refactor module (#7)

locus313 · github-actions[bot] · web-flow · commit de4c3b31c748 · 2024-06-22T01:53:50.000-07:00
* refactor module

* terraform-docs: automated action

* update

* update

* updates

* updates

* updates

* updates

---------

Co-authored-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -1,18 +1,21 @@
 name: Generate terraform docs
+
 on:
   - pull_request
 permissions:
   contents: write
+
 jobs:
   docs:
     runs-on: ubuntu-latest
+
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ github.event.pull_request.head.ref }}
 
     - name: Render terraform docs inside the README.md and push changes back to PR branch
-      uses: terraform-docs/gh-actions@v1.0.0
+      uses: terraform-docs/gh-actions@v1.2.0
       with:
         working-dir: .
         output-file: README.md
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,39 @@
+name: Terraform Lint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform-lint:
+    name: Lint Terraform code
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 0.13.1
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -input=false  
+    
+      - name: Terraform Format Check
+        id: fmt
+        run: terraform fmt -check -recursive
+        continue-on-error: true
+
+      - name: Terraform Format Diff
+        if: failure()
+        run: terraform fmt -diff -recursive
+
+      - name: Terraform Validate
+        run: terraform validate
diff --git a/README.md b/README.md
@@ -45,15 +45,16 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_primary_domain"></a> [primary\_domain](#input\_primary\_domain) | Route53 Primary domain | `any` | n/a | yes |
-| <a name="input_records_a"></a> [records\_a](#input\_records\_a) | Map of A records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_aaaa"></a> [records\_aaaa](#input\_records\_aaaa) | Map of AAAA records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_caa"></a> [records\_caa](#input\_records\_caa) | Map of CAA records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_cname"></a> [records\_cname](#input\_records\_cname) | Map of CNAME records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_mx"></a> [records\_mx](#input\_records\_mx) | Map of MX records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_ns"></a> [records\_ns](#input\_records\_ns) | Map of NS records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_txt"></a> [records\_txt](#input\_records\_txt) | Map of TXT records separate by comma (,) | `map(any)` | `{}` | no |
-| <a name="input_records_wr"></a> [records\_wr](#input\_records\_wr) | Map of redirect records | `map(any)` | `{}` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | Whether to enable Route 53 resources | `bool` | `true` | no |
+| <a name="input_primary_domain"></a> [primary\_domain](#input\_primary\_domain) | The domain name to manage | `string` | n/a | yes |
+| <a name="input_records_a"></a> [records\_a](#input\_records\_a) | Map of A records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_aaaa"></a> [records\_aaaa](#input\_records\_aaaa) | Map of AAAA records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_caa"></a> [records\_caa](#input\_records\_caa) | Map of CAA records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_cname"></a> [records\_cname](#input\_records\_cname) | Map of CNAME records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_mx"></a> [records\_mx](#input\_records\_mx) | Map of MX records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_ns"></a> [records\_ns](#input\_records\_ns) | Map of NS records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_txt"></a> [records\_txt](#input\_records\_txt) | Map of TXT records separate by comma (,) | `map(list(string))` | `{}` | no |
+| <a name="input_records_wr"></a> [records\_wr](#input\_records\_wr) | Map of redirect records | `map(list(string))` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | Default TTL for All records | `number` | `"3600"` | no |
 | <a name="input_ttl_acm"></a> [ttl\_acm](#input\_ttl\_acm) | Default TTL for acm records | `number` | `"60"` | no |
 | <a name="input_ttl_ns"></a> [ttl\_ns](#input\_ttl\_ns) | Default TTL for ns records | `number` | `"172800"` | no |
@@ -75,6 +76,7 @@ module "example-com" {
    source = "locus313/aws-route53/module"
    version = "1.0.3"
    
+   enabled                                                     = true
    primary_domain                                              = "example.com"
    
    records_wr = {
diff --git a/cert.tf b/cert.tf
@@ -1,13 +1,15 @@
 resource "aws_acm_certificate" "records_wr" {
-  provider = aws.acm
-  for_each   = var.records_wr
+  for_each          = var.records_wr
+
+  provider          = aws.acm
   domain_name       = each.key
   validation_method = "DNS"
 }
 
 resource "aws_acm_certificate_validation" "records_wr" {
-  provider = aws.acm
-  for_each   = var.records_wr
+  for_each                = var.records_wr
+
+  provider                = aws.acm
   certificate_arn         = aws_acm_certificate.records_wr[each.key].arn
-  validation_record_fqdns = [for record in aws_route53_record.records_wr_validation: record.fqdn]
+  validation_record_fqdns = [for record in aws_route53_record.records_wr_validation : record.fqdn]
 }
diff --git a/cloudfront.tf b/cloudfront.tf
@@ -1,7 +1,7 @@
 #tfsec:ignore:AWS045 tfsec:ignore:AWS071
 resource "aws_cloudfront_distribution" "records_wr" {
-  depends_on = [aws_acm_certificate.records_wr]
-  for_each   = var.records_wr
+  for_each     = var.records_wr
+  
   http_version = "http2"
 
   origin {
@@ -17,13 +17,13 @@ resource "aws_cloudfront_distribution" "records_wr" {
       # doesn't support HTTPS connections for website endpoints."
       origin_protocol_policy = "http-only"
 
-      http_port = "80"
+      http_port  = "80"
       https_port = "443"
 
       # TODO: given the origin_protocol_policy set to `http-only`,
       # not sure what this does...
       # "If the origin is an Amazon S3 bucket, CloudFront always uses TLSv1.2."
-      origin_ssl_protocols   = ["TLSv1.2"]
+      origin_ssl_protocols = ["TLSv1.2"]
     }
 
