terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 10 additions & 16 deletions b/‎README.md‎
Lines changed: 10 additions & 16 deletions
diff --git a/‎main.tf‎
Lines changed: 68 additions & 56 deletions b/‎main.tf‎
Lines changed: 68 additions & 56 deletions
@@ -46,6 +46,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_apprunner_auto_scaling_configuration_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apprunner_auto_scaling_configuration_version) | resource |
+| [aws_apprunner_connection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apprunner_connection) | resource |
 | [aws_apprunner_custom_domain_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apprunner_custom_domain_association) | resource |
 | [aws_apprunner_observability_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apprunner_observability_configuration) | resource |
 | [aws_apprunner_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apprunner_service) | resource |
@@ -74,16 +75,13 @@ No modules.
 | <a name="input_access_iam_role_permissions_boundary"></a> [access\_iam\_role\_permissions\_boundary](#input\_access\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
 | <a name="input_access_iam_role_policies"></a> [access\_iam\_role\_policies](#input\_access\_iam\_role\_policies) | IAM policies to attach to the IAM role | `map(string)` | `{}` | no |
 | <a name="input_access_iam_role_use_name_prefix"></a> [access\_iam\_role\_use\_name\_prefix](#input\_access\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | `bool` | `true` | no |
-| <a name="input_autoscaling_max_concurrency"></a> [autoscaling\_max\_concurrency](#input\_autoscaling\_max\_concurrency) | The maximal number of concurrent requests that you want an instance to process. When the number of concurrent requests goes over this limit, App Runner scales up your service | `number` | `null` | no |
-| <a name="input_autoscaling_max_size"></a> [autoscaling\_max\_size](#input\_autoscaling\_max\_size) | The maximal number of instances that App Runner provisions for your service | `number` | `1` | no |
-| <a name="input_autoscaling_min_size"></a> [autoscaling\_min\_size](#input\_autoscaling\_min\_size) | The minimal number of instances that App Runner provisions for your service | `number` | `1` | no |
-| <a name="input_autoscaling_name"></a> [autoscaling\_name](#input\_autoscaling\_name) | The name of the auto scaling configuration | `string` | `null` | no |
+| <a name="input_auto_scaling_configuration_arn"></a> [auto\_scaling\_configuration\_arn](#input\_auto\_scaling\_configuration\_arn) | ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration | `string` | `null` | no |
+| <a name="input_auto_scaling_configurations"></a> [auto\_scaling\_configurations](#input\_auto\_scaling\_configurations) | Map of auto-scaling configuration definitions to create | `any` | `{}` | no |
+| <a name="input_connections"></a> [connections](#input\_connections) | Map of connection definitions to create | `any` | `{}` | no |
 | <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
 | <a name="input_create_access_iam_role"></a> [create\_access\_iam\_role](#input\_create\_access\_iam\_role) | Determines whether an IAM role is created or to use an existing IAM role | `bool` | `false` | no |
-| <a name="input_create_autoscaling_configuration"></a> [create\_autoscaling\_configuration](#input\_create\_autoscaling\_configuration) | Determines whether an Auto Scaling Configuration will be created | `bool` | `true` | no |
 | <a name="input_create_custom_domain_association"></a> [create\_custom\_domain\_association](#input\_create\_custom\_domain\_association) | Determines whether a Custom Domain Association will be created | `bool` | `false` | no |
 | <a name="input_create_instance_iam_role"></a> [create\_instance\_iam\_role](#input\_create\_instance\_iam\_role) | Determines whether an IAM role is created or to use an existing IAM role | `bool` | `true` | no |
-| <a name="input_create_observability_configuration"></a> [create\_observability\_configuration](#input\_create\_observability\_configuration) | Determines whether an Observability Configuration will be created | `bool` | `false` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created for the VPC connector | `bool` | `true` | no |
 | <a name="input_create_service"></a> [create\_service](#input\_create\_service) | Determines whether the service will be created | `bool` | `true` | no |
 | <a name="input_create_vpc_connector"></a> [create\_vpc\_connector](#input\_create\_vpc\_connector) | Determines whether a VPC Connector will be created | `bool` | `false` | no |
@@ -100,8 +98,7 @@ No modules.
 | <a name="input_instance_iam_role_use_name_prefix"></a> [instance\_iam\_role\_use\_name\_prefix](#input\_instance\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_network_configuration"></a> [network\_configuration](#input\_network\_configuration) | The network configuration for the service | `any` | `{}` | no |
 | <a name="input_observability_configuration"></a> [observability\_configuration](#input\_observability\_configuration) | The observability configuration for the service | `any` | `{}` | no |
-| <a name="input_observability_configuration_name"></a> [observability\_configuration\_name](#input\_observability\_configuration\_name) | The name of the Observability Configuration | `string` | `""` | no |
-| <a name="input_observability_trace_configuration"></a> [observability\_trace\_configuration](#input\_observability\_trace\_configuration) | The Observability Configuration trace coniguration | `any` | `{}` | no |
