Skip to content
This repository has been archived by the owner on Jun 8, 2023. It is now read-only.

Commit

Permalink
Applied tf fmt -recursive
Browse files Browse the repository at this point in the history
  • Loading branch information
David Smith committed Feb 2, 2022
1 parent 0d4d361 commit c6f2ca2
Show file tree
Hide file tree
Showing 9 changed files with 125 additions and 125 deletions.
82 changes: 41 additions & 41 deletions infrastructure/lambda-app/alb.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@ resource "aws_route53_record" "app_domain" {
zone_id = var.app_cert.zone_id

alias {
name = aws_lb.alb.dns_name
zone_id = aws_lb.alb.zone_id
name = aws_lb.alb.dns_name
zone_id = aws_lb.alb.zone_id
evaluate_target_health = true
}
}

resource "aws_lb" "alb" {
name = "${var.app_name}-alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.public_https.id]
subnets = data.aws_subnet_ids.public_subnets.ids
name = "${var.app_name}-alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.public_https.id]
subnets = data.aws_subnet_ids.public_subnets.ids
enable_deletion_protection = false

access_logs {
Expand All @@ -28,20 +28,20 @@ data "aws_subnet_ids" "public_subnets" {
vpc_id = var.vpc.id

filter {
name = "cidr-block"
name = "cidr-block"
values = var.vpc.public_subnets
}
}

resource "aws_lb_listener" "web_traffic" {
load_balancer_arn = aws_lb.alb.arn
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
certificate_arn = var.app_cert.certificate_arn
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
certificate_arn = var.app_cert.certificate_arn

default_action {
type = "forward"
type = "forward"
target_group_arn = aws_lb_target_group.app_lambda_target.arn
}
}
Expand All @@ -52,14 +52,14 @@ resource "aws_lb_target_group" "app_lambda_target" {
}

resource "aws_lb_target_group_attachment" "app_lambda_target" {
count = var.create_lambda_function ? 1 : 0
count = var.create_lambda_function ? 1 : 0
target_group_arn = aws_lb_target_group.app_lambda_target.arn
target_id = aws_lambda_function.app[0].arn
depends_on = [aws_lambda_permission.with_alb]
}

resource "aws_lambda_permission" "with_alb" {
count = var.create_lambda_function ? 1 : 0
count = var.create_lambda_function ? 1 : 0
statement_id = "AllowExecutionFromAlb"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.app[0].arn
Expand All @@ -71,16 +71,16 @@ resource "aws_security_group" "public_https" {
vpc_id = var.vpc.id

ingress {
from_port = 443
protocol = "TCP"
to_port = 443
from_port = 443
protocol = "TCP"
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}

egress {
from_port = 0
protocol = "TCP"
to_port = 65535
from_port = 0
protocol = "TCP"
to_port = 65535
cidr_blocks = var.vpc.private_subnets
}
}
Expand All @@ -104,36 +104,36 @@ resource "aws_s3_bucket" "alb_logs" {
resource "aws_s3_bucket_policy" "alb_bucket_policy" {
bucket = aws_s3_bucket.alb_logs.id
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
"Version" : "2012-10-17",
"Statement" : [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::156460612806:root"
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::156460612806:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}/AWSLogs/*"
"Action" : "s3:PutObject",
"Resource" : "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}/AWSLogs/*"
},
{
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
"Effect" : "Allow",
"Principal" : {
"Service" : "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}/AWSLogs/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
"Action" : "s3:PutObject",
"Resource" : "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}/AWSLogs/*",
"Condition" : {
"StringEquals" : {
"s3:x-amz-acl" : "bucket-owner-full-control"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
"Effect" : "Allow",
"Principal" : {
"Service" : "delivery.logs.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}"
"Action" : "s3:GetBucketAcl",
"Resource" : "arn:aws:s3:::${aws_s3_bucket.alb_logs.bucket}"
}
]
})
Expand Down
38 changes: 19 additions & 19 deletions infrastructure/lambda-app/cdn.tf
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
resource "aws_s3_bucket" "assets" {
bucket = "checkout-test-website-assets"
acl = "private"
bucket = "checkout-test-website-assets"
acl = "private"
force_destroy = true
}

