Clean up Terraform code

2026-02-09 00:39:57 +00:00 · 2021-12-23 20:01:30 -03:30
parent cad89d32ab
commit 9bdd7fb8f6
1 changed files with 31 additions and 15 deletions
--- a/aws-ecsfargate-terraform/terraform.tf
+++ b/aws-ecsfargate-terraform/terraform.tf
@@ -15,11 +15,11 @@ provider "aws" {

 locals {
  name_prefix = var.name_prefix != "" ? var.name_prefix : "scim-bridge"
-  tags        = var.tags == {} ? var.tags : { 
-                    application = "1Password SCIM Bridge",
-                    version     = trimprefix(jsondecode(file("task-definitions/scim.json"))[0].image, "1password/scim:v")
+  domain      = join(".", slice(split(".", var.domain_name), 1, length(split(".", var.domain_name))))
+  tags        = var.tags == {} ? var.tags : {
+                  application = "1Password SCIM Bridge",
+                  version     = trimprefix(jsondecode(file("task-definitions/scim.json"))[0].image, "1password/scim:v")
                }
-  domain = join(".", slice(split(".", var.domain_name), 1, length(split(".", var.domain_name))))
 }

 # Use the default VPC or find the VPC by name
@@ -36,9 +36,10 @@ data "aws_subnet_ids" "subnets" {

 resource "aws_secretsmanager_secret" "scimsession" {
  name                    = format("%s-%s",local.name_prefix,"scimsession")
-  tags                    = local.tags
  # Allow `terraform destroy` to delete secret (hint: save your scimsession file in 1Password)
  recovery_window_in_days = 0
+
+  tags                    = local.tags
 }

 resource "aws_secretsmanager_secret_version" "scimsession_1" {
@@ -53,6 +54,7 @@ resource "aws_cloudwatch_log_group" "scim-bridge" {

 resource "aws_ecs_cluster" "scim-bridge" {
  name = var.name_prefix == "" ? "scim-bridge" : format("%s-%s",local.name_prefix,"scim-bridge")
+
  tags = local.tags
 }

@@ -68,12 +70,14 @@ resource "aws_ecs_task_definition" "scim-bridge" {
  memory                   = 512
  cpu                      = 256
  execution_role_arn       = aws_iam_role.scim-bridge.arn
+
  tags                     = local.tags
 }

 resource "aws_iam_role" "scim-bridge" {
  name               = format("%s-%s",local.name_prefix,"task-role")
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
+
  tags               = local.tags
 }

@@ -118,9 +122,7 @@ resource "aws_ecs_service" "scim_bridge_service" {
  launch_type      = "FARGATE"
  platform_version = "1.4.0"
  desired_count    = 1
-  depends_on       = [aws_lb_listener.listener_https]
-  tags             = local.tags
-
+  
  load_balancer {
    target_group_arn = aws_lb_target_group.target_group_http.arn
    container_name   = aws_ecs_task_definition.scim-bridge.family
@@ -132,6 +134,10 @@ resource "aws_ecs_service" "scim_bridge_service" {
    assign_public_ip = true
    security_groups  = [aws_security_group.service_security_group.id]
  }
+
+  tags             = local.tags
+
+  depends_on       = [aws_lb_listener.listener_https]
 }

 resource "aws_alb" "scim-bridge-alb" {
@@ -139,13 +145,13 @@ resource "aws_alb" "scim-bridge-alb" {
  load_balancer_type = "application"
  subnets            = data.aws_subnet_ids.subnets.ids
  security_groups    = [aws_security_group.scim-bridge-sg.id]
+  
  tags               = local.tags
 }

 # Create a security group for the load balancer:
 resource "aws_security_group" "scim-bridge-sg" {
  vpc_id = data.aws_vpc.vpc.id
-  tags   = local.tags
  ingress {
    from_port   = 80
    to_port     = 80
@@ -166,10 +172,11 @@ resource "aws_security_group" "scim-bridge-sg" {
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
+
+  tags   = local.tags
 }

 resource "aws_security_group" "service_security_group" {
-  tags = local.tags
  ingress {
    from_port = 3002
    to_port   = 3002
@@ -184,6 +191,8 @@ resource "aws_security_group" "service_security_group" {
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
+
+  tags = local.tags
 }

 resource "aws_lb_target_group" "target_group_http" {
@@ -192,11 +201,12 @@ resource "aws_lb_target_group" "target_group_http" {
  protocol    = "HTTP"
  target_type = "ip"
  vpc_id      = data.aws_vpc.vpc.id
-  tags        = local.tags
  health_check {
    matcher = "200,301,302"
    path    = "/app"
  }
+
+  tags        = local.tags
 }

 resource "aws_lb_listener" "listener_https" {
@@ -206,30 +216,32 @@ resource "aws_lb_listener" "listener_https" {
  certificate_arn   = !var.wildcard_cert ? (
                        var.using_route53 ?
                          aws_acm_certificate_validation.scim_bridge_cert_validate[0].certificate_arn : aws_acm_certificate.scim_bridge_cert[0].arn
-                        ) : data.aws_acm_certificate.wildcard_cert[0].arn                      
+                        ) : data.aws_acm_certificate.wildcard_cert[0].arn
  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.target_group_http.arn
  }
 }

-output "cloudwatch-log-group" {
+output "cloudwatch_log_group" {
  description = "Where you can find your SCIM bridge logs"
  value       = aws_cloudwatch_log_group.scim-bridge.name
 }

-output "loadbalancer-dns-name" {
+output "loadbalancer_dns_name" {
  description = "The name of the load balancer to target in your DNS"
  value       = var.using_route53 ? null : aws_alb.scim-bridge-alb.dns_name
 }

 data "aws_acm_certificate" "wildcard_cert" {
  count  =  !var.wildcard_cert ? 0 : 1
+
  domain = "*.${local.domain}"
 }

 resource "aws_acm_certificate" "scim_bridge_cert" {
  count             = !var.wildcard_cert ? 1 : 0
+
  domain_name       = var.domain_name
  validation_method = "DNS"

@@ -240,12 +252,14 @@ resource "aws_acm_certificate" "scim_bridge_cert" {

 data "aws_route53_zone" "zone" {
  count        = var.using_route53 ? 1 : 0
+
  name         = local.domain
  private_zone = false
 }

 resource "aws_acm_certificate_validation" "scim_bridge_cert_validate" {
  count                   = var.using_route53 && !var.wildcard_cert ? 1 : 0
+
  certificate_arn         = aws_acm_certificate.scim_bridge_cert[0].arn
  validation_record_fqdns = [for record in aws_route53_record.scim_bridge_cert_validation : record.fqdn]
 }
@@ -262,6 +276,7 @@ resource "aws_route53_record" "scim_bridge_cert_validation" {
      }
    } : {}
  )
+
  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
@@ -272,6 +287,7 @@ resource "aws_route53_record" "scim_bridge_cert_validation" {

 resource "aws_route53_record" "scim_bridge" {
  count   = var.using_route53 ? 1 : 0
+
  zone_id = data.aws_route53_zone.zone[0].id
  name    = var.domain_name
  type    = "A"
@@ -283,7 +299,7 @@ resource "aws_route53_record" "scim_bridge" {
  }
 }

-output "url" {
+output "scim_bridge_url" {
  description = "The URL of your SCIM bridge"
  value       = "https://${var.domain_name}"
 }