Fix: Removing a stale reference to an internal dns zone (#156)

* fix: removing stale dns reference * terraform-docs: update project docs --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
metrotranscom · May 16, 2024 · f905454 · f905454
1 parent e9d52b8
commit f905454
Show file tree

Hide file tree

Showing 10 changed files with 122 additions and 31 deletions.
diff --git a/bloom-instance/README.md b/bloom-instance/README.md
@@ -11,7 +11,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.67.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.43.0 |
+| <a name="provider_aws.use1"></a> [aws.use1](#provider\_aws.use1) | 5.43.0 |
 
 ## Modules
 
@@ -20,26 +21,64 @@
 | <a name="module_albs"></a> [albs](#module\_albs) | ./alb | n/a |
 | <a name="module_backend_api"></a> [backend\_api](#module\_backend\_api) | ./service/backend | n/a |
 | <a name="module_certs"></a> [certs](#module\_certs) | ./cert | n/a |
+| <a name="module_cloudfront"></a> [cloudfront](#module\_cloudfront) | ./cloudfront | n/a |
 | <a name="module_db"></a> [db](#module\_db) | ./db | n/a |
 | <a name="module_dns"></a> [dns](#module\_dns) | ./dns | n/a |
 | <a name="module_import_listings"></a> [import\_listings](#module\_import\_listings) | ./cronjob/import-listings | n/a |
 | <a name="module_network"></a> [network](#module\_network) | ./network | n/a |
+| <a name="module_nlbs"></a> [nlbs](#module\_nlbs) | ./nlb | n/a |
 | <a name="module_partner_site"></a> [partner\_site](#module\_partner\_site) | ./service/partner-site | n/a |
 | <a name="module_public_sites"></a> [public\_sites](#module\_public\_sites) | ./service/public-site | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_api_gateway_base_path_mapping.mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_base_path_mapping) | resource |
+| [aws_api_gateway_deployment.deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment) | resource |
+| [aws_api_gateway_domain_name.apigw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_domain_name) | resource |
+| [aws_api_gateway_integration.global_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration) | resource |
+| [aws_api_gateway_method.method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
+| [aws_api_gateway_method_settings.method_settings](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings) | resource |
+| [aws_api_gateway_resource.global](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_resource) | resource |
+| [aws_api_gateway_rest_api.apigw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource |
+| [aws_api_gateway_stage.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage) | resource |
+| [aws_api_gateway_vpc_link.vpclink](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_vpc_link) | resource |
 | [aws_ecs_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
+| [aws_route53_record.api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.partners](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_s3_bucket.logging_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket.public_uploads](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket.secure_uploads](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket.static_content](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_policy.log_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_policy.log_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_policy.public_uploads](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.public_uploads](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_security_group.db_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.ecs_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.local_https_only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.public_https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.db_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.ecs_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.local_https_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_egress_rule.public_https_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.db_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.local_ecs__partners_service_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.local_ecs_api_service_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.local_ecs_public_service_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.local_https_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.public_http_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.public_https_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
+| [aws_wafv2_web_acl.apigw_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl) | resource |
+| [aws_wafv2_web_acl.cloudfront_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl) | resource |
+| [aws_wafv2_web_acl_association.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_association) | resource |
+| [aws_acm_certificate.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/acm_certificate) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_elb_service_account.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source |
+| [aws_iam_policy_document.access_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
 
