Remove hard code region

mpon · mpon · commit 953151610288 · 2020-07-31T11:24:49.000+09:00
diff --git a/terraform/prod/access_logs_bucket.tf b/terraform/prod/access_logs_bucket.tf
@@ -3,7 +3,7 @@ resource "random_pet" "access_logs" {
 }
 
 resource "aws_s3_bucket" "access_logs" {
-  bucket        = "access-logs-${random_pet.access_logs.id}"
+  bucket        = "${local.env}-access-logs-${random_pet.access_logs.id}"
   acl           = "private"
   force_destroy = true # to make it easier to destroy at this repository example
 }
@@ -13,15 +13,18 @@ resource "aws_s3_bucket_policy" "access_logs" {
   policy = data.aws_iam_policy_document.access_logs.json
 }
 
+data "aws_elb_service_account" "main" {}
+
 data "aws_iam_policy_document" "access_logs" {
-  # Allow from Elastic Load Balancing account in ap-northeast-1
+  # Allow from Elastic Load Balancing account
+  # ref: https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/application/load-balancer-access-logs.html
   statement {
     actions   = ["s3:PutObject"]
     resources = ["${aws_s3_bucket.access_logs.arn}/*"]
 
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::582318560864:root"]
+      identifiers = [data.aws_elb_service_account.main.arn]
     }
   }
-}
+}
diff --git a/terraform/prod/codepipeline.tf b/terraform/prod/codepipeline.tf
@@ -38,7 +38,7 @@ resource "aws_codepipeline" "codepipeline" {
       configuration = {
         Owner                = dirname(data.github_repository.repo.full_name)
         Repo                 = data.github_repository.repo.name
-        Branch               = "master"
+        Branch               = var.target_branch
         PollForSourceChanges = false
       }
     }
diff --git a/terraform/prod/ecs_scheduled_task_export.tf b/terraform/prod/ecs_scheduled_task_export.tf
@@ -16,6 +16,7 @@ resource "aws_ecs_task_definition" "export" {
     image               = data.terraform_remote_state.common.outputs.ecr_rails_blog_example_repository_url
     awslogs_group       = aws_cloudwatch_log_group.export.name
     awslogs_region      = data.aws_region.current.name
+    aws_region          = data.aws_region.current.name
     database_url_arn    = aws_ssm_parameter.database_url.arn
     secret_key_base_arn = aws_ssm_parameter.secret_key_base.arn
   })
diff --git a/terraform/prod/ecs_service_api.tf b/terraform/prod/ecs_service_api.tf
@@ -23,6 +23,7 @@ resource "aws_s3_bucket_object" "api_task_definition" {
     execution_role_arn        = module.ecs_task_execution_iam.service_role_arn
     awslogs_group             = aws_cloudwatch_log_group.api.name
     awslogs_region            = data.aws_region.current.name
+    aws_region                = data.aws_region.current.name
     memory                    = 512
     task_role_arn             = module.ecs_task_execution_iam.service_role_arn
     family                    = aws_ecs_task_definition.api.family
diff --git a/terraform/prod/ecs_service_web.tf b/terraform/prod/ecs_service_web.tf
@@ -23,6 +23,7 @@ resource "aws_s3_bucket_object" "web_task_definition" {
     execution_role_arn        = module.ecs_task_execution_iam.service_role_arn
     awslogs_group             = aws_cloudwatch_log_group.web.name
     awslogs_region            = data.aws_region.current.name
+    aws_region                = data.aws_region.current.name
     memory                    = 512
     task_role_arn             = module.ecs_task_execution_iam.service_role_arn
     family                    = aws_ecs_task_definition.web.family
diff --git a/terraform/prod/templates/api/taskdef.json b/terraform/prod/templates/api/taskdef.json
@@ -18,7 +18,7 @@
         "environment": [
           {
             "name": "AWS_REGION",
-            "value": "ap-northeast-1"
+            "value": "${aws_region}"
           },
           {
             "name": "RAILS_LOG_TO_STDOUT",
diff --git a/terraform/prod/templates/export/container_definitions.json b/terraform/prod/templates/export/container_definitions.json
@@ -11,7 +11,7 @@
     "environment": [
       {
         "name": "AWS_REGION",
-        "value": "ap-northeast-1"
+        "value": "${aws_region}"
       },
       {
         "name": "RAILS_LOG_TO_STDOUT",
diff --git a/terraform/prod/templates/web/taskdef.json b/terraform/prod/templates/web/taskdef.json
@@ -20,7 +20,7 @@
       "environment": [
         {
           "name": "AWS_REGION",
-          "value": "ap-northeast-1"
+          "value": "${aws_region}"
         },
         {
           "name": "RAILS_LOG_TO_STDOUT",
diff --git a/terraform/stg/access_logs_bucket.tf b/terraform/stg/access_logs_bucket.tf
@@ -13,15 +13,18 @@ resource "aws_s3_bucket_policy" "access_logs" {
   policy = data.aws_iam_policy_document.access_logs.json
 }
 
