diff --git a/.github/workflows/release-preview.yaml b/.github/workflows/release-preview.yaml new file mode 100644 index 0000000..cc5ce4b --- /dev/null +++ b/.github/workflows/release-preview.yaml @@ -0,0 +1,118 @@ +name: Release Preview + +on: + workflow_call: + +env: + SEMANTIC_RELEASE_VERSION: '24.2.0' + NODE_VERSION: '20.11.0' + +jobs: + preview: + name: Preview Release + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.ref }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODE_VERSION }} + + - name: Run semantic-release (dry-run) + id: semantic + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_COMMITTER_NAME: "github-actions[bot]" + GIT_COMMITTER_EMAIL: "github-actions[bot]@users.noreply.github.com" + GIT_AUTHOR_NAME: "github-actions[bot]" + GIT_AUTHOR_EMAIL: "github-actions[bot]@users.noreply.github.com" + run: | + # Unset GitHub Actions environment variables that interfere with semantic-release + unset GITHUB_REF + unset GITHUB_REF_NAME + unset GITHUB_HEAD_REF + unset GITHUB_BASE_REF + + # Set them to what we want + export GITHUB_REF="refs/heads/${{ github.event.pull_request.head.ref }}" + export GITHUB_REF_NAME="${{ github.event.pull_request.head.ref }}" + + # Run semantic-release with inline configuration using CLI options + OUTPUT=$(npx --package semantic-release@${{ env.SEMANTIC_RELEASE_VERSION }} \ + --package @semantic-release/exec \ + --package conventional-changelog-conventionalcommits \ + semantic-release \ + --dry-run \ + --no-ci \ + --debug \ + --branches ${{ github.event.pull_request.head.ref }} 2>&1 || true) + echo "$OUTPUT" + + # Extract version information + NEW_VERSION=$(echo "$OUTPUT" | grep -Eo "The next release version is [0-9]+\.[0-9]+\.[0-9]+" | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" || echo "") + RELEASE_TYPE=$(echo "$OUTPUT" | grep -Eo "Analysis of [0-9]+ commits complete: [a-z]+ release" | grep -Eo "(major|minor|patch) release" | sed 's/ release//' || echo "") + + # Extract release notes (everything after "Release note for version") + RELEASE_NOTES=$(echo "$OUTPUT" | sed -n '/Release note for version/,$p' | tail -n +2 || echo "") + + # Save to outputs + echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT + echo "release_type=$RELEASE_TYPE" >> $GITHUB_OUTPUT + + # Save release notes for comment + echo "release_notes<> $GITHUB_OUTPUT + echo "$RELEASE_NOTES" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Display Preview + run: | + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo " RELEASE PREVIEW" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + if [ -n "${{ steps.semantic.outputs.new_version }}" ]; then + echo "Version: v${{ steps.semantic.outputs.new_version }}" + echo "Release Type: ${{ steps.semantic.outputs.release_type }}" + echo "Status: Release will be published" + else + echo "Status: No release will be published" + echo "Reason: No relevant changes detected" + fi + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + + - name: Comment on PR + if: github.event_name == 'pull_request' + uses: mshick/add-pr-comment@v2 + with: + message-id: release-preview + message: | + ## Release Preview + + ${{ steps.semantic.outputs.new_version && format('**Version:** `v{0}` + **Release Type:** `{1}` + **Status:** Release will be published when merged to main + + --- + + ### Release Notes + + {2} + + --- + + *This preview is generated by semantic-release dry-run mode*', steps.semantic.outputs.new_version, steps.semantic.outputs.release_type, steps.semantic.outputs.release_notes) || '**Status:** No release will be published + **Reason:** No relevant changes detected + + --- + + *This preview is generated by semantic-release dry-run mode*' }} diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 0cbfeca..9c63087 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -17,6 +17,7 @@ permissions: contents: write pull-requests: write actions: read + statuses: write jobs: prTitlecheck: @@ -24,6 +25,13 @@ jobs: if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'main' }} uses: ./.github/workflows/pr-title.yaml + releasePreview: + name: Release Preview + uses: ./.github/workflows/release-preview.yaml + permissions: + contents: write + pull-requests: write + preCommitCheck: name: Terraform Checks uses: ./.github/workflows/terraform-checks.