From e714f50cd4446f410f2c3071672bd5122115d203 Mon Sep 17 00:00:00 2001 From: "adam.carruthers1" Date: Sun, 26 Nov 2023 16:32:03 +0000 Subject: [PATCH 1/5] Fix initial deploy invalid count dependency error --- modules/opennext-cloudfront/waf.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/waf.tf b/modules/opennext-cloudfront/waf.tf index 658ac0b..5001b8b 100644 --- a/modules/opennext-cloudfront/waf.tf +++ b/modules/opennext-cloudfront/waf.tf @@ -122,7 +122,7 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { } resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { - count = var.waf_logging_configuration == null || try(aws_wafv2_web_acl.cloudfront_waf[0], null) == null ? 0 : 1 + count = var.waf_logging_configuration == null || var.custom_waf != null ? 0 : 1 resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn log_destination_configs = var.waf_logging_configuration.log_destination_configs From e3ac2cd14c7476df79de7616caf813b2457819d5 Mon Sep 17 00:00:00 2001 From: "adam.carruthers1" Date: Sun, 26 Nov 2023 16:46:03 +0000 Subject: [PATCH 2/5] Fix condition the wrong way around --- modules/opennext-cloudfront/waf.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/waf.tf b/modules/opennext-cloudfront/waf.tf index 5001b8b..d859011 100644 --- a/modules/opennext-cloudfront/waf.tf +++ b/modules/opennext-cloudfront/waf.tf @@ -122,7 +122,7 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { } resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { - count = var.waf_logging_configuration == null || var.custom_waf != null ? 0 : 1 + count = var.waf_logging_configuration == null || var.custom_waf == null ? 0 : 1 resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn log_destination_configs = var.waf_logging_configuration.log_destination_configs From 2570005f5472dbe731ea0a8fdb5e83be5cb24b32 Mon Sep 17 00:00:00 2001 From: "adam.carruthers1" Date: Sun, 26 Nov 2023 16:47:15 +0000 Subject: [PATCH 3/5] Fix condition was wrong way round --- modules/opennext-cloudfront/waf.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/waf.tf b/modules/opennext-cloudfront/waf.tf index d859011..5001b8b 100644 --- a/modules/opennext-cloudfront/waf.tf +++ b/modules/opennext-cloudfront/waf.tf @@ -122,7 +122,7 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { } resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { - count = var.waf_logging_configuration == null || var.custom_waf == null ? 0 : 1 + count = var.waf_logging_configuration == null || var.custom_waf != null ? 0 : 1 resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn log_destination_configs = var.waf_logging_configuration.log_destination_configs From aa210a747b5bfc1255daf65a9b2cdc108e19224c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jul 2023 12:42:42 +0000 Subject: [PATCH 4/5] Bump semver from 6.3.0 to 6.3.1 in /modules/cloudfront-logs/lambda Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] --- modules/cloudfront-logs/lambda/yarn.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/cloudfront-logs/lambda/yarn.lock b/modules/cloudfront-logs/lambda/yarn.lock index 2f7d53f..801c038 100644 --- a/modules/cloudfront-logs/lambda/yarn.lock +++ b/modules/cloudfront-logs/lambda/yarn.lock @@ -2679,14 +2679,14 @@ sax@>=0.6.0: integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw== semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== semver@^7.0.0, semver@^7.3.7, semver@^7.3.8: - version "7.5.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb" - integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ== + version "7.5.