Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no longer creates wildcard certificate #1

Merged
merged 1 commit into from Nov 15, 2019
Merged

no longer creates wildcard certificate #1

merged 1 commit into from Nov 15, 2019

Conversation

udondan
Copy link
Owner

@udondan udondan commented Nov 15, 2019

No description provided.

@github-actions
Copy link

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.s3-cloudfront-page.data.aws_iam_policy_document.cloudfront_invalidator will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "cloudfront_invalidator"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "cloudfront:CreateInvalidation",
            ]
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.s3-cloudfront-page.aws_acm_certificate.certificate will be created
  + resource "aws_acm_certificate" "certificate" {
      + arn                       = (known after apply)
      + domain_name               = "www.example.com"
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + subject_alternative_names = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "EMAIL"
    }

  # module.s3-cloudfront-page.aws_cloudfront_distribution.www_distribution will be created
  + resource "aws_cloudfront_distribution" "www_distribution" {
      + active_trusted_signers         = (known after apply)
      + aliases                        = [
          + "www.example.com",
        ]
      + arn                            = (known after apply)
      + caller_reference               = (known after apply)
      + default_root_object            = "index.html"
      + domain_name                    = (known after apply)
      + enabled                        = true
      + etag                           = (known after apply)
      + hosted_zone_id                 = (known after apply)
      + http_version                   = "http2"
      + id                             = (known after apply)
      + in_progress_validation_batches = (known after apply)
      + is_ipv6_enabled                = false
      + last_modified_time             = (known after apply)
      + price_class                    = "PriceClass_All"
      + retain_on_delete               = false
      + status                         = (known after apply)
      + wait_for_deployment            = true

      + default_cache_behavior {
          + allowed_methods        = [
              + "GET",
              + "HEAD",
            ]
          + cached_methods         = [
              + "GET",
              + "HEAD",
            ]
          + compress               = true
          + default_ttl            = 86400
          + max_ttl                = 31536000
          + min_ttl                = 0
          + target_origin_id       = "www.example.com"
          + viewer_protocol_policy = "redirect-to-https"

          + forwarded_values {
              + query_string = false

              + cookies {
                  + forward = "none"
                }
            }
        }

      + origin {
          + domain_name = (known after apply)
          + origin_id   = "www.example.com"

          + custom_origin_config {
              + http_port                = 80
              + https_port               = 443
              + origin_keepalive_timeout = 5
              + origin_protocol_policy   = "http-only"
              + origin_read_timeout      = 30
              + origin_ssl_protocols     = [
                  + "TLSv1",
                  + "TLSv1.1",
                  + "TLSv1.2",
                ]
            }
        }

      + restrictions {
          + geo_restriction {
              + restriction_type = "none"
            }
        }

      + viewer_certificate {
          + acm_certificate_arn      = (known after apply)
          + minimum_protocol_version = "TLSv1"
          + ssl_support_method       = "sni-only"
        }
    }

  # module.s3-cloudfront-page.aws_iam_policy.cloudfront_invalidator will be created
  + resource "aws_iam_policy" "cloudfront_invalidator" {
      + arn         = (known after apply)
      + description = "Custom policy for Lambda: cloudfront invalidator for www.example.com"
      + id          = (known after apply)
      + name        = "lambda-cloudfront-invalidator-www_example_com"
      + path        = "/"
      + policy      = (known after apply)
    }

  # module.s3-cloudfront-page.aws_iam_role.cloudfront_invalidator will be created
  + resource "aws_iam_role" "cloudfront_invalidator" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cloudfront-invalidator-www_example_com"
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.s3-cloudfront-page.aws_iam_role_policy_attachment.aws_lambda_basic_execution will be created
  + resource "aws_iam_role_policy_attachment" "aws_lambda_basic_execution" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
      + role       = "cloudfront-invalidator-www_example_com"
    }

  # module.s3-cloudfront-page.aws_iam_role_policy_attachment.cloudfront_invalidator will be created
  + resource "aws_iam_role_policy_attachment" "cloudfront_invalidator" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cloudfront-invalidator-www_example_com"
    }

  # module.s3-cloudfront-page.aws_lambda_function.cloudfront_invalidator will be created
  + resource "aws_lambda_function" "cloudfront_invalidator" {
      + arn                            = (known after apply)
      + filename                       = "../cloudfront-invalidator/lambda.zip"
      + function_name                  = "cloudfront_invalidator_www_example_com"
      + handler                        = "lambda.handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.6"
      + source_code_hash               = "VvBYnw7HLQV+KI69YTmA3n/b5/CBBYgpRmao4H5jr8I="
      + source_code_size               = (known after apply)
      + timeout                        = 3
      + version                        = (known after apply)

