From b6290224ac00564663f262f2019ac53836597442 Mon Sep 17 00:00:00 2001 From: David Hurley Date: Thu, 3 Aug 2023 14:45:43 -0500 Subject: [PATCH 1/3] Implement ability to provide an existing ACM certificate while managing ALB. --- README.md | 12 ++++++++---- main.tf | 5 ++++- variables.tf | 6 ++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 26a1a86..66663f9 100644 --- a/README.md +++ b/README.md @@ -42,8 +42,8 @@ In order to run all checks at any point run the following command: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.29.0 | -| [random](#provider\_random) | 3.4.2 | +| [aws](#provider\_aws) | 5.10.0 | +| [random](#provider\_random) | 3.5.1 | ## Modules @@ -51,7 +51,7 @@ In order to run all checks at any point run the following command: |------|--------|---------| | [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 4.0 | | [aws\_cw\_logs](#module\_aws\_cw\_logs) | cn-terraform/cloudwatch-logs/aws | 1.0.12 | -| [ecs\_fargate](#module\_ecs\_fargate) | cn-terraform/ecs-fargate/aws | 2.0.45 | +| [ecs\_fargate](#module\_ecs\_fargate) | cn-terraform/ecs-fargate/aws | 2.0.52 | ## Resources @@ -74,14 +74,18 @@ In order to run all checks at any point run the following command: | [container\_memory](#input\_container\_memory) | (Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container\_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container\_memory of all containers in a task will need to be lower than the task memory value | `number` | `8192` | no | | [container\_memory\_reservation](#input\_container\_memory\_reservation) | (Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container\_memory hard limit | `number` | `4096` | no | | [create\_kms\_key](#input\_create\_kms\_key) | If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable `log_group_kms_key_id` | `bool` | `false` | no | +| [custom\_lb\_arn](#input\_custom\_lb\_arn) | ARN of the Load Balancer to use in the ECS service. If provided, this module will not create a load balancer and will use the one provided in this variable | `string` | `null` | no | | [db\_backup\_retention\_period](#input\_db\_backup\_retention\_period) | The days to retain backups for. Default 3 | `number` | `3` | no | | [db\_deletion\_protection](#input\_db\_deletion\_protection) | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false. | `bool` | `false` | no | -| [db\_engine\_version](#input\_db\_engine\_version) | DB engine version | `string` | `"14.2"` | no | +| [db\_engine\_version](#input\_db\_engine\_version) | DB engine version | `string` | `"14.4"` | no | | [db\_instance\_number](#input\_db\_instance\_number) | Number of instance deployed on Aurora. By default, number of subnet in private\_subnets\_ids | `number` | `null` | no | | [db\_instance\_size](#input\_db\_instance\_size) | DB instance size | `string` | `"db.r4.large"` | no | | [db\_name](#input\_db\_name) | Default DB name | `string` | `"sonar"` | no | | [db\_password](#input\_db\_password) | DB password | `string` | `""` | no | | [db\_username](#input\_db\_username) | Default DB username | `string` | `"sonar"` | no | +| [default\_certificate\_arn](#input\_default\_certificate\_arn) | ACM certificate ARN if you plan to manage it yourself | `string` | `""` | no | +| [deployment\_circuit\_breaker\_enabled](#input\_deployment\_circuit\_breaker\_enabled) | (Optional) You can enable the deployment circuit breaker to cause a service deployment to transition to a failed state if tasks are persistently failing to reach RUNNING state or are failing healthcheck. | `bool` | `false` | no | +| [deployment\_circuit\_breaker\_rollback](#input\_deployment\_circuit\_breaker\_rollback) | (Optional) The optional rollback option causes Amazon ECS to roll back to the last completed deployment upon a deployment failure. | `bool` | `false` | no | | [dns\_zone\_id](#input\_dns\_zone\_id) | Route 53 zone id | `string` | `""` | no | | [enable\_autoscaling](#input\_enable\_autoscaling) | Enable auto scaling for datacenter edition | `bool` | `false` | no | | [enable\_s3\_bucket\_server\_side\_encryption](#input\_enable\_s3\_bucket\_server\_side\_encryption) | (Optional) If true, server side encryption will be applied. | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 5d9d9be..dd6fb26 100644 --- a/main.tf +++ b/main.tf @@ -8,6 +8,8 @@ locals { sonar_db_name = var.db_name sonar_db_username = var.db_username sonar_db_password = var.db_password == "" ? random_password.master_password.result : var.db_password + + default_certificate_arn = var.default_certificate_arn == "" || var.enable_ssl == true ? module.acm[0].acm_certificate_arn : var.default_certificate_arn } #------------------------------------------------------------------------------ @@ -67,7 +69,8 @@ module "ecs_fargate" { lb_https_ports = var.lb_https_ports lb_enable_cross_zone_load_balancing = var.lb_enable_cross_zone_load_balancing lb_waf_web_acl_arn = var.lb_waf_web_acl_arn - default_certificate_arn = var.enable_ssl ? module.acm[0].acm_certificate_arn : null + default_certificate_arn = var.enable_ssl || var.default_certificate_arn != "" ? local.default_certificate_arn : null + # Application Load Balancer Logs enable_s3_logs = var.enable_s3_logs diff --git a/variables.tf b/variables.tf index 7e71507..a2951ae 100644 --- a/variables.tf +++ b/variables.tf @@ -309,3 +309,9 @@ variable "https_record_domain_name" { type = string default = "" } + +variable "default_certificate_arn" { + description = "ACM certificate ARN if you plan to manage it yourself" + type = string + default = "" +} \ No newline at end of file From 3bf2e90281ed090a0695e31b15aa34f2a09e61af Mon Sep 17 00:00:00 2001 From: David Hurley Date: Thu, 3 Aug 2023 18:45:05 -0500 Subject: [PATCH 2/3] add whitespace --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index a2951ae..b6d6d7f 100644 --- a/variables.tf +++ b/variables.tf @@ -314,4 +314,4 @@ variable "default_certificate_arn" { description = "ACM certificate ARN if you plan to manage it yourself" type = string default = "" -} \ No newline at end of file +} From b4bbf5b8a8f2c4a7a2866f9c0866edf02c466249 Mon Sep 17 00:00:00 2001 From: David Hurley Date: Sat, 28 Oct 2023 13:47:37 -0500 Subject: [PATCH 3/3] pin vpc module version and update readme --- README.md | 4 ++-- examples/test/main.tf | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 66663f9..b4b644a 100644 --- a/README.md +++ b/README.md @@ -42,8 +42,8 @@ In order to run all checks at any point run the following command: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.10.0 | -| [random](#provider\_random) | 3.5.1 | +| [aws](#provider\_aws) | >= 4 | +| [random](#provider\_random) | >= 3 | ## Modules diff --git a/examples/test/main.tf b/examples/test/main.tf index b17af94..b81b238 100644 --- a/examples/test/main.tf +++ b/examples/test/main.tf @@ -1,5 +1,7 @@ module "base-network" { source = "cn-terraform/networking/aws" + version = "2.0.16" + name_prefix = "test-networking" vpc_cidr_block = "192.168.0.0/16" availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]