+| <a name="input_observability_configurations"></a> [observability\_configurations](#input\_observability\_configurations) | Map of observability configuration definitions to create | `any` | `{}` | no |
 | <a name="input_private_ecr_arn"></a> [private\_ecr\_arn](#input\_private\_ecr\_arn) | The ARN of the private ECR repository that contains the service image to launch | `string` | `null` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | Description for the security group created | `string` | `null` | no |
 | <a name="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules) | List of security group rules to add to the security group created | `any` | `{}` | no |
@@ -121,20 +118,17 @@ No modules.
 | <a name="output_access_iam_role_arn"></a> [access\_iam\_role\_arn](#output\_access\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
 | <a name="output_access_iam_role_name"></a> [access\_iam\_role\_name](#output\_access\_iam\_role\_name) | The name of the IAM role |
 | <a name="output_access_iam_role_unique_id"></a> [access\_iam\_role\_unique\_id](#output\_access\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
-| <a name="output_autoscaling_configuration_arn"></a> [autoscaling\_configuration\_arn](#output\_autoscaling\_configuration\_arn) | ARN of this auto scaling configuration version |
-| <a name="output_autoscaling_configuration_latest"></a> [autoscaling\_configuration\_latest](#output\_autoscaling\_configuration\_latest) | Whether the auto scaling configuration has the highest `auto_scaling_configuration_revision` among all configurations that share the same `auto_scaling_configuration_name` |
-| <a name="output_autoscaling_configuration_revision"></a> [autoscaling\_configuration\_revision](#output\_autoscaling\_configuration\_revision) | The revision of this auto scaling configuration |
-| <a name="output_autoscaling_configuration_status"></a> [autoscaling\_configuration\_status](#output\_autoscaling\_configuration\_status) | The current state of the auto scaling configuration. An INACTIVE configuration revision has been deleted and can't be used. It is permanently removed some time after deletion |
+| <a name="output_auto_scaling_configurations"></a> [auto\_scaling\_configurations](#output\_auto\_scaling\_configurations) | Map of attribute maps for all autosclaing configurations created |
+| <a name="output_connections"></a> [connections](#output\_connections) | Map of attribute maps for all connections created |
 | <a name="output_custom_domain_association_certificate_validation_records"></a> [custom\_domain\_association\_certificate\_validation\_records](#output\_custom\_domain\_association\_certificate\_validation\_records) | A set of certificate CNAME records used for this domain name |
 | <a name="output_custom_domain_association_dns_target"></a> [custom\_domain\_association\_dns\_target](#output\_custom\_domain\_association\_dns\_target) | The App Runner subdomain of the App Runner service. The custom domain name is mapped to this target name. Attribute only available if resource created (not imported) with Terraform |
 | <a name="output_custom_domain_association_id"></a> [custom\_domain\_association\_id](#output\_custom\_domain\_association\_id) | The `domain_name` and `service_arn` separated by a comma (`,`) |
 | <a name="output_instance_iam_role_arn"></a> [instance\_iam\_role\_arn](#output\_instance\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
 | <a name="output_instance_iam_role_name"></a> [instance\_iam\_role\_name](#output\_instance\_iam\_role\_name) | The name of the IAM role |
 | <a name="output_instance_iam_role_unique_id"></a> [instance\_iam\_role\_unique\_id](#output\_instance\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
-| <a name="output_observability_configuration_arn"></a> [observability\_configuration\_arn](#output\_observability\_configuration\_arn) | ARN of this observability configuration |
-| <a name="output_observability_configuration_latest"></a> [observability\_configuration\_latest](#output\_observability\_configuration\_latest) | Whether the observability configuration has the highest `observability_configuration_revision` among all configurations that share the same `observability_configuration_name` |
-| <a name="output_observability_configuration_revision"></a> [observability\_configuration\_revision](#output\_observability\_configuration\_revision) | The revision of the observability configuration |
-| <a name="output_observability_configuration_status"></a> [observability\_configuration\_status](#output\_observability\_configuration\_status) | The current state of the observability configuration. An `INACTIVE` configuration revision has been deleted and can't be used. It is permanently removed some time after deletion |
+| <a name="output_observability_configurations"></a> [observability\_configurations](#output\_observability\_configurations) | Map of attribute maps for all observability configurations created |
+| <a name="output_security_group_arn"></a> [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the VPC connector security group |
+| <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | ID of the VPC connector security group |
 | <a name="output_service_arn"></a> [service\_arn](#output\_service\_arn) | The Amazon Resource Name (ARN) of the service |
 | <a name="output_service_id"></a> [service\_id](#output\_service\_id) | An alphanumeric ID that App Runner generated for this service. Unique within the AWS Region |
 | <a name="output_service_status"></a> [service\_status](#output\_service\_status) | The current state of the App Runner service |
 
