diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 2658549..94c3e2c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -8,8 +8,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- - name: TFLint
- uses: docker://wata727/tflint
+ - uses: terraform-linters/setup-tflint@v4
+ name: Setup TFLint
+ with:
+ tflint_version: v0.52.0
+ - name: Init TFLint
+ run: tflint --init
+ env:
+ # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+ GITHUB_TOKEN: ${{ github.token }}
+ - name: Run TFLint
+ run: tflint -f compact
fmt:
name: Code Format
@@ -47,18 +56,18 @@ jobs:
cd -
done
- minimum:
- name: Minimum version check
- runs-on: ubuntu-latest
- container:
- image: hashicorp/terraform:0.13.0
- steps:
- - uses: actions/checkout@master
- - name: Validate Code
- env:
- AWS_REGION: 'us-east-1'
- TF_WARN_OUTPUT_ERRORS: 1
- run: |
- sed -i -e 's/>=/=/' -e 's/ \(\d\+\.\d\+\)"/ \1.0"/' versions.tf
- terraform init
- terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
\ No newline at end of file
+ # minimum:
+ # name: Minimum version check
+ # runs-on: ubuntu-latest
+ # container:
+ # image: hashicorp/terraform:1.3.0
+ # steps:
+ # - uses: actions/checkout@master
+ # - name: Validate Code
+ # env:
+ # AWS_REGION: 'us-east-1'
+ # TF_WARN_OUTPUT_ERRORS: 1
+ # run: |
+ # sed -i -e 's/>=/=/' -e 's/ \(\d\+\.\d\+\)"/ \1.0"/' versions.tf
+ # terraform init
+ # terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]"
diff --git a/README.md b/README.md
index c7cbe74..e4a3d9a 100644
--- a/README.md
+++ b/README.md
@@ -38,13 +38,14 @@ If you have specified cloudfront_default_certificate, TLSv1 must be specified.
| Name | Version |
|------|---------|
-| terraform | >= 0.13.0 |
+| terraform | >= 1.3.0 |
+| aws | >= 3.0.0 |
## Providers
| Name | Version |
|------|---------|
-| aws | n/a |
+| aws | >= 3.0.0 |
## Inputs
@@ -52,33 +53,31 @@ If you have specified cloudfront_default_certificate, TLSv1 must be specified.
|------|-------------|------|---------|:--------:|
| alarm\_cloudfront\_500\_errors\_threshold | Cloudfront 500 Errors rate threshold (use 0 to disable this alarm) | `number` | `5` | no |
| alarm\_prefix | String prefix for cloudwatch alarms. (Optional) | `string` | `"alarm"` | no |
-| alarm\_sns\_topics\_us | Alarm topics to create and alert on metrics on US region | `list` | `[]` | no |
-| alb\_cloudfront\_key | Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront | `any` | n/a | yes |
-| alb\_dns\_name | ALB DNS Name that CloudFront will point as origin | `any` | n/a | yes |
-| certificate\_arn | Certificate for this app to use in CloudFront (US), must cover `hostname`. | `any` | n/a | yes |
-| cloudfront\_forward\_headers | Headers to forward to origin from CloudFront | `list` | [
"*"
]
| no |
+| alarm\_sns\_topics\_us | Alarm topics to create and alert on metrics on US region | `list(string)` | `[]` | no |
+| alb\_cloudfront\_key | Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront | `string` | n/a | yes |
+| alb\_dns\_name | ALB DNS Name that CloudFront will point as origin | `string` | n/a | yes |
+| certificate\_arn | Certificate for this app to use in CloudFront (US), must cover `hostname`. | `string` | n/a | yes |
+| cloudfront\_forward\_headers | Headers to forward to origin from CloudFront | `list(string)` | [
"*"
]
| no |
| cloudfront\_logging\_bucket | Bucket to store logs from app | `string` | `null` | no |
| cloudfront\_logging\_prefix | Logging prefix | `string` | `""` | no |
| cloudfront\_origin\_keepalive\_timeout | The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. | `number` | `5` | no |
| cloudfront\_origin\_read\_timeout | The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. | `number` | `30` | no |
-| cloudfront\_web\_acl\_id | Optional web acl (WAF) to attach to CloudFront | `string` | `""` | no |
-| cluster\_name | Name of existing ECS Cluster to deploy this app to | `any` | n/a | yes |
| dynamic\_custom\_error\_response | One or more custom error response elements (multiples allowed) | list(object({
error_code = optional(number)
response_code = optional(number)
response_page_path = optional(string)
})) | `[]` | no |
| dynamic\_custom\_origin\_config | Configuration for the custom origin config to be used in dynamic block | `any` | `[]` | no |
| dynamic\_ordered\_cache\_behavior | Ordered Cache Behaviors to be used in dynamic block | `any` | `[]` | no |
-| hosted\_zone | Existing Hosted Zone domain to add hostnames as DNS records | `any` | n/a | yes |
+| hosted\_zone | Existing Hosted Zone domain to add hostnames as DNS records | `string` | n/a | yes |
| hostname\_create | Create hostnames in the hosted zone passed? | `bool` | `true` | no |
-| hostnames | Hostnames to create DNS record for this app that the cloudfront distribution will accept | `any` | n/a | yes |
+| hostnames | Hostnames to create DNS record for this app that the cloudfront distribution will accept | `list(string)` | n/a | yes |
| iam\_certificate\_id | Specifies IAM certificate id for CloudFront distribution | `string` | `null` | no |
| minimum\_protocol\_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
One of SSLv3, TLSv1, TLSv1\_2016, TLSv1.1\_2016 or TLSv1.2\_2018. Default: TLSv1.2\_2018.