+data "aws_elb_service_account" "main" {}
+
 data "aws_iam_policy_document" "access_logs" {
-  # Allow from Elastic Load Balancing account in ap-northeast-1
+  # Allow from Elastic Load Balancing account
+  # ref: https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/application/load-balancer-access-logs.html
   statement {
     actions   = ["s3:PutObject"]
     resources = ["${aws_s3_bucket.access_logs.arn}/*"]
 
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:iam::582318560864:root"]
+      identifiers = [data.aws_elb_service_account.main.arn]
     }
   }
-}
+}
diff --git a/terraform/stg/ecs_scheduled_task_export.tf b/terraform/stg/ecs_scheduled_task_export.tf
@@ -16,6 +16,7 @@ resource "aws_ecs_task_definition" "export" {
     image               = data.terraform_remote_state.common.outputs.ecr_rails_blog_example_repository_url
     awslogs_group       = aws_cloudwatch_log_group.export.name
     awslogs_region      = data.aws_region.current.name
+    aws_region          = data.aws_region.current.name
     database_url_arn    = aws_ssm_parameter.database_url.arn
     secret_key_base_arn = aws_ssm_parameter.secret_key_base.arn
   })
diff --git a/terraform/stg/ecs_service_api.tf b/terraform/stg/ecs_service_api.tf
@@ -23,6 +23,7 @@ resource "aws_s3_bucket_object" "api_task_definition" {
     execution_role_arn        = module.ecs_task_execution_iam.service_role_arn
     awslogs_group             = aws_cloudwatch_log_group.api.name
     awslogs_region            = data.aws_region.current.name
+    aws_region                = data.aws_region.current.name
     memory                    = 512
     task_role_arn             = module.ecs_task_execution_iam.service_role_arn
     family                    = aws_ecs_task_definition.api.family
diff --git a/terraform/stg/ecs_service_web.tf b/terraform/stg/ecs_service_web.tf
@@ -23,6 +23,7 @@ resource "aws_s3_bucket_object" "web_task_definition" {
     execution_role_arn        = module.ecs_task_execution_iam.service_role_arn
     awslogs_group             = aws_cloudwatch_log_group.web.name
     awslogs_region            = data.aws_region.current.name
+    aws_region                = data.aws_region.current.name
     memory                    = 512
     task_role_arn             = module.ecs_task_execution_iam.service_role_arn
     family                    = aws_ecs_task_definition.web.family
diff --git a/terraform/stg/templates/api/taskdef.json b/terraform/stg/templates/api/taskdef.json
@@ -18,7 +18,7 @@
         "environment": [
           {
             "name": "AWS_REGION",
-            "value": "ap-northeast-1"
+            "value": "${aws_region}"
           },
           {
             "name": "RAILS_LOG_TO_STDOUT",
diff --git a/terraform/stg/templates/export/container_definitions.json b/terraform/stg/templates/export/container_definitions.json
@@ -11,7 +11,7 @@
     "environment": [
       {
         "name": "AWS_REGION",
-        "value": "ap-northeast-1"
+        "value": "${aws_region}"
       },
       {
         "name": "RAILS_LOG_TO_STDOUT",
diff --git a/terraform/stg/templates/web/taskdef.json b/terraform/stg/templates/web/taskdef.json
@@ -20,7 +20,7 @@
       "environment": [
         {
           "name": "AWS_REGION",
-          "value": "ap-northeast-1"
+          "value": "${aws_region}"
         },
         {
           "name": "RAILS_LOG_TO_STDOUT",