      + environment {
          + variables = (known after apply)
        }

      + tracing_config {
          + mode = (known after apply)
        }
    }

  # module.s3-cloudfront-page.aws_lambda_permission.cloudfront_invalidator will be created
  + resource "aws_lambda_permission" "cloudfront_invalidator" {
      + action        = "lambda:InvokeFunction"
      + function_name = (known after apply)
      + id            = (known after apply)
      + principal     = "s3.amazonaws.com"
      + source_arn    = (known after apply)
      + statement_id  = "AllowExecutionFromS3Bucket"
    }

  # module.s3-cloudfront-page.aws_s3_bucket.www will be created
  + resource "aws_s3_bucket" "www" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = "www.example.com"
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + policy                      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "s3:GetObject"
                      + Effect    = "Allow"
                      + Principal = "*"
                      + Resource  = "arn:aws:s3:::www.example.com/*"
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }

      + website {
          + error_document = "404.html"
          + index_document = "index.html"
        }
    }

  # module.s3-cloudfront-page.aws_s3_bucket_notification.www will be created
  + resource "aws_s3_bucket_notification" "www" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + lambda_function {
          + events              = [
              + "s3:ObjectCreated:*",
              + "s3:ObjectRemoved:*",
            ]
          + id                  = (known after apply)
          + lambda_function_arn = (known after apply)
        }
    }

  # module.s3-cloudfront-page.aws_s3_bucket_object.www["index.html"] will be created
  + resource "aws_s3_bucket_object" "www" {
      + acl                    = "private"
      + bucket                 = "www.example.com"
      + content_type           = "text/html"
      + etag                   = "8ddd8be4b179a529afa5f2ffae4b9858"
      + id                     = (known after apply)
      + key                    = "index.html"
      + server_side_encryption = (known after apply)
      + source                 = "./public/index.html"
      + storage_class          = (known after apply)
      + version_id             = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Workflow: Terraform, Action: hashicorpterraform-github-actions4, Working Directory: test

@github-actions
Copy link

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.s3-cloudfront-page.data.aws_iam_policy_document.cloudfront_invalidator will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "cloudfront_invalidator"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "cloudfront:CreateInvalidation",
            ]
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.s3-cloudfront-page.aws_acm_certificate.certificate will be created
  + resource "aws_acm_certificate" "certificate" {
      + arn                       = (known after apply)
      + domain_name               = "www.example.com"
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + subject_alternative_names = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "EMAIL"
    }

  # module.s3-cloudfront-page.aws_cloudfront_distribution.www_distribution will be created
  + resource "aws_cloudfront_distribution" "www_distribution" {
      + active_trusted_signers         = (known after apply)
      + aliases                        = [
          + "www.example.com",
        ]
      + arn                            = (known after apply)
      + caller_reference               = (known after apply)
      + default_root_object            = "index.html"
      + domain_name                    = (known after apply)
      + enabled                        = true
      + etag                           = (known after apply)
      + hosted_zone_id                 = (known after apply)
      + http_version                   = "http2"
      + id                             = (known after apply)
      + in_progress_validation_batches = (known after apply)
      + is_ipv6_enabled                = false
      + last_modified_time             = (known after apply)
      + price_class                    = "PriceClass_All"
      + retain_on_delete               = false
      + status                         = (known after apply)
      + wait_for_deployment            = true

      + default_cache_behavior {
          + allowed_methods        = [
              + "GET",
              + "HEAD",
            ]
          + cached_methods         = [
              + "GET",
              + "HEAD",
            ]
          + compress               = true
          + default_ttl            = 86400
          + max_ttl                = 31536000
          + min_ttl                = 0
          + target_origin_id       = "www.example.com"
          + viewer_protocol_policy = "redirect-to-https"

          + forwarded_values {
              + query_string = false

              + cookies {
                  + forward = "none"
                }
            }
        }

      + origin {
          + domain_name = (known after apply)
          + origin_id   = "www.example.com"

          + custom_origin_config {
              + http_port                = 80
              + https_port               = 443
              + origin_keepalive_timeout = 5
              + origin_protocol_policy   = "http-only"
              + origin_read_timeout      = 30
              + origin_ssl_protocols     = [
                  + "TLSv1",
                  + "TLSv1.1",
                  + "TLSv1.2",
                ]
            }
        }