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 83f517c..14e5c29 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -20,6 +20,9 @@ repos: - '--args=--only=terraform_workspace_remote' - '--args=--only=terraform_unused_required_providers' - id: terraform_validate + args: + - --hook-config=--retry-once-with-cleanup=true + files: ^examples/ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v6.0.0 hooks: diff --git a/README.md b/README.md index cbec28f..a33d703 100644 --- a/README.md +++ b/README.md @@ -29,24 +29,26 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.13.0 | -| [aws](#requirement\_aws) | >= 5.5.0 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.5.0 | +| [aws](#provider\_aws) | >= 6.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [ecs\_kong](#module\_ecs\_kong) | infraspecdev/ecs-deployment/aws | ~> 4.3.4 | +| [ecs\_kong](#module\_ecs\_kong) | infraspecdev/ecs-deployment/aws | ~> 5.0.0 | | [ecs\_task\_security\_group](#module\_ecs\_task\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 | -| [internal\_alb\_kong](#module\_internal\_alb\_kong) | infraspecdev/ecs-deployment/aws//modules/alb | ~> 4.3.4 | +| [internal\_alb\_kong](#module\_internal\_alb\_kong) | infraspecdev/ecs-deployment/aws//modules/alb | ~> 5.0.0 | | [internal\_alb\_security\_group](#module\_internal\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 | | [kong\_internal\_dns\_record](#module\_kong\_internal\_dns\_record) | ./modules/route-53-record | n/a | +| [kong\_internal\_dns\_record\_same\_account](#module\_kong\_internal\_dns\_record\_same\_account) | ./modules/route-53-record | n/a | | [kong\_public\_dns\_record](#module\_kong\_public\_dns\_record) | ./modules/route-53-record | n/a | +| [kong\_public\_dns\_record\_same\_account](#module\_kong\_public\_dns\_record\_same\_account) | ./modules/route-53-record | n/a | | [kong\_rds](#module\_kong\_rds) | terraform-aws-modules/rds/aws | ~> 6.13.0 | | [postgres\_security\_group](#module\_postgres\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 | | [public\_alb\_security\_group](#module\_public\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 | @@ -92,6 +94,7 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec | [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for public-facing load balancers | `list(string)` | n/a | yes | | [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | `{}` | no | | [rds\_instance\_class](#input\_rds\_instance\_class) | The RDS instance class for Kong database (e.g., db.t3.micro, db.r5.large) | `string` | `"db.t3.micro"` | no | +| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | ARN of the IAM role to assume in the hosted-zone account (should be null for same-account). | `string` | `null` | no | | [ssl\_policy](#input\_ssl\_policy) | Name of the SSL Policy for the listener. | `string` | `"ELBSecurityPolicy-2016-08"` | no | | [vpc\_id](#input\_vpc\_id) | The ID of the VPC where Kong infrastructure will be deployed | `string` | n/a | yes | diff --git a/examples/complete/.header.md b/examples/complete/.header.md index 03844b8..1d8565e 100644 --- a/examples/complete/.header.md +++ b/examples/complete/.header.md @@ -40,6 +40,10 @@ cpu_for_kong_task = 512 memory_for_kong_task = 1024 desired_count_for_kong_service = 2 force_new_deployment = true +postgres_engine_version = 16.3 +postgres_major_engine_version = 16 +route53_assume_role_arn = arn:aws:iam::aws-account-id:role/role-name +region = us-east-1 ``` Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. diff --git a/examples/complete/README.md b/examples/complete/README.md index d27b930..2ffa933 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -41,6 +41,10 @@ cpu_for_kong_task = 512 memory_for_kong_task = 1024 desired_count_for_kong_service = 2 force_new_deployment = true +postgres_engine_version = 16.3 +postgres_major_engine_version = 16 +route53_assume_role_arn = arn:aws:iam::aws-account-id:role/role-name +region = us-east-1 ``` Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. @@ -50,6 +54,7 @@ Place this `terraform.tfvars` file in the same directory as your Terraform confi | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.13.0 