Skip to content
This repository has been archived by the owner on Sep 22, 2023. It is now read-only.

Multiple fixes for "ghost" diffs #5

Merged
merged 7 commits into from
Oct 28, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions acm.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,26 @@ resource "aws_acm_certificate" "cert" {
}

resource "aws_route53_record" "cert_validation" {
name = tolist(aws_acm_certificate.cert[0].domain_validation_options)[0].resource_record_name
type = tolist(aws_acm_certificate.cert[0].domain_validation_options)[0].resource_record_type
zone_id = data.aws_route53_zone.proxy.zone_id
records = [tolist(aws_acm_certificate.cert[0].domain_validation_options)[0].resource_record_value]
ttl = 60
count = var.use_acm ? 1 : 0
dilchenko marked this conversation as resolved.
Show resolved Hide resolved
for_each = {
for dvo in aws_acm_certificate.cert[0].domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
name = each.value.name
records = [each.value.record]
type = each.value.type
allow_overwrite = true
zone_id = data.aws_route53_zone.proxy.zone_id

depends_on = [
aws_acm_certificate.cert
]
}

resource "aws_acm_certificate_validation" "cert" {
certificate_arn = aws_acm_certificate.cert[0].arn
validation_record_fqdns = [aws_route53_record.cert_validation[0].fqdn]
validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
count = var.use_acm ? 1 : 0
}
3 changes: 2 additions & 1 deletion auth_asg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ resource "aws_launch_configuration" "auth" {
}
)
metadata_options {
http_tokens = "required"
http_endpoint = "enabled"
dilchenko marked this conversation as resolved.
Show resolved Hide resolved
http_tokens = "required"
}
root_block_device {
encrypted = true
Expand Down
5 changes: 0 additions & 5 deletions data.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,3 @@ data "aws_region" "current" {}
data "aws_kms_alias" "ssm" {
name = var.kms_alias_name
}

# Pick up the license path and make it accessible as a file
data "local_file" "license" {
filename = var.license_path
}
3 changes: 2 additions & 1 deletion monitor_asg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ resource "aws_launch_configuration" "monitor" {
}
)
metadata_options {
http_tokens = "required"
http_endpoint = "enabled"
http_tokens = "required"
}
root_block_device {
encrypted = true
Expand Down
3 changes: 2 additions & 1 deletion node_asg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@ resource "aws_launch_configuration" "node" {
}
)
metadata_options {
http_tokens = "required"
http_endpoint = "enabled"
http_tokens = "required"
}
root_block_device {
encrypted = true
Expand Down
3 changes: 2 additions & 1 deletion proxy_asg.tf
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,8 @@ resource "aws_launch_configuration" "proxy" {
}
)
metadata_options {
http_tokens = "required"
http_endpoint = "enabled"
http_tokens = "required"
}
root_block_device {
encrypted = true
Expand Down
4 changes: 2 additions & 2 deletions ssm.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
// is destroyed, cluster will overwrite them with real values

resource "aws_ssm_parameter" "license" {
count = var.license_path != "" ? 1 : 0
count = var.teleport_license != "" ? 1 : 0
name = "/teleport/${var.cluster_name}/license"
type = "SecureString"
value = data.local_file.license.content
value = var.teleport_license
overwrite = true
}

Expand Down
7 changes: 7 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,13 @@ variable "license_path" {
default = ""
dilchenko marked this conversation as resolved.
Show resolved Hide resolved
}

# Contents of the Teleport Enterprise license to be used for the cluster
variable "teleport_license" {
dilchenko marked this conversation as resolved.
Show resolved Hide resolved
type = string
default = ""
sensitive = true
}

# Instance type used for auth autoscaling group
variable "auth_instance_type" {
type = string
Expand Down