From cfc9206185898020b151fa36577c99bef58c37bc Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 15 Nov 2024 13:55:06 +0000 Subject: [PATCH] Fix: Allow empty domain name list on `host_header_custom` alb rule * Add a check for domain names, where if it's not null but an empty list (required if you have another ecs service that does have a domain_names list), so that it doesn't attempt to create the rule --- ecs-cluster-infrastructure-service-alb.tf | 6 +++--- ecs-cluster-infrastructure-service-cloudfront.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ecs-cluster-infrastructure-service-alb.tf b/ecs-cluster-infrastructure-service-alb.tf index db11b1f..9534014 100644 --- a/ecs-cluster-infrastructure-service-alb.tf +++ b/ecs-cluster-infrastructure-service-alb.tf @@ -154,7 +154,7 @@ resource "aws_alb_listener" "infrastructure_ecs_cluster_service_https" { resource "aws_alb_listener_rule" "infrastructure_ecs_cluster_service_host_header" { for_each = { - for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] == null && service["container_port"] != 0 + for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] == null ? service["container_port"] != 0 : length(service["domain_names"]) == 0 && service["container_port"] != 0 } listener_arn = local.enable_infrastructure_wildcard_certificate ? aws_alb_listener.infrastructure_ecs_cluster_service_https[0].arn : aws_alb_listener.infrastructure_ecs_cluster_service_http[0].arn @@ -190,7 +190,7 @@ resource "aws_alb_listener_rule" "infrastructure_ecs_cluster_service_host_header resource "aws_alb_listener_rule" "infrastructure_ecs_cluster_service_host_header_custom" { for_each = { - for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] != null && service["container_port"] != 0 + for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] != null ? length(service["domain_names"]) > 0 : service["container_port"] != 0 } listener_arn = each.value["alb_tls_certificate_arn"] != null ? aws_alb_listener.infrastructure_ecs_cluster_service_https[0].arn : aws_alb_listener.infrastructure_ecs_cluster_service_http[0].arn @@ -226,7 +226,7 @@ resource "aws_alb_listener_rule" "infrastructure_ecs_cluster_service_host_header resource "aws_lb_listener_certificate" "service_shared_alb_certificate" { for_each = { - for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] != null && service["container_port"] != 0 && service["alb_tls_certificate_arn"] != null + for k, service in local.infrastructure_ecs_cluster_services : k => service if service["domain_names"] != null ? length(service["domain_names"]) > 0 && service["container_port"] != 0 && service["alb_tls_certificate_arn"] != null : false } listener_arn = aws_alb_listener.infrastructure_ecs_cluster_service_https[0].arn diff --git a/ecs-cluster-infrastructure-service-cloudfront.tf b/ecs-cluster-infrastructure-service-cloudfront.tf index 949dce9..9ba0b0e 100644 --- a/ecs-cluster-infrastructure-service-cloudfront.tf +++ b/ecs-cluster-infrastructure-service-cloudfront.tf @@ -14,7 +14,7 @@ resource "aws_cloudfront_distribution" "infrastructure_ecs_cluster_service_cloud } enabled = true - aliases = each.value["domain_names"] != null ? each.value["domain_names"] : ["${each.key}.${local.infrastructure_route53_domain}"] + aliases = each.value["domain_names"] != null ? length(each.value["domain_names"]) > 0 ? each.value["domain_names"] : ["${each.key}.${local.infrastructure_route53_domain}"] : ["${each.key}.${local.infrastructure_route53_domain}"] is_ipv6_enabled = true http_version = "http2and3" price_class = "PriceClass_100"