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers @@ -94,6 +99,8 @@ No resources. | [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes | | [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | n/a | yes | | [rds\_instance\_class](#input\_rds\_instance\_class) | The instance class to use | `string` | n/a | yes | +| [region](#input\_region) | The AWS region | `string` | n/a | yes | +| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | IAM role ARN for cross-account Route53 access. | `string` | n/a | yes | | [ssl\_policy](#input\_ssl\_policy) | (Optional) Name of the SSL Policy for the listener. | `string` | n/a | yes | | [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5c6179e..d376aac 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,6 +1,24 @@ +provider "aws" { + region = var.region +} + +provider "aws" { + alias = "cross_account_provider" + region = var.region + assume_role { + role_arn = var.route53_assume_role_arn + } +} + + module "kong" { source = "../../" + providers = { + aws = aws + aws.cross_account_provider = aws.cross_account_provider + } + vpc_id = var.vpc_id public_subnet_ids = var.public_subnet_ids private_subnet_ids = var.private_subnet_ids @@ -30,4 +48,5 @@ module "kong" { force_new_deployment = var.force_new_deployment postgres_engine_version = var.postgres_engine_version postgres_major_engine_version = var.postgres_major_engine_version + route53_assume_role_arn = var.route53_assume_role_arn } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 029f5b8..7301e76 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -132,3 +132,13 @@ variable "postgres_major_engine_version" { description = "The major version of the Postgres engine" type = number } + +variable "route53_assume_role_arn" { + description = "IAM role ARN for cross-account Route53 access." + type = string +} + +variable "region" { + description = "The AWS region" + type = string +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 1bb2111..a6722f9 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,3 +1,10 @@ terraform { required_version = ">= 1.13.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + } } diff --git a/examples/cross-account/.header.md b/examples/cross-account/.header.md new file mode 100644 index 0000000..bf86731 --- /dev/null +++ b/examples/cross-account/.header.md @@ -0,0 +1,15 @@ +### Example Variable Values + +Here is an example of how to define the variable values in your `terraform.tfvars` file: + +```hcl +vpc_id = "vpc-12345678" +public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"] +private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"] +kong_public_domain_name = "api.example.com" +kong_admin_domain_name = "admin-api.example.com" +region = "us-east-1" +route53_assume_role_arn = "arn:aws:iam::account-id:role/role-id" +``` + +Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. diff --git a/examples/cross-account/README.md b/examples/cross-account/README.md new file mode 100644 index 0000000..119a8ab --- /dev/null +++ b/examples/cross-account/README.md @@ -0,0 +1,57 @@ + +### Example Variable Values + +Here is an example of how to define the variable values in your `terraform.tfvars` file: + +```hcl +vpc_id = "vpc-12345678" +public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"] +private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"] +kong_public_domain_name = "api.example.com" +kong_admin_domain_name = "admin-api.example.com" +region = "us-east-1" +route53_assume_role_arn = "arn:aws:iam::account-id:role/role-id" +``` + +Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.13.0 | +| [aws](#requirement\_aws) | >= 6.