notid/integreat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Making terraform have no warnings

Browse Source
This commit is contained in:
Bryce Covert
2021-12-24 08:10:20 -08:00
parent 4da3789569
commit dfc88602a0
5 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
terraform/.terraform.lock.hcl generated Normal file → Executable file
View File

@@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/aws" {
version = "3.70.0"
hashes = [
"h1:E5IKHXzPGGSizZM5rHKzNCzpwQ7lWPXmmJnms82uzDk=",
"h1:jn4ImGMZJ9rQdaVSbcCBqUqnhRSpyaM1DivqaNuP+eg=",
"zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321",
"zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe",
"zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa",

27
terraform/deploy.tf
View File

@@ -18,8 +18,8 @@ resource "aws_ecs_task_definition" "integreat_app" {
cpu = 2048
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = "${var.execution_role_arn}"
task_role_arn = "${var.task_role_arn}"
execution_role_arn = var.execution_role_arn
task_role_arn = var.task_role_arn
}
@@ -31,13 +31,13 @@ resource "aws_ecs_task_definition" "integreat_background_worker" {
cpu = 1024
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = "${var.execution_role_arn}"
task_role_arn = "${var.task_role_arn}"
execution_role_arn = var.execution_role_arn
task_role_arn = var.task_role_arn
}
resource "aws_ecs_service" "integreat_app" {
name = "integreat_app_${var.stage}"
cluster = "${var.ecs_cluster}"
cluster = var.ecs_cluster
task_definition = aws_ecs_task_definition.integreat_app.arn
desired_count = 4
health_check_grace_period_seconds = 600
@@ -66,11 +66,14 @@ resource "aws_ecs_service" "integreat_app" {
}
timeouts {}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_ecs_service" "integreat_background_worker" {
name = "integreat_background_worker_${var.stage}"
cluster = "${var.ecs_cluster}"
cluster = var.ecs_cluster
task_definition = aws_ecs_task_definition.integreat_background_worker.arn
desired_count = 1
deployment_controller {
@@ -93,13 +96,17 @@ resource "aws_ecs_service" "integreat_background_worker" {
}
timeouts {}
lifecycle {
ignore_changes = [task_definition]
}
}
resource "aws_lb" "integreat_app" {
name = "integreat-app-${var.stage}"
internal = false
load_balancer_type = "application"
security_groups = ["${var.http_listener_sg}"]
security_groups = [var.http_listener_sg]
subnets = var.lb_subnets
ip_address_type = "ipv4"
enable_deletion_protection = true
@@ -205,7 +212,7 @@ resource "aws_lb_listener_rule" "static" {
}
resource "aws_s3_bucket" "static" {
bucket = "${var.domain}"
bucket = var.domain
request_payer = "BucketOwner"
tags = {}
cors_rule {
@@ -219,7 +226,7 @@ resource "aws_s3_bucket" "static" {
"GET",
]
allowed_origins = [
"${var.base_url}",
var.base_url,
]
expose_headers = []
max_age_seconds = 0
@@ -254,7 +261,7 @@ POLICY
}
resource "aws_acm_certificate" "cert" {
domain_name = "${var.domain}"
domain_name = var.domain
validation_method = "DNS"
}

24
terraform/main.tf
View File

@@ -1,6 +1,6 @@
provider "aws" {
access_key = "${var.aws_access_key_id}"
secret_key = "${var.aws_secret_access_key}"
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
region = "us-east-1"
}
@@ -18,15 +18,15 @@ resource "aws_ses_receipt_rule_set" "main" {
}
resource "aws_ses_receipt_rule" "store" {
depends_on = ["aws_ses_receipt_rule_set.main"]
depends_on = [aws_ses_receipt_rule_set.main]
name = "store-${var.stage}"
rule_set_name = "default-rule-set"
recipients = ["${var.invoice_address}"]
recipients = [var.invoice_address]
enabled = true
scan_enabled = true
s3_action {
bucket_name = "${aws_s3_bucket.invoices.id}"
bucket_name = aws_s3_bucket.invoices.id
position = "1"
}
}
@@ -133,10 +133,10 @@ POLICY
}
resource "aws_s3_bucket_notification" "mail_bucket_notification" {
bucket = "${aws_s3_bucket.invoices.id}"
bucket = aws_s3_bucket.invoices.id
queue {
queue_arn = "${aws_sqs_queue.integreat-mail.arn}"
queue_arn = aws_sqs_queue.integreat-mail.arn
events = ["s3:ObjectCreated:*"]
filter_suffix = ""
}
@@ -147,21 +147,21 @@ resource "aws_iam_user" "app_user" {
}
resource "aws_iam_access_key" "app_user" {
user = "${aws_iam_user.app_user.name}"
user = aws_iam_user.app_user.name
}
resource "aws_iam_user_policy_attachment" "app_user_policy" {
user = "${aws_iam_user.app_user.name}"
user = aws_iam_user.app_user.name
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
output "aws_access_key_id" {
value = "${aws_iam_access_key.app_user.id}"
value = aws_iam_access_key.app_user.id
sensitive = true
}
output "aws_secret_access_key" {
value = "${aws_iam_access_key.app_user.secret}"
value = aws_iam_access_key.app_user.secret
sensitive = true
}
@@ -170,5 +170,5 @@ output "aws_default_region" {
}
output "queue_url" {
value = "${aws_sqs_queue.integreat-mail.id}"
value = aws_sqs_queue.integreat-mail.id
}

2
terraform/prod.tfvars
View File

@@ -7,5 +7,5 @@ stage="prod"
task_role_arn="arn:aws:iam::679918342773:role/datomic-ddb"
execution_role_arn="arn:aws:iam::679918342773:role/ecsTaskExecutionRole"
ecs_cluster="arn:aws:ecs:us-east-1:679918342773:cluster/default"
service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"
# service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"
local_namespace="ns-gv2z744em7myo2jp"

2
terraform/staging.tfvars
View File

@@ -7,5 +7,5 @@ stage="staging"
task_role_arn="arn:aws:iam::679918342773:role/datomic-ddb"
execution_role_arn="arn:aws:iam::679918342773:role/ecsTaskExecutionRole"
ecs_cluster="arn:aws:ecs:us-east-1:679918342773:cluster/default"
service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"
# service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"
local_namespace="ns-gv2z744em7myo2jp"