Merge pull request #21 from DNXLabs/feature/record-type

feature: add `record_type` variable

Author: lucasmacedot

.github/workflows/lint.yml

@@ -8,8 +8,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - name: TFLint
-        uses: docker://wata727/tflint
+      - uses: terraform-linters/setup-tflint@v4
+        name: Setup TFLint
+        with:
+          tflint_version: v0.52.0
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}
+      - name: Run TFLint
+        run: tflint -f compact
 
   fmt:
     name: Code Format
@@ -47,18 +56,18 @@ jobs:
             cd -
           done
 
-  minimum:
-    name: Minimum version check
-    runs-on: ubuntu-latest
-    container:
-      image: hashicorp/terraform:0.13.0
-    steps:
-      - uses: actions/checkout@master
-      - name: Validate Code
-        env:
-          AWS_REGION: 'us-east-1'
-          TF_WARN_OUTPUT_ERRORS: 1
-        run: |
-          sed -i -e 's/>=/=/' -e 's/ \(\d\+\.\d\+\)"/ \1.0"/' versions.tf
-          terraform init
-          terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
+  # minimum:
+  #   name: Minimum version check
+  #   runs-on: ubuntu-latest
+  #   container:
+  #     image: hashicorp/terraform:1.3.0
+  #   steps:
+  #     - uses: actions/checkout@master
+  #     - name: Validate Code
+  #       env:
+  #         AWS_REGION: 'us-east-1'
+  #         TF_WARN_OUTPUT_ERRORS: 1
+  #       run: |
+  #         sed -i -e 's/>=/=/' -e 's/ \(\d\+\.\d\+\)"/ \1.0"/' versions.tf
+  #         terraform init
+  #         terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]"

README.md

@@ -38,47 +38,46 @@ If you have specified cloudfront_default_certificate, TLSv1 must be specified.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.13.0 |
+| terraform | >= 1.3.0 |
+| aws | >= 3.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 3.0.0 |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | alarm\_cloudfront\_500\_errors\_threshold | Cloudfront 500 Errors rate threshold (use 0 to disable this alarm) | `number` | `5` | no |
 | alarm\_prefix | String prefix for cloudwatch alarms. (Optional) | `string` | `"alarm"` | no |
-| alarm\_sns\_topics\_us | Alarm topics to create and alert on metrics on US region | `list` | `[]` | no |
-| alb\_cloudfront\_key | Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront | `any` | n/a | yes |
-| alb\_dns\_name | ALB DNS Name that CloudFront will point as origin | `any` | n/a | yes |
-| certificate\_arn | Certificate for this app to use in CloudFront (US), must cover `hostname`. | `any` | n/a | yes |
-| cloudfront\_forward\_headers | Headers to forward to origin from CloudFront | `list` | <pre>[<br>  "*"<br>]</pre> | no |
+| alarm\_sns\_topics\_us | Alarm topics to create and alert on metrics on US region | `list(string)` | `[]` | no |
+| alb\_cloudfront\_key | Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront | `string` | n/a | yes |
+| alb\_dns\_name | ALB DNS Name that CloudFront will point as origin | `string` | n/a | yes |
+| certificate\_arn | Certificate for this app to use in CloudFront (US), must cover `hostname`. | `string` | n/a | yes |
+| cloudfront\_forward\_headers | Headers to forward to origin from CloudFront | `list(string)` | <pre>[<br>  "*"<br>]</pre> | no |
 | cloudfront\_logging\_bucket | Bucket to store logs from app | `string` | `null` | no |
 | cloudfront\_logging\_prefix | Logging prefix | `string` | `""` | no |
 | cloudfront\_origin\_keepalive\_timeout | The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. | `number` | `5` | no |
 | cloudfront\_origin\_read\_timeout | The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. | `number` | `30` | no |
-| cloudfront\_web\_acl\_id | Optional web acl (WAF) to attach to CloudFront | `string` | `""` | no |
-| cluster\_name | Name of existing ECS Cluster to deploy this app to | `any` | n/a | yes |
 | dynamic\_custom\_error\_response | One or more custom error response elements (multiples allowed) | <pre>list(object({<br>    error_code         = optional(number)<br>    response_code      = optional(number)<br>    response_page_path = optional(string)<br>  }))</pre> | `[]` | no |
 | dynamic\_custom\_origin\_config | Configuration for the custom origin config to be used in dynamic block | `any` | `[]` | no |
 | dynamic\_ordered\_cache\_behavior | Ordered Cache Behaviors to be used in dynamic block | `any` | `[]` | no |
-| hosted\_zone | Existing Hosted Zone domain to add hostnames as DNS records | `any` | n/a | yes |
+| hosted\_zone | Existing Hosted Zone domain to add hostnames as DNS records | `string` | n/a | yes |
 | hostname\_create | Create hostnames in the hosted zone passed? | `bool` | `true` | no |
-| hostnames | Hostnames to create DNS record for this app that the cloudfront distribution will accept | `any` | n/a | yes |
+| hostnames | Hostnames to create DNS record for this app that the cloudfront distribution will accept | `list(string)` | n/a | yes |
 | iam\_certificate\_id | Specifies IAM certificate id for CloudFront distribution | `string` | `null` | no |
 | minimum\_protocol\_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. <br>    One of SSLv3, TLSv1, TLSv1\_2016, TLSv1.1\_2016 or TLSv1.2\_2018. Default: TLSv1.2\_2018. <br>    NOTE: If you are using a custom certificate (specified with acm\_certificate\_arn or iam\_certificate\_id), <br>    and have specified sni-only in ssl\_support\_method, TLSv1 or later must be specified. <br>    If you have specified vip in ssl\_support\_method, only SSLv3 or TLSv1 can be specified. <br>    If you have specified cloudfront\_default\_certificate, TLSv1 must be specified. | `string` | `"TLSv1.2_2018"` | no |
-| name | Name of your ECS service | `any` | n/a | yes |
+| name | Name of your ECS service | `string` | n/a | yes |
+| record\_type | Type of the record to create on Route53 | `string` | `"CNAME"` | no |
 | restriction\_location | The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) | `list(any)` | `[]` | no |
 | restriction\_type | The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist | `string` | `"none"` | no |
 | waf\_cloudfront\_enable | Enable WAF for Cloudfront distribution | `bool` | `false` | no |
 | wafv2\_managed\_block\_rule\_groups | List of WAF V2 managed rule groups, set to block | `list(string)` | `[]` | no |
 | wafv2\_managed\_rule\_groups | List of WAF V2 managed rule groups, set to count | `list(string)` | <pre>[<br>  "AWSManagedRulesCommonRuleSet"<br>]</pre> | no |
 | wafv2\_rate\_limit\_rule | The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable) | `number` | `0` | no |
-| web\_acl\_id | Web ACL ARN for Cloudfront distribution | `string` | `null` | no |
 