@@ -7,7 +7,7 @@ data "aws_partition" "current" {}
 resource "aws_apprunner_service" "this" {
   count = var.create && var.create_service ? 1 : 0
 
-  auto_scaling_configuration_arn = try(aws_apprunner_auto_scaling_configuration_version.this[0].arn, null)
+  auto_scaling_configuration_arn = var.auto_scaling_configuration_arn
 
   dynamic "encryption_configuration" {
     for_each = length(var.encryption_configuration) > 0 ? [var.encryption_configuration] : []
@@ -49,7 +49,7 @@ resource "aws_apprunner_service" "this" {
 
         content {
           egress_type       = try(egress_configuration.value.egress_type, null)
-          vpc_connector_arn = var.create_vpc_connector ? aws_apprunner_vpc_connector.this[0].arn : try(egress_configuration.value.vpc_connector_arn, null)
+          vpc_connector_arn = try(egress_configuration.value.vpc_connector_arn, null)
         }
       }
     }
@@ -59,8 +59,8 @@ resource "aws_apprunner_service" "this" {
     for_each = length(var.observability_configuration) > 0 ? [var.observability_configuration] : []
 
     content {
-      observability_configuration_arn = var.create_observability_configuration ? aws_apprunner_observability_configuration.this[0].arn : try(observability_configuration.value.observability_configuration_arn, null)
-      observability_enabled           = try(observability_configuration.value.observability_enabled, null)
+      observability_configuration_arn = observability_configuration.value.observability_configuration_arn
+      observability_enabled           = try(observability_configuration.value.observability_enabled, true)
     }
   }
 
@@ -277,7 +277,7 @@ resource "aws_iam_role" "instance" {
 }
 
 resource "aws_iam_role_policy_attachment" "instance_xray" {
-  count = local.create_instance_iam_role && try(var.observability_trace_configuration.vendor, null) == "AWSXRAY" ? 1 : 0
+  count = local.create_instance_iam_role && try(var.observability_configuration.value.observability_enabled, false) ? 1 : 0
 
   policy_arn = "arn:${data.aws_partition.current.id}:iam::aws:policy/AWSXRayDaemonWriteAccess"
   role       = aws_iam_role.instance[0].name
@@ -290,6 +290,50 @@ resource "aws_iam_role_policy_attachment" "instance" {
   role       = aws_iam_role.instance[0].name
 }
 
+################################################################################
+# Custom Domain Association
+################################################################################
+
+locals {
+  create_custom_domain_association = var.create && var.create_custom_domain_association
+}
+
+resource "aws_apprunner_custom_domain_association" "this" {
+  count = local.create_custom_domain_association ? 1 : 0
+
+  domain_name          = var.domain_name
+  enable_www_subdomain = var.enable_www_subdomain
+  service_arn          = aws_apprunner_service.this[0].arn
+}
+
+# resource "aws_route53_record" "validation" {
+#   for_each = {
+#     for dvo in aws_apprunner_custom_domain_association.this[0].certificate_validation_records : dvo.name => {
+#       name   = dvo.name
+#       record = dvo.value
+#       type   = dvo.type
+#     } if local.create_custom_domain_association
+#   }
+
+#   allow_overwrite = true
+#   name            = each.value.name
+#   records         = [each.value.record]
+#   ttl             = 60
+#   type            = each.value.type
+#   zone_id         = var.hosted_zone_id
+# }
+
+# resource "aws_route53_record" "cname" {
+#   count = local.create_custom_domain_association ? 1 : 0
+
+#   allow_overwrite = true
+#   name            = var.domain_name
+#   records         = [aws_apprunner_custom_domain_association.this[0].dns_target]
+#   ttl             = 3600
+#   type            = "CNAME"
+#   zone_id         = var.hosted_zone_id
+# }
+
 ################################################################################
 # VPC Connector
 ################################################################################
@@ -352,81 +396,49 @@ resource "aws_security_group_rule" "this" {
 }
 