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" From f8e81a74a2c4f3516c0e58d946f0a0e2a31a0245 Mon Sep 17 00:00:00 2001 From: andylamp Date: Fri, 26 Jan 2024 14:52:05 +0200 Subject: [PATCH 5/5] Feature: add region explicitly in aws provider to avoid regressions (#15) ## Description This addresses the regression observed in certain configurations as described in issue #14. The PR refactors the project to take the `region` from variables but only _if and only if provided explicitly_. If not, the current behavior is maintained. This refactor means that all modules within the project take the provider region as a parameter which is used for all non aliased (_i.e._ non-global) ones. ## Context Resolves regressions observed in #14. ## Type of changes - [x] Refactoring (non-breaking change) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would change existing functionality) - [x] Bug fix (non-breaking change which fixes an issue) ## Checklist - [x] I am familiar with the [contributing guidelines](../docs/CONTRIBUTING.md) - [x] I have followed the code style of the project - [ ] I have added tests to cover my changes - [ ] I have updated the documentation accordingly - [ ] This PR is a result of pair or mob programming --- ## Sensitive Information Declaration To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter. - [x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes. --------- Signed-off-by: Thomas Judd-Cooper Co-authored-by: Thomas Judd-Cooper --- locals.tf | 1 + main.tf | 20 ++++++++++++++++--- modules/cloudfront-logs/main.tf | 3 ++- modules/cloudfront-logs/variables.tf | 5 +++++ modules/opennext-assets/main.tf | 3 ++- modules/opennext-assets/variables.tf | 5 ++++- modules/opennext-cloudfront/main.tf | 3 ++- modules/opennext-cloudfront/variables.tf | 15 ++++++++++++++ modules/opennext-lambda/main.tf | 3 ++- modules/opennext-lambda/variables.tf | 5 ++++- modules/opennext-revalidation-queue/main.tf | 1 + .../opennext-revalidation-queue/variables.tf | 5 +++++ variables.tf | 11 ++++++++++ 13 files changed, 71 insertions(+), 9 deletions(-) diff --git a/locals.tf b/locals.tf index a261816..6099b7d 100644 --- a/locals.tf +++ b/locals.tf @@ -16,6 +16,7 @@ locals { restriction_type = "none" locations = [] }) + price_class = coalesce(try(var.cloudfront.price_class, null), "PriceClass_All") cors = merge({ allow_credentials = false, allow_headers = ["*"], diff --git a/main.tf b/main.tf index 8dc0651..1f44aa8 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -12,11 +12,16 @@ terraform { data "aws_caller_identity" "current" {} data "aws_region" "current" {} +locals { + aws_region = var.region != null ? var.region : data.aws_region.current.name +} + /** * Assets & Cache S3 Bucket **/ module "assets" { source = "./modules/opennext-assets" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-assets" @@ -31,6 +36,7 @@ module "assets" { **/ module "server_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-server" @@ -67,6 +73,7 @@ module "server_function" { **/ module "image_optimization_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-image-optimization" @@ -101,6 +108,7 @@ module "image_optimization_function" { **/ module "revalidation_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-revalidation" @@ -136,6 +144,7 @@ module "revalidation_function" { module "revalidation_queue" { source = "./modules/opennext-revalidation-queue" prefix = "${var.prefix}-revalidation-queue" + region = local.aws_region default_tags = var.default_tags aws_account_id = data.aws_caller_identity.current.account_id @@ -148,6 +157,7 @@ module "revalidation_queue" { module "warmer_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-warmer" @@ -184,6 +194,7 @@ module "warmer_function" { **/ module "cloudfront_logs" { source = "./modules/cloudfront-logs" + region = local.aws_region default_tags = var.default_tags log_group_name = "${var.prefix}-cloudfront-logs" @@ -197,16 +208,19 @@ module "cloudfront_logs" { module "cloudfront" { source = "./modules/opennext-cloudfront" prefix = "${var.prefix}-cloudfront" + region = local.aws_region default_tags = var.default_tags + price_class = local.cloudfront.price_class + comment = local.cloudfront.comment logging_bucket_domain_name = module.cloudfront_logs.logs_s3_bucket.bucket_regional_domain_name assets_origin_access_identity = module.assets.cloudfront_origin_access_identity.cloudfront_access_identity_path origins = { assets_bucket = module.assets.assets_bucket.bucket_regional_domain_name - server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws" - image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws" + server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.