Update Terraform cn-terraform/ecs-fargate/aws to v2.0.39 (#51)

* Update Terraform cn-terraform/ecs-fargate/aws to v2.0.39

* Add missing variables

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Julian Nonino <noninojulian@gmail.com>

README.md

@@ -51,7 +51,7 @@ In order to run all checks at any point run the following command:
 |------|--------|---------|
 | <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 3.0 |
 | <a name="module_aws_cw_logs"></a> [aws\_cw\_logs](#module\_aws\_cw\_logs) | cn-terraform/cloudwatch-logs/aws | 1.0.10 |
-| <a name="module_ecs_fargate"></a> [ecs\_fargate](#module\_ecs\_fargate) | cn-terraform/ecs-fargate/aws | 2.0.38 |
+| <a name="module_ecs_fargate"></a> [ecs\_fargate](#module\_ecs\_fargate) | cn-terraform/ecs-fargate/aws | 2.0.39 |
 
 ## Resources
 
@@ -70,13 +70,16 @@ In order to run all checks at any point run the following command:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of Availability Zones | `list(string)` | n/a | yes |
+| <a name="input_block_s3_bucket_public_access"></a> [block\_s3\_bucket\_public\_access](#input\_block\_s3\_bucket\_public\_access) | (Optional) If true, public access to the S3 bucket will be blocked. | `bool` | `true` | no |
 | <a name="input_db_engine_version"></a> [db\_engine\_version](#input\_db\_engine\_version) | DB engine version | `string` | `"14.2"` | no |
 | <a name="input_db_instance_size"></a> [db\_instance\_size](#input\_db\_instance\_size) | DB instance size | `string` | `"db.r4.large"` | no |
 | <a name="input_db_name"></a> [db\_name](#input\_db\_name) | Default DB name | `string` | `"sonar"` | no |
 | <a name="input_db_password"></a> [db\_password](#input\_db\_password) | DB password | `string` | `""` | no |
 | <a name="input_db_username"></a> [db\_username](#input\_db\_username) | Default DB username | `string` | `"sonar"` | no |
 | <a name="input_dns_zone_id"></a> [dns\_zone\_id](#input\_dns\_zone\_id) | Route 53 zone id | `string` | `""` | no |
 | <a name="input_enable_autoscaling"></a> [enable\_autoscaling](#input\_enable\_autoscaling) | Enable auto scaling for datacenter edition | `bool` | `false` | no |
+| <a name="input_enable_s3_bucket_server_side_encryption"></a> [enable\_s3\_bucket\_server\_side\_encryption](#input\_enable\_s3\_bucket\_server\_side\_encryption) | (Optional) If true, server side encryption will be applied. | `bool` | `true` | no |
+| <a name="input_enable_s3_logs"></a> [enable\_s3\_logs](#input\_enable\_s3\_logs) | (Optional) If true, all resources to send LB logs to S3 will be created | `bool` | `true` | no |
 | <a name="input_enable_ssl"></a> [enable\_ssl](#input\_enable\_ssl) | Enable SSL | `bool` | `true` | no |
 | <a name="input_ephemeral_storage_size"></a> [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200 | `number` | `0` | no |
 | <a name="input_https_record_domain_name"></a> [https\_record\_domain\_name](#input\_https\_record\_domain\_name) | Route 53 domain name | `string` | `""` | no |
@@ -88,6 +91,8 @@ In order to run all checks at any point run the following command:
 | <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of Private Subnets IDs | `list(string)` | n/a | yes |
 | <a name="input_public_subnets_ids"></a> [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of Public Subnets IDs | `list(string)` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region the infrastructure is hosted in | `string` | n/a | yes |
+| <a name="input_s3_bucket_server_side_encryption_key"></a> [s3\_bucket\_server\_side\_encryption\_key](#input\_s3\_bucket\_server\_side\_encryption\_key) | (Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse\_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse\_algorithm is aws:kms. | `string` | `"aws/s3"` | no |
+| <a name="input_s3_bucket_server_side_encryption_sse_algorithm"></a> [s3\_bucket\_server\_side\_encryption\_sse\_algorithm](#input\_s3\_bucket\_server\_side\_encryption\_sse\_algorithm) | (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | `string` | `"aws:kms"` | no |
 | <a name="input_sonarqube_image"></a> [sonarqube\_image](#input\_sonarqube\_image) | Sonarqube image | `string` | `"sonarqube:lts"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Resource tags | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |

main.tf

@@ -35,7 +35,7 @@ module "aws_cw_logs" {
 #------------------------------------------------------------------------------
 module "ecs_fargate" {
   source  = "cn-terraform/ecs-fargate/aws"
-  version = "2.0.38"
+  version = "2.0.39"
   # source = "../terraform-aws-ecs-fargate"
 
   name_prefix                  = "${var.name_prefix}-sonar"
@@ -50,13 +50,18 @@ module "ecs_fargate" {
   enable_autoscaling           = var.enable_autoscaling
   ephemeral_storage_size       = var.ephemeral_storage_size
 
-  lb_http_ports = var.lb_http_ports
-
-  lb_https_ports = var.lb_https_ports
-
+  # Application Load Balancer
+  lb_http_ports                       = var.lb_http_ports
+  lb_https_ports                      = var.lb_https_ports
   lb_enable_cross_zone_load_balancing = var.lb_enable_cross_zone_load_balancing
+  default_certificate_arn             = var.enable_ssl ? module.acm[0].acm_certificate_arn : null
 
-  default_certificate_arn = var.enable_ssl ? module.acm[0].acm_certificate_arn : null
+  # Application Load Balancer Logs
+  enable_s3_logs                                 = var.enable_s3_logs
+  block_s3_bucket_public_access                  = var.block_s3_bucket_public_access
+  enable_s3_bucket_server_side_encryption        = var.enable_s3_bucket_server_side_encryption
+  s3_bucket_server_side_encryption_sse_algorithm = var.s3_bucket_server_side_encryption_sse_algorithm
+  s3_bucket_server_side_encryption_key           = var.s3_bucket_server_side_encryption_key
 
   command = [
     "-Dsonar.search.javaAdditionalOpts=-Dnode.store.allow_mmap=false"

variables.tf

@@ -91,6 +91,39 @@ variable "lb_https_ports" {
   }
 }
 
+#------------------------------------------------------------------------------
+# APPLICATION LOAD BALANCER LOGS
+#------------------------------------------------------------------------------
+variable "enable_s3_logs" {
+  description = "(Optional) If true, all resources to send LB logs to S3 will be created"
+  type        = bool
+  default     = true
+}
+
+variable "block_s3_bucket_public_access" {
+  description = "(Optional) If true, public access to the S3 bucket will be blocked."
+  type        = bool
+  default     = true
+}
+
+variable "enable_s3_bucket_server_side_encryption" {
+  description = "(Optional) If true, server side encryption will be applied."
+  type        = bool
+  default     = true
+}
+
+variable "s3_bucket_server_side_encryption_sse_algorithm" {
+  description = "(Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms"
+  type        = string
+  default     = "aws:kms"
+}
+
+variable "s3_bucket_server_side_encryption_key" {
+  description = "(Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms."
+  type        = string
+  default     = "aws/s3"
+}
+
 #------------------------------------------------------------------------------
 # AWS RDS settings
 #------------------------------------------------------------------------------