-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlocal.tf
More file actions
56 lines (50 loc) · 2.69 KB
/
local.tf
File metadata and controls
56 lines (50 loc) · 2.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
locals {
fqdn = var.subdomain != "" ? "${var.subdomain}.${var.domain}" : var.domain
hosted_zone_id = (!var.create_endpoint
? null
: (var.hosted_zone_id == null ? data.aws_route53_zone.domain["this"].zone_id : var.hosted_zone_id)
)
image_url = var.create_repository ? module.ecr["this"].repository_url : var.image_url
prefix = join("-", compact([var.project, var.environment, var.service]))
prefix_short = join("-", compact([var.project_short, var.environment, var.service_short]))
repository_arn = var.create_repository ? module.ecr["this"].repository_arn : var.repository_arn
stats_prefix = var.stats_prefix != "" ? var.stats_prefix : "${var.project}/${var.service}"
target_group_name = "${local.prefix_short}-${var.use_target_group_port_suffix ? var.container_port : "app"}"
alb_security_groups = compact([
module.endpoint_security_group.security_group_id,
length(var.ingress_prefix_list_ids) > 0 ? module.prefix_security_group["this"].security_group_id : null
])
# Define log groups to be managed.
log_groups = {
service = join("/", compact(["/aws/ecs", var.project, var.environment, var.service]))
performance = var.manage_performance_log_group ? "/aws/ecs/containerinsights/${local.prefix}/performance" : null
}
managed_log_groups = {
for key, value in local.log_groups :
key => value if value != null
}
oidc_settings = var.oidc_settings == null ? {} : {
authenticate_oidc : merge(var.oidc_settings, length(data.aws_secretsmanager_secret_version.oidc) == 0 ? {} : {
client_id = jsondecode(data.aws_secretsmanager_secret_version.oidc["this"].secret_string)["client_id"]
client_secret = jsondecode(data.aws_secretsmanager_secret_version.oidc["this"].secret_string)["client_secret"]
})
}
otel_config = var.otel_config != null ? var.otel_config : templatefile("${path.module}/templates/aws-otel-config.yaml.tftpl", {
app_namespace = local.stats_prefix
})
# We need to make sure the service has access to all the provided secrets.
authorized_secrets = [
for value in concat(values(var.environment_secrets), values(var.otel_secrets)) :
(startswith(value, "arn:")
? (length(split(":", value)) > 7 ? join(":", slice(split(":", value), 0, 7)) : value)
: module.secrets_manager[split(":", value)[0]].secret_arn)
]
# Determine the correct image tag based on either an SSM parameter or the
# supplied input value.
version_parameter = (var.create_version_parameter
? aws_ssm_parameter.version["this"].name
: var.version_parameter)
image_tag = (length(data.aws_ssm_parameter.version) > 0
? data.aws_ssm_parameter.version[local.version_parameter].insecure_value
: var.image_tag)
}