From 0cd6e56f301d659593c1b2d000c56a8505d12b0e Mon Sep 17 00:00:00 2001 From: Lud Date: Tue, 13 Jul 2021 16:27:45 +0200 Subject: [PATCH] auto-format all code (#17) --- cognito/user-pool.tf | 8 ++-- ecs/alb.tf | 14 +++---- ecs/log-group.tf | 4 +- ecs/security-groups.tf | 66 ++++++++++++++++----------------- kms-key/kms-aliases.tf | 2 +- kms-key/kms-key.tf | 6 +-- rds/parameter-group.tf | 4 +- rds/rds.tf | 42 ++++++++++----------- rds/role-enhanced-monitoring.tf | 6 +-- rds/security-group.tf | 30 +++++++-------- rds/subnet-group.tf | 6 +-- 11 files changed, 94 insertions(+), 94 deletions(-) diff --git a/cognito/user-pool.tf b/cognito/user-pool.tf index 1b925f09..4132e24a 100644 --- a/cognito/user-pool.tf +++ b/cognito/user-pool.tf @@ -37,10 +37,10 @@ resource "aws_cognito_user_pool" "pool" { mfa_configuration = "OPTIONAL" password_policy { - minimum_length = 8 - require_lowercase = true - require_numbers = true - require_symbols = true + minimum_length = 8 + require_lowercase = true + require_numbers = true + require_symbols = true temporary_password_validity_days = 7 } diff --git a/ecs/alb.tf b/ecs/alb.tf index e2401c46..145c9635 100644 --- a/ecs/alb.tf +++ b/ecs/alb.tf @@ -1,6 +1,6 @@ # Main load balancer for user facing traffic resource "aws_alb" "alb" { - name = local.name + name = local.name subnets = var.subnet_public_ids security_groups = [ aws_security_group.alb.id, @@ -8,8 +8,8 @@ resource "aws_alb" "alb" { enable_http2 = "true" idle_timeout = 600 tags = { - Name = "${var.project}-${var.environment}" - Project = var.project + Name = "${var.project}-${var.environment}" + Project = var.project Environment = var.environment } } @@ -22,8 +22,8 @@ resource "aws_alb_listener" "http" { default_action { type = "redirect" redirect { - port = "443" - protocol = "HTTPS" + port = "443" + protocol = "HTTPS" status_code = "HTTP_301" } } @@ -33,10 +33,10 @@ resource "aws_alb_listener" "https" { load_balancer_arn = aws_alb.alb.id port = "443" protocol = "HTTPS" - certificate_arn = var.certificate_arn + certificate_arn = var.certificate_arn default_action { target_group_arn = aws_alb_target_group.ecs.arn - type = "forward" + type = "forward" } } diff --git a/ecs/log-group.tf b/ecs/log-group.tf index 977f92c6..18875fda 100644 --- a/ecs/log-group.tf +++ b/ecs/log-group.tf @@ -1,9 +1,9 @@ resource "aws_cloudwatch_log_group" "ecs-app" { - name = "/ecs/${var.project}/app/${var.environment}" + name = "/ecs/${var.project}/app/${var.environment}" retention_in_days = 3 tags = { - Project = var.project + Project = var.project Environment = var.environment } } diff --git a/ecs/security-groups.tf b/ecs/security-groups.tf index 8b7cdb19..9d518720 100644 --- a/ecs/security-groups.tf +++ b/ecs/security-groups.tf @@ -1,38 +1,38 @@ # Load balancer to receive all incoming traffic infront of the cluster resource "aws_security_group" "alb" { vpc_id = var.vpc_id - name = "${var.project}-${var.environment}-alb" + name = "${var.project}-${var.environment}-alb" tags = { - Name = "${var.project}-${var.environment}-alb" + Name = "${var.project}-${var.environment}-alb" Description = "Incoming internet traffic to Load Balancer" - Project = var.project + Project = var.project Environment = var.environment } egress { - from_port = 0 - to_port = 0 - protocol = -1 + from_port = 0 + to_port = 0 + protocol = -1 cidr_blocks = ["0.0.0.0/0"] # TODO: Change this to internal IPs only } } resource "aws_security_group_rule" "lb-http" { - type = "ingress" - from_port = 80 - to_port = 80 - protocol = "tcp" + type = "ingress" + from_port = 80 + to_port = 80 + protocol = "tcp" security_group_id = aws_security_group.alb.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "lb-https" { - type = "ingress" - from_port = 443 - to_port = 443 - protocol = "tcp" + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" security_group_id = aws_security_group.alb.