From 085e242688918779815edabe4fa3949baca281af Mon Sep 17 00:00:00 2001 From: Alec Hinh Date: Thu, 28 Oct 2021 10:04:39 -0500 Subject: [PATCH] Update modules called in root main.tf to support AWS provider version 3.x syntax (#43) * Update code to use latest syntax * Remove deprecated syntax * Use conditional for each * Remove wildcard from validation * Remove deprecated syntax * Skip over non wildcard domain with filtering --- autoscaling/ingress.tf | 5 +++-- fargate_cluster/ingress.tf | 5 +++-- ingress/main.tf | 4 ++-- instance/ingress.tf | 5 +++-- wildcard_cert/main.tf | 18 +++++++++++++----- 5 files changed, 24 insertions(+), 13 deletions(-) diff --git a/autoscaling/ingress.tf b/autoscaling/ingress.tf index ac0ae3c..4b3dcf7 100644 --- a/autoscaling/ingress.tf +++ b/autoscaling/ingress.tf @@ -51,8 +51,9 @@ resource "aws_alb_listener_rule" "applications" { } condition { - field = "host-header" - values = ["${var.application_name}.${var.base.domain_name}"] + host_header { + values = ["${var.application_name}.${var.base.domain_name}"] + } } } diff --git a/fargate_cluster/ingress.tf b/fargate_cluster/ingress.tf index d832833..1de923d 100644 --- a/fargate_cluster/ingress.tf +++ b/fargate_cluster/ingress.tf @@ -51,8 +51,9 @@ resource "aws_alb_listener_rule" "applications" { } condition { - field = "host-header" - values = ["${var.application_name}.${var.base.domain_name}"] + host_header { + values = ["${var.application_name}.${var.base.domain_name}"] + } } } diff --git a/ingress/main.tf b/ingress/main.tf index 919a0c8..360d313 100644 --- a/ingress/main.tf +++ b/ingress/main.tf @@ -79,7 +79,7 @@ resource "aws_alb_listener" "applications" { redirect { port = "443" protocol = "HTTPS" - host = "${var.domain_name}" + host = var.domain_name status_code = "HTTP_302" } } @@ -112,7 +112,7 @@ resource "aws_security_group_rule" "lb_ingress" { protocol = "tcp" # If fronted by nginx, only accept traffic from inside the VPC - cidr_blocks = var.public ? ["0.0.0.0/0"] : ["${var.cidr_block}"] + cidr_blocks = var.public ? ["0.0.0.0/0"] : [var.cidr_block] security_group_id = aws_security_group.alb.id } diff --git a/instance/ingress.tf b/instance/ingress.tf index aa3584c..24c072d 100644 --- a/instance/ingress.tf +++ b/instance/ingress.tf @@ -57,8 +57,9 @@ resource "aws_alb_listener_rule" "applications" { } condition { - field = "host-header" - values = ["${var.application_name}.${var.base.domain_name}"] + host_header { + values = ["${var.application_name}.${var.base.domain_name}"] + } } } diff --git a/wildcard_cert/main.tf b/wildcard_cert/main.tf index 5fe50ac..df5d585 100644 --- a/wildcard_cert/main.tf +++ b/wildcard_cert/main.tf @@ -27,16 +27,24 @@ resource "aws_acm_certificate" "domain" { resource "aws_acm_certificate_validation" "domain" { count = var.primary ? 1 : 0 certificate_arn = aws_acm_certificate.domain[0].arn - validation_record_fqdns = aws_route53_record.validation[*].fqdn + validation_record_fqdns = [for record in aws_route53_record.validation : record.fqdn] } # Only need to validate the first record because the wildcard entry will use the same DNS record resource "aws_route53_record" "validation" { - count = var.primary ? 1 : 0 - name = aws_acm_certificate.domain[0].domain_validation_options[0]["resource_record_name"] - type = aws_acm_certificate.domain[0].domain_validation_options[0]["resource_record_type"] + for_each = var.primary ? { + for dvo in aws_acm_certificate.domain[0].domain_validation_options : dvo.domain_name => { + name = dvo.resource_record_name + record = dvo.resource_record_value + type = dvo.resource_record_type + } + # Skips the domain if it doesn't contain a wildcard + if length(regexall("\\*\\..+", dvo.domain_name)) > 0 + } : {} + name = each.value.name + type = each.value.type zone_id = data.aws_route53_zone.external.id - records = [aws_acm_certificate.domain[0].domain_validation_options[0]["resource_record_value"]] + records = [each.value.record] ttl = 60 }