volumes | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no |
-| volumesFrom | Data volumes to mount from another container | `list(object)` | `[]` | no |
-| workingDirectory | The working directory in which to run commands inside the container | `string` | `""` | no |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| arn | The full Amazon Resource Name (ARN) of the task definition |
-| container\_definitions | A list of container definitions in JSON format that describe the different containers that make up your task |
-| family | The family of your task definition, used as the definition name |
-| revision | The revision of the task in a particular family |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+| <a name="output_arn"></a> [arn](#output\_arn) | The full Amazon Resource Name (ARN) of the task definition |
+| <a name="output_cloudwatch_log_group_name"></a> [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | The name of the CloudWatch log group created if enable\_cloudwatch is true |
+| <a name="output_container_definitions"></a> [container\_definitions](#output\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task |
+| <a name="output_ecr_repo_name"></a> [ecr\_repo\_name](#output\_ecr\_repo\_name) | The name of the ECR repository created if ecr\_create\_repo is true |
+| <a name="output_family"></a> [family](#output\_family) | The family of your task definition, used as the definition name |
+| <a name="output_revision"></a> [revision](#output\_revision) | The revision of the task in a particular family |
 
-## Testing
+## available tfvar inputs
 
-This module uses [Terratest](https://github.com/gruntwork-io/terratest), a Go library maintained by [Gruntwork](https://gruntwork.io/), to write automated tests for your infrastructure code. To invoke tests, run the following commands:
-
-    $ go test -v ./...
+```hcl
+# null are required inputs, 
+# others are optional default values
+
+cloudwatch_log_group_prefix      = ""
+cloudwatch_log_retention_in_days = 30
+command                          = []
+cpu                              = 256
+disableNetworking                = false
+dnsSearchDomains                 = []
+dnsServers                       = []
+dockerLabels                     = {}
+dockerSecurityOptions            = []
+ecr_config                       = null
+ecr_create_repo                  = false
+enable_cloudwatch                = false
+entryPoint                       = []
+environment                      = {}
+essential                        = true
+execution_role_arn               = ""
+extraHosts                       = []
+family                           = null
+healthCheck                      = {}
+hostname                         = ""
+image                            = "null"
+interactive                      = false
+ipc_mode                         = null
+links                            = []
+linuxParameters                  = {}
+logConfiguration                 = {}
+memory                           = 512
+memoryReservation                = 0
+mountPoints                      = []
+name                             = ""
+network_mode                     = "awsvpc"
+pid_mode                         = null
+placement_constraints            = []
+portMappings = [{
+  containerPort = 80
+}]
+privileged               = false
+pseudoTerminal           = false
+readonlyRootFilesystem   = false
+register_task_definition = true
+repositoryCredentials    = {}
+requires_compatibilities = ["FARGATE"]
+resourceRequirements     = []
+runtime_platform = {
+  cpu_architecture        = "X86_64"
+  operating_system_family = "LINUX"
+}
+secrets          = []
+systemControls   = []
+tags             = {}
+task_role_arn    = ""
+track_latest     = false
+ulimits          = []
+user             = ""
+volumes          = []
+volumesFrom      = []
+workingDirectory = ""
+```
 