 ################################################################################
-# Autoscaling
+# Connection(s)
 ################################################################################
 
-resource "aws_apprunner_auto_scaling_configuration_version" "this" {
-  count = var.create && var.create_autoscaling_configuration ? 1 : 0
-
-  auto_scaling_configuration_name = try(coalesce(var.autoscaling_name, var.service_name), "")
+resource "aws_apprunner_connection" "this" {
+  for_each = { for k, v in var.connections : k => v if var.create }
 
-  max_concurrency = var.autoscaling_max_concurrency
-  max_size        = var.autoscaling_max_size
-  min_size        = var.autoscaling_min_size
+  connection_name = try(each.value.name, each.value.key)
+  provider_type   = try(each.value.provider_type, "GITHUB")
 
-  tags = var.tags
+  tags = merge(var.tags, try(each.value.tags, {}))
 }
 
 ################################################################################
-# Custom Domain Association
+# Auto-Scaling Configuration(s)
 ################################################################################
 
-locals {
-  create_custom_domain_association = var.create && var.create_custom_domain_association
-}
+resource "aws_apprunner_auto_scaling_configuration_version" "this" {
+  for_each = { for k, v in var.auto_scaling_configurations : k => v if var.create }
 
-resource "aws_apprunner_custom_domain_association" "this" {
-  count = local.create_custom_domain_association ? 1 : 0
+  auto_scaling_configuration_name = try(each.value.name, each.value.key)
+  max_concurrency                 = try(each.value.max_concurrency, null)
+  max_size                        = try(each.value.max_size, null)
+  min_size                        = try(each.value.min_size, null)
 
-  domain_name          = var.domain_name
-  enable_www_subdomain = var.enable_www_subdomain
-  service_arn          = aws_apprunner_service.this[0].arn
+  tags = merge(var.tags, try(each.value.tags, {}))
 }
 
-# resource "aws_route53_record" "validation" {
-#   for_each = {
-#     for dvo in aws_apprunner_custom_domain_association.this[0].certificate_validation_records : dvo.name => {
-#       name   = dvo.name
-#       record = dvo.value
-#       type   = dvo.type
-#     } if local.create_custom_domain_association
-#   }
-
-#   allow_overwrite = true
-#   name            = each.value.name
-#   records         = [each.value.record]
-#   ttl             = 60
-#   type            = each.value.type
-#   zone_id         = var.hosted_zone_id
-# }
-
-# resource "aws_route53_record" "cname" {
-#   count = local.create_custom_domain_association ? 1 : 0
-
-#   allow_overwrite = true
-#   name            = var.domain_name
-#   records         = [aws_apprunner_custom_domain_association.this[0].dns_target]
-#   ttl             = 3600
-#   type            = "CNAME"
-#   zone_id         = var.hosted_zone_id
-# }
-
 ################################################################################
-# Observability Configuration
+# Observability Configuration(s)
 ################################################################################
 
 resource "aws_apprunner_observability_configuration" "this" {
-  count = var.create && var.create_observability_configuration ? 1 : 0
+  for_each = { for k, v in var.observability_configurations : k => v if var.create }
 
-  observability_configuration_name = try(coalesce(var.observability_configuration_name, var.service_name), "")
+  observability_configuration_name = try(each.value.name, each.value.key)
 
   dynamic "trace_configuration" {
-    for_each = length(var.observability_trace_configuration) > 0 ? [var.observability_trace_configuration] : []
+    for_each = try([each.value.trace_configuration], [])
 
     content {
       vendor = try(trace_configuration.value.vendor, "AWSXRAY")
     }
   }
 
-  tags = var.tags
+  tags = merge(var.tags, try(each.value.tags, {}))
 }