resource "aws_s3_bucket_policy" "cloudfront_access_policy" {
bucket = aws_s3_bucket.assets.id
policy = jsonencode({
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.cdn.id}"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${aws_s3_bucket.assets.bucket}/*"
}
"Version" : "2008-10-17",
"Id" : "PolicyForCloudFrontPrivateContent",
"Statement" : [
{
"Sid" : "1",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.cdn.id}"
},
"Action" : "s3:GetObject",
"Resource" : "arn:aws:s3:::${aws_s3_bucket.assets.bucket}/*"
}
]
})
}
Expand All @@ -29,8 +29,8 @@ resource "aws_route53_record" "cdn_domain" {
zone_id = var.cdn_cert.zone_id

alias {
name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
Expand All @@ -54,8 +54,8 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
enabled = true

default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = local.s3_origin_id

forwarded_values {
Expand All @@ -79,7 +79,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {

viewer_certificate {
acm_certificate_arn = var.cdn_cert.certificate_arn
ssl_support_method = "sni-only"
ssl_support_method = "sni-only"
}
}

Expand Down
6 changes: 3 additions & 3 deletions infrastructure/lambda-app/lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ resource "aws_lambda_function" "app" {
function_name = var.app_name
role = aws_iam_role.iam_for_lambda.arn
image_uri = "${var.docker_image_repo_url}:${var.app_version}"
package_type = "Image"
publish = true
package_type = "Image"
publish = true

depends_on = [
aws_cloudwatch_log_group.app,
Expand All @@ -15,7 +15,7 @@ resource "aws_lambda_function" "app" {
environment {
variables = {
APP_VERSION = var.app_version
CDN_URL = "//${var.cdn_domain}/${var.app_version}${var.cdn_path}"
CDN_URL = "//${var.cdn_domain}/${var.app_version}${var.cdn_path}"
}
}
}
Expand Down
42 changes: 21 additions & 21 deletions infrastructure/lambda-app/variables.tf
Original file line number Diff line number Diff line change
@@ -1,82 +1,82 @@
variable "app_version" {
type = string
type = string
description = "Version of the application to deploy. Maps 1:1 to the tag of the docker image to deploy"
}

variable "app_name" {
type = string
type = string
description = "System name that can be used to identify this app"
}

variable "docker_image_repo_url" {
type = string
type = string
description = "URL of the docker image repository for this app. DO NOT INCLUDE the image tag here. (use app_version)"
default = "246316657840.dkr.ecr.eu-west-1.amazonaws.com/checkout-test-website"
default = "246316657840.dkr.ecr.eu-west-1.amazonaws.com/checkout-test-website"
}

variable "app_domain" {
type = string
type = string
description = "Domain on which the app will be publicly available"
default = "checkout.davidsmith.dev"
default = "checkout.davidsmith.dev"
}

variable "app_path" {
type = string
type = string
description = "URL path that the app will be available at"
default = "/"
default = "/"
}

variable "cdn_domain" {
type = string
type = string
description = "Domain on which static assets will be published to"
default = "checkout-cdn.davidsmith.dev"
default = "checkout-cdn.davidsmith.dev"
}

variable "cdn_path" {
type = string
type = string
description = "URL path that static assets will be available under"
default = "/"
default = "/"
}

variable "assets_dir" {
type = string
type = string
description = "Relative path to the directory in the app repository that contains static assets"
default = "assets"
default = "assets"
}

variable "vpc" {
type = object({
id = string
public_subnets = list(string)
id = string
public_subnets = list(string)
private_subnets = list(string)
})
description = "Details about the VPC the app should run in"
}

variable "create_lambda_function" {
type = bool
type = bool
default = true
}

variable "app_cert" {
description = "Details of the SSL certificate issued for the app's primary domain"
type = object({
certificate_arn = string
zone_id = string
zone_id = string
})
}

variable "cdn_cert" {
description = "Details of the SSL certificate issued for the app's CDN domain"
type = object({
certificate_arn = string
zone_id = string
zone_id = string
})
}

locals {
app_root_domain = regex("[^\\.]+\\.[a-z]+$", var.app_domain)
app_sub_domain = regex("^[^\\.]+", var.app_domain)
app_sub_domain = regex("^[^\\.]+", var.app_domain)
cdn_root_domain = regex("[^\\.]+\\.[a-z]+$", var.cdn_domain)
cdn_sub_domain = regex("^[^\\.]+", var.cdn_domain)
cdn_sub_domain = regex("^[^\\.]+", var.cdn_domain)
}
Loading

0 comments on commit c6f2ca2

Please sign in to comment.