 ## Outputs
 

_outputs.tf

@@ -15,5 +15,5 @@ output "cloudfront_zone_id" {
 
 output "aws_cloudfront_origin_access_identity" {
   description = "Define cloudfront origin access identity"
-  value       = aws_cloudfront_origin_access_identity.default.*
+  value       = aws_cloudfront_origin_access_identity.default[*]
 }

_variables.tf

@@ -1,13 +1,11 @@
 variable "name" {
   description = "Name of your ECS service"
-}
-
-variable "cluster_name" {
-  description = "Name of existing ECS Cluster to deploy this app to"
+  type        = string
 }
 
 variable "hostnames" {
   description = "Hostnames to create DNS record for this app that the cloudfront distribution will accept"
+  type        = list(string)
 }
 
 variable "dynamic_custom_error_response" {
@@ -23,32 +21,33 @@ variable "dynamic_custom_error_response" {
 variable "hostname_create" {
   description = "Create hostnames in the hosted zone passed?"
   default     = true
+  type        = bool
 }
 
 variable "hosted_zone" {
   description = "Existing Hosted Zone domain to add hostnames as DNS records"
+  type        = string
 }
 
 variable "alb_cloudfront_key" {
   description = "Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront"
+  type        = string
 }
 
 variable "alb_dns_name" {
   description = "ALB DNS Name that CloudFront will point as origin"
+  type        = string
 }
 
 variable "certificate_arn" {
   description = "Certificate for this app to use in CloudFront (US), must cover `hostname`."
-}
-
-variable "cloudfront_web_acl_id" {
-  default     = ""
-  description = "Optional web acl (WAF) to attach to CloudFront"
+  type        = string
 }
 
 variable "cloudfront_forward_headers" {
   default     = ["*"]
   description = "Headers to forward to origin from CloudFront"
+  type        = list(string)
 }
 
 variable "cloudfront_logging_bucket" {
@@ -66,21 +65,25 @@ variable "cloudfront_logging_prefix" {
 variable "cloudfront_origin_keepalive_timeout" {
   default     = 5
   description = "The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds."
+  type        = number
 }
 
 variable "cloudfront_origin_read_timeout" {
   default     = 30
   description = "The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds."
+  type        = number
 }
 
 variable "alarm_cloudfront_500_errors_threshold" {
   default     = 5
   description = "Cloudfront 500 Errors rate threshold (use 0 to disable this alarm)"
+  type        = number
 }
 
 variable "alarm_sns_topics_us" {
   default     = []
   description = "Alarm topics to create and alert on metrics on US region"
+  type        = list(string)
 }
 
 variable "iam_certificate_id" {
@@ -157,8 +160,8 @@ variable "wafv2_rate_limit_rule" {
   description = "The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable)"
 }
 
-variable "web_acl_id" {
+variable "record_type" {
   type        = string
-  description = "Web ACL ARN for Cloudfront distribution"
-  default     = null
+  description = "Type of the record to create on Route53"
+  default     = "CNAME"
 }

route53-record.tf

@@ -7,7 +7,7 @@ resource "aws_route53_record" "hostname" {
 
   zone_id = data.aws_route53_zone.selected.zone_id
   name    = var.hostnames[count.index]
-  type    = "CNAME"
+  type    = var.record_type
   ttl     = "300"
-  records = [element(aws_cloudfront_distribution.default.*.domain_name, 0)]
+  records = [element(aws_cloudfront_distribution.default[*].domain_name, 0)]
 }

versions.tf

@@ -1,4 +1,9 @@
 terraform {
-  required_version = ">= 0.13.0"
-
-}
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.0.0"
+    }
+  }
+}

waf.tf

@@ -4,8 +4,6 @@ resource "aws_wafv2_web_acl" "waf_cloudfront" {
   description = "WAF managed rules for Cloudfront"
   scope       = "CLOUDFRONT"
 
-
-
   default_action {
     allow {}
   }