-## License
+## Inputs
 
-[Apache License 2.0](LICENSE)
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_family"></a> [family](#input\_family) | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes |
+| <a name="input_cloudwatch_log_group_prefix"></a> [cloudwatch\_log\_group\_prefix](#input\_cloudwatch\_log\_group\_prefix) | The prefix for the CloudWatch log group name eg: /project/environment/app | `string` | `""` | no |
+| <a name="input_cloudwatch_log_retention_in_days"></a> [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | The number of days to retain the CloudWatch log group | `number` | `30` | no |
+| <a name="input_command"></a> [command](#input\_command) | The command that is passed to the container | `list(string)` | `[]` | no |
+| <a name="input_cpu"></a> [cpu](#input\_cpu) | The number of cpu units reserved for the container | `number` | `256` | no |
+| <a name="input_disableNetworking"></a> [disableNetworking](#input\_disableNetworking) | When this parameter is true, networking is disabled within the container | `bool` | `false` | no |
+| <a name="input_dnsSearchDomains"></a> [dnsSearchDomains](#input\_dnsSearchDomains) | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no |
+| <a name="input_dnsServers"></a> [dnsServers](#input\_dnsServers) | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no |
+| <a name="input_dockerLabels"></a> [dockerLabels](#input\_dockerLabels) | A key/value map of labels to add to the container | `map(string)` | `{}` | no |
+| <a name="input_dockerSecurityOptions"></a> [dockerSecurityOptions](#input\_dockerSecurityOptions) | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no |
+| <a name="input_ecr_config"></a> [ecr\_config](#input\_ecr\_config) | ECR repository configuration | <pre>object({<br/>    repo_name                 = optional(string, "")<br/>    task_definition_tag       = optional(string, "latest")<br/>    repo_remove_untagged_days = optional(number, 7)<br/>    scan_on_push              = optional(bool, false)<br/>    repo_max_images           = optional(number, 10)<br/>  })</pre> | `null` | no |
+| <a name="input_ecr_create_repo"></a> [ecr\_create\_repo](#input\_ecr\_create\_repo) | Enable ECR repository creation | `bool` | `false` | no |
+| <a name="input_enable_cloudwatch"></a> [enable\_cloudwatch](#input\_enable\_cloudwatch) | Whether to enable CloudWatch logging if false, the value of variable `logConfiguration` will be used | `bool` | `false` | no |
+| <a name="input_entryPoint"></a> [entryPoint](#input\_entryPoint) | The entry point that is passed to the container | `list(string)` | `[]` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment variables to pass to a container | `map(string)` | `{}` | no |
+| <a name="input_essential"></a> [essential](#input\_essential) | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no |
+| <a name="input_execution_role_arn"></a> [execution\_role\_arn](#input\_execution\_role\_arn) | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no |
+| <a name="input_extraHosts"></a> [extraHosts](#input\_extraHosts) | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | <pre>list(object({<br/>    ipAddress = string<br/>    hostname  = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_healthCheck"></a> [healthCheck](#input\_healthCheck) | The health check command and associated configuration parameters for the container | `any` | `{}` | no |
+| <a name="input_hostname"></a> [hostname](#input\_hostname) | The hostname to use for your container | `string` | `""` | no |
+| <a name="input_image"></a> [image](#input\_image) | The image used to start a container | `string` | `"null"` | no |
+| <a name="input_interactive"></a> [interactive](#input\_interactive) | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no |
+| <a name="input_ipc_mode"></a> [ipc\_mode](#input\_ipc\_mode) | The IPC resource namespace to use for the containers in the task | `any` | `null` | no |
+| <a name="input_links"></a> [links](#input\_links) | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no |
+| <a name="input_linuxParameters"></a> [linuxParameters](#input\_linuxParameters) | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no |
+| <a name="input_logConfiguration"></a> [logConfiguration](#input\_logConfiguration) | The log configuration specification for the container | `any` | `{}` | no |
+| <a name="input_memory"></a> [memory](#input\_memory) | The hard limit (in MiB) of memory to present to the container | `number` | `512` | no |