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [kong](#module\_kong) | ../../ | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes | +| [kong\_admin\_domain\_name](#input\_kong\_admin\_domain\_name) | The admin domain name for Kong | `string` | n/a | yes | +| [kong\_public\_domain\_name](#input\_kong\_public\_domain\_name) | The public domain name for Kong | `string` | n/a | yes | +| [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes | +| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes | +| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes | +| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes | +| [region](#input\_region) | The AWS region | `string` | n/a | yes | +| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | The ARN of the DNS role | `string` | `null` | no | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes | + +## Outputs + +No outputs. + diff --git a/examples/cross-account/main.tf b/examples/cross-account/main.tf new file mode 100644 index 0000000..c906bcd --- /dev/null +++ b/examples/cross-account/main.tf @@ -0,0 +1,31 @@ +provider "aws" { + region = var.region +} + +provider "aws" { + alias = "cross_account_provider" + region = var.region + assume_role { + role_arn = var.route53_assume_role_arn + } +} + + +module "kong" { + source = "../../" + + providers = { + aws = aws + aws.cross_account_provider = aws.cross_account_provider + } + + vpc_id = var.vpc_id + public_subnet_ids = var.public_subnet_ids + private_subnet_ids = var.private_subnet_ids + kong_public_domain_name = var.kong_public_domain_name + kong_admin_domain_name = var.kong_admin_domain_name + cluster_name = var.cluster_name + postgres_engine_version = var.postgres_engine_version + postgres_major_engine_version = var.postgres_major_engine_version + route53_assume_role_arn = var.route53_assume_role_arn +} diff --git a/examples/minimal/outputs.tf b/examples/cross-account/outputs.tf similarity index 100% rename from examples/minimal/outputs.tf rename to examples/cross-account/outputs.tf diff --git a/examples/cross-account/variables.tf b/examples/cross-account/variables.tf new file mode 100644 index 0000000..0951acf --- /dev/null +++ b/examples/cross-account/variables.tf @@ -0,0 +1,50 @@ +variable "vpc_id" { + description = "The ID of the VPC" + type = string +} + +variable "public_subnet_ids" { + description = "List of public subnet IDs" + type = list(string) +} + +variable "private_subnet_ids" { + description = "List of private subnet IDs" + type = list(string) +} + +variable "kong_public_domain_name" { + description = "The public domain name for Kong" + type = string +} + +variable "kong_admin_domain_name" { + description = "The admin domain name for Kong" + type = string +} + +variable "cluster_name" { + description = "Name of the cluster" + type = string +} + +variable "postgres_engine_version" { + description = "The version of the Postgres engine" + type = number +} + +variable "postgres_major_engine_version" { + description = "The major version of the Postgres engine" + type = number +} + +variable "route53_assume_role_arn" { + description = "The ARN of the DNS role" + type = string + default = null +} + +variable "region" { + description = "The AWS region" + type = string +} diff --git a/examples/cross-account/versions.tf b/examples/cross-account/versions.tf new file mode 100644 index 0000000..a6722f9 --- /dev/null +++ b/examples/cross-account/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.13.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + } +} diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf deleted file mode 100644 index 3b34c2b..0000000 --- a/examples/minimal/main.tf +++ /dev/null @@ -1,9 +0,0 @@ -module "kong" { - source = "../../" - - vpc_id = var.vpc_id - public_subnet_ids = var.public_subnet_ids - private_subnet_ids = var.private_subnet_ids - kong_public_domain_name = var.kong_public_domain_name - kong_admin_domain_name = var.kong_admin_domain_name -} diff --git a/examples/minimal/variables.tf b/examples/minimal/variables.tf deleted file mode 100644 index e22619f..0000000 --- a/examples/minimal/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "vpc_id" { - description = "The ID of the VPC" - type = string -} - -variable "public_subnet_ids" { - description = "List of public subnet IDs" - type = list(string) -} - -variable "private_subnet_ids" { - description = "List of private subnet IDs" - type = list(string) -} - -variable "kong_public_domain_name" { - description = "The public domain name for Kong" - type = string -} - -variable "kong_admin_domain_name" { - description = "The admin domain name for Kong" - type = string -} diff --git a/examples/minimal/versions.tf b/examples/minimal/versions.tf deleted file mode 100644 index 1bb2111..0000000 --- a/examples/minimal/versions.