From fcecc140277f63e147045c53b90802ed968bd6ab Mon Sep 17 00:00:00 2001 From: Tigran Muradyan Date: Tue, 27 Aug 2024 19:13:29 +0400 Subject: [PATCH 1/2] feat(DMVP-5087): have module improved/fixed to be ready for usage --- .github/workflows/checkov.yaml | 2 +- .github/workflows/terraform-test.yaml | 2 +- .github/workflows/tflint.yaml | 2 +- .pre-commit-config.yaml | 10 ++- README.md | 63 +++++++++++++++- cdn.tf | 37 +++++----- dns.tf | 24 +++++- githooks/commit-msg | 102 +++++--------------------- outputs.tf | 4 + s3.tf | 28 +++---- tests/basic/.terraform.lock.hcl | 64 ++++++++++++++++ tests/basic/0-setup.tf | 25 +++++++ tests/basic/1-example.tf | 10 +++ tests/basic/README.md | 32 ++++++++ variables.tf | 50 +++++++++++++ versions.tf | 6 +- waf.tf | 3 +- 17 files changed, 335 insertions(+), 129 deletions(-) create mode 100644 tests/basic/.terraform.lock.hcl create mode 100644 tests/basic/0-setup.tf create mode 100644 tests/basic/1-example.tf create mode 100644 tests/basic/README.md diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index b79d3ea..bf97c32 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -17,7 +17,7 @@ jobs: matrix: path: - / - + steps: - uses: dasmeta/reusable-actions-workflows/checkov@main with: diff --git a/.github/workflows/terraform-test.yaml b/.github/workflows/terraform-test.yaml index 70b927f..e7c49f4 100644 --- a/.github/workflows/terraform-test.yaml +++ b/.github/workflows/terraform-test.yaml @@ -16,7 +16,7 @@ jobs: matrix: path: - / - + steps: - uses: dasmeta/reusable-actions-workflows/terraform-test@main with: diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml index 61b2cce..e3f711e 100644 --- a/.github/workflows/tflint.yaml +++ b/.github/workflows/tflint.yaml @@ -18,7 +18,7 @@ jobs: matrix: path: - / - + steps: - uses: dasmeta/reusable-actions-workflows/tflint@main with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1e2bb60..ba85df3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,7 @@ repos: - id: mixed-line-ending args: [--fix=lf] - id: detect-aws-credentials - args: ['--allow-missing-credentials'] + args: ["--allow-missing-credentials"] - id: detect-private-key - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.64.1 @@ -26,3 +26,11 @@ repos: - --hook-config=--path-to-file=README.md - --hook-config=--add-to-existing-file=true - --hook-config=--create-file-if-not-exist=true + - repo: https://github.com/qoomon/git-conventional-commits + rev: v2.4.0 + hooks: + - id: conventional-commits + - repo: https://github.com/zricethezav/gitleaks + rev: v8.12.0 + hooks: + - id: gitleaks diff --git a/README.md b/README.md index 20b1b27..52b88db 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,63 @@ # terraform-aws-frontend-app -Repo spins up frontend application setup which include CloudFront distribution, S3 bucket and DNS record. +Repo spins up frontend application setup which include CloudFront distribution, S3 bucket and DNS record, waf. + +## Example +```hcl +module "this" { + source = "dasmeta/frontend-app/aws" + version = "1.1.0" + + domain = "basic-test-front-app.devops.dasmeta.com" + zone = "devops.dasmeta.com" + + providers = { aws : aws, aws.virginia : aws.virginia } +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | > 1.3.0 | +| [aws](#requirement\_aws) | >= 5.27.0, < 6.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cdn](#module\_cdn) | dasmeta/modules/aws//modules/cloudfront-ssl-hsts | 2.16.0 | +| [dns](#module\_dns) | dasmeta/dns/aws | 1.0.4 | +| [dns\_alternative](#module\_dns\_alternative) | dasmeta/dns/aws | 1.0.4 | +| [s3](#module\_s3) | dasmeta/s3/aws | 1.2.1 | +| [waf](#module\_waf) | dasmeta/modules/aws//modules/waf | 2.15.6 | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [alternative\_domains](#input\_alternative\_domains) | n/a | `list(string)` | `[]` | no | +| [alternative\_zones](#input\_alternative\_zones) | n/a | `list(string)` | `[]` | no | +| [cdn\_configs](#input\_cdn\_configs) | CDN configuration options | 