+| <a name="input_memoryReservation"></a> [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no |
+| <a name="input_mountPoints"></a> [mountPoints](#input\_mountPoints) | The mount points for data volumes in your container | `list(any)` | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of a container | `string` | `""` | no |
+| <a name="input_network_mode"></a> [network\_mode](#input\_network\_mode) | The Docker networking mode to use for the containers in the task | `string` | `"awsvpc"` | no |
+| <a name="input_pid_mode"></a> [pid\_mode](#input\_pid\_mode) | The process namespace to use for the containers in the task | `any` | `null` | no |
+| <a name="input_placement_constraints"></a> [placement\_constraints](#input\_placement\_constraints) | An array of placement constraint objects to use for the task | <pre>list(object({<br/>    type       = string<br/>    expression = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_portMappings"></a> [portMappings](#input\_portMappings) | The list of port mappings for the container | `list(any)` | <pre>[<br/>  {<br/>    "containerPort": 80<br/>  }<br/>]</pre> | no |
+| <a name="input_privileged"></a> [privileged](#input\_privileged) | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no |
+| <a name="input_pseudoTerminal"></a> [pseudoTerminal](#input\_pseudoTerminal) | When this parameter is true, a TTY is allocated | `bool` | `false` | no |
+| <a name="input_readonlyRootFilesystem"></a> [readonlyRootFilesystem](#input\_readonlyRootFilesystem) | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no |
+| <a name="input_register_task_definition"></a> [register\_task\_definition](#input\_register\_task\_definition) | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no |
+| <a name="input_repositoryCredentials"></a> [repositoryCredentials](#input\_repositoryCredentials) | The private repository authentication credentials to use | `map(string)` | `{}` | no |
+| <a name="input_requires_compatibilities"></a> [requires\_compatibilities](#input\_requires\_compatibilities) | The launch type required by the task (FARGATE, FARGATE\_SPOT, EC2) | `list(string)` | <pre>[<br/>  "FARGATE"<br/>]</pre> | no |
+| <a name="input_resourceRequirements"></a> [resourceRequirements](#input\_resourceRequirements) | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no |
+| <a name="input_runtime_platform"></a> [runtime\_platform](#input\_runtime\_platform) | The runtime platform | <pre>object({<br/>    cpu_architecture        = string<br/>    operating_system_family = string<br/>  })</pre> | <pre>{<br/>  "cpu_architecture": "X86_64",<br/>  "operating_system_family": "LINUX"<br/>}</pre> | no |
+| <a name="input_secrets"></a> [secrets](#input\_secrets) | The secrets to pass to the container | `list(map(string))` | `[]` | no |
+| <a name="input_systemControls"></a> [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no |
+| <a name="input_task_role_arn"></a> [task\_role\_arn](#input\_task\_role\_arn) | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no |
+| <a name="input_track_latest"></a> [track\_latest](#input\_track\_latest) | Whether should track latest ACTIVE task definition on AWS or the one created with the resource stored in state. Default is false. Useful in the event the task definition is modified outside of this resource. | `bool` | `false` | no |
+| <a name="input_ulimits"></a> [ulimits](#input\_ulimits) | A list of ulimits to set in the container | `list(any)` | `[]` | no |
+| <a name="input_user"></a> [user](#input\_user) | The user name to use inside the container | `string` | `""` | no |
+| <a name="input_volumes"></a> [volumes](#input\_volumes) | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no |
+| <a name="input_volumesFrom"></a> [volumesFrom](#input\_volumesFrom) | Data volumes to mount from another container | <pre>list(object({<br/>    readOnly        = bool<br/>    sourceContainer = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_workingDirectory"></a> [workingDirectory](#input\_workingDirectory) | The working directory in which to run commands inside the container | `string` | `""` | no |
+
+---
+README.md created by: `terraform-docs`
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/Taskfile.yml b/Taskfile.yml
new file mode 100644
index 0000000..f8c3200
--- /dev/null
+++ b/Taskfile.yml
@@ -0,0 +1,10 @@
+version: "3"
+