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ resource "random_pet" "access_logs" {`
`3`	`3`	`}`
`4`	`4`
`5`	`5`	`resource "aws_s3_bucket" "access_logs" {`
`6`		`- bucket = "access-logs-${random_pet.access_logs.id}"`
	`6`	`+ bucket = "${local.env}-access-logs-${random_pet.access_logs.id}"`
`7`	`7`	`acl = "private"`
`8`	`8`	`force_destroy = true # to make it easier to destroy at this repository example`
`9`	`9`	`}`
`@@ -13,15 +13,18 @@ resource "aws_s3_bucket_policy" "access_logs" {`
`13`	`13`	`policy = data.aws_iam_policy_document.access_logs.json`
`14`	`14`	`}`
`15`	`15`
	`16`	`+data "aws_elb_service_account" "main" {}`
	`17`	`+`
`16`	`18`	`data "aws_iam_policy_document" "access_logs" {`
`17`		`- # Allow from Elastic Load Balancing account in ap-northeast-1`
	`19`	`+ # Allow from Elastic Load Balancing account`
	`20`	`+ # ref: https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/application/load-balancer-access-logs.html`
`18`	`21`	`statement {`
`19`	`22`	`actions = ["s3:PutObject"]`
`20`	`23`	`resources = ["${aws_s3_bucket.access_logs.arn}/*"]`
`21`	`24`
`22`	`25`	`principals {`
`23`	`26`	`type = "AWS"`
`24`		`- identifiers = ["arn:aws:iam::582318560864:root"]`
	`27`	`+ identifiers = [data.aws_elb_service_account.main.arn]`
`25`	`28`	`}`
`26`	`29`	`}`
`27`		`-}`
	`30`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ resource "aws_codepipeline" "codepipeline" {`
`38`	`38`	`configuration = {`
`39`	`39`	`Owner = dirname(data.github_repository.repo.full_name)`
`40`	`40`	`Repo = data.github_repository.repo.name`
`41`		`- Branch = "master"`
	`41`	`+ Branch = var.target_branch`
`42`	`42`	`PollForSourceChanges = false`
`43`	`43`	`}`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`"environment": [`
`19`	`19`	`{`
`20`	`20`	`"name": "AWS_REGION",`
`21`		`- "value": "ap-northeast-1"`
	`21`	`+ "value": "${aws_region}"`
`22`	`22`	`},`
`23`	`23`	`{`
`24`	`24`	`"name": "RAILS_LOG_TO_STDOUT",`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`"environment": [`
`12`	`12`	`{`
`13`	`13`	`"name": "AWS_REGION",`
`14`		`- "value": "ap-northeast-1"`
	`14`	`+ "value": "${aws_region}"`
`15`	`15`	`},`
`16`	`16`	`{`
`17`	`17`	`"name": "RAILS_LOG_TO_STDOUT",`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`"environment": [`
`21`	`21`	`{`
`22`	`22`	`"name": "AWS_REGION",`
`23`		`- "value": "ap-northeast-1"`
	`23`	`+ "value": "${aws_region}"`
`24`	`24`	`},`
`25`	`25`	`{`
`26`	`26`	`"name": "RAILS_LOG_TO_STDOUT",`