@@ -49,16 +88,21 @@
 | <a name="input_application_name"></a> [application\_name](#input\_application\_name) | The name for the application deployed | `string` | n/a | yes |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | The region to use when deploying regional resources | `string` | n/a | yes |
 | <a name="input_backend_api"></a> [backend\_api](#input\_backend\_api) | A service definition for the backend API | `any` | n/a | yes |
+| <a name="input_backend_api_domain"></a> [backend\_api\_domain](#input\_backend\_api\_domain) | The domain name of the API. | `string` | n/a | yes |
 | <a name="input_certs"></a> [certs](#input\_certs) | The certificates to use | <pre>map(object({<br>    domain        = string<br>    auto_validate = optional(bool)<br>    alt_names     = optional(list(string))<br>  }))</pre> | n/a | yes |
+| <a name="input_cloudfront"></a> [cloudfront](#input\_cloudfront) | The object defining settings for the CloudFront distribution | `any` | `null` | no |
 | <a name="input_database"></a> [database](#input\_database) | Database settings | `any` | n/a | yes |
 | <a name="input_dns"></a> [dns](#input\_dns) | Settings for managing DNS zones and records | `any` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The stage of the software development lifecycle this deployement represents | `string` | `"dev"` | no |
 | <a name="input_listings_import_task"></a> [listings\_import\_task](#input\_listings\_import\_task) | Setting for the "Import Listings" scheduled task | `any` | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | n/a | <pre>object({<br>    vpc_cidr = string<br><br>    # See ./network/inputs.tf for object structure<br>    subnet_groups = any<br>  })</pre> | n/a | yes |
+| <a name="input_nlbs"></a> [nlbs](#input\_nlbs) | Settings for managing NLBs | <pre>map(object({<br>    # See alb/inputs.tf for more info<br>    subnet_group   = string<br>    enable_logging = optional(bool, true)<br>    internal       = optional(bool)<br>    default_cert   = string<br><br>    # See alb/listeners/inputs.tf for more info<br>    listeners = map(object({<br><br>      allowed_ips = optional(list(string))<br>    }))<br>  }))</pre> | n/a | yes |
 | <a name="input_owner"></a> [owner](#input\_owner) | The owner of the resources created via these templates | `string` | n/a | yes |
 | <a name="input_partner_site"></a> [partner\_site](#input\_partner\_site) | A service definition for the partner site | `any` | n/a | yes |
+| <a name="input_partners_portal_domain"></a> [partners\_portal\_domain](#input\_partners\_portal\_domain) | The domain name of the partner portal. | `string` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | A unique, immutable identifier for this project | `string` | n/a | yes |
 | <a name="input_project_name"></a> [project\_name](#input\_project\_name) | A human-readable name for this project. Can be changed if needed | `string` | n/a | yes |
+| <a name="input_public_portal_domain"></a> [public\_portal\_domain](#input\_public\_portal\_domain) | The domain name of the public portal. | `string` | n/a | yes |
 | <a name="input_public_sites"></a> [public\_sites](#input\_public\_sites) | A list of public portal service definitions | `any` | n/a | yes |
 | <a name="input_s3_force_destroy"></a> [s3\_force\_destroy](#input\_s3\_force\_destroy) | n/a | `bool` | `false` | no |
 

diff --git a/bloom-instance/alb/README.md b/bloom-instance/alb/README.md
@@ -11,17 +11,13 @@ No requirements.
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_listeners"></a> [listeners](#module\_listeners) | ./listener | n/a |
+No modules.
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_lb.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
-| [aws_security_group.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_vpc_security_group_egress_rule.https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
 