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - required_version = ">= 1.13.0" -} diff --git a/examples/minimal/.header.md b/examples/same-account/.header.md similarity index 94% rename from examples/minimal/.header.md rename to examples/same-account/.header.md index c3a26ec..59326b4 100644 --- a/examples/minimal/.header.md +++ b/examples/same-account/.header.md @@ -8,6 +8,7 @@ public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"] private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"] kong_public_domain_name = "api.example.com" kong_admin_domain_name = "admin-api.example.com" +region = "us-east-1" ``` Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. diff --git a/examples/minimal/README.md b/examples/same-account/README.md similarity index 68% rename from examples/minimal/README.md rename to examples/same-account/README.md index c58a60f..e7fd326 100644 --- a/examples/minimal/README.md +++ b/examples/same-account/README.md @@ -9,6 +9,7 @@ public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"] private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"] kong_public_domain_name = "api.example.com" kong_admin_domain_name = "admin-api.example.com" +region = "us-east-1" ``` Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements. @@ -18,6 +19,7 @@ Place this `terraform.tfvars` file in the same directory as your Terraform confi | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.13.0 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers @@ -37,10 +39,15 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes | | [kong\_admin\_domain\_name](#input\_kong\_admin\_domain\_name) | The admin domain name for Kong | `string` | n/a | yes | | [kong\_public\_domain\_name](#input\_kong\_public\_domain\_name) | The public domain name for Kong | `string` | n/a | yes | +| [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes | +| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes | | [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes | | [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes | +| [region](#input\_region) | The AWS region | `string` | n/a | yes | +| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | The ARN of the DNS role | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes | ## Outputs diff --git a/examples/same-account/main.tf b/examples/same-account/main.tf new file mode 100644 index 0000000..31204aa --- /dev/null +++ b/examples/same-account/main.tf @@ -0,0 +1,23 @@ +provider "aws" { + region = var.region +} + + +module "kong" { + source = "../../" + + providers = { + aws = aws + aws.cross_account_provider = aws + } + + vpc_id = var.vpc_id + public_subnet_ids = var.public_subnet_ids + private_subnet_ids = var.private_subnet_ids + kong_public_domain_name = var.kong_public_domain_name + kong_admin_domain_name = var.kong_admin_domain_name + cluster_name = var.cluster_name + postgres_engine_version = var.postgres_engine_version + postgres_major_engine_version = var.postgres_major_engine_version + route53_assume_role_arn = var.route53_assume_role_arn +} diff --git a/examples/same-account/outputs.tf b/examples/same-account/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/same-account/variables.tf b/examples/same-account/variables.tf new file mode 100644 index 0000000..0951acf --- /dev/null +++ b/examples/same-account/variables.tf @@ -0,0 +1,50 @@ +variable "vpc_id" { + description = "The ID of the VPC" + type = string +} + +variable "public_subnet_ids" { + description = "List of public subnet IDs" + type = list(string) +} + +variable "private_subnet_ids" { + description = "List of private subnet IDs" + type = list(string) +} + +variable "kong_public_domain_name" { + description = "The public domain name for Kong" + type = string +} + +variable "kong_admin_domain_name" { + description = "The admin domain name for Kong" + type = string +} + +variable "cluster_name" { + description = "Name of the cluster" + type = string +} + +variable "postgres_engine_version" { + description = "The version of the Postgres engine" + type = number +} + +variable "postgres_major_engine_version" { + description = "The major version of the Postgres engine" + type = number +} + +variable "route53_assume_role_arn" { + description = "The ARN of the DNS role" + type = string + default = null +} + +variable "region" { + description = "The AWS region" + type = string +} diff --git a/examples/same-account/versions.tf b/examples/same-account/versions.tf new file mode 100644 index 0000000..a6722f9 --- /dev/null +++ b/examples/same-account/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.13.