+tasks:
+  docs:
+    dir: ./
+    desc: Generate documentation for all modules
+    cmds:
+      - tfvar . > example.tfvars
+      - terraform-docs markdown .
+      - terraform fmt -recursive
diff --git a/ecr.tf b/ecr.tf
new file mode 100644
index 0000000..8b2091f
--- /dev/null
+++ b/ecr.tf
@@ -0,0 +1,45 @@
+resource "aws_ecr_repository" "service" {
+  count = var.ecr_create_repo ? 1 : 0
+  name  = var.ecr_config.repo_name
+
+  image_scanning_configuration {
+    scan_on_push = var.ecr_config.scan_on_push
+  }
+}
+
+resource "aws_ecr_lifecycle_policy" "service" {
+  count      = var.ecr_create_repo ? 1 : 0
+  repository = aws_ecr_repository.service[0].name
+
+  policy = <<EOF
+{
+    "rules": [
+        {
+            "rulePriority": 1,
+            "description": "Expire images older than ${var.ecr_config.repo_remove_untagged_days} days",
+            "selection": {
+                "tagStatus": "untagged",
+                "countType": "sinceImagePushed",
+                "countUnit": "days",
+                "countNumber": ${var.ecr_config.repo_remove_untagged_days}
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 2,
+            "description": "Maximum ${var.ecr_config.repo_max_images} images in the repository",
+            "selection": {
+                "tagStatus": "any",
+                "countType": "imageCountMoreThan",
+                "countNumber": ${var.ecr_config.repo_max_images}
+            },
+            "action": {
+                "type": "expire"
+            }
+        }
+    ]
+}
+EOF
+}
diff --git a/example.tfvars b/example.tfvars
new file mode 100644
index 0000000..c8749e7
--- /dev/null
+++ b/example.tfvars
@@ -0,0 +1,57 @@
+cloudwatch_log_group_prefix      = ""
+cloudwatch_log_retention_in_days = 30
+command                          = []
+cpu                              = 256
+disableNetworking                = false
+dnsSearchDomains                 = []
+dnsServers                       = []
+dockerLabels                     = {}
+dockerSecurityOptions            = []
+ecr_config                       = null
+ecr_create_repo                  = false
+enable_cloudwatch                = false
+entryPoint                       = []
+environment                      = {}
+essential                        = true
+execution_role_arn               = ""
+extraHosts                       = []
+family                           = null
+healthCheck                      = {}
+hostname                         = ""
+image                            = "null"
+interactive                      = false
+ipc_mode                         = null
+links                            = []
+linuxParameters                  = {}
+logConfiguration                 = {}
+memory                           = 512
+memoryReservation                = 0
+mountPoints                      = []
+name                             = ""
+network_mode                     = "awsvpc"
+pid_mode                         = null
+placement_constraints            = []
+portMappings = [{
+  containerPort = 80
+}]
+privileged               = false
+pseudoTerminal           = false
+readonlyRootFilesystem   = false
+register_task_definition = true
+repositoryCredentials    = {}
+requires_compatibilities = ["FARGATE"]
+resourceRequirements     = []
+runtime_platform = {
+  cpu_architecture        = "X86_64"
+  operating_system_family = "LINUX"
+}
+secrets          = []
+systemControls   = []
+tags             = {}
+task_role_arn    = ""
+track_latest     = false
+ulimits          = []
+user             = ""
+volumes          = []
+volumesFrom      = []
+workingDirectory = ""
diff --git a/examples/terraform-task-definition-multiple-containers/outputs.tf b/examples/terraform-task-definition-multiple-containers/outputs.tf
index e71ab8e..6a96923 100644
--- a/examples/terraform-task-definition-multiple-containers/outputs.tf
+++ b/examples/terraform-task-definition-multiple-containers/outputs.tf
@@ -1,3 +1,3 @@
 output "container_definitions" {
-  value = "${module.merged.container_definitions}"
+  value = module.merged.container_definitions
 }
diff --git a/main.tf b/main.tf
index 887ea2d..94e7530 100644
--- a/main.tf
+++ b/main.tf
@@ -28,6 +28,7 @@
 #  - 2. https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
 #  - 3. https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PortMapping.html
 #  - 4. https://github.com/hashicorp/terraform/issues/17033
+data "aws_region" "current" {}
 