 ## Inputs
 
@@ -35,6 +31,7 @@ No requirements.
 | <a name="input_log_bucket"></a> [log\_bucket](#input\_log\_bucket) | The S3 bucket to write ALB logs to | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The name to give to give to this ALB and its related resources | `string` | n/a | yes |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The prefix to prepend to resource names | `string` | n/a | yes |
+| <a name="input_security_group_id"></a> [security\_group\_id](#input\_security\_group\_id) | n/a | `string` | n/a | yes |
 | <a name="input_subnet_group"></a> [subnet\_group](#input\_subnet\_group) | The identifier for the subnet group to place the ALB into | `string` | n/a | yes |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | A map of the available subnets | <pre>map(list(object({<br>    id   = string<br>    cidr = string<br>  })))</pre> | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC to create ALB resources in | `string` | n/a | yes |
@@ -46,8 +43,6 @@ No requirements.
 | <a name="output_alb"></a> [alb](#output\_alb) | n/a |
 | <a name="output_arn"></a> [arn](#output\_arn) | n/a |
 | <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | n/a |
-| <a name="output_listeners"></a> [listeners](#output\_listeners) | n/a |
 | <a name="output_log_prefix"></a> [log\_prefix](#output\_log\_prefix) | Used for generating log bucket policy |
-| <a name="output_security_group"></a> [security\_group](#output\_security\_group) | Used by services to allow the ALB to forward requests |
 | <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/bloom-instance/cloudfront/README.md b/bloom-instance/cloudfront/README.md
@@ -15,28 +15,33 @@
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | ../s3 | n/a |
 | <a name="module_policies"></a> [policies](#module\_policies) | ./policy | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_cloudfront_distribution.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+| [aws_cloudfront_origin_request_policy.origin_request_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_alb_map"></a> [alb\_map](#input\_alb\_map) | The available ALBs | <pre>map(object({<br>    arn      = string<br>    dns_name = string<br>  }))</pre> | n/a | yes |
 | <a name="input_cert_map"></a> [cert\_map](#input\_cert\_map) | ARNs for TLS certificates to apply to secure listeners | `map(string)` | n/a | yes |
-| <a name="input_distribution"></a> [distribution](#input\_distribution) | The object defining settings for the service component | <pre>object({<br>    enabled     = optional(bool, true)<br>    domains     = set(string)<br>    price_class = optional(string, "PriceClass_100")<br><br>    certificate = object({<br>      arn = string<br>    })<br><br>    # Note: This module only supports ALB origins right now<br>    origin = object({<br>      alb = string<br>    })<br><br>    restrictions = object({<br>      geo = object({<br>        type      = string<br>        locations = optional(list(string), [])<br>      })<br>    })<br><br>    cache = map(object({<br>      viewer_protocol_policy = optional(string, "redirect-to-https")<br>      compress               = optional(bool, false)<br>      order                  = optional(number, 1)<br><br>      allowed_method_set = string<br>      cached_method_set  = string<br><br>      # Either policy_id or policy is required<br>      policy_id = optional(string)<br>      policy = optional(object({<br>        name    = string<br>        comment = string<br><br>        accept_brotli = optional(bool, false)<br>        accept_gzip   = optional(bool, false)<br><br>        ttl = object({<br>          min     = number<br>          max     = number<br>          default = number<br>        })<br><br>        cookies = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br><br>        headers = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br><br>        query = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br>      }))<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_distribution"></a> [distribution](#input\_distribution) | The object defining settings for the service component | <pre>object({<br>    enabled     = optional(bool, true)<br>    price_class = optional(string, "PriceClass_100")<br><br>    certificate = object({<br>      arn = string<br>    })<br><br>    # Note: This module only supports ALB origins right now<br>    origin = object({<br>      alb = string<br>    })<br><br>    restrictions = object({<br>      geo = object({<br>        type      = string<br>        locations = optional(list(string), [])<br>      })<br>    })<br><br>    cache = map(object({<br>      viewer_protocol_policy = optional(string, "redirect-to-https")<br>      compress               = optional(bool, false)<br>      order                  = optional(number, 1)<br><br>      allowed_method_set = string<br>      cached_method_set  = string<br><br>      # Either policy_id or policy is required<br>      policy_id = optional(string)<br>      policy = optional(object({<br>        name    = string<br>        comment = string<br><br>        accept_brotli = optional(bool, false)<br>        accept_gzip   = optional(bool, false)<br><br>        ttl = object({<br>          min     = number<br>          max     = number<br>          default = number<br>        })<br><br>        cookies = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br><br>        headers = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br><br>        query = object({<br>          include = string<br>          names   = optional(list(string))<br>        })<br>      }))<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_domains"></a> [domains](#input\_domains) | n/a | `list(string)` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The name to give to this CloudFront distribution | `string` | n/a | yes |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The prefix to prepend to resource names | `string` | n/a | yes |
+| <a name="input_web_acl_id"></a> [web\_acl\_id](#input\_web\_acl\_id) | The ID of the Web Application Firewall Access Control List (ACL) | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | n/a |
 | <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | n/a |
 | <a name="output_domains"></a> [domains](#output\_domains) | n/a |
 | <a name="output_hosted_zone_id"></a> [hosted\_zone\_id](#output\_hosted\_zone\_id) | n/a |