From 01107fad4b6ee3535a8d15c6707c915f057e2419 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2019 23:46:16 +0000 Subject: [PATCH 1/4] Bump default_target_group_label from 0.2.1 to 0.4.0 Bumps [default_target_group_label](https://github.com/cloudposse/terraform-terraform-label) from 0.2.1 to 0.4.0. - [Release notes](https://github.com/cloudposse/terraform-terraform-label/releases) - [Commits](https://github.com/cloudposse/terraform-terraform-label/compare/tags/0.2.1...tags/0.4.0) Signed-off-by: dependabot-preview[bot] --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 32301ae..f184872 100644 --- a/main.tf +++ b/main.tf @@ -79,7 +79,7 @@ resource "aws_lb" "default" { } module "default_target_group_label" { - source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.2.1" + source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0" attributes = "${concat(var.attributes, list("default"))}" delimiter = "${var.delimiter}" name = "${var.name}" From 5158b86a47cb54b4d1d87c4fdeeab309d20b271e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2019 23:46:16 +0000 Subject: [PATCH 2/4] Bump default_label from 0.2.1 to 0.4.0 Bumps [default_label](https://github.com/cloudposse/terraform-terraform-label) from 0.2.1 to 0.4.0. - [Release notes](https://github.com/cloudposse/terraform-terraform-label/releases) - [Commits](https://github.com/cloudposse/terraform-terraform-label/compare/tags/0.2.1...tags/0.4.0) Signed-off-by: dependabot-preview[bot] --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 32301ae..7cce4d2 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ module "default_label" { - source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.2.1" + source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0" attributes = "${var.attributes}" delimiter = "${var.delimiter}" name = "${var.name}" From 3a48f9708015758b77dcd24dcd3ddbe88e7f6937 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2019 23:46:18 +0000 Subject: [PATCH 3/4] Bump access_logs from 0.1.4 to 0.2.0 Bumps [access_logs](https://github.com/cloudposse/terraform-aws-lb-s3-bucket) from 0.1.4 to 0.2.0. - [Release notes](https://github.com/cloudposse/terraform-aws-lb-s3-bucket/releases) - [Commits](https://github.com/cloudposse/terraform-aws-lb-s3-bucket/compare/tags/0.1.4...tags/0.2.0) Signed-off-by: dependabot-preview[bot] --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 32301ae..538c69b 100644 --- a/main.tf +++ b/main.tf @@ -47,7 +47,7 @@ resource "aws_security_group_rule" "https_ingress" { } module "access_logs" { - source = "git::https://github.com/cloudposse/terraform-aws-lb-s3-bucket.git?ref=tags/0.1.4" + source = "git::https://github.com/cloudposse/terraform-aws-lb-s3-bucket.git?ref=tags/0.2.0" attributes = "${compact(concat(var.attributes, list("alb", "access", "logs")))}" delimiter = "${var.delimiter}" name = "${var.name}" From d0d532f5fbeeca3ec8ece63060198a2e0fae1220 Mon Sep 17 00:00:00 2001 From: Michael Holt Date: Thu, 18 Jul 2019 09:23:40 -0700 Subject: [PATCH 4/4] Upgrade module to support Terraform 0.12 --- main.tf | 143 ++++++++++++++++++++++++++------------------------- outputs.tf | 25 +++++---- variables.tf | 69 +++++++++++++------------ 3 files changed, 122 insertions(+), 115 deletions(-) diff --git a/main.tf b/main.tf index 7ed1948..2590c8e 100644 --- a/main.tf +++ b/main.tf @@ -1,18 +1,18 @@ module "default_label" { source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0" - attributes = "${var.attributes}" - delimiter = "${var.delimiter}" - name = "${var.name}" - namespace = "${var.namespace}" - stage = "${var.stage}" - tags = "${var.tags}" + attributes = var.attributes + delimiter = var.delimiter + name = var.name + namespace = var.namespace + stage = var.stage + tags = var.tags } resource "aws_security_group" "default" { description = "Controls access to the ALB (HTTP/HTTPS)" - vpc_id = "${var.vpc_id}" - name = "${module.default_label.id}" - tags = "${module.default_label.tags}" + vpc_id = var.vpc_id + name = module.default_label.id + tags = module.default_label.tags } resource "aws_security_group_rule" "egress" { @@ -21,88 +21,90 @@ resource "aws_security_group_rule" "egress" { to_port = "0" protocol = "-1" cidr_blocks = ["0.0.0.0/0"] - security_group_id = "${aws_security_group.default.id}" + security_group_id = aws_security_group.default.id } resource "aws_security_group_rule" "http_ingress" { - count = "${var.http_enabled == "true" ? 