object({
    default_root_object = optional(string, "index.html")
    additional_origins  = optional(any, [])
  })
| 
{
  "additional_origins": [],
  "default_root_object": "index.html"
}
| no | +| [domain](#input\_domain) | domain full name | `string` | n/a | yes | +| [enable\_http\_security\_headers](#input\_enable\_http\_security\_headers) | Whether to enable http security headers by creating pass through lambda handler for cdn | `bool` | `false` | no | +| [s3\_configs](#input\_s3\_configs) | S3 bucket configuration options | 
object({
    acl                     = optional(string, "private")
    create_index_html       = optional(bool, true)
    ignore_public_acls      = optional(bool, true)
    restrict_public_buckets = optional(bool, true)
    block_public_acls       = optional(bool, true)
    block_public_policy     = optional(bool, true)

    versioning      = optional(object({ enabled = bool }), { enabled = false })
    website         = optional(object({ index_document = string, error_document = string }), { index_document = "index.html", error_document = "index.html" })
    create_iam_user = optional(bool, false)
  })
| 
{
  "acl": "private",
  "block_public_acls": true,
  "block_public_policy": true,
  "create_iam_user": false,
  "create_index_html": true,
  "ignore_public_acls": true,
  "restrict_public_buckets": true,
  "versioning": {
    "enabled": false
  },
  "website": {
    "error_document": "index.html",
    "index_document": "index.html"
  }
}
| no | +| [waf](#input\_waf) | waf configs | `any` | `null` | no | +| [zone](#input\_zone) | R53 zone name | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [distribution\_id](#output\_distribution\_id) | cloudfront distribution id | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket name/id | +| [s3\_config](#output\_s3\_config) | n/a | +| [web\_acl\_id](#output\_web\_acl\_id) | waf arm/id | + diff --git a/cdn.tf b/cdn.tf index 7fc4cbc..dfd7da8 100644 --- a/cdn.tf +++ b/cdn.tf @@ -1,29 +1,28 @@ module "cdn" { source = "dasmeta/modules/aws//modules/cloudfront-ssl-hsts" - version = "1.1.2" + version = "2.16.0" - zone = concat([var.zone], var.alternative_zones) - aliases = concat([var.domain], var.alternative_domains) - comment = "cdn for ${var.domain}" - web_acl_id = try(module.waf[0].web_acl_arn, null) + zone = concat([var.zone], var.alternative_zones) + aliases = concat([var.domain], var.alternative_domains) + comment = "cdn for ${var.domain}" + web_acl_id = try(module.waf[0].web_acl_arn, null) + create_hsts = var.enable_http_security_headers + default_root_object = var.cdn_configs.default_root_object - origin = { - s3 = { - domain_name = module.s3.s3_bucket_website_endpoint - custom_origin_config = { - origin_protocol_policy = "http-only" + origins = concat( + var.cdn_configs.additional_origins, + [ + { + id = "s3" # the last one is default origin/behavior, we suppose the front app is default one + domain_name = module.s3.s3_bucket_id + type = "bucket" } - } - } - - default_cache_behavior = { - target_origin_id = "s3" - use_forwarded_values = true - headers = [] - } + ] + ) providers = { - aws = aws.virginia + aws = aws + aws.virginia = aws.virginia } } diff --git a/dns.tf b/dns.tf index 4a7c202..abe04c3 100644 --- a/dns.tf +++ b/dns.tf @@ -1,6 +1,6 @@ module "dns" { source = "dasmeta/dns/aws" - version = "0.1.0" + version = "1.0.4" count = var.zone == null ? 0 : 1 @@ -15,3 +15,25 @@ module "dns" { } ] } + +module "dns_alternative" { + source = "dasmeta/dns/aws" + version = "1.0.4" + + for_each = { for key, domain in var.alternative_domains : domain => { + domain : domain + key : key + zone : try(var.alternative_zones[key], var.zone) + } } + + zone = each.value.zone + create_zone = false + + records = [ + { + target_type = "cdn" + name = replace(each.value.domain, each.value.zone, "") + distribution_id = module.cdn.cloudfront_distribution_id + } + ] +} diff --git a/githooks/commit-msg b/githooks/commit-msg index beaf311..b760692 100644 --- a/githooks/commit-msg +++ b/githooks/commit-msg @@ -1,86 +1,20 @@ -#!