${local.aws_region}.on.aws" + image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${local.aws_region}.on.aws" } aliases = local.cloudfront.aliases diff --git a/modules/cloudfront-logs/main.tf b/modules/cloudfront-logs/main.tf index a63a64f..4c9296b 100644 --- a/modules/cloudfront-logs/main.tf +++ b/modules/cloudfront-logs/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -15,6 +15,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/cloudfront-logs/variables.tf b/modules/cloudfront-logs/variables.tf index c95a0e9..0ac05ab 100644 --- a/modules/cloudfront-logs/variables.tf +++ b/modules/cloudfront-logs/variables.tf @@ -4,6 +4,11 @@ variable "default_tags" { default = {} } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "log_group_name" { type = string diff --git a/modules/opennext-assets/main.tf b/modules/opennext-assets/main.tf index 2e5485c..9b66b22 100644 --- a/modules/opennext-assets/main.tf +++ b/modules/opennext-assets/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-assets/variables.tf b/modules/opennext-assets/variables.tf index 4049bd5..ff701de 100644 --- a/modules/opennext-assets/variables.tf +++ b/modules/opennext-assets/variables.tf @@ -9,7 +9,10 @@ variable "default_tags" { default = {} } - +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} variable "assets_path" { type = string diff --git a/modules/opennext-cloudfront/main.tf b/modules/opennext-cloudfront/main.tf index 04b13ab..ca45e91 100644 --- a/modules/opennext-cloudfront/main.tf +++ b/modules/opennext-cloudfront/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 1ab6fe3..ac899b2 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -9,6 +9,11 @@ variable "default_tags" { default = {} } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "comment" { type = string description = "Comment to add to the CloudFront distribution" @@ -18,6 +23,16 @@ variable "acm_certificate_arn" { type = string } +variable "price_class" { + type = string + description = "The price class to use for the distribution" + validation { + condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"], var.price_class) + error_message = "Valid values for price_class are: `PriceClass_200`, `PriceClass_100` and `PriceClass_All`." + } + default = "PriceClass_All" +} + variable "origins" { type = object({ assets_bucket = string diff --git a/modules/opennext-lambda/main.tf b/modules/opennext-lambda/main.tf index a7b2f7e..2e2768d 100644 --- a/modules/opennext-lambda/main.tf +++ b/modules/opennext-lambda/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -14,6 +14,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-lambda/variables.tf b/modules/opennext-lambda/variables.tf index 40c3422..5afac3e 100644 --- a/modules/opennext-lambda/variables.tf +++ b/modules/opennext-lambda/variables.tf @@ -12,7 +12,10 @@ variable "default_tags" { default = {} } - +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} /** * Create Toggles diff --git a/modules/opennext-revalidation-queue/main.tf b/modules/opennext-revalidation-queue/main.tf index 2e5485c..c44a71b 100644 --- a/modules/opennext-revalidation-queue/main.tf +++ b/modules/opennext-revalidation-queue/main.tf @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-revalidation-queue/variables.tf b/modules/opennext-revalidation-queue/variables.tf index 3ace808..7e5b736 100644 --- a/modules/opennext-revalidation-queue/variables.tf +++ b/modules/opennext-revalidation-queue/variables.tf @@ -3,6 +3,11 @@ variable "prefix" { description = "Prefix for created resource IDs" } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "default_tags" { type = map(string) description = "Default tags to apply to all created resources" diff --git a/variables.tf b/variables.tf index c11dbac..1b73f07 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,16 @@ variable "default_tags" { default = {} } +/** + * AWS Provider Variables + **/ +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." + default = null +} + + /** * Route53 (DNS) Variables **/ @@ -317,6 +327,7 @@ variable "cloudfront" { override = bool value = string }))) + price_class = optional(string) geo_restriction = optional(object({ restriction_type = string locations = list(string)