1 : 0}" + count = var.http_enabled == "true" ? 1 : 0 type = "ingress" - from_port = "${var.http_port}" - to_port = "${var.http_port}" + from_port = var.http_port + to_port = var.http_port protocol = "tcp" - cidr_blocks = ["${var.http_ingress_cidr_blocks}"] - prefix_list_ids = ["${var.http_ingress_prefix_list_ids}"] - security_group_id = "${aws_security_group.default.id}" + cidr_blocks = var.http_ingress_cidr_blocks + prefix_list_ids = var.http_ingress_prefix_list_ids + security_group_id = aws_security_group.default.id } resource "aws_security_group_rule" "https_ingress" { - count = "${var.https_enabled == "true" ? 1 : 0}" + count = var.https_enabled == "true" ? 1 : 0 type = "ingress" - from_port = "${var.https_port}" - to_port = "${var.https_port}" + from_port = var.https_port + to_port = var.https_port protocol = "tcp" - cidr_blocks = ["${var.https_ingress_cidr_blocks}"] - prefix_list_ids = ["${var.https_ingress_prefix_list_ids}"] - security_group_id = "${aws_security_group.default.id}" + cidr_blocks = var.https_ingress_cidr_blocks + prefix_list_ids = var.https_ingress_prefix_list_ids + security_group_id = aws_security_group.default.id } module "access_logs" { source = "git::https://github.com/cloudposse/terraform-aws-lb-s3-bucket.git?ref=tags/0.2.0" - attributes = "${compact(concat(var.attributes, list("alb", "access", "logs")))}" - delimiter = "${var.delimiter}" - name = "${var.name}" - namespace = "${var.namespace}" - stage = "${var.stage}" - tags = "${var.tags}" - region = "${var.access_logs_region}" - force_destroy = "${var.alb_access_logs_s3_bucket_force_destroy}" + attributes = compact(concat(var.attributes, ["alb", "access", "logs"])) + delimiter = var.delimiter + name = var.name + namespace = var.namespace + stage = var.stage + tags = var.tags + region = var.access_logs_region + force_destroy = var.alb_access_logs_s3_bucket_force_destroy } resource "aws_lb" "default" { - name = "${module.default_label.id}" - tags = "${module.default_label.tags}" - internal = "${var.internal}" - load_balancer_type = "application" - security_groups = ["${compact(concat(var.security_group_ids, list(aws_security_group.default.id)))}"] - subnets = ["${var.subnet_ids}"] - enable_cross_zone_load_balancing = "${var.cross_zone_load_balancing_enabled}" - enable_http2 = "${var.http2_enabled}" - idle_timeout = "${var.idle_timeout}" - ip_address_type = "${var.ip_address_type}" - enable_deletion_protection = "${var.deletion_protection_enabled}" + name = module.default_label.id + tags = module.default_label.tags + internal = var.internal + load_balancer_type = "application" + security_groups = compact( + concat(var.security_group_ids, [aws_security_group.default.id]), + ) + subnets = var.subnet_ids + enable_cross_zone_load_balancing = var.cross_zone_load_balancing_enabled + enable_http2 = var.http2_enabled + idle_timeout = var.idle_timeout + ip_address_type = var.ip_address_type + enable_deletion_protection = var.deletion_protection_enabled access_logs { - bucket = "${module.access_logs.bucket_id}" - prefix = "${var.access_logs_prefix}" - enabled = "${var.access_logs_enabled}" + bucket = module.access_logs.bucket_id + prefix = var.access_logs_prefix + enabled = var.access_logs_enabled } } module "default_target_group_label" { source = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0" - attributes = "${concat(var.attributes, list("default"))}" - delimiter = "${var.delimiter}" - name = "${var.name}" - namespace = "${var.namespace}" - stage = "${var.stage}" - tags = "${var.tags}" + attributes = concat(var.attributes, ["default"]) + delimiter = var.delimiter + name = var.name + namespace = var.namespace + stage = var.stage + tags = var.tags } resource "aws_lb_target_group" "default" { - name = "${module.default_target_group_label.id}" - port = "${var.target_group_port}" + name = module.default_target_group_label.id + port = var.target_group_port protocol = "HTTP" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id target_type = "ip" - deregistration_delay = "${var.deregistration_delay}" + deregistration_delay = var.deregistration_delay health_check { - path = "${var.health_check_path}" - timeout = "${var.health_check_timeout}" - healthy_threshold = "${var.health_check_healthy_threshold}" - unhealthy_threshold = "${var.health_check_unhealthy_threshold}" - interval = "${var.health_check_interval}" - matcher = "${var.health_check_matcher}" + path = var.health_check_path + timeout = var.health_check_timeout + healthy_threshold = var.health_check_healthy_threshold + unhealthy_threshold = var.health_check_unhealthy_threshold + interval = var.health_check_interval + matcher = var.health_check_matcher } lifecycle { @@ -111,28 +113,29 @@ resource "aws_lb_target_group" "default" { } resource "aws_lb_listener" "http" { - count = "${var.http_enabled == "true" ? 