/bin/bash - -RED='\033[1;31m' -YELLOW='\033[1;33m' -GREEN='\033[1;32m' -NC='\033[0m' - -isNvmOk=false -isYarnOk=false -isNodeOk=false -isGccOk=false - -source ~/.nvm/nvm.sh > /dev/null 2>&1 -nvm -v > /dev/null 2>&1 -if [ ! $? -eq 0 ]; then - mkdir ~/.nvm > /dev/null 2>&1 - (curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash) > /dev/null 2>&1 - - source ~/.nvm/nvm.sh - - if [ `command -v nvm` ]; then - isNvmOk=true - #echo -e "$${GREEN}[ OK ]$${NC} nvm installed successfully" - else - isNvmOk=false - #echo -e "$${RED}[ FAIL ]$${NC} Error during nvm installation" - fi -fi - - -if [ `command -v node` ]; then - isNodeOk=true - #echo -e "$${GREEN}[ OK ]$${NC} npm and node is already installed" -else - #echo -e "$${YELLOW}[ WAIT ]$${NC} npm is not installed.. installing" - nvm install node > /dev/null 2>&1 - if [ `command -v node` ] && [ `command -v npm` ]; then - isNodeOk=true - #echo -e "$${GREEN}[ OK ]$${NC} npm installed successfully" - fi - -# mkdir ~/.npm-global > /dev/null 2>&1 -# npm config set prefix '~/.npm-global' > /dev/null 2>&1 -# export PATH=~/.npm-global/bin:$PATH > /dev/null 2>&1 -# source ~/.profile > /dev/null 2>&1 - -fi - - -if [ `command -v yarn` ]; then - isYarnOk=true - #echo -e "$${GREEN}[ OK ]$${NC} Yarn already installed" - -else - rm -rf ~/.yarn - (curl -o- -L https://yarnpkg.com/install.sh | bash) > /dev/null 2>&1 - export PATH="$HOME/.yarn/bin:$PATH" - yarn config set prefix ~/.yarn -g > /dev/null 2>&1 - - if [ `command -v yarn` ]; then - isYarnOk=true - # echo $yarn_result - # echo -e "$${GREEN}[ OK ]$${NC} Yarn installed successfully" - fi -fi - -#echo -e "$${GREEN}[ OK ]$${NC}" nvm cache clear --force - -PATH="/c/Program Files/nodejs:$HOME/AppData/Roaming/npm/:$PATH" - -npm install --global git-conventional-commits > /dev/null 2>&1 -if [ $? -eq 0 ]; then - isGccOk=true - # echo -e "$${GREEN}[ OK ]$${NC} git-conventional-commit successfully installed" - else - isGccOk=false - # echo -e "$${RED}[ FAIL ]$${NC} Error during installation of git-conventional-commit" -fi - -git-conventional-commits commit-msg-hook "$1" - -if [[ $isNodeOk && $isYarnOk && $isNvmOk && $isNodeOk ]]; then - echo -e "$${GREEN}[ OK ]$${NC} Dependencies installed successfully" +#!/usr/bin/env bash +# File generated by pre-commit: https://pre-commit.com +# ID: 138fd403232d2ddd5efb44317e38bf03 + +# start templated +INSTALL_PYTHON=/usr/bin/python3 +ARGS=(hook-impl --config=.pre-commit-config.yaml --hook-type=commit-msg) +# end templated + +HERE="$(cd "$(dirname "$0")" && pwd)" +ARGS+=(--hook-dir "$HERE" -- "$@") + +if command -v pre-commit > /dev/null; then + exec pre-commit "${ARGS[@]}" +elif [ -x "$INSTALL_PYTHON" ]; then + exec "$INSTALL_PYTHON" -mpre_commit "${ARGS[@]}" else - echo -e "$${RED}[ FAIL ]$${NC} Error during dependency installation" + echo '`pre-commit` not found. Did you forget to activate your virtualenv?' 1>&2 + exit 1 fi diff --git a/outputs.tf b/outputs.tf index 9fb4d09..eaea9fb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -12,3 +12,7 @@ output "web_acl_id" { value = try(module.waf[0].web_acl_id, null) description = "waf arm/id" } + +output "s3_config" { + value = var.s3_configs +} diff --git a/s3.tf b/s3.tf index e54e3a9..abe0502 100644 --- a/s3.tf +++ b/s3.tf @@ -1,21 +1,15 @@ module "s3" { - source = "dasmeta/modules/aws//modules/s3" - version = "0.36.7" + source = "dasmeta/s3/aws" + version = "1.2.1" name = var.domain - acl = "private" - create_index_html = true - ignore_public_acls = false - restrict_public_buckets = false - block_public_acls = false - block_public_policy = false - - versioning = { - enabled = false - } - website = { - index_document = "index.html" - error_document = "index.html" - } - create_iam_user = false + acl = var.s3_configs.acl + create_index_html = var.s3_configs.create_index_html + ignore_public_acls = var.s3_configs.ignore_public_acls + restrict_public_buckets = var.s3_configs.restrict_public_buckets + block_public_acls = var.s3_configs.block_public_acls + block_public_policy = var.s3_configs.block_public_policy + versioning = var.s3_configs.versioning + website = var.s3_configs.website + create_iam_user = var.s3_configs.create_iam_user } diff --git a/tests/basic/.terraform.lock.hcl b/tests/basic/.terraform.lock.hcl new file mode 100644 index 0000000..8b87015 --- /dev/null +++ b/tests/basic/.terraform.lock.hcl @@ -0,0 +1,64 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "2.5.0" + hashes = [ + "h1:OTk41JfiDc1TVFTcRZ//4+jwPBIcWHXOwN29mjdOyug=", + "zh:3b5774d20e87058d6d67d9ad4ce3fc4a5f7ea7748d345fa6721e24a0cbb0a3d4", + "zh:3b94e706ac0f5151880ccc9e63d33c4113361f27e64224a942caa04a5a19cd44", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7d7201858fa9376029818c9d017b4b53a933cea75480306b1122663d1e8eea2b", + "zh:8c8c7537978adf12271fe143f93b3587bb5dbabf8202ff49d0e3955b7bddc24b", + "zh:a5942584665a2689e73f3a3c43296adeaeb7e8698631d157419aa931ff856907", + "zh:a63673abdba624d60c84b819184fe86422bdbdf6bc73f68d903a7191aed32c00", + "zh:bcd1586cc32b263265e09e78f56dba3a6b6b19f5371c099a9d7a1bfe0b0667cc", + "zh:cc9e70e186e4dcef60208b4a64b42e6813b197e21ea106a96bb4eb23b54c3e44", + "zh:d4c8a0f69412892507a2c9ec0e334bcc2812a54b81212420d4f2c96ef58f713a", + "zh:e91e6d90bbc15252310eca6400d4188b29260aab0539480a3fc7b45e4d19c446", + "zh:fc468449c0dbda56aae6cb924e4a67578d18504b5b06e8989783182c6b4a5f73", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.64.0" + constraints = ">= 2.50.0, >= 3.31.0, >= 3.43.0, >= 3.64.0, ~> 5.0, >= 5.27.0" + hashes = [ + "h1:YH4I78rsS9t+YoGMPNzrM53aWi0Rb9Nud16iusrSXMg=", + "zh:1d361f8062c68c9d5ac14b0aa8390709542129b8a9b258e61bbbabc706078b44", + "zh:39dcbf53e3896bdd77071384c8fad4a5862c222c73f3bcf356aca488101f22fd", + "zh:3fad63505f0c5b6f01cc9a6ef02b2226983b79424126a9caf6eb724f654299f4", + "zh:53a8b90d00829cc27e3171a13a8ff1404ee0ea018e73f31d3f916d246cc39613", + "zh:5734c25ef5a04b40f3c1ac5f817f11e42ee3328f74dbc141c0e64afbb0acc834", + "zh:66ea14dbd87f291ce4a877123363933d3ca4022f209f885807a6689c22c24e80", + "zh:68e79654ad0894a3d93134c3377748ace3058d5fad5ec09d1e9a8f8f9b8a47ea", + "zh:7b74259d0ceef0c49cea6bcd171df997b6bad141085bbadded15b440faeb0eee", + "zh:988ebfb5d115dc57070b5abf2e4200ad49cde535f27fd2ba5e34cf9ab336a57f", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a0a2d4efe2835f0101a0a5024e044a3f28c00e10a8d87fce89c707ef6db75cea", + "zh:aecb3e4b9121771dee9cac7975bf5d0657b5f3e8b57788c455beaeb0f3c48d93", + "zh:d2d3393170b8ef761d3146f39f6788c4a3e876e6c5d4cedca4870c2680688ae6", + "zh:daba5a005c1baa4a5eefbfb86d43ccf880eb5b42e8136f0d932f55886d72bda0", + "zh:de16a6ff3baacdaf9609a0a89aa1913fc19cccaf5ee0fc1c49c5a075baa47c02", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.2" + constraints = ">= 3.4.3" + hashes = [ + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + ] +} diff --git a/tests/basic/0-setup.tf b/tests/basic/0-setup.tf new file mode 100644 index 0000000..b2035bf --- /dev/null +++ b/tests/basic/0-setup.tf @@ -0,0 +1,25 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + + required_version = ">= 1.3.0" +} + +/** + * set the following env vars so that aws provider will get authenticated before apply: + + export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxxxxx + export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxx +*/ +provider "aws" { + region = "eu-central-1" +} + +provider "aws" { + region = "us-east-1" + alias = "virginia" +} diff --git a/tests/basic/1-example.tf b/tests/basic/1-example.tf new file mode 100644 index 