NOTE: If you are using a custom certificate (specified with acm\_certificate\_arn or iam\_certificate\_id),
and have specified sni-only in ssl\_support\_method, TLSv1 or later must be specified.
If you have specified vip in ssl\_support\_method, only SSLv3 or TLSv1 can be specified.
If you have specified cloudfront\_default\_certificate, TLSv1 must be specified. | `string` | `"TLSv1.2_2018"` | no |
-| name | Name of your ECS service | `any` | n/a | yes |
+| name | Name of your ECS service | `string` | n/a | yes |
+| record\_type | Type of the record to create on Route53 | `string` | `"CNAME"` | no |
| restriction\_location | The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) | `list(any)` | `[]` | no |
| restriction\_type | The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist | `string` | `"none"` | no |
| waf\_cloudfront\_enable | Enable WAF for Cloudfront distribution | `bool` | `false` | no |
| wafv2\_managed\_block\_rule\_groups | List of WAF V2 managed rule groups, set to block | `list(string)` | `[]` | no |
| wafv2\_managed\_rule\_groups | List of WAF V2 managed rule groups, set to count | `list(string)` | [
"AWSManagedRulesCommonRuleSet"
]
| no |
| wafv2\_rate\_limit\_rule | The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable) | `number` | `0` | no |
-| web\_acl\_id | Web ACL ARN for Cloudfront distribution | `string` | `null` | no |
## Outputs
diff --git a/_outputs.tf b/_outputs.tf
index 2daeb1f..e34667a 100644
--- a/_outputs.tf
+++ b/_outputs.tf
@@ -15,5 +15,5 @@ output "cloudfront_zone_id" {
output "aws_cloudfront_origin_access_identity" {
description = "Define cloudfront origin access identity"
- value = aws_cloudfront_origin_access_identity.default.*
+ value = aws_cloudfront_origin_access_identity.default[*]
}
\ No newline at end of file
diff --git a/_variables.tf b/_variables.tf
index 0c975cd..d7ea4eb 100644
--- a/_variables.tf
+++ b/_variables.tf
@@ -1,13 +1,11 @@
variable "name" {
description = "Name of your ECS service"
-}
-
-variable "cluster_name" {
- description = "Name of existing ECS Cluster to deploy this app to"
+ type = string
}
variable "hostnames" {
description = "Hostnames to create DNS record for this app that the cloudfront distribution will accept"
+ type = list(string)
}
variable "dynamic_custom_error_response" {
@@ -23,32 +21,33 @@ variable "dynamic_custom_error_response" {
variable "hostname_create" {
description = "Create hostnames in the hosted zone passed?"
default = true
+ type = bool
}
variable "hosted_zone" {
description = "Existing Hosted Zone domain to add hostnames as DNS records"
+ type = string
}
variable "alb_cloudfront_key" {
description = "Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront"
+ type = string
}
variable "alb_dns_name" {
description = "ALB DNS Name that CloudFront will point as origin"
+ type = string
}
variable "certificate_arn" {
description = "Certificate for this app to use in CloudFront (US), must cover `hostname`."
-}
-
-variable "cloudfront_web_acl_id" {
- default = ""
- description = "Optional web acl (WAF) to attach to CloudFront"
+ type = string
}
variable "cloudfront_forward_headers" {
default = ["*"]
description = "Headers to forward to origin from CloudFront"
+ type = list(string)
}
variable "cloudfront_logging_bucket" {
@@ -66,21 +65,25 @@ variable "cloudfront_logging_prefix" {
variable "cloudfront_origin_keepalive_timeout" {
default = 5
description = "The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds."
+ type = number
}
variable "cloudfront_origin_read_timeout" {
default = 30
description = "The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds."
+ type = number
}
variable "alarm_cloudfront_500_errors_threshold" {
default = 5
description = "Cloudfront 500 Errors rate threshold (use 0 to disable this alarm)"
+ type = number
}
variable "alarm_sns_topics_us" {
default = []
description = "Alarm topics to create and alert on metrics on US region"
+ type = list(string)
}
variable "iam_certificate_id" {
@@ -157,8 +160,8 @@ variable "wafv2_rate_limit_rule" {
description = "The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable)"
}
-variable "web_acl_id" {
+variable "record_type" {
type = string
- description = "Web ACL ARN for Cloudfront distribution"
- default = null
+ description = "Type of the record to create on Route53"
+ default = "CNAME"
}
\ No newline at end of file
diff --git a/route53-record.tf b/route53-record.tf
index 0f876c3..7bbbdf3 100644
--- a/route53-record.tf
+++ b/route53-record.tf
@@ -7,7 +7,7 @@ resource "aws_route53_record" "hostname" {
zone_id = data.aws_route53_zone.selected.zone_id
name = var.hostnames[count.index]
- type = "CNAME"
+ type = var.record_type
ttl = "300"
- records = [element(aws_cloudfront_distribution.default.*.domain_name, 0)]
+ records = [element(aws_cloudfront_distribution.default[*].domain_name, 0)]
}
diff --git a/versions.tf b/versions.tf
index cc95bd3..5f63c3d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,4 +1,9 @@
terraform {
- required_version = ">= 0.13.0"
-
-}
\ No newline at end of file
+ required_version = ">= 1.3.0"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 3.0.0"
+ }
+ }
+}
diff --git a/waf.tf b/waf.tf
index e8de4a6..3d74bd5 100644
--- a/waf.tf
+++ b/waf.tf
@@ -4,8 +4,6 @@ resource "aws_wafv2_web_acl" "waf_cloudfront" {
description = "WAF managed rules for Cloudfront"
scope = "CLOUDFRONT"
-
-
default_action {
allow {}
}