     # s3_origin_config is not compatible with S3 website hosting, if this
@@ -75,10 +75,12 @@ resource "aws_cloudfront_distribution" "records_wr" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = aws_acm_certificate_validation.records_wr[each.key].certificate_arn
-    ssl_support_method       = "sni-only"
+    acm_certificate_arn = aws_acm_certificate_validation.records_wr[each.key].certificate_arn
+    ssl_support_method  = "sni-only"
     #tfsec:ignore:AWS021
     minimum_protocol_version = "TLSv1.2_2021"
   }
 
+  depends_on   = [aws_acm_certificate.records_wr]
+
 }
diff --git a/main.tf b/main.tf
@@ -1,53 +1,61 @@
 resource "aws_route53_zone" "this" {
-  name = var.primary_domain
+  name  = var.primary_domain
+  count = var.enabled ? 1 : 0
 }
 
 resource "aws_route53_record" "records_a" {
+  for_each = var.records_a
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "A"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_a
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "A"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_aaaa" {
+  for_each = var.records_aaaa
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "AAAA"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_aaaa
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "AAAA"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_caa" {
+  for_each = var.records_caa
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "CAA"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_caa
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "CAA"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_wr" {
-  depends_on = [aws_route53_zone.this]
-  for_each   = var.records_wr
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "A"
+  for_each = var.records_wr
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "A"
 
   alias {
     name                   = aws_cloudfront_distribution.records_wr[each.key].domain_name
     zone_id                = aws_cloudfront_distribution.records_wr[each.key].hosted_zone_id
     evaluate_target_health = false
   }
+
+  depends_on = [aws_route53_zone.this]
 }
 
 resource "aws_route53_record" "records_wr_validation" {
-  depends_on = [aws_route53_zone.this]
   for_each = {
     for dvo in flatten([
       for cert in aws_acm_certificate.records_wr : cert.domain_validation_options
@@ -57,50 +65,61 @@ resource "aws_route53_record" "records_wr_validation" {
       type   = dvo.resource_record_type
     }
   }
+
   allow_overwrite = true
   name            = each.value.name
   records         = [each.value.record]
   ttl             = var.ttl_acm
   type            = each.value.type
-  zone_id         = aws_route53_zone.this.zone_id
+  zone_id         = aws_route53_zone.this[0].zone_id
+
+  depends_on = [aws_route53_zone.this]
 }
 
 resource "aws_route53_record" "records_cname" {
+  for_each = var.records_cname
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "CNAME"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_cname
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "CNAME"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_mx" {
+  for_each = var.records_mx
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "MX"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_mx
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "MX"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_txt" {
+  for_each = var.records_txt
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "TXT"
+  ttl     = var.ttl
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_txt
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "TXT"
-  ttl        = var.ttl
-  records    = each.value
 }
 
 resource "aws_route53_record" "records_ns" {
+  for_each = var.records_ns
+
+  zone_id = aws_route53_zone.this[0].zone_id
+  name    = each.key
+  type    = "NS"
+  ttl     = var.ttl_ns
+  records = each.value
+
   depends_on = [aws_route53_zone.this]
-  for_each   = var.records_ns
-  zone_id    = aws_route53_zone.this.zone_id
-  name       = each.key
-  type       = "NS"
-  ttl        = var.ttl_ns
-  records    = each.value
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,9 +1,9 @@
 output "this_route53_zone_zone_id" {
   description = "Zone ID of Route53 zone"
-  value       = aws_route53_zone.this.zone_id
+  value       = aws_route53_zone.this[0].zone_id
 }
 
 output "this_route53_zone_name_servers" {
   description = "Name servers of Route53 zone"
-  value       = aws_route53_zone.this.name_servers
+  value       = aws_route53_zone.this[0].name_servers
 }
diff --git a/provider.tf b/provider.tf
@@ -1,4 +1,4 @@
 provider "aws" {
-  alias = "acm"
+  alias  = "acm"
   region = "us-east-1"
 }
diff --git a/s3.tf b/s3.tf
@@ -1,12 +1,14 @@
 #tfsec:ignore:AWS002 tfsec:ignore:AWS017 tfsec:ignore:AWS077 tfsec:ignore:AWS098
 resource "aws_s3_bucket" "records_wr" {
-  for_each   = var.records_wr
-  bucket     = each.key
+  for_each = var.records_wr
+
+  bucket   = each.key
 }
 
 resource "aws_s3_bucket_website_configuration" "records_wr" {
-  for_each   = var.records_wr
-  bucket = aws_s3_bucket.records_wr[each.key].id
+  for_each = var.records_wr
+  
+  bucket   = aws_s3_bucket.records_wr[each.key].id
 
   redirect_all_requests_to {
     host_name = each.value
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`	`1`	`output "this_route53_zone_zone_id" {`
`2`	`2`	`description = "Zone ID of Route53 zone"`
`3`		`- value = aws_route53_zone.this.zone_id`
	`3`	`+ value = aws_route53_zone.this[0].zone_id`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "this_route53_zone_name_servers" {`
`7`	`7`	`description = "Name servers of Route53 zone"`
`8`		`- value = aws_route53_zone.this.name_servers`
	`8`	`+ value = aws_route53_zone.this[0].name_servers`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`provider "aws" {`
`2`		`- alias = "acm"`
	`2`	`+ alias = "acm"`
`3`	`3`	`region = "us-east-1"`
`4`	`4`	`}`