 locals {
   command               = jsonencode(var.command)
@@ -36,9 +37,9 @@ locals {
   dockerLabels          = jsonencode(var.dockerLabels)
   dockerSecurityOptions = jsonencode(var.dockerSecurityOptions)
   entryPoint            = jsonencode(var.entryPoint)
-  environment           = jsonencode(var.environment)
   extraHosts            = jsonencode(var.extraHosts)
 
+  environment = jsonencode(var.environment != {} ? [for k, v in var.environment : { "name" : k, "value" : v }] : [])
   healthCheck = replace(jsonencode(var.healthCheck), local.classes["digit"], "$1")
 
   links = jsonencode(var.links)
@@ -53,7 +54,16 @@ locals {
     "$1",
   )
 
-  logConfiguration = jsonencode(var.logConfiguration)
+  cloudwatch_log_group_name = "/${var.cloudwatch_log_group_prefix}/ecs/${var.name}"
+
+  logConfiguration = var.enable_cloudwatch ? jsonencode({
+    logDriver = "awslogs"
+    options = {
+      awslogs-group         = local.cloudwatch_log_group_name
+      awslogs-region        = data.aws_region.current.region
+      awslogs-stream-prefix = "ecs"
+    }
+  }) : jsonencode(var.logConfiguration)
 
   mountPoints = replace(
     replace(jsonencode(var.mountPoints), "/\"1\"/", "true"),
@@ -82,50 +92,58 @@ locals {
     digit = "/\"(-[[:digit:]]|[[:digit:]]+)\"/"
   }
 
-  container_definition = var.register_task_definition ? format("[%s]", data.template_file.container_definition.rendered) : format("%s", data.template_file.container_definition.rendered)
+  image = var.ecr_create_repo ? "${aws_ecr_repository.service[0].repository_url}:${var.ecr_config.task_definition_tag}" : var.image
+
+  template_file = templatefile(
+    "${path.module}/templates/container-definition.json.tpl",
+    {
+      command                = local.command == "[]" ? "null" : local.command
+      cpu                    = var.cpu == 0 ? "null" : var.cpu
+      disableNetworking      = var.disableNetworking ? true : false
+      dnsSearchDomains       = local.dnsSearchDomains == "[]" ? "null" : local.dnsSearchDomains
+      dnsServers             = local.dnsServers == "[]" ? "null" : local.dnsServers
+      dockerLabels           = local.dockerLabels == "{}" ? "null" : local.dockerLabels
+      dockerSecurityOptions  = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions
+      entryPoint             = local.entryPoint == "[]" ? "null" : local.entryPoint
+      environment            = local.environment == "[]" ? "null" : local.environment
+      essential              = var.essential ? true : false
+      extraHosts             = local.extraHosts == "[]" ? "null" : local.extraHosts
+      healthCheck            = local.healthCheck == "{}" ? "null" : local.healthCheck
+      hostname               = var.hostname == "" ? "null" : var.hostname
+      image                  = local.image
+      interactive            = var.interactive ? true : false
+      links                  = local.links == "[]" ? "null" : local.links
+      linuxParameters        = local.linuxParameters == "{}" ? "null" : local.linuxParameters
+      logConfiguration       = local.logConfiguration == "{}" ? "null" : local.logConfiguration
+      memory                 = var.memory == 0 ? "null" : var.memory
+      memoryReservation      = var.memoryReservation == 0 ? "null" : var.memoryReservation
+      mountPoints            = local.mountPoints == "[]" ? "null" : local.mountPoints
+      name                   = var.name == "" ? "null" : var.name
+      portMappings           = local.portMappings == "[]" ? "null" : local.portMappings
+      privileged             = var.privileged ? true : false
+      pseudoTerminal         = var.pseudoTerminal ? true : false
+      readonlyRootFilesystem = var.readonlyRootFilesystem ? true : false
+      repositoryCredentials  = local.repositoryCredentials == "{}" ? "null" : local.repositoryCredentials
+      resourceRequirements   = local.resourceRequirements == "[]" ? "null" : local.resourceRequirements
+      secrets                = local.secrets == "[]" ? "null" : local.secrets
+      systemControls         = local.systemControls == "[]" ? "null" : local.systemControls
+      ulimits                = local.ulimits == "[]" ? "null" : local.ulimits
+      user                   = var.user == "" ? "null" : var.user
+      volumesFrom            = local.volumesFrom == "[]" ? "null" : local.volumesFrom
+      workingDirectory       = var.workingDirectory == "" ? "null" : var.workingDirectory
+    }
+  )
+
+  container_definition = var.register_task_definition ? format("[%s]", local.template_file) : format("%s", local.template_file)
 
   container_definitions = replace(local.container_definition, "/\"(null)\"/", "$1")
 }
 
