Skip to content
This repository was archived by the owner on Jul 16, 2024. It is now read-only.

Commit a7f9a2f

Browse files
FalpangaeaFalpangaea
authored
Merge pull request #9 from asicsdigital/terraform12
Upgrade to Terraform 0.12.9
2 parents 5fea85b + 4bda7b7 commit a7f9a2f

File tree

7 files changed

+153
-124
lines changed

7 files changed

+153
-124
lines changed

.terraform-version

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
0.11.8
1+
0.12.9

alb.tf

Lines changed: 27 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,40 @@
11
# Create a new load balancer
22

33
locals {
4-
enable_custom_domain = "${var.dns_zone == "" ? false : true}"
4+
enable_custom_domain = var.dns_zone == "" ? false : true
55
custom_endpoint = "${coalesce(var.hostname, "vault")}.${var.dns_zone}"
6-
vault_url_protocol = "${local.enable_custom_domain ? "https" : "http"}"
7-
vault_url_hostname = "${local.enable_custom_domain ? local.custom_endpoint : aws_alb.vault.dns_name}"
6+
vault_url_protocol = local.enable_custom_domain ? "https" : "http"
7+
vault_url_hostname = local.enable_custom_domain ? local.custom_endpoint : aws_alb.vault.dns_name
88
vault_url = "${local.vault_url_protocol}://${local.vault_url_hostname}"
99
}
1010

1111
resource "aws_alb" "vault" {
1212
name_prefix = "vault-"
13-
security_groups = ["${aws_security_group.lb-vault-sg.id}"]
13+
security_groups = [aws_security_group.lb-vault-sg.id]
1414
internal = false
15-
subnets = ["${var.subnets}"]
15+
subnets = var.subnets
1616

17-
tags {
18-
Environment = "${var.env}"
19-
VPC = "${local.vpc_name}"
17+
tags = {
18+
Environment = var.env
19+
VPC = local.vpc_name
2020
}
2121

2222
access_logs {
23-
bucket = "${var.alb_log_bucket}"
23+
bucket = var.alb_log_bucket
2424
prefix = "logs/elb/${local.vpc_name}/vault"
2525
}
2626
}
2727

2828
# DNS Alias for the LB
2929
resource "aws_route53_record" "vault" {
30-
count = "${local.enable_custom_domain ? 1 : 0}"
31-
zone_id = "${data.aws_route53_zone.zone.zone_id}"
32-
name = "${coalesce(var.hostname, "vault")}.${data.aws_route53_zone.zone.name}"
30+
count = local.enable_custom_domain ? 1 : 0
31+
zone_id = data.aws_route53_zone.zone[0].zone_id
32+
name = "${coalesce(var.hostname, "vault")}.${data.aws_route53_zone.zone[0].name}"
3333
type = "A"
3434

3535
alias {
36-
name = "${aws_alb.vault.dns_name}"
37-
zone_id = "${aws_alb.vault.zone_id}"
36+
name = aws_alb.vault.dns_name
37+
zone_id = aws_alb.vault.zone_id
3838
evaluate_target_health = false
3939
}
4040
}
@@ -43,8 +43,8 @@ resource "aws_route53_record" "vault" {
4343
resource "aws_alb_target_group" "vault_ui" {
4444
port = 8200
4545
protocol = "HTTP"
46-
deregistration_delay = "${var.lb_deregistration_delay}"
47-
vpc_id = "${data.aws_vpc.vpc.id}"
46+
deregistration_delay = var.lb_deregistration_delay
47+
vpc_id = data.aws_vpc.vpc.id
4848

4949
health_check {
5050
path = "/v1/sys/health?standbyok=true"
@@ -56,35 +56,36 @@ resource "aws_alb_target_group" "vault_ui" {
5656
enabled = true
5757
}
5858

59-
tags {
60-
Environment = "${var.env}"
61-
VPC = "${local.vpc_name}"
59+
tags = {
60+
Environment = var.env
61+
VPC = local.vpc_name
6262
}
6363
}
6464

6565
# Create a new alb listener
6666
resource "aws_alb_listener" "vault_https" {
67-
count = "${local.enable_custom_domain ? 1 : 0}"
68-
load_balancer_arn = "${aws_alb.vault.arn}"
67+
count = local.enable_custom_domain ? 1 : 0
68+
load_balancer_arn = aws_alb.vault.arn
6969
port = "443"
7070
protocol = "HTTPS"
7171
ssl_policy = "ELBSecurityPolicy-2015-05"
72-
certificate_arn = "${data.aws_acm_certificate.cert.arn}" # edit needed
72+
certificate_arn = data.aws_acm_certificate.cert[0].arn # edit needed
7373

7474
default_action {
75-
target_group_arn = "${aws_alb_target_group.vault_ui.arn}"
75+
target_group_arn = aws_alb_target_group.vault_ui.arn
7676
type = "forward"
7777
}
7878
}
7979

8080
resource "aws_alb_listener" "vault_http" {
81-
count = "${local.enable_custom_domain ? 0 : 1}"
82-
load_balancer_arn = "${aws_alb.vault.arn}"
81+
count = local.enable_custom_domain ? 0 : 1
82+
load_balancer_arn = aws_alb.vault.arn
8383
port = "80"
8484
protocol = "HTTP"
8585

8686
default_action {
87-
target_group_arn = "${aws_alb_target_group.vault_ui.arn}"
87+
target_group_arn = aws_alb_target_group.vault_ui.arn
8888
type = "forward"
8989
}
9090
}
91+

iam.tf

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,14 @@ data "aws_iam_policy_document" "assume_role_vault_task" {
1010
}
1111

1212
resource "aws_iam_role" "vault_task" {
13-
path = "${var.iam_path}"
14-
assume_role_policy = "${data.aws_iam_policy_document.assume_role_vault_task.json}"
13+
path = var.iam_path
14+
assume_role_policy = data.aws_iam_policy_document.assume_role_vault_task.json
1515
}
1616

1717
# ecsServiceRole for vault
1818

1919
resource "aws_iam_role" "ecsServiceRole" {
20-
path = "${var.iam_path}"
20+
path = var.iam_path
2121

2222
assume_role_policy = <<EOF
2323
{
@@ -35,9 +35,11 @@ resource "aws_iam_role" "ecsServiceRole" {
3535
]
3636
}
3737
EOF
38+
3839
}
3940

4041
resource "aws_iam_role_policy_attachment" "attach-ecsServiceRole" {
41-
role = "${aws_iam_role.ecsServiceRole.name}"
42+
role = aws_iam_role.ecsServiceRole.name
4243
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
4344
}
45+

0 commit comments

Comments
 (0)