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } @@ -40,38 +40,38 @@ resource "aws_security_group_rule" "lb-https" { # ECS cluster should only be able to receive traffic to container ports from the ALB resource "aws_security_group" "ecs" { vpc_id = var.vpc_id - name = "${var.project}-${var.environment}-ecs" + name = "${var.project}-${var.environment}-ecs" tags = { - Name = "${var.project}-${var.environment}-ecs" + Name = "${var.project}-${var.environment}-ecs" Description = "Internal ECS communication" - Project = var.project + Project = var.project Environment = var.environment } # This allows outbound traffic to systems like ECR, and internal rails application API calls egress { - from_port = 0 - to_port = 0 - protocol = -1 + from_port = 0 + to_port = 0 + protocol = -1 cidr_blocks = ["0.0.0.0/0"] # TODO: Change this to only allow NAT/proxy traffic } } resource "aws_security_group_rule" "ecs-lb-3000" { - type = "ingress" - from_port = 3000 - to_port = 3000 - protocol = "tcp" - security_group_id = aws_security_group.ecs.id + type = "ingress" + from_port = 3000 + to_port = 3000 + protocol = "tcp" + security_group_id = aws_security_group.ecs.id source_security_group_id = aws_security_group.alb.id } resource "aws_security_group_rule" "ecs-ssh" { - count = length(var.allowlisted_ssh_ips) > 0 ? 1 : 0 - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" + count = length(var.allowlisted_ssh_ips) > 0 ? 1 : 0 + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" security_group_id = aws_security_group.ecs.id - cidr_blocks = var.allowlisted_ssh_ips + cidr_blocks = var.allowlisted_ssh_ips } diff --git a/kms-key/kms-aliases.tf b/kms-key/kms-aliases.tf index 81e84126..8601f69b 100644 --- a/kms-key/kms-aliases.tf +++ b/kms-key/kms-aliases.tf @@ -1,4 +1,4 @@ resource "aws_kms_alias" "a" { - name = "alias/${var.project}/${var.environment}/${var.alias}" + name = "alias/${var.project}/${var.environment}/${var.alias}" target_key_id = aws_kms_key.key.key_id } diff --git a/kms-key/kms-key.tf b/kms-key/kms-key.tf index 4d4d1f94..bf6c0c89 100644 --- a/kms-key/kms-key.tf +++ b/kms-key/kms-key.tf @@ -1,9 +1,9 @@ resource "aws_kms_key" "key" { - description = var.description + description = var.description deletion_window_in_days = var.deletion_window_in_days - enable_key_rotation = true + enable_key_rotation = true tags = { - Project = var.project + Project = var.project Environment = var.environment } } diff --git a/rds/parameter-group.tf b/rds/parameter-group.tf index 015b8b4c..98acd858 100644 --- a/rds/parameter-group.tf +++ b/rds/parameter-group.tf @@ -1,5 +1,5 @@ resource "aws_db_parameter_group" "postgres13" { - name = "${var.project}-${var.environment}-postgres13" + name = "${var.project}-${var.environment}-postgres13" family = "postgres13" parameter { name = "log_statement" @@ -10,7 +10,7 @@ resource "aws_db_parameter_group" "postgres13" { value = "0" } parameter { - name = "rds.force_ssl" + name = "rds.force_ssl" value = 1 } } diff --git a/rds/rds.tf b/rds/rds.tf index 4ada3365..6b87964f 100644 --- a/rds/rds.tf +++ b/rds/rds.tf @@ -1,36 +1,36 @@ resource "aws_db_instance" "main" { db_subnet_group_name = aws_db_subnet_group.main.name - allocated_storage = var.allocated_storage - storage_type = "gp2" - engine = "postgres" - engine_version = var.engine_version - instance_class = var.instance_class - identifier = "${var.project}-${var.environment}" - skip_final_snapshot = true - username = var.username - password = var.password + allocated_storage = var.allocated_storage + storage_type = "gp2" + engine = "postgres" + engine_version = var.engine_version + instance_class = var.instance_class + identifier = "${var.project}-${var.environment}" + skip_final_snapshot = true + username = var.username + password = var.password parameter_group_name = aws_db_parameter_group.postgres13.name - apply_immediately = true - multi_az = var.multi_az - publicly_accessible = var.publicly_accessible - deletion_protection = true + apply_immediately = true + multi_az = var.multi_az + publicly_accessible = var.publicly_accessible + deletion_protection = true vpc_security_group_ids = [ aws_security_group.db.id, ] - backup_retention_period = 7 - storage_encrypted = true - kms_key_id = var.kms_key_arn - monitoring_interval = 5 - monitoring_role_arn = aws_iam_role.rds-enhanced-monitoring.arn - performance_insights_enabled = true + backup_retention_period = 7 + storage_encrypted = true + kms_key_id = var.kms_key_arn + monitoring_interval = 5 + monitoring_role_arn = aws_iam_role.rds-enhanced-monitoring.arn + performance_insights_enabled = true performance_insights_kms_key_id = var.kms_key_arn enabled_cloudwatch_logs_exports = [ "postgresql", "upgrade", ] tags = { - Name = "${var.project}-${var.environment}" - Project = var.project + Name = "${var.project}-${var.environment}" + Project = var.project Environment = var.environment } } diff --git a/rds/role-enhanced-monitoring.tf b/rds/role-enhanced-monitoring.tf index ceee64c7..8aa3117c 100644 --- a/rds/role-enhanced-monitoring.tf +++ b/rds/role-enhanced-monitoring.tf @@ -1,16 +1,16 @@ # RDS Enhanced Monitoring requires a specific role + KMS key to operate resource "aws_iam_role" "rds-enhanced-monitoring" { - name = "rds-enhanced-monitoring-${var.project}-${var.environment}" + name = "rds-enhanced-monitoring-${var.project}-${var.environment}" assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json tags = { - Project = var.project + Project = var.project Environment = var.environment } } resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" { - role = aws_iam_role.rds-enhanced-monitoring.name + role = aws_iam_role.rds-enhanced-monitoring.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" } diff --git a/rds/security-group.tf b/rds/security-group.tf index beca2505..fbbfe796 100644 --- a/rds/security-group.tf +++ b/rds/security-group.tf @@ -1,20 +1,20 @@ resource "aws_security_group" "db" { - name = "${var.project}-${var.environment}-db" + name = "${var.project}-${var.environment}-db" vpc_id = var.vpc_id tags = { - Name = "${var.project}-${var.environment}-db" - Project = var.project + Name = "${var.project}-${var.environment}-db" + Project = var.project Environment = var.environment } } resource "aws_security_group_rule" "db-from-cidr-blocks" { - count = length(var.allow_from_cidr_blocks) - type = "ingress" - from_port = 5432 - to_port = 5432 - protocol = "tcp" + count = length(var.allow_from_cidr_blocks) + type = "ingress" + from_port = 5432 + to_port = 5432 + protocol = "tcp" security_group_id = aws_security_group.db.id cidr_blocks = [ var.allow_from_cidr_blocks[count.index], @@ -23,12 +23,12 @@ resource "aws_security_group_rule" "db-from-cidr-blocks" { } resource "aws_security_group_rule" "db-from-security-groups" { - count = length(var.allow_from_security_groups) - type = "ingress" - from_port = 5432 - to_port = 5432 - protocol = "tcp" - security_group_id = aws_security_group.db.id + count = length(var.allow_from_security_groups) + type = "ingress" + from_port = 5432 + to_port = 5432 + protocol = "tcp" + security_group_id = aws_security_group.db.id source_security_group_id = var.allow_from_security_groups[count.index] - description = "From security group: ${var.allow_from_security_groups[count.index]}" + description = "From security group: ${var.allow_from_security_groups[count.index]}" } diff --git a/rds/subnet-group.tf b/rds/subnet-group.tf index d4425103..955000d3 100644 --- a/rds/subnet-group.tf +++ b/rds/subnet-group.tf @@ -1,10 +1,10 @@ resource "aws_db_subnet_group" "main" { - name = "${var.project}-${var.environment}" + name = "${var.project}-${var.environment}" subnet_ids = var.subnet_ids tags = { - Name = "${var.project}-${var.environment}" - Project = var.project + Name = "${var.project}-${var.environment}" + Project = var.project Environment = var.environment } }