1 : 0}" - load_balancer_arn = "${aws_lb.default.arn}" - port = "${var.http_port}" + count = var.http_enabled == "true" ? 1 : 0 + load_balancer_arn = aws_lb.default.arn + port = var.http_port protocol = "HTTP" default_action { - target_group_arn = "${aws_lb_target_group.default.arn}" + target_group_arn = aws_lb_target_group.default.arn type = "forward" } } resource "aws_lb_listener" "https" { - count = "${var.https_enabled == "true" ? 1 : 0}" - load_balancer_arn = "${aws_lb.default.arn}" + count = var.https_enabled == "true" ? 1 : 0 + load_balancer_arn = aws_lb.default.arn - port = "${var.https_port}" + port = var.https_port protocol = "HTTPS" - ssl_policy = "${var.https_ssl_policy}" - certificate_arn = "${var.certificate_arn}" + ssl_policy = var.https_ssl_policy + certificate_arn = var.certificate_arn default_action { - target_group_arn = "${aws_lb_target_group.default.arn}" + target_group_arn = aws_lb_target_group.default.arn type = "forward" } } + diff --git a/outputs.tf b/outputs.tf index 0ab948d..f1c9726 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,54 +1,57 @@ output "alb_name" { description = "The ARN suffix of the ALB" - value = "${aws_lb.default.name}" + value = aws_lb.default.name } output "alb_arn" { description = "The ARN of the ALB" - value = "${aws_lb.default.arn}" + value = aws_lb.default.arn } output "alb_arn_suffix" { description = "The ARN suffix of the ALB" - value = "${aws_lb.default.arn_suffix}" + value = aws_lb.default.arn_suffix } output "alb_dns_name" { description = "DNS name of ALB" - value = "${aws_lb.default.dns_name}" + value = aws_lb.default.dns_name } output "alb_zone_id" { description = "The ID of the zone which ALB is provisioned" - value = "${aws_lb.default.zone_id}" + value = aws_lb.default.zone_id } output "security_group_id" { description = "The security group ID of the ALB" - value = "${aws_security_group.default.id}" + value = aws_security_group.default.id } output "default_target_group_arn" { description = "The default target group ARN" - value = "${aws_lb_target_group.default.arn}" + value = aws_lb_target_group.default.arn } output "http_listener_arn" { description = "The ARN of the HTTP listener" - value = "${join("", aws_lb_listener.http.*.arn)}" + value = join("", aws_lb_listener.http.*.arn) } output "https_listener_arn" { description = "The ARN of the HTTPS listener" - value = "${join("", aws_lb_listener.https.*.arn)}" + value = join("", aws_lb_listener.https.*.arn) } output "listener_arns" { description = "A list of all the listener ARNs" - value = "${compact(concat(aws_lb_listener.http.*.arn, aws_lb_listener.https.*.arn))}" + value = compact( + concat(aws_lb_listener.http.*.arn, aws_lb_listener.https.*.arn), + ) } output "access_logs_bucket_id" { description = "The S3 bucket ID for access logs" - value = "${module.access_logs.bucket_id}" + value = module.access_logs.bucket_id } + diff --git a/variables.tf b/variables.tf index 9fa23d9..5b25c66 100644 --- a/variables.tf +++ b/variables.tf @@ -1,108 +1,108 @@ variable "namespace" { - type = "string" + type = string description = "Namespace, which could be your organization name, e.g. `cp` or `cloudposse`" } variable "stage" { - type = "string" + type = string description = "Stage, e.g. `prod`, `staging`, `dev`, or `test`" } variable "name" { - type = "string" + type = string description = "Solution name, e.g. `app`" } variable "delimiter" { - type = "string" + type = string default = "-" description = "Delimiter to be used between `namespace`, `name`, `stage` and `attributes`" } variable "attributes" { - type = "list" + type = list(string) default = [] description = "Additional attributes, e.g. `1`" } variable "tags" { - type = "map" + type = map(string) default = {} description = "Additional tags (e.g. `map(`BusinessUnit`,`XYZ`)" } variable "vpc_id" { - type = "string" + type = string description = "VPC ID to associate with ALB" } variable "subnet_ids" { - type = "list" + type = list(string) description = "A list of subnet IDs to associate with ALB" } variable "security_group_ids" { - type = "list" + type = list(string) default = [] description = "A list of additional security group IDs to allow access to ALB" } variable "internal" { - type = "string" + type = string default = "false" description = "A boolean flag to determine whether the ALB should be internal" } variable "http_port" { - type = "string" + type = string default = "80" description = "The port for the HTTP listener" } variable "http_enabled" { - type = "string" + type = string default = "true" description = "A boolean flag to enable/disable HTTP listener" } variable "http_ingress_cidr_blocks" { - type = "list" + type = list(string) default = ["0.0.0.0/0"] description = "List of CIDR blocks to allow in HTTP security group" } variable "http_ingress_prefix_list_ids" { - type = "list" + type = list(string) default = [] description = "List of prefix list IDs for allowing access to HTTP ingress security group" } variable "certificate_arn" { - type = "string" + type = string default = "" description = "The ARN of the default SSL certificate for HTTPS listener" } variable "https_port" { - type = "string" + type = string default = "443" description = "The port for the HTTPS listener" } variable "https_enabled" { - type = "string" + type = string default = "false" description = "A boolean flag to enable/disable HTTPS listener" } variable "https_ingress_cidr_blocks" { - type = "list" + type = list(string) default = ["0.0.0.0/0"] description = "List of CIDR blocks to allow in HTTPS security group" } variable "https_ingress_prefix_list_ids" { - type = "list" + type = list(string) default = [] description = "List of prefix list IDs for allowing access to HTTPS ingress security group" } @@ -113,91 +113,91 @@ variable "https_ssl_policy" { } variable "access_logs_prefix" { - type = "string" + type = string default = "" description = "The S3 bucket prefix" } variable "access_logs_enabled" { - type = "string" + type = string default = "true" description = "A boolean flag to enable/disable access_logs" } variable "access_logs_region" { - type = "string" + type = string default = "us-east-1" description = "The region for the access_logs S3 bucket" } variable "cross_zone_load_balancing_enabled" { - type = "string" + type = string default = "true" description = "A boolean flag to enable/disable cross zone load balancing" } variable "http2_enabled" { - type = "string" + type = string default = "true" description = "A boolean flag to enable/disable HTTP/2" } variable "idle_timeout" { - type = "string" + type = string default = "60" description = "The time in seconds that the connection is allowed to be idle" } variable "ip_address_type" { - type = "string" + type = string default = "ipv4" description = "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`." } variable "deletion_protection_enabled" { - type = "string" + type = string default = "false" description = "A boolean flag to enable/disable deletion protection for ALB" } variable "deregistration_delay" { - type = "string" + type = string default = "15" description = "The amount of time to wait in seconds before changing the state of a deregistering target to unused" } variable "health_check_path" { - type = "string" + type = string default = "/" description = "The destination for the health check request" } variable "health_check_timeout" { - type = "string" + type = string default = "10" description = "The amount of time to wait in seconds before failing a health check request" } variable "health_check_healthy_threshold" { - type = "string" + type = string default = "2" description = "The number of consecutive health checks successes required before considering an unhealthy target healthy" } variable "health_check_unhealthy_threshold" { - type = "string" + type = string default = "2" description = "The number of consecutive health check failures required before considering the target unhealthy" } variable "health_check_interval" { - type = "string" + type = string default = "15" description = "The duration in seconds in between health checks" } variable "health_check_matcher" { - type = "string" + type = string default = "200-399" description = "The HTTP response codes to indicate a healthy check" } @@ -211,3 +211,4 @@ variable "target_group_port" { description = "The port for the default target group" default = "80" } +