-data "template_file" "container_definition" {
-  template = file("${path.module}/templates/container-definition.json.tpl")
-
-  vars = {
-    command                = local.command == "[]" ? "null" : local.command
-    cpu                    = var.cpu == 0 ? "null" : var.cpu
-    disableNetworking      = var.disableNetworking ? true : false
-    dnsSearchDomains       = local.dnsSearchDomains == "[]" ? "null" : local.dnsSearchDomains
-    dnsServers             = local.dnsServers == "[]" ? "null" : local.dnsServers
-    dockerLabels           = local.dockerLabels == "{}" ? "null" : local.dockerLabels
-    dockerSecurityOptions  = local.dockerSecurityOptions == "[]" ? "null" : local.dockerSecurityOptions
-    entryPoint             = local.entryPoint == "[]" ? "null" : local.entryPoint
-    environment            = local.environment == "[]" ? "null" : local.environment
-    essential              = var.essential ? true : false
-    extraHosts             = local.extraHosts == "[]" ? "null" : local.extraHosts
-    healthCheck            = local.healthCheck == "{}" ? "null" : local.healthCheck
-    hostname               = var.hostname == "" ? "null" : var.hostname
-    image                  = var.image == "" ? "null" : var.image
-    interactive            = var.interactive ? true : false
-    links                  = local.links == "[]" ? "null" : local.links
-    linuxParameters        = local.linuxParameters == "{}" ? "null" : local.linuxParameters
-    logConfiguration       = local.logConfiguration == "{}" ? "null" : local.logConfiguration
-    memory                 = var.memory == 0 ? "null" : var.memory
-    memoryReservation      = var.memoryReservation == 0 ? "null" : var.memoryReservation
-    mountPoints            = local.mountPoints == "[]" ? "null" : local.mountPoints
-    name                   = var.name == "" ? "null" : var.name
-    portMappings           = local.portMappings == "[]" ? "null" : local.portMappings
-    privileged             = var.privileged ? true : false
-    pseudoTerminal         = var.pseudoTerminal ? true : false
-    readonlyRootFilesystem = var.readonlyRootFilesystem ? true : false
-    repositoryCredentials  = local.repositoryCredentials == "{}" ? "null" : local.repositoryCredentials
-    resourceRequirements   = local.resourceRequirements == "[]" ? "null" : local.resourceRequirements
-    secrets                = local.secrets == "[]" ? "null" : local.secrets
-    systemControls         = local.systemControls == "[]" ? "null" : local.systemControls
-    ulimits                = local.ulimits == "[]" ? "null" : local.ulimits
-    user                   = var.user == "" ? "null" : var.user
-    volumesFrom            = local.volumesFrom == "[]" ? "null" : local.volumesFrom
-    workingDirectory       = var.workingDirectory == "" ? "null" : var.workingDirectory
-  }
+resource "aws_cloudwatch_log_group" "ecs_task_definition" {
+  count = var.enable_cloudwatch == true ? 1 : 0
+
+  name              = "/${var.cloudwatch_log_group_prefix}/ecs/${var.name}"
+  retention_in_days = var.cloudwatch_log_retention_in_days
 }
 
 resource "aws_ecs_task_definition" "ecs_task_definition" {
@@ -136,6 +154,8 @@ resource "aws_ecs_task_definition" "ecs_task_definition" {
   network_mode          = var.network_mode
   pid_mode              = var.pid_mode
 
+  track_latest = var.track_latest
+
   # Fargate requires cpu and memory to be defined at the task level
   cpu    = var.cpu
   memory = var.memory
@@ -184,6 +204,15 @@ resource "aws_ecs_task_definition" "ecs_task_definition" {
       }
     }
   }
+
+  dynamic "runtime_platform" {
+    for_each = var.runtime_platform != null ? [var.runtime_platform] : []
+    content {
+      cpu_architecture        = upper(runtime_platform.value.cpu_architecture)
+      operating_system_family = upper(runtime_platform.value.operating_system_family)
+    }
+  }
+
   tags = var.tags
 
   count = var.register_task_definition ? 1 : 0
diff --git a/outputs.tf b/outputs.tf
index 3677455..db7a249 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -18,3 +18,12 @@ output "revision" {
   value       = join("", aws_ecs_task_definition.ecs_task_definition.*.revision)
 }
 
