diff --git a/acm-certificate/providers.tf b/acm-certificate/providers.tf index 8abc10b..2fe64dc 100644 --- a/acm-certificate/providers.tf +++ b/acm-certificate/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "~> 6" configuration_aliases = [ aws.acm, diff --git a/github-oidc-iam-role/data.tf b/github-oidc-iam-role/data.tf index 3423f57..98412a8 100644 --- a/github-oidc-iam-role/data.tf +++ b/github-oidc-iam-role/data.tf @@ -8,7 +8,7 @@ data "aws_iam_policy_document" "assume_role_policy" { actions = ["sts:AssumeRoleWithWebIdentity"] principals { - type = "Federated" + type = "Federated" identifiers = [data.aws_iam_openid_connect_provider.github.arn] } @@ -19,9 +19,9 @@ data "aws_iam_policy_document" "assume_role_policy" { } condition { - test = "StringLike" - variable = "token.actions.githubusercontent.com:sub" - values = var.sub + test = "StringLike" + variable = "token.actions.githubusercontent.com:sub" + values = var.sub } } } \ No newline at end of file diff --git a/github-oidc-iam-role/iam.tf b/github-oidc-iam-role/iam.tf index b083eb4..b7788a1 100644 --- a/github-oidc-iam-role/iam.tf +++ b/github-oidc-iam-role/iam.tf @@ -7,9 +7,9 @@ resource "aws_iam_role" "role" { resource "aws_iam_role_policy" "policy" { count = var.policy != null ? 1 : 0 - name = var.policy_name - role = aws_iam_role.role.id - policy = var.policy + name = var.policy_name + role = aws_iam_role.role.id + policy = var.policy } resource "aws_iam_role_policy_attachment" "policies" { diff --git a/github-oidc-iam-role/outputs.tf b/github-oidc-iam-role/outputs.tf index ee07185..13977cb 100644 --- a/github-oidc-iam-role/outputs.tf +++ b/github-oidc-iam-role/outputs.tf @@ -8,7 +8,7 @@ output "role" { output "policy" { value = length(aws_iam_role_policy.policy) > 0 ? { - id = aws_iam_role_policy.policy[0].id + id = aws_iam_role_policy.policy[0].id name = aws_iam_role_policy.policy[0].name } : null } \ No newline at end of file diff --git a/github-oidc-iam-role/variables.tf b/github-oidc-iam-role/variables.tf index 7e84d2f..5987635 100644 --- a/github-oidc-iam-role/variables.tf +++ b/github-oidc-iam-role/variables.tf @@ -19,7 +19,7 @@ variable "policy" { variable "policy_arns" { type = set(string) description = "Set of IAM policy ARNs to attach to the role" - default = [] + default = [] } variable "sub" { diff --git a/guardrails/iam.tf b/guardrails/iam.tf index 2b1f78e..e86497e 100644 --- a/guardrails/iam.tf +++ b/guardrails/iam.tf @@ -7,8 +7,8 @@ resource "aws_iam_account_password_policy" "this" { max_password_age = var.iam.password_policy.max_password_age minimum_password_length = var.iam.password_policy.minimum_password_length - require_lowercase_characters = var.iam.password_policy.require_lowercase_characters - require_uppercase_characters = var.iam.password_policy.require_uppercase_characters - require_numbers = var.iam.password_policy.require_numbers - require_symbols = var.iam.password_policy.require_symbols + require_lowercase_characters = var.iam.password_policy.require_lowercase_characters + require_uppercase_characters = var.iam.password_policy.require_uppercase_characters + require_numbers = var.iam.password_policy.require_numbers + require_symbols = var.iam.password_policy.require_symbols } \ No newline at end of file diff --git a/guardrails/providers.tf b/guardrails/providers.tf index 9213c51..502f7f9 100644 --- a/guardrails/providers.tf +++ b/guardrails/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "~> 6" } } diff --git a/guardrails/variables.tf b/guardrails/variables.tf index 923f9a3..07e5715 100644 --- a/guardrails/variables.tf +++ b/guardrails/variables.tf @@ -14,7 +14,7 @@ variable "s3" { block_public_acls = optional(bool, true) block_public_policy = optional(bool, true) ignore_public_acls = optional(bool, true) - restrict_public_buckets = optional(bool, true) + restrict_public_buckets = optional(bool, true) }), {}) }) default = {} @@ -31,10 +31,10 @@ variable "iam" { max_password_age = optional(number, null) minimum_password_length = optional(number, 12) - require_lowercase_characters = optional(bool, true) - require_uppercase_characters = optional(bool, true) - require_numbers = optional(bool, true) - require_symbols = optional(bool, true) + require_lowercase_characters = optional(bool, true) + require_uppercase_characters = optional(bool, true) + require_numbers = optional(bool, true) + require_symbols = optional(bool, true) }), {}) }) default = {} diff --git a/lambda-layer/data.tf b/lambda-layer/data.tf index e4f977a..6874f1f 100644 --- a/lambda-layer/data.tf +++ b/lambda-layer/data.tf @@ -13,5 +13,5 @@ data "archive_file" "layer" { type = "zip" source_dir = var.src output_path = local.output_path - depends_on = [null_resource.create_build_dir] + depends_on = [null_resource.create_build_dir] } \ No newline at end of file diff --git a/lambda-layer/providers.tf b/lambda-layer/providers.tf index 91978e7..cecebc6 100644 --- a/lambda-layer/providers.tf +++ b/lambda-layer/providers.tf @@ -10,7 +10,7 @@ terraform { null = { source = "hashicorp/null" version = ">= 3.0.0, < 4.0.0" - } + } archive = { source = "hashicorp/archive" diff --git a/lambda-layer/variables.tf b/lambda-layer/variables.tf index 29ead33..b0e5409 100644 --- a/lambda-layer/variables.tf +++ b/lambda-layer/variables.tf @@ -10,14 +10,14 @@ variable "description" { } variable "runtimes" { - type = list(string) - default = ["nodejs24.x"] + type = list(string) + default = ["nodejs24.x"] description = "The compatible runtimes" } variable "architectures" { - type = list(string) - default = ["arm64"] + type = list(string) + default = ["arm64"] description = "The compatible architectures" } diff --git a/sqs/variables.tf b/sqs/variables.tf index 573416d..8c33980 100644 --- a/sqs/variables.tf +++ b/sqs/variables.tf @@ -1,24 +1,24 @@ variable "name" { - type = string + type = string description = "The name of your queue" } variable "max_size_in_bytes" { - type = number - default = 262144 + type = number + default = 262144 description = "Defaults to 256 KiB" } variable "retention_in_seconds" { - type = number - default = 604800 + type = number + default = 604800 description = "Duration a message is kept in the queue. Defaults to 7 days" } # delay_seconds variable "initial_visibility_delay_in_seconds" { - type = number - default = 0 + type = number + default = 0 description = "Duration a message is initially hidden before becoming visible in the queue" } @@ -31,24 +31,24 @@ variable "poll_timeout_in_seconds" { # visibility_timeout_seconds variable "lock_timeout_in_seconds" { - type = number - default = 30 + type = number + default = 30 description = "Duration an in-flight message is hidden from other consumers after being consumed" } variable "dlq" { type = object({ - create = optional(bool, false) - max_receive_count = optional(number, 3) + create = optional(bool, false) + max_receive_count = optional(number, 3) retention_in_seconds = optional(number, 1209600) }) - default = {} + default = {} description = "DLQ configuration for your queue" } variable "tags" { - type = map(string) - default = {} + type = map(string) + default = {} description = "The tags to apply to all resources created" } diff --git a/static-site/cloudfront.tf b/static-site/cloudfront.tf index 4421c0d..c501165 100644 --- a/static-site/cloudfront.tf +++ b/static-site/cloudfront.tf @@ -27,6 +27,7 @@ resource "aws_cloudfront_distribution" "static_site" { origin_id = local.origin_id origin_access_control_id = aws_cloudfront_origin_access_control.oac.id domain_name = aws_s3_bucket.static_site.bucket_regional_domain_name + origin_path = var.origin_path != "" ? "/${var.origin_path}" : "" } default_cache_behavior { diff --git a/static-site/providers.tf b/static-site/providers.tf index 981800f..fe4f7c6 100644 --- a/static-site/providers.tf +++ b/static-site/providers.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" version = "~> 6" configuration_aliases = [ aws.acm, diff --git a/static-site/s3.tf b/static-site/s3.tf index 5b46c7f..3a3d346 100644 --- a/static-site/s3.tf +++ b/static-site/s3.tf @@ -1,4 +1,6 @@ resource "aws_s3_bucket" "static_site" { + count = var.create_bucket ? 1 : 0 + bucket = local.bucket_name force_destroy = true tags = var.tags @@ -6,7 +8,7 @@ resource "aws_s3_bucket" "static_site" { } resource "aws_s3_bucket_public_access_block" "static_site" { - bucket = aws_s3_bucket.static_site.id + bucket = var.bucket_name != "" ? var.bucket_name : aws_s3_bucket.static_site[0].id block_public_acls = true block_public_policy = true ignore_public_acls = true @@ -15,7 +17,7 @@ resource "aws_s3_bucket_public_access_block" "static_site" { } resource "aws_s3_bucket_policy" "static_site" { - bucket = aws_s3_bucket.static_site.bucket + bucket = var.bucket_name != "" ? var.bucket_name : aws_s3_bucket.static_site[0].bucket policy = data.aws_iam_policy_document.cloudfront_to_s3.json provider = aws.default -} +} \ No newline at end of file diff --git a/static-site/variables.tf b/static-site/variables.tf index 55c4419..744120f 100644 --- a/static-site/variables.tf +++ b/static-site/variables.tf @@ -1,6 +1,6 @@ variable "bucket_name" { type = string - description = "The name of the bucket that will store your static site files. If omitted the bucket name will match the domain name" + description = "The name of the S3 bucket. If create_bucket is false, this must refer to an existing bucket. If omitted, the bucket name will match the domain name" default = "" } @@ -58,3 +58,15 @@ variable "tags" { type = map(string) description = "The tags to apply to all resources created" } + +variable "origin_path" { + type = string + description = "Optional prefix inside the S3 bucket for static site files" + default = "" +} + +variable "create_bucket" { + description = "Whether to create a new S3 bucket or use an existing one" + type = bool + default = true +} \ No newline at end of file