From 2211a5a8b58397186be32472360b8e27eeceba02 Mon Sep 17 00:00:00 2001 From: andylamp Date: Tue, 31 Oct 2023 03:06:15 +0200 Subject: [PATCH 1/8] add region explicitly in aws provider to avoid regressions --- main.tf | 16 ++++++++++++++-- modules/cloudfront-logs/main.tf | 1 + modules/cloudfront-logs/variables.tf | 5 +++++ modules/opennext-assets/main.tf | 1 + modules/opennext-assets/variables.tf | 5 ++++- modules/opennext-cloudfront/main.tf | 1 + modules/opennext-cloudfront/variables.tf | 5 +++++ modules/opennext-lambda/main.tf | 1 + modules/opennext-lambda/variables.tf | 5 ++++- modules/opennext-revalidation-queue/main.tf | 1 + modules/opennext-revalidation-queue/variables.tf | 5 +++++ variables.tf | 10 ++++++++++ 12 files changed, 52 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 8dc0651..8d37809 100644 --- a/main.tf +++ b/main.tf @@ -12,11 +12,16 @@ terraform { data "aws_caller_identity" "current" {} data "aws_region" "current" {} +locals { + aws_region = var.region != null ? var.region : data.aws_region.current.name +} + /** * Assets & Cache S3 Bucket **/ module "assets" { source = "./modules/opennext-assets" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-assets" @@ -31,6 +36,7 @@ module "assets" { **/ module "server_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-server" @@ -67,6 +73,7 @@ module "server_function" { **/ module "image_optimization_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-image-optimization" @@ -101,6 +108,7 @@ module "image_optimization_function" { **/ module "revalidation_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-revalidation" @@ -136,6 +144,7 @@ module "revalidation_function" { module "revalidation_queue" { source = "./modules/opennext-revalidation-queue" prefix = "${var.prefix}-revalidation-queue" + region = local.aws_region default_tags = var.default_tags aws_account_id = data.aws_caller_identity.current.account_id @@ -148,6 +157,7 @@ module "revalidation_queue" { module "warmer_function" { source = "./modules/opennext-lambda" + region = local.aws_region default_tags = var.default_tags prefix = "${var.prefix}-nextjs-warmer" @@ -184,6 +194,7 @@ module "warmer_function" { **/ module "cloudfront_logs" { source = "./modules/cloudfront-logs" + region = local.aws_region default_tags = var.default_tags log_group_name = "${var.prefix}-cloudfront-logs" @@ -197,6 +208,7 @@ module "cloudfront_logs" { module "cloudfront" { source = "./modules/opennext-cloudfront" prefix = "${var.prefix}-cloudfront" + region = local.aws_region default_tags = var.default_tags comment = local.cloudfront.comment @@ -205,8 +217,8 @@ module "cloudfront" { origins = { assets_bucket = module.assets.assets_bucket.bucket_regional_domain_name - server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws" - image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws" + server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.${local.aws_region}.on.aws" + image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${local.aws_region}.on.aws" } aliases = local.cloudfront.aliases diff --git a/modules/cloudfront-logs/main.tf b/modules/cloudfront-logs/main.tf index a63a64f..33c3d51 100644 --- a/modules/cloudfront-logs/main.tf +++ b/modules/cloudfront-logs/main.tf @@ -15,6 +15,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/cloudfront-logs/variables.tf b/modules/cloudfront-logs/variables.tf index c95a0e9..0ac05ab 100644 --- a/modules/cloudfront-logs/variables.tf +++ b/modules/cloudfront-logs/variables.tf @@ -4,6 +4,11 @@ variable "default_tags" { default = {} } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "log_group_name" { type = string diff --git a/modules/opennext-assets/main.tf b/modules/opennext-assets/main.tf index 2e5485c..c44a71b 100644 --- a/modules/opennext-assets/main.tf +++ b/modules/opennext-assets/main.tf @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-assets/variables.tf b/modules/opennext-assets/variables.tf index 4049bd5..ff701de 100644 --- a/modules/opennext-assets/variables.tf +++ b/modules/opennext-assets/variables.tf @@ -9,7 +9,10 @@ variable "default_tags" { default = {} } - +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} variable "assets_path" { type = string diff --git a/modules/opennext-cloudfront/main.tf b/modules/opennext-cloudfront/main.tf index 04b13ab..96fa00d 100644 --- a/modules/opennext-cloudfront/main.tf +++ b/modules/opennext-cloudfront/main.tf @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 1ab6fe3..30d35f2 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -9,6 +9,11 @@ variable "default_tags" { default = {} } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "comment" { type = string description = "Comment to add to the CloudFront distribution" diff --git a/modules/opennext-lambda/main.tf b/modules/opennext-lambda/main.tf index a7b2f7e..a10d0fc 100644 --- a/modules/opennext-lambda/main.tf +++ b/modules/opennext-lambda/main.tf @@ -14,6 +14,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-lambda/variables.tf b/modules/opennext-lambda/variables.tf index 40c3422..5afac3e 100644 --- a/modules/opennext-lambda/variables.tf +++ b/modules/opennext-lambda/variables.tf @@ -12,7 +12,10 @@ variable "default_tags" { default = {} } - +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} /** * Create Toggles diff --git a/modules/opennext-revalidation-queue/main.tf b/modules/opennext-revalidation-queue/main.tf index 2e5485c..c44a71b 100644 --- a/modules/opennext-revalidation-queue/main.tf +++ b/modules/opennext-revalidation-queue/main.tf @@ -10,6 +10,7 @@ terraform { } provider "aws" { + region = var.region default_tags { tags = var.default_tags } diff --git a/modules/opennext-revalidation-queue/variables.tf b/modules/opennext-revalidation-queue/variables.tf index 3ace808..7e5b736 100644 --- a/modules/opennext-revalidation-queue/variables.tf +++ b/modules/opennext-revalidation-queue/variables.tf @@ -3,6 +3,11 @@ variable "prefix" { description = "Prefix for created resource IDs" } +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." +} + variable "default_tags" { type = map(string) description = "Default tags to apply to all created resources" diff --git a/variables.tf b/variables.tf index c11dbac..72c0340 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,16 @@ variable "default_tags" { default = {} } +/** + * AWS Provider Variables + **/ +variable "region" { + type = string + description = "The deployment region to be used by the AWS provider." + default = null +} + + /** * Route53 (DNS) Variables **/ From b522e5b438170ed5fa753fa446081103a820b75d Mon Sep 17 00:00:00 2001 From: andylamp Date: Thu, 9 Nov 2023 02:12:22 +0200 Subject: [PATCH 2/8] remove bits that cause issues --- modules/opennext-cloudfront/waf.tf | 150 ++++++++++++++--------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/modules/opennext-cloudfront/waf.tf b/modules/opennext-cloudfront/waf.tf index 658ac0b..581e727 100644 --- a/modules/opennext-cloudfront/waf.tf +++ b/modules/opennext-cloudfront/waf.tf @@ -121,78 +121,78 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { } } -resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { - count = var.waf_logging_configuration == null || try(aws_wafv2_web_acl.cloudfront_waf[0], null) == null ? 0 : 1 - - resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn - log_destination_configs = var.waf_logging_configuration.log_destination_configs - - dynamic "logging_filter" { - for_each = var.waf_logging_configuration.logging_filter != null ? [true] : [] - - content { - default_behavior = var.waf_logging_configuration.logging_filter.default_behavior - - dynamic "filter" { - for_each = toset(var.waf_logging_configuration.logging_filter.filter) - - content { - behavior = filter.value.behavior - requirement = filter.value.requirement - - dynamic "condition" { - for_each = filter.value.action_condition != null ? toset(filter.value.action_condition) : [] - - content { - action_condition { - action = condition.value.action - } - } - } - - dynamic "condition" { - for_each = filter.value.label_name_condition != null ? toset(filter.label_name_condition) : [] - - content { - label_name_condition { - label_name = condition.value.label_name - } - } - } - } - } - } - } - - dynamic "redacted_fields" { - for_each = var.waf_logging_configuration.redacted_fields == null ? toset(var.waf_logging_configuration.redacted_fields) : [] - - content { - dynamic "method" { - for_each = redacted_fields.value.method == true ? [true] : [] - - content {} - } - - dynamic "query_string" { - for_each = redacted_fields.value.query_string == true ? [true] : [] - - content {} - } - - dynamic "single_header" { - for_each = redacted_fields.value.single_header != null ? [true] : [] - - content { - name = redacted_fields.value.single_header.name - } - } - - dynamic "uri_path" { - for_each = redacted_fields.value.uri_path == true ? [true] : [] - - content {} - } - } - } -} +#resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { +# count = var.waf_logging_configuration == null || try(aws_wafv2_web_acl.cloudfront_waf[0], null) == null ? 0 : 1 +# +# resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn +# log_destination_configs = var.waf_logging_configuration.log_destination_configs +# +# dynamic "logging_filter" { +# for_each = var.waf_logging_configuration.logging_filter != null ? [true] : [] +# +# content { +# default_behavior = var.waf_logging_configuration.logging_filter.default_behavior +# +# dynamic "filter" { +# for_each = toset(var.waf_logging_configuration.logging_filter.filter) +# +# content { +# behavior = filter.value.behavior +# requirement = filter.value.requirement +# +# dynamic "condition" { +# for_each = filter.value.action_condition != null ? toset(filter.value.action_condition) : [] +# +# content { +# action_condition { +# action = condition.value.action +# } +# } +# } +# +# dynamic "condition" { +# for_each = filter.value.label_name_condition != null ? toset(filter.label_name_condition) : [] +# +# content { +# label_name_condition { +# label_name = condition.value.label_name +# } +# } +# } +# } +# } +# } +# } +# +# dynamic "redacted_fields" { +# for_each = var.waf_logging_configuration.redacted_fields == null ? toset(var.waf_logging_configuration.redacted_fields) : [] +# +# content { +# dynamic "method" { +# for_each = redacted_fields.value.method == true ? [true] : [] +# +# content {} +# } +# +# dynamic "query_string" { +# for_each = redacted_fields.value.query_string == true ? [true] : [] +# +# content {} +# } +# +# dynamic "single_header" { +# for_each = redacted_fields.value.single_header != null ? [true] : [] +# +# content { +# name = redacted_fields.value.single_header.name +# } +# } +# +# dynamic "uri_path" { +# for_each = redacted_fields.value.uri_path == true ? [true] : [] +# +# content {} +# } +# } +# } +#} From ba5825d73b0012c384c6868e9b5b1f63929fb735 Mon Sep 17 00:00:00 2001 From: andylamp Date: Thu, 16 Nov 2023 18:58:24 +0200 Subject: [PATCH 3/8] refactor for tf comp, add price class var --- locals.tf | 1 + main.tf | 4 +++- modules/cloudfront-logs/main.tf | 2 +- modules/opennext-assets/main.tf | 2 +- modules/opennext-cloudfront/main.tf | 2 +- modules/opennext-cloudfront/variables.tf | 10 ++++++++++ modules/opennext-lambda/main.tf | 2 +- variables.tf | 1 + 8 files changed, 19 insertions(+), 5 deletions(-) diff --git a/locals.tf b/locals.tf index a261816..6099b7d 100644 --- a/locals.tf +++ b/locals.tf @@ -16,6 +16,7 @@ locals { restriction_type = "none" locations = [] }) + price_class = coalesce(try(var.cloudfront.price_class, null), "PriceClass_All") cors = merge({ allow_credentials = false, allow_headers = ["*"], diff --git a/main.tf b/main.tf index 8d37809..1f44aa8 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { @@ -211,6 +211,8 @@ module "cloudfront" { region = local.aws_region default_tags = var.default_tags + price_class = local.cloudfront.price_class + comment = local.cloudfront.comment logging_bucket_domain_name = module.cloudfront_logs.logs_s3_bucket.bucket_regional_domain_name