+output "ecr_repo_name" {
+  description = "The name of the ECR repository created if ecr_create_repo is true"
+  value       = var.ecr_create_repo == true ? aws_ecr_repository.service[0].name : null
+}
+
+output "cloudwatch_log_group_name" {
+  description = "The name of the CloudWatch log group created if enable_cloudwatch is true"
+  value       = var.enable_cloudwatch ? aws_cloudwatch_log_group.ecs_task_definition[0].name : null
+}
diff --git a/src/example.tfvars b/src/example.tfvars
new file mode 100644
index 0000000..e69de29
diff --git a/test/varfile.tfvars b/test/varfile.tfvars
index e2189d6..ba42650 100644
--- a/test/varfile.tfvars
+++ b/test/varfile.tfvars
@@ -1,9 +1,6 @@
-environment = [
-  {
-    name  = "AWS_DEFAULT_REGION"
-    value = "us-east-1"
-  },
-]
+environment = {
+  "AWS_DEFAULT_REGION" = "us-east-1"
+}
 
 family = "default"
 
diff --git a/variables.tf b/variables.tf
index b34b1f2..f964241 100644
--- a/variables.tf
+++ b/variables.tf
@@ -49,9 +49,9 @@ variable "entryPoint" {
 }
 
 variable "environment" {
-  default     = []
+  default     = {}
   description = "The environment variables to pass to a container"
-  type        = list(map(string))
+  type        = map(string)
 }
 
 variable "essential" {
@@ -90,7 +90,7 @@ variable "hostname" {
 }
 
 variable "image" {
-  default     = ""
+  default     = "null"
   description = "The image used to start a container"
 }
 
@@ -145,7 +145,7 @@ variable "name" {
 }
 
 variable "network_mode" {
-  default     = "bridge"
+  default     = "awsvpc"
   description = "The Docker networking mode to use for the containers in the task"
 }
 
@@ -164,7 +164,7 @@ variable "placement_constraints" {
 }
 
 variable "portMappings" {
-  default     = []
+  default     = [{ containerPort = 80 }]
   description = "The list of port mappings for the container"
   type        = list(any)
 }
@@ -196,8 +196,8 @@ variable "repositoryCredentials" {
 }
 
 variable "requires_compatibilities" {
-  default     = []
-  description = "The launch type required by the task"
+  default     = ["FARGATE"]
+  description = "The launch type required by the task (FARGATE, FARGATE_SPOT, EC2)"
   type        = list(string)
 }
 
@@ -261,3 +261,61 @@ variable "workingDirectory" {
   default     = ""
   description = "The working directory in which to run commands inside the container"
 }
+
+variable "runtime_platform" {
+  type = object({
+    cpu_architecture        = string
+    operating_system_family = string
+  })
+  nullable    = true
+  description = "The runtime platform"
+  default = {
+    cpu_architecture        = "X86_64"
+    operating_system_family = "LINUX"
+  }
+}
+
+variable "track_latest" {
+  type        = bool
+  default     = false
+  description = "Whether should track latest ACTIVE task definition on AWS or the one created with the resource stored in state. Default is false. Useful in the event the task definition is modified outside of this resource."
+}
+
+
+variable "ecr_create_repo" {
+  type        = bool
+  default     = false
+  description = "Enable ECR repository creation"
+}
+
+variable "ecr_config" {
+  type = object({
+    repo_name                 = optional(string, "")
+    task_definition_tag       = optional(string, "latest")
+    repo_remove_untagged_days = optional(number, 7)
+    scan_on_push              = optional(bool, false)
+    repo_max_images           = optional(number, 10)
+  })
+
+  nullable    = true
+  default     = null
+  description = "ECR repository configuration"
+}
+
+variable "enable_cloudwatch" {
+  type        = bool
+  default     = false
+  description = "Whether to enable CloudWatch logging if false, the value of variable `logConfiguration` will be used"
+}
+
+variable "cloudwatch_log_group_prefix" {
+  type        = string
+  default     = ""
+  description = "The prefix for the CloudWatch log group name eg: /project/environment/app"
+}
+
+variable "cloudwatch_log_retention_in_days" {
+  type        = number
+  default     = 30
+  description = "The number of days to retain the CloudWatch log group"
+}