create AppConfig resources

silinternational · Mar 1, 2024 · ab6a2a8 · ab6a2a8
1 parent 0692867
commit ab6a2a8
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@
 *.env
 google-auth.json
 .terraform/
+.terraform.lock.hcl
diff --git a/terraform/000-core/main.tf b/terraform/000-core/main.tf
@@ -93,3 +93,26 @@ resource "aws_acm_certificate_validation" "idp" {
   certificate_arn         = aws_acm_certificate.idp[0].arn
   validation_record_fqdns = [cloudflare_record.idp-verification[0].hostname]
 }
+
+resource "aws_appconfig_application" "this" {
+  count = var.appconfig_app_name == "" ? 0 : 1
+
+  name = var.appconfig_app_name
+}
+
+resource "aws_appconfig_environment" "this" {
+  count = var.appconfig_app_name == "" ? 0 : 1
+
+  name           = var.app_env
+  application_id = one(aws_appconfig_application.this[*].id)
+}
+
+resource "aws_appconfig_deployment_strategy" "this" {
+  count = var.appconfig_app_name == "" ? 0 : 1
+
+  name                           = "immediate"
+  deployment_duration_in_minutes = 0
+  growth_factor                  = 100
+  growth_type                    = "LINEAR"
+  replicate_to                   = "NONE"
+}
diff --git a/terraform/000-core/outputs.tf b/terraform/000-core/outputs.tf
@@ -45,3 +45,16 @@ output "ecsServiceRole_arn" {
   value = module.ecscluster.ecsServiceRole_arn
 }
 
+
+/*
+ * AppConfig outputs
+ */
+output "app_id" {
+  description = "AppConfig application ID"
+  value       = one(aws_appconfig_application.this[*].id)
+}
+
+output "env_id" {
+  description = "AppConfig environment ID"
+  value       = one(aws_appconfig_environment.this[*].environment_id)
+}
diff --git a/terraform/000-core/vars.tf b/terraform/000-core/vars.tf
@@ -20,3 +20,20 @@ variable "create_cd_user" {
   default     = true
 }
 
+
+/*
+ * Optional variables
+ */
+
+variable "app_env" {
+  description = "The abbreviated version of the environment used for naming resources, typically either stg or prod. Default: 'prod'"
+  type        = string
+  default     = "prod"
+}
+
+variable "appconfig_app_name" {
+  type        = string
+  description = "The application name in AppConfig. If not specified, no AppConfig resources will be created."
+  default     = ""
+}
+
diff --git a/terraform/040-id-broker/main.tf b/terraform/040-id-broker/main.tf
@@ -1,6 +1,7 @@
 locals {
   aws_account = data.aws_caller_identity.this.account_id
   aws_region  = data.aws_region.current.name
+  config_id   = one(aws_appconfig_configuration_profile.this[*].configuration_profile_id)
 }
 
 /*
@@ -81,7 +82,7 @@ locals {
   task_def = templatefile("${path.module}/task-definition.json", {
     app_id                                     = var.app_id
     env_id                                     = var.env_id
-    config_id                                  = var.config_id
+    config_id                                  = local.config_id
     api_access_keys                            = local.api_access_keys
     abandoned_user_abandoned_period            = var.abandoned_user_abandoned_period
     abandoned_user_best_practice_url           = var.abandoned_user_best_practice_url
@@ -215,7 +216,7 @@ locals {
   task_def_cron = templatefile("${path.module}/task-definition.json", {
     app_id                                     = var.app_id
     env_id                                     = var.env_id
-    config_id                                  = var.config_id
+    config_id                                  = local.config_id
     api_access_keys                            = local.api_access_keys
     abandoned_user_abandoned_period            = var.abandoned_user_abandoned_period
     abandoned_user_best_practice_url           = var.abandoned_user_best_practice_url
@@ -473,12 +474,24 @@ resource "aws_iam_role_policy" "app_config" {
             "appconfig:GetLatestConfiguration",
             "appconfig:StartConfigurationSession",
           ]
-          Resource = "arn:aws:appconfig:${local.aws_region}:${local.aws_account}:application/${var.app_id}/environment/${var.env_id}/configuration/${var.config_id}"
+          Resource = "arn:aws:appconfig:${local.aws_region}:${local.aws_account}:application/${var.app_id}/environment/${var.env_id}/configuration/${local.config_id}"
         }
       ]
   })
 }
 
+
+/*
+ * Create AppConfig configuration profile
+ */
+resource "aws_appconfig_configuration_profile" "this" {
+  count = var.app_id == "" ? 0 : 1
+
+  application_id = var.app_id
+  name           = "${var.app_name}-${var.app_env}"
+  location_uri   = "hosted"
+}
+
 /*
  * AWS data
  */

diff --git a/terraform/040-id-broker/vars.tf b/terraform/040-id-broker/vars.tf
@@ -582,13 +582,13 @@ variable "wildcard_cert_arn" {
 }
 
 variable "app_id" {
-  default = ""
+  description = "AppConfig application ID"
+  type        = string
+  default     = ""
 }
 
 variable "env_id" {
-  default = ""
-}
-
-variable "config_id" {
-  default = ""
+  description = "AppConfig environment ID"
+  type        = string
+  default     = ""
 }