Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding origin shield variables #78

Merged
merged 12 commits into from
Dec 23, 2021
Merged

Adding origin shield variables #78

merged 12 commits into from
Dec 23, 2021

Conversation

justnom
Copy link
Contributor

@justnom justnom commented Dec 3, 2021

what

  • Add variables to enable the Origin Shield for the CloudFront distribution

why

  • Using Origin Shield can help reduce the load on your origin.

references

@justnom justnom requested review from a team as code owners December 3, 2021 22:01
bridgecrew[bot]
bridgecrew bot reviewed Dec 3, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found infrastructure configuration errors in this PR ⬇️

main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 3, 2021
View reviewed changes
main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 3, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to d899fca - Auto Format - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_27 Added /main.tf aws_cloudfront_distribution.default

@justnom
Copy link
Contributor Author

justnom commented Dec 21, 2021

@SweetOps
Can these Bridgecrew errors be ignored?

nitrocode
nitrocode reviewed Dec 22, 2021
View reviewed changes
main.tf Outdated
@@ -72,6 +72,14 @@ resource "aws_cloudfront_distribution" "default" {
origin_read_timeout = var.origin_read_timeout
}

dynamic "origin_shield" {
for_each = var.origin_shield_enabled ? ["true"] : []
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if you enabled it and then disabled it? it looks like it would remove the block if it was disabled, but would it actually disable it if the block was removed? or would enabled have to be explicitly set to origin_shield_enabled without the for_each?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The API isn't very consistent. I've tried two ways of doing this and enabling/disabling, both seem to require a third step to apply cleanly.

  1. Use a dynamic origin_shield block

The Origin shield is not disabled when the block is removed. Applying again will cause the same changes to be planned.

  1. Using a persistent origin_shield block

When setting enabled to false it works. Applying again will cause the plan to want to add in the origin_shield block again.

I'm putting in a change now to have an origin_shield variable that is an object to match the existing provider definition more closely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now a two-step process to remove, which is the same as the underlying resource.

  1. Set origin_shield.enabled to `false.
  2. Apply
  3. Remove the origin_shield variable.
  4. Apply

nitrocode
nitrocode reviewed Dec 22, 2021
View reviewed changes
variables.tf Outdated Show resolved Hide resolved
nitrocode
nitrocode reviewed Dec 22, 2021
View reviewed changes
variables.tf Outdated Show resolved Hide resolved
justnom and others added 2 commits December 22, 2021 10:34
@justnom @nitrocode
Update variables.tf
3b4eaeb 
Co-authored-by: nitrocode <[email protected]>
@justnom @nitrocode
Update variables.tf
c683f00 
Co-authored-by: nitrocode <[email protected]>
bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to 3b4eaeb - Update variables.tf - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_27 Added /main.tf aws_cloudfront_distribution.default

bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to c683f00 - Update variables.tf - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_27 Added /main.tf aws_cloudfront_distribution.default

bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to c683f00 - Update variables.tf - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_27 Added /main.tf aws_cloudfront_distribution.default

bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
main.tf Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Dec 22, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️   Due to 5a22296 - Auto Format - 1 new error was added

Change details

Error ID Change Path Resource
BC_AWS_GENERAL_27 Added /main.tf aws_cloudfront_distribution.default

@mihaiplesa
Copy link
Contributor

@SweetOps Can these Bridgecrew errors be ignored?

Seems like https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/blob/master/main.tf#L329 just needs to be replicated here.

@jamengual
Copy link

/test all

@jamengual
Copy link

/test all

jamengual
jamengual previously approved these changes Dec 23, 2021
View reviewed changes
@aknysh
Copy link
Member

aknysh commented Dec 23, 2021

/test all

@jamengual jamengual merged commit e5622af into cloudposse:master Dec 23, 2021
@justnom justnom deleted the add-origin-shield branch December 23, 2021 18:52
@syphernl syphernl mentioned this pull request Jan 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

@nitrocode nitrocode nitrocode left review comments

@aknysh aknysh aknysh approved these changes

@jamengual jamengual jamengual left review comments

@r351574nc3 r351574nc3 Awaiting requested review from r351574nc3 r351574nc3 was automatically assigned from cloudposse/contributors

@SweetOps SweetOps Awaiting requested review from SweetOps SweetOps was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@justnom @mihaiplesa @jamengual @aknysh @nitrocode @cloudpossebot