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.0" + } + } +} diff --git a/main.tf b/main.tf index 9dfbbb8..dd37312 100644 --- a/main.tf +++ b/main.tf @@ -204,7 +204,7 @@ data "aws_ecs_cluster" "this" { module "ecs_kong" { source = "infraspecdev/ecs-deployment/aws" - version = "~> 4.3.4" + version = "~> 5.0.0" vpc_id = var.vpc_id cluster_name = data.aws_ecs_cluster.this.cluster_name @@ -314,6 +314,11 @@ module "ecs_kong" { } create_acm = true + + providers = { + aws = aws + aws.cross_account_provider = aws.cross_account_provider + } acm_certificates = { (local.kong.public_acm_certificate) = { domain_name = var.kong_public_domain_name @@ -321,10 +326,17 @@ module "ecs_kong" { domain_name = var.kong_public_domain_name validation_domain = var.kong_public_domain_name } - record_zone_id = module.kong_public_dns_record.zone_id + + record_zone_id = ( + var.route53_assume_role_arn != null + ? module.kong_public_dns_record[0].zone_id + : module.kong_public_dns_record_same_account[0].zone_id + ) } } + route53_assume_role_arn = var.route53_assume_role_arn + depends_on = [module.kong_rds] } @@ -334,7 +346,7 @@ module "ecs_kong" { module "internal_alb_kong" { source = "infraspecdev/ecs-deployment/aws//modules/alb" - version = "~> 4.3.4" + version = "~> 5.0.0" name = "${local.kong.name}-internal" internal = true @@ -389,23 +401,57 @@ module "internal_alb_kong" { ################################################################################ # Route53 Record For Public ALB ################################################################################ - -module "kong_public_dns_record" { +module "kong_public_dns_record_same_account" { + count = var.route53_assume_role_arn == null ? 1 : 0 source = "./modules/route-53-record" domain = var.kong_public_domain_name alb_dns_name = module.ecs_kong.alb_dns_name alb_zone_id = module.ecs_kong.alb_zone_id + + providers = { + aws = aws + } } ################################################################################ # Route53 Record For Internal ALB ################################################################################ +module "kong_internal_dns_record_same_account" { + count = var.route53_assume_role_arn == null ? 1 : 0 + source = "./modules/route-53-record" + + domain = var.kong_admin_domain_name + alb_dns_name = module.internal_alb_kong.dns_name + alb_zone_id = module.ecs_kong.alb_zone_id + + providers = { + aws = aws + } +} + +module "kong_public_dns_record" { + count = var.route53_assume_role_arn != null ? 1 : 0 + source = "./modules/route-53-record" + + domain = var.kong_public_domain_name + alb_dns_name = module.ecs_kong.alb_dns_name + alb_zone_id = module.ecs_kong.alb_zone_id + + providers = { + aws = aws.cross_account_provider + } +} module "kong_internal_dns_record" { + count = var.route53_assume_role_arn != null ? 1 : 0 source = "./modules/route-53-record" domain = var.kong_admin_domain_name alb_dns_name = module.internal_alb_kong.dns_name alb_zone_id = module.ecs_kong.alb_zone_id + + providers = { + aws = aws.cross_account_provider + } } diff --git a/variables.tf b/variables.tf index 085e67c..477c516 100644 --- a/variables.tf +++ b/variables.tf @@ -181,3 +181,9 @@ variable "postgres_major_engine_version" { error_message = "The major PostgreSQL engine version must be 16 or higher." } } + +variable "route53_assume_role_arn" { + description = "ARN of the IAM role to assume in the hosted-zone account (should be null for same-account)." + type = string + default = null +} diff --git a/versions.tf b/versions.tf index 51899a0..59896a8 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,10 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.5.0" + version = ">= 6.0" + configuration_aliases = [ + aws.cross_account_provider + ] } } }