assets_origin_access_identity = module.assets.cloudfront_origin_access_identity.cloudfront_access_identity_path diff --git a/modules/cloudfront-logs/main.tf b/modules/cloudfront-logs/main.tf index 33c3d51..4c9296b 100644 --- a/modules/cloudfront-logs/main.tf +++ b/modules/cloudfront-logs/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { diff --git a/modules/opennext-assets/main.tf b/modules/opennext-assets/main.tf index c44a71b..9b66b22 100644 --- a/modules/opennext-assets/main.tf +++ b/modules/opennext-assets/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { diff --git a/modules/opennext-cloudfront/main.tf b/modules/opennext-cloudfront/main.tf index 96fa00d..ca45e91 100644 --- a/modules/opennext-cloudfront/main.tf +++ b/modules/opennext-cloudfront/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 30d35f2..302d7fc 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -23,6 +23,16 @@ variable "acm_certificate_arn" { type = string } +variable price_class { + type = string + description = "The price class to use for the distribution" + validation { + condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"]) + error_message = "Valid values for price_class are: `PriceClass_200`, `PriceClass_100` and `PriceClass_All`." + } + default = "PriceClass_All" +} + variable "origins" { type = object({ assets_bucket = string diff --git a/modules/opennext-lambda/main.tf b/modules/opennext-lambda/main.tf index a10d0fc..2e2768d 100644 --- a/modules/opennext-lambda/main.tf +++ b/modules/opennext-lambda/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.5" + required_version = ">= 1.5" required_providers { aws = { diff --git a/variables.tf b/variables.tf index 72c0340..1b73f07 100644 --- a/variables.tf +++ b/variables.tf @@ -327,6 +327,7 @@ variable "cloudfront" { override = bool value = string }))) + price_class = optional(string) geo_restriction = optional(object({ restriction_type = string locations = list(string) From 52049ea2f8f9cb9fb269bfc98055609f6ce25e21 Mon Sep 17 00:00:00 2001 From: andylamp Date: Thu, 16 Nov 2023 18:58:49 +0200 Subject: [PATCH 4/8] fix fmt --- modules/opennext-cloudfront/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 302d7fc..82d352e 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -23,11 +23,11 @@ variable "acm_certificate_arn" { type = string } -variable price_class { - type = string +variable "price_class" { + type = string description = "The price class to use for the distribution" validation { - condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"]) + condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"]) error_message = "Valid values for price_class are: `PriceClass_200`, `PriceClass_100` and `PriceClass_All`." } default = "PriceClass_All" From b9b01cda5d5c95da0f921ad1a6e095be66fd956b Mon Sep 17 00:00:00 2001 From: andylamp Date: Thu, 16 Nov 2023 19:02:45 +0200 Subject: [PATCH 5/8] fix regression with contains --- modules/opennext-cloudfront/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 82d352e..ac899b2 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -27,7 +27,7 @@ variable "price_class" { type = string description = "The price class to use for the distribution" validation { - condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"]) + condition = contains(["PriceClass_200", "PriceClass_100", "PriceClass_All"], var.price_class) error_message = "Valid values for price_class are: `PriceClass_200`, `PriceClass_100` and `PriceClass_All`." } default = "PriceClass_All" From 9aedb1b7ad273900389f4ba8b5b50d722eff6180 Mon Sep 17 00:00:00 2001 From: andylamp Date: Thu, 16 Nov 2023 20:11:03 +0200 Subject: [PATCH 6/8] actually assign the price class --- modules/opennext-cloudfront/cloudfront.