BREAKING_CHANGES: V11

[esacteksab]

Closes:

• swap name and environment? #124
• attach more security groups to load balancer #125

Additions:

• Adds Name tags to Security Group Rules. These match the description.
• Adds support for Connection Logging on the ALB, disabled by default.
• In addition to passing in a bucket name with logs_s3_bucket, the bool enable_access_logs and enable_connection_logs (both default to false) need to be set to true to enable logging of either type.
• Supports adding the ALB to additional security groups.
• Changed the default alb_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06.
• Added enable_waf_fail_open with a default value of false.
• Added preserve_host_header variable with a default value of false.
• Added drop_invalid_host_headers variable with default value of true.

BREAKING CHANGES:

• This replaces aws_security_group_rule resources for both ingress and egress rules with aws_vpc_security_group_ingress_rule and aws_vpc_security_group_egress_rule.
• This pins AWS Provider to ~> 5.0.
• Renames resources previously ${var.name}-${var.environment} to ${var.environment}-${var.name}.
• The previous log prefix of alb/${var.name}-${var.environment} for access logs is now alb/${var.environment}-${var.name}. This prefix is shared by both` access and connection logs.
• Renamed variable alb_certificate_arns to alb_listener_certificate_arns.
• Changed name of Target Group from ecs-${var.name}-${var.environment}-HTTPS to ${var.environment}-${var.name}-ecs-HTTPS.

General Housekeeping

• Added GitHub Actions (may need work, experiencing a strange bug with terraform-docs)
• Trivy and TF Lint support has been added, but not to .pre-commit-config.yaml because it is not possible to ignore the examples directory. So a target check has been added to the Makefile.
• Markdown Lint Pre-Commit was Replaced with Markdownlint-cli2
• Added Schema validation with check-jsonschema pre-commit for .pre-commit-config.yaml, .markdownlint.yml and renovate along with github-workflows (which is their name for Actions).
• I've fought quite a bit with our CI/CD tooling. I think I finally got it. This uses a pre-commit-hook of terraform-docs-system which has an expectation that terraform-docs is installed locally. This also uses the official GitHub Action but there is a bug. So across the org, I've tried to find the right configuration adopting the official action along with pre-commit-hook and making it work eveywhere. I believe this combination works. terraform-docs will still continue to work locally, but in GitHub Actions, we pass an Env Var of SKIP=terraform-system-go to not call terraform-docs a second time via pre-commit.