      + restrictions {
          + geo_restriction {
              + restriction_type = "none"
            }
        }

      + viewer_certificate {
          + acm_certificate_arn      = (known after apply)
          + minimum_protocol_version = "TLSv1"
          + ssl_support_method       = "sni-only"
        }
    }

  # module.s3-cloudfront-page.aws_iam_policy.cloudfront_invalidator will be created
  + resource "aws_iam_policy" "cloudfront_invalidator" {
      + arn         = (known after apply)
      + description = "Custom policy for Lambda: cloudfront invalidator for www.example.com"
      + id          = (known after apply)
      + name        = "lambda-cloudfront-invalidator-www_example_com"
      + path        = "/"
      + policy      = (known after apply)
    }

  # module.s3-cloudfront-page.aws_iam_role.cloudfront_invalidator will be created
  + resource "aws_iam_role" "cloudfront_invalidator" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cloudfront-invalidator-www_example_com"
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.s3-cloudfront-page.aws_iam_role_policy_attachment.aws_lambda_basic_execution will be created
  + resource "aws_iam_role_policy_attachment" "aws_lambda_basic_execution" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
      + role       = "cloudfront-invalidator-www_example_com"
    }

  # module.s3-cloudfront-page.aws_iam_role_policy_attachment.cloudfront_invalidator will be created
  + resource "aws_iam_role_policy_attachment" "cloudfront_invalidator" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cloudfront-invalidator-www_example_com"
    }

  # module.s3-cloudfront-page.aws_lambda_function.cloudfront_invalidator will be created
  + resource "aws_lambda_function" "cloudfront_invalidator" {
      + arn                            = (known after apply)
      + filename                       = "../cloudfront-invalidator/lambda.zip"
      + function_name                  = "cloudfront_invalidator_www_example_com"
      + handler                        = "lambda.handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.6"
      + source_code_hash               = "VvBYnw7HLQV+KI69YTmA3n/b5/CBBYgpRmao4H5jr8I="
      + source_code_size               = (known after apply)
      + timeout                        = 3
      + version                        = (known after apply)

      + environment {
          + variables = (known after apply)
        }

      + tracing_config {
          + mode = (known after apply)
        }
    }

  # module.s3-cloudfront-page.aws_lambda_permission.cloudfront_invalidator will be created
  + resource "aws_lambda_permission" "cloudfront_invalidator" {
      + action        = "lambda:InvokeFunction"
      + function_name = (known after apply)
      + id            = (known after apply)
      + principal     = "s3.amazonaws.com"
      + source_arn    = (known after apply)
      + statement_id  = "AllowExecutionFromS3Bucket"
    }

  # module.s3-cloudfront-page.aws_s3_bucket.www will be created
  + resource "aws_s3_bucket" "www" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = "www.example.com"
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + policy                      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "s3:GetObject"
                      + Effect    = "Allow"
                      + Principal = "*"
                      + Resource  = "arn:aws:s3:::www.example.com/*"
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }

      + website {
          + error_document = "404.html"
          + index_document = "index.html"
        }
    }

  # module.s3-cloudfront-page.aws_s3_bucket_notification.www will be created
  + resource "aws_s3_bucket_notification" "www" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + lambda_function {
          + events              = [
              + "s3:ObjectCreated:*",
              + "s3:ObjectRemoved:*",
            ]
          + id                  = (known after apply)
          + lambda_function_arn = (known after apply)
        }
    }

  # module.s3-cloudfront-page.aws_s3_bucket_object.www["index.html"] will be created
  + resource "aws_s3_bucket_object" "www" {
      + acl                    = "private"
      + bucket                 = "www.example.com"
      + content_type           = "text/html"
      + etag                   = "8ddd8be4b179a529afa5f2ffae4b9858"
      + id                     = (known after apply)
      + key                    = "index.html"
      + server_side_encryption = (known after apply)
      + source                 = "./public/index.html"
      + storage_class          = (known after apply)
      + version_id             = (known after apply)
    }

Plan: 11 to add, 0 to change, 0 to destroy.

Workflow: Terraform, Action: hashicorpterraform-github-actions4, Working Directory: test

@udondan udondan merged commit 9be7cff into master Nov 15, 2019
@udondan udondan deleted the no-wildcard-cert branch November 15, 2019 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@udondan