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/cloudfront.tf b/modules/opennext-cloudfront/cloudfront.tf index e4f755d..5c74350 100644 --- a/modules/opennext-cloudfront/cloudfront.tf +++ b/modules/opennext-cloudfront/cloudfront.tf @@ -163,7 +163,7 @@ resource "aws_cloudfront_response_headers_policy" "response_headers_policy" { resource "aws_cloudfront_distribution" "distribution" { provider = aws.global - price_class = "PriceClass_100" + price_class = var.price_class enabled = true is_ipv6_enabled = true comment = coalesce(var.comment, "${var.prefix} - CloudFront Distribution for Next.js Application") From 88d565c305dd12d728d9050c3319c7e59435d43f Mon Sep 17 00:00:00 2001 From: andylamp Date: Fri, 17 Nov 2023 15:21:38 +0200 Subject: [PATCH 7/8] use the first entry in alias for the log prefix in case there are more than one --- modules/opennext-cloudfront/cloudfront.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/opennext-cloudfront/cloudfront.tf b/modules/opennext-cloudfront/cloudfront.tf index 5c74350..23f2f45 100644 --- a/modules/opennext-cloudfront/cloudfront.tf +++ b/modules/opennext-cloudfront/cloudfront.tf @@ -174,7 +174,7 @@ resource "aws_cloudfront_distribution" "distribution" { include_cookies = false # bucket = module.cloudfront_logs.logs_s3_bucket.bucket_regional_domain_name bucket = var.logging_bucket_domain_name - prefix = one(var.aliases) + prefix = length(var.aliases) > 0 ? var.aliases[0] : null } viewer_certificate { From 91384eaa747dc305bf040bab835329c24836259e Mon Sep 17 00:00:00 2001 From: andylamp Date: Fri, 8 Dec 2023 00:29:39 +0000 Subject: [PATCH 8/8] refactor module to allow custom cache policy for static assets --- main.tf | 9 +++++---- modules/opennext-assets/s3.tf | 2 +- modules/opennext-assets/variables.tf | 5 +++++ variables.tf | 9 +++++++++ 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 1f44aa8..d3e732c 100644 --- a/main.tf +++ b/main.tf @@ -24,10 +24,11 @@ module "assets" { region = local.aws_region default_tags = var.default_tags - prefix = "${var.prefix}-assets" - assets_path = "${local.opennext_abs_path}/assets" - cache_path = "${local.opennext_abs_path}/cache" - server_function_role_arn = module.server_function.lambda_role.arn + prefix = "${var.prefix}-assets" + assets_path = "${local.opennext_abs_path}/assets" + cache_path = "${local.opennext_abs_path}/cache" + server_function_role_arn = module.server_function.lambda_role.arn + static_asset_cache_config = var.static_asset_cache_config } diff --git a/modules/opennext-assets/s3.tf b/modules/opennext-assets/s3.tf index 5146639..ec8b71a 100644 --- a/modules/opennext-assets/s3.tf +++ b/modules/opennext-assets/s3.tf @@ -191,7 +191,7 @@ resource "aws_s3_object" "assets" { key = "assets/${each.value}" source = "${var.assets_path}/${each.value}" source_hash = filemd5("${var.assets_path}/${each.value}") - cache_control = length(regexall(".*(_next).*$", each.value)) > 0 ? "public,max-age=31536000,immutable" : "public,max-age=0,s-maxage=31536000,must-revalidate" + cache_control = length(regexall(".*(_next).*$", each.value)) > 0 ? "public,max-age=31536000,immutable" : var.static_asset_cache_config content_type = lookup(local.content_type_lookup, split(".", each.value)[length(split(".", each.value)) - 1], "text/plain") } diff --git a/modules/opennext-assets/variables.tf b/modules/opennext-assets/variables.tf index ff701de..2a07161 100644 --- a/modules/opennext-assets/variables.tf +++ b/modules/opennext-assets/variables.tf @@ -24,6 +24,11 @@ variable "cache_path" { description = "The path of the open-next cache" } +variable "static_asset_cache_config" { + type = string + description = "Static asset cache config" +} + variable "server_function_role_arn" { type = string description = "The IAM role ARN of the Next.js server lambda function" diff --git a/variables.tf b/variables.tf index 1b73f07..6cebad7 100644 --- a/variables.tf +++ b/variables.tf @@ -44,6 +44,15 @@ variable "evaluate_target_health" { description = "Allow Route53 to determine whether to respond to DNS queries by checking the health of the record set" } +/** + * OpenNext Assets variables +**/ +variable "static_asset_cache_config" { + type = string + description = "Static asset cache config" + default = "public,max-age=0,s-maxage=31536000,must-revalidate" +} + /** * OpenNext Variables **/