diff --git a/main.tf b/main.tf index 20bf33d..8afaf94 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ data "aws_acm_certificate" "cdn" { } locals { - namespace = "${var.eb_env_namespace}-${var.eb_env_stage}-${var.eb_env_name}" + namespace = "${var.eb_env_namespace}-${var.eb_env_name}" static_alias = ( var.static_site_alias != "" @@ -37,6 +37,8 @@ locals { "*.${var.site_domain_name}" ] ) + + static_page_asset_aliases = [var.site_domain_name, "*.${var.site_domain_name}"] # adds support for organizations subdomains } ### @@ -46,7 +48,6 @@ locals { module "cdn_static" { source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn?ref=tags/0.74.0" namespace = "static-${var.eb_env_namespace}" - stage = var.eb_env_stage name = var.eb_env_name aliases = [local.static_alias] cors_allowed_origins = local.static_cors_allowed_origins @@ -61,7 +62,7 @@ module "cdn_static" { # export s3 arn so serverless can pick it up to configure iam policies resource "aws_ssm_parameter" "cdn_content_param" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/s3_content_arn" + name = "/${var.eb_env_name}/s3_content_arn" description = "S3 content (videos, images) bucket ARN" type = "SecureString" value = module.cdn_static.s3_bucket_arn @@ -70,7 +71,7 @@ resource "aws_ssm_parameter" "cdn_content_param" { # TODO remove resource "aws_ssm_parameter" "cdn_content_param_deprecated" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/s3_static_arn" + name = "/${var.eb_env_name}/s3_static_arn" description = "S3 content (videos, images) bucket ARN" type = "SecureString" value = module.cdn_static.s3_bucket_arn @@ -103,7 +104,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "content_bucket_version_expire_ module "content_backup" { count = var.enable_content_backup ? 1 : 0 source = "git::https://github.com/mentorpal/terraform-modules//modules/backup?ref=tags/v1.5.1" - name = "${var.eb_env_name}-s3-backup-${var.eb_env_stage}" + name = "${var.eb_env_name}-s3-backup" resources = [ module.cdn_static.s3_bucket_arn @@ -121,7 +122,7 @@ module "content_backup" { ##### module "cdn_firewall" { source = "git::https://github.com/mentorpal/terraform-modules//modules/api-waf?ref=tags/v1.6.0" - name = "${var.eb_env_name}-cdn-${var.eb_env_stage}" + name = "${var.eb_env_name}-cdn" scope = "CLOUDFRONT" rate_limit = 1000 @@ -147,7 +148,7 @@ module "cdn_firewall" { module "api_firewall" { source = "git::https://github.com/mentorpal/terraform-modules//modules/api-waf?ref=tags/v1.6.0" - name = "${var.eb_env_name}-api-${var.eb_env_stage}" + name = "${var.eb_env_name}-api" scope = "REGIONAL" rate_limit = 1000 @@ -165,7 +166,7 @@ module "api_firewall" { } resource "aws_ssm_parameter" "api_firewall_ssm" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/api_firewall_arn" + name = "/${var.eb_env_name}/api_firewall_arn" type = "String" value = module.api_firewall.wafv2_webacl_arn tags = var.eb_env_tags @@ -223,7 +224,7 @@ resource "aws_cloudfront_function" "cf_fn_origin_root" { module "cdn_static_assets" { source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=tags/0.82.4" acm_certificate_arn = data.aws_acm_certificate.cdn.arn - aliases = [var.site_domain_name] + aliases = local.static_page_asset_aliases allowed_methods = ["HEAD", "DELETE", "POST", "GET", "OPTIONS", "PUT", "PATCH"] block_origin_public_access_enabled = true # so only CDN can access it # having a default cache policy made the apply fail: @@ -286,7 +287,6 @@ module "cdn_static_assets" { parent_zone_name = var.aws_route53_zone_name # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html price_class = "PriceClass_100" - stage = var.eb_env_stage # this are artifacts generated from github code, no need to version them: versioning_enabled = true # test backup viewer_protocol_policy = "redirect-to-https" @@ -297,7 +297,7 @@ module "cdn_static_assets" { # cicd pipeline runs in us-east-1 so its easier to have them too in the same region resource "aws_ssm_parameter" "cdn_id" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/CLOUDFRONT_DISTRIBUTION_ID" + name = "/${var.eb_env_name}/CLOUDFRONT_DISTRIBUTION_ID" type = "String" value = module.cdn_static_assets.cf_id provider = aws.us-east-1 @@ -305,7 +305,7 @@ resource "aws_ssm_parameter" "cdn_id" { } resource "aws_ssm_parameter" "cdn_s3_websites_arn" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/s3-websites/ARN" + name = "/${var.eb_env_name}/s3-websites/ARN" description = "Bucket that stores frontend apps" type = "String" value = module.cdn_static_assets.s3_bucket_arn @@ -314,7 +314,7 @@ resource "aws_ssm_parameter" "cdn_s3_websites_arn" { } resource "aws_ssm_parameter" "cdn_s3_websites_name" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/s3-websites/NAME" + name = "/${var.eb_env_name}/s3-websites/NAME" description = "Bucket that stores frontend apps" type = "String" value = module.cdn_static_assets.s3_bucket diff --git a/template/global.tf.template b/template/global.tf.template index 9841160..844a629 100644 --- a/template/global.tf.template +++ b/template/global.tf.template @@ -7,9 +7,9 @@ module "notify_slack" { source = "terraform-aws-modules/notify-slack/aws" version = "~> 4.0" - sns_topic_name = "slack-alerts-${var.eb_env_stage}-${var.eb_env_namespace}" + sns_topic_name = "slack-alerts-${var.eb_env_namespace}" - lambda_function_name = "notify-slack-${var.eb_env_stage}-${var.eb_env_namespace}" + lambda_function_name = "notify-slack-${var.eb_env_namespace}" slack_webhook_url = var.cloudwatch_slack_webhook slack_channel = var.alerts_slack_channel @@ -17,7 +17,7 @@ module "notify_slack" { } resource "aws_ssm_parameter" "sns_alert_topic_arn" { - name = "/${var.eb_env_name}/${var.eb_env_stage}/shared/sns_alert_topic_arn" + name = "/${var.eb_env_name}/shared/sns_alert_topic_arn" description = "Slack alert topic" type = "String" value = module.notify_slack.this_slack_topic_arn diff --git a/template/main.tf b/template/main.tf index aedbe2c..5f767eb 100644 --- a/template/main.tf +++ b/template/main.tf @@ -8,7 +8,6 @@ module "mentorpal_beanstalk_deployment" { aws_region = var.aws_region aws_route53_zone_name = var.aws_route53_zone_name eb_env_namespace = var.eb_env_namespace - eb_env_stage = var.eb_env_stage site_domain_name = var.site_domain_name static_cors_allowed_origins = var.static_cors_allowed_origins enable_api_firewall_logging = var.enable_api_firewall_logging @@ -16,3 +15,23 @@ module "mentorpal_beanstalk_deployment" { enable_content_backup = true alert_topic_arn = module.notify_slack.this_slack_topic_arn } + +module "notify_slack" { + source = "terraform-aws-modules/notify-slack/aws" + version = "~> 4.0" + + sns_topic_name = "slack-alerts-${var.eb_env_namespace}" + + lambda_function_name = "notify-slack-${var.eb_env_namespace}" + + slack_webhook_url = var.cloudwatch_slack_webhook + slack_channel = "ls-alerts-prod" + slack_username = "uscictlsalerts" +} + +resource "aws_ssm_parameter" "sns_alert_topic_arn" { + name = "/${var.eb_env_name}/shared/sns_alert_topic_arn" + description = "Slack alert topic" + type = "String" + value = module.notify_slack.this_slack_topic_arn +} \ No newline at end of file diff --git a/template/terraform.tfvars b/template/terraform.tfvars index b5ba620..c64c07d 100644 --- a/template/terraform.tfvars +++ b/template/terraform.tfvars @@ -1,20 +1,18 @@ # must be in AWS certificate manager: -aws_acm_certificate_domain = "mentorpal.info" +aws_acm_certificate_domain = "mentorpal.org" # e.g. us-east-1 aws_region = "us-east-1" # usualy name as `aws_acm_certificate_domain` with . at the end -aws_route53_zone_name = "mentorpal.info" +aws_route53_zone_name = "mentorpal.org" # namespace to prefix all things your app eb_env_namespace = "mentorpal" eb_env_name = "mentorpal" -# name of stage, e.g 'test' or 'dev' or 'prod' -eb_env_stage = "qa" -site_domain_name = "qa.mentorpal.info" -static_cors_allowed_origins = ["mentorpal.info", "*.mentorpal.info"] +site_domain_name = "mentorpal.org" +static_cors_allowed_origins = ["mentorpal.org", "*.mentorpal.org"] enable_api_firewall_logging = true -enable_cdn_firewall_logging = false +enable_cdn_firewall_logging = false \ No newline at end of file diff --git a/template/terragrunt.hcl b/template/terragrunt.hcl index 4221c4c..1ca9827 100644 --- a/template/terragrunt.hcl +++ b/template/terragrunt.hcl @@ -8,7 +8,7 @@ remote_state { # name for an s3 bucket that will store terraform state # e.g. MY_APP_NAME-s3-state # terragrunt will create this for us - bucket = "mentorpal-info-s3-state" + bucket = "qamentorpal-s3-state" # probably can leave this as is key = "mentorpal/terraform.tfstate" @@ -23,6 +23,6 @@ remote_state { # name of the AWS dynamodb table used for locking state # e.g. MY_APP_NAME-s3-state-locks # terragrunt will create this for us - dynamodb_table = "mentorpal-info-s3-state-locks" + dynamodb_table = "mentorpal-s3-state-locks" } } diff --git a/vars.tf b/vars.tf index f546798..16213d0 100644 --- a/vars.tf +++ b/vars.tf @@ -10,7 +10,7 @@ variable "aws_region" { variable "aws_route53_zone_name" { type = string - description = "name to find aws route53 zone, e.g. mentorpal.info." + description = "name to find aws route53 zone, e.g. mentorpal.org." } variable "eb_env_name" { @@ -24,12 +24,6 @@ variable "eb_env_namespace" { description = "Namespace, which could be your organization name, e.g. 'eg' or 'cp'" } -variable "eb_env_stage" { - type = string - description = "Stage, e.g. 'prod', 'staging', 'dev', or 'test'" - default = "test" -} - variable "eb_env_tags" { type = map(string) default = {}