Skip to content

Commit

Permalink
Merge pull request #9 from ministryofjustice/feature/remove-embedded-…
Browse files Browse the repository at this point in the history
…provider

Use the default provider
  • Loading branch information
davidkelliott authored Sep 22, 2022
2 parents dcdd3e8 + 0e93c54 commit 9f5f69e
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 74 deletions.
8 changes: 5 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ Try a query like `select * from lb_logs limit 100;`
module "lb-access-logs-enabled" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer"
providers = {
# Here we use the default provider for the S3 bucket module, buck replication is disabled but we still
# Need to pass the provider to the S3 bucket module
aws.bucket-replication = aws
}
vpc_all = "${local.vpc_name}-${local.environment}"
#existing_bucket_name = "my-bucket-name"
application_name = local.application_name
Expand Down Expand Up @@ -150,7 +155,6 @@ If you're looking to raise an issue with this module, please create a new issue
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_template"></a> [template](#provider\_template) | n/a |

## Modules

Expand All @@ -169,9 +173,7 @@ If you're looking to raise an issue with this module, please create a new issue
| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source |
| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
| [template_file.lb-access-logs](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |

## Inputs

Expand Down
35 changes: 18 additions & 17 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -111,28 +111,28 @@ data "aws_iam_policy_document" "bucket_policy" {
]

resources = [
var.existing_bucket_name != "" ? "arn:aws:s3:::${var.existing_bucket_name}" : "${module.s3-bucket[0].bucket.arn}"
var.existing_bucket_name != "" ? "arn:aws:s3:::${var.existing_bucket_name}" : module.s3-bucket[0].bucket.arn
]
}
}

data "aws_elb_service_account" "default" {}

# https://www.terraform.io/docs/providers/aws/d/region.html
# Get the region of the callee
data "aws_region" "current" {}

#tfsec:ignore:aws-elb-alb-not-public
resource "aws_lb" "loadbalancer" {
#checkov:skip=CKV_AWS_150:preventing destroy can be controlled outside of the module
#checkov:skip=CKV2_AWS_28:WAF is configured outside of the module for more flexibility
name = "${var.application_name}-lb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.lb.id]
subnets = [var.public_subnets[0], var.public_subnets[1], var.public_subnets[2]]
enable_deletion_protection = var.enable_deletion_protection
idle_timeout = var.idle_timeout
drop_invalid_header_fields = true

access_logs {
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : module.s3-bucket[0].bucket.id
prefix = var.application_name
enabled = true
}
Expand Down Expand Up @@ -175,25 +175,26 @@ resource "aws_security_group" "lb" {
}
}

data "template_file" "lb-access-logs" {
template = file("${path.module}/templates/create_table.sql")

vars = {
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
account_id = var.account_number
region = var.region
}
}

resource "aws_athena_database" "lb-access-logs" {
name = "loadbalancer_access_logs"
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : module.s3-bucket[0].bucket.id
encryption_configuration {
encryption_option = "SSE_S3"
}
}

resource "aws_athena_named_query" "main" {
name = "${var.application_name}-create-table"
database = aws_athena_database.lb-access-logs.name
query = data.template_file.lb-access-logs.rendered
query = templatefile(
"${path.module}/templates/create_table.sql",
{
bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : module.s3-bucket[0].bucket.id
account_id = var.account_number
region = var.region
}
)
}

resource "aws_athena_workgroup" "lb-access-logs" {
Expand Down
7 changes: 0 additions & 7 deletions providers.tf

This file was deleted.

6 changes: 5 additions & 1 deletion test/unit-test/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,11 @@ data "aws_subnet" "public_subnets_c" {

module "lb_access_logs_enabled" {
source = "../.."

providers = {
# Here we use the default provider for the S3 bucket module, buck replication is disabled but we still
# Need to pass the provider to the S3 bucket module
aws.bucket-replication = aws
}
vpc_all = "${local.vpc_name}-${local.environment}"
application_name = local.application_name
public_subnets = [data.aws_subnet.public_subnets_a.id, data.aws_subnet.public_subnets_b.id, data.aws_subnet.public_subnets_c.id]
Expand Down
44 changes: 0 additions & 44 deletions test/unit-test/role.tf

This file was deleted.

5 changes: 3 additions & 2 deletions versions.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
terraform {
required_providers {
aws = {
version = "~> 4.0"
source = "hashicorp/aws"
source = "hashicorp/aws"
version = "~> 4.0"
configuration_aliases = [aws.bucket-replication]
}
}
required_version = ">= 1.0.1"
Expand Down

0 comments on commit 9f5f69e

Please sign in to comment.