0000000..8ce7202 --- /dev/null +++ b/tests/basic/1-example.tf @@ -0,0 +1,10 @@ +module "this" { + source = "../../" + + domain = "basic-test-front-app.devops.dasmeta.com" + zone = "devops.dasmeta.com" + alternative_domains = ["basic-test-front-app-1.devops.dasmeta.com"] + alternative_zones = ["devops.dasmeta.com"] + + providers = { aws : aws, aws.virginia : aws.virginia } +} diff --git a/tests/basic/README.md b/tests/basic/README.md new file mode 100644 index 0000000..aa6258a --- /dev/null +++ b/tests/basic/README.md @@ -0,0 +1,32 @@ +# basic + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [aws](#requirement\_aws) | ~> 5.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [this](#module\_this) | ../../ | n/a | + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +No outputs. + diff --git a/variables.tf b/variables.tf index 00f972c..082f1dd 100644 --- a/variables.tf +++ b/variables.tf @@ -13,6 +13,12 @@ variable "alternative_zones" { default = [] } +variable "enable_http_security_headers" { + type = bool + default = false + description = "Whether to enable http security headers by creating pass through lambda handler for cdn" +} + variable "zone" { type = string default = null @@ -24,3 +30,47 @@ variable "waf" { default = null description = "waf configs" } + +variable "s3_configs" { + type = object({ + acl = optional(string, "private") + create_index_html = optional(bool, true) + ignore_public_acls = optional(bool, true) + restrict_public_buckets = optional(bool, true) + block_public_acls = optional(bool, true) + block_public_policy = optional(bool, true) + + versioning = optional(object({ enabled = bool }), { enabled = false }) + website = optional(object({ index_document = string, error_document = string }), { index_document = "index.html", error_document = "index.html" }) + create_iam_user = optional(bool, false) + }) + default = { + acl = "private" + create_index_html = true + ignore_public_acls = true + restrict_public_buckets = true + block_public_acls = true + block_public_policy = true + versioning = { + enabled = false + } + website = { + index_document = "index.html" + error_document = "index.html" + } + create_iam_user = false + } + description = "S3 bucket configuration options" +} + +variable "cdn_configs" { + type = object({ + default_root_object = optional(string, "index.html") + additional_origins = optional(any, []) + }) + default = { + default_root_object = "index.html" + additional_origins = [] + } + description = "CDN configuration options" +} diff --git a/versions.tf b/versions.tf index edbfb18..8fd4ccf 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,11 @@ terraform { - required_version = "> 0.15.0" + required_version = "> 1.3.0" required_providers { aws = { - source = "hashicorp/aws" + source = "hashicorp/aws" + version = ">= 5.27.0, < 6.0" + configuration_aliases = [aws.virginia] } } } diff --git a/waf.tf b/waf.tf index 3de541b..4ad7255 100644 --- a/waf.tf +++ b/waf.tf @@ -1,6 +1,6 @@ module "waf" { source = "dasmeta/modules/aws//modules/waf" - version = "0.33.4" + version = "2.15.6" count = try(var.waf.enabled, false) ? 1 : 0 @@ -14,6 +14,7 @@ module "waf" { allow_default_action = try(var.waf.allow_default_action, true) whitelist_ips = try(var.waf.whitelist_ips, []) enable_whitelist = try(var.waf.enable_whitelist, true) + alarms = try(var.waf.alarms, true) providers = { // TODO: for cloudfront distribution the waf gets created in virginia, but for alb the specific region should be used, From 6eb5eb820b3fbb77e4f878c38bc0f1e6aea2bc55 Mon Sep 17 00:00:00 2001 From: Tigran Muradyan Date: Tue, 27 Aug 2024 19:15:01 +0400 Subject: [PATCH 2/2] fix(DMVP-5087): have commit-msg hook executable --- githooks/commit-msg | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 githooks/commit-msg diff --git a/githooks/commit-msg b/githooks/commit-msg old mode 100644 new mode 100755