diff --git a/terraform/040-id-broker/main.tf b/terraform/040-id-broker/main.tf index dd78e3b..0baa2b4 100644 --- a/terraform/040-id-broker/main.tf +++ b/terraform/040-id-broker/main.tf @@ -3,6 +3,8 @@ locals { aws_region = data.aws_region.current.name config_id_or_null = one(aws_appconfig_configuration_profile.this[*].configuration_profile_id) appconfig_config_id = local.config_id_or_null == null ? "" : local.config_id_or_null + appconfig_app_id = var.appconfig_app_id == "" ? var.app_id : var.appconfig_app_id + appconfig_env_id = var.appconfig_env_id == "" ? var.env_id : var.appconfig_env_id } /* @@ -81,8 +83,8 @@ locals { subdomain_with_region = "${var.subdomain}-${local.aws_region}" task_def = templatefile("${path.module}/task-definition.json", { - appconfig_app_id = var.appconfig_app_id - appconfig_env_id = var.appconfig_env_id + appconfig_app_id = local.appconfig_app_id + appconfig_env_id = local.appconfig_env_id appconfig_config_id = local.appconfig_config_id api_access_keys = local.api_access_keys abandoned_user_abandoned_period = var.abandoned_user_abandoned_period @@ -215,8 +217,8 @@ module "ecsservice" { */ locals { task_def_cron = templatefile("${path.module}/task-definition.json", { - appconfig_app_id = var.appconfig_app_id - appconfig_env_id = var.appconfig_env_id + appconfig_app_id = local.appconfig_app_id + appconfig_env_id = local.appconfig_env_id appconfig_config_id = local.appconfig_config_id api_access_keys = local.api_access_keys abandoned_user_abandoned_period = var.abandoned_user_abandoned_period @@ -434,14 +436,14 @@ data "cloudflare_zone" "domain" { * Create ECS role */ module "ecs_role" { - count = var.appconfig_app_id == "" ? 0 : 1 + count = local.appconfig_app_id == "" ? 0 : 1 source = "../ecs-role" name = "ecs-${var.idp_name}-${var.app_name}-${var.app_env}-${local.aws_region}" } resource "aws_iam_role_policy" "this" { - count = var.appconfig_app_id == "" ? 0 : 1 + count = local.appconfig_app_id == "" ? 0 : 1 name = "appconfig" role = one(module.ecs_role[*].role_name) @@ -456,7 +458,7 @@ resource "aws_iam_role_policy" "this" { "appconfig:GetLatestConfiguration", "appconfig:StartConfigurationSession", ] - Resource = "arn:aws:appconfig:${local.aws_region}:${local.aws_account}:application/${var.appconfig_app_id}/environment/${var.appconfig_env_id}/configuration/${local.appconfig_config_id}" + Resource = "arn:aws:appconfig:${local.aws_region}:${local.aws_account}:application/${local.appconfig_app_id}/environment/${local.appconfig_env_id}/configuration/${local.appconfig_config_id}" } ] }) @@ -467,9 +469,9 @@ resource "aws_iam_role_policy" "this" { * Create AppConfig configuration profile */ resource "aws_appconfig_configuration_profile" "this" { - count = var.appconfig_app_id == "" ? 0 : 1 + count = local.appconfig_app_id == "" ? 0 : 1 - application_id = var.appconfig_app_id + application_id = local.appconfig_app_id name = "${var.app_name}-${var.app_env}" location_uri = "hosted" } diff --git a/terraform/040-id-broker/vars.tf b/terraform/040-id-broker/vars.tf index f49dcf6..58f24a5 100644 --- a/terraform/040-id-broker/vars.tf +++ b/terraform/040-id-broker/vars.tf @@ -581,12 +581,24 @@ variable "wildcard_cert_arn" { type = string } +variable "app_id" { + description = "DEPRECATED AppConfig application ID created by AWS. This cannot be the application name." + type = string + default = "" +} + variable "appconfig_app_id" { description = "AppConfig application ID created by AWS. This cannot be the application name." type = string default = "" } +variable "env_id" { + description = "DEPRECATED AppConfig environment ID created by AWS. This cannot be the environment name." + type = string + default = "" +} + variable "appconfig_env_id" { description = "AppConfig environment ID created by AWS. This cannot be the environment name." type = string