From b1ab9c333c01c144adcad4a3bfe17cdfabfdb169 Mon Sep 17 00:00:00 2001 From: Byungjin Park Date: Thu, 21 Sep 2023 18:25:52 +0900 Subject: [PATCH] Update comments --- modules/lattice-service-listener/README.md | 2 +- modules/lattice-service-listener/variables.tf | 3 +-- modules/lattice-service/README.md | 4 ++-- modules/lattice-service/outputs.tf | 3 +-- modules/lattice-service/variables.tf | 22 +++++++++++++++++-- 5 files changed, 25 insertions(+), 9 deletions(-) diff --git a/modules/lattice-service-listener/README.md b/modules/lattice-service-listener/README.md index 88d3df7..51d837a 100644 --- a/modules/lattice-service-listener/README.md +++ b/modules/lattice-service-listener/README.md @@ -46,7 +46,7 @@ This module creates following resources. | [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | | [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | | [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | -| [rules](#input\_rules) | (Optional) A list of rules to enable content-based routing to the target groups that make up the service. Each rule consists of a priority, one or more actions, and one or more conditions.
Each block of `rules` block as defined below.
(Required) `priority` - The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.
(Optional) `name` - A rule name can describe the purpose of the rule or the type of traffic it is intended to handle. Rule names can't be changed after creation. Defaults to `$(service)-$(priority)`.
(Required) `conditions` - The rule conditions. `conditions` block as defined below.
(Optional) `method` - The condition of HTTP request method. Valid values are `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`.
(Required) `path` - The condition of HTTP request path. `path` block as defined below.
(Required) `value` - The path pattern. The pattern must start with `/`.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP request path matches the conditions. Valid values are `EXACT`, `PREFIX`. Defaults to `PREFIX`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Optional) `headers` - The condition of HTTP request headers. Each block of `headers` as defined below.
(Required) `name` - The name of the HTTP header field.
(Required) `value` - The value of the HTTP header field.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP header matches the conditions. Valid values are `EXACT`, `PREFIX`, `CONTAINS`. Defaults to `EXACT`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Required) `action_type` - The action type for the rule of the service. Valid values are `FORWARD`, `FIXED_RESPONSE`.
(Optional) `action_parameters` - The configuration for the parameters of the routing action. `action_parameters` block as defined below.
(Optional) `status_code` - Custom HTTP status code to drop client requests and return a custom HTTP response. Valid values are `404`. Only supported if `action_type` is `FIXED_RESPONSE`.
(Optional) `destinations` - A list of one or more target groups to route traffic. Only supported if `action_type` is `FORWARD`. Each item of `destinations` block as defined below.
(Required) `target_group` - The ID or ARN of the target group to which to route traffic.
(Optional) `weight` - The weight to use routing traffic to `target_group`. how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. Valid value is `0` to `999`. Defaults to `100`. | 
list(object({
    priority = number
    name     = optional(string)

    conditions = object({
      method = optional(string)
      path = object({
        value          = string
        operator       = optional(string, "PREFIX")
        case_sensitive = optional(bool, false)
      })
      headers = optional(list(object({
        name           = string
        value          = string
        operator       = optional(string, "EXACT")
        case_sensitive = optional(bool, false)
      })), [])
    })

    action_type = string
    action_parameters = optional(object({
      status_code = optional(number, 404)
      destinations = optional(list(object({
        target_group = string
        weight       = optional(number, 100)
      })), [])
    }), {})
  }))
| `[]` | no | +| [rules](#input\_rules) | (Optional) A list of rules to enable content-based routing to the target groups that make up the service. Each rule consists of a priority, one or more actions, and one or more conditions. Each block of `rules` block as defined below.
(Required) `priority` - The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.
(Optional) `name` - A rule name can describe the purpose of the rule or the type of traffic it is intended to handle. Rule names can't be changed after creation. Defaults to `$(service)-$(priority)`.
(Required) `conditions` - The rule conditions. `conditions` block as defined below.
(Optional) `method` - The condition of HTTP request method. Valid values are `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`.
(Required) `path` - The condition of HTTP request path. `path` block as defined below.
(Required) `value` - The path pattern. The pattern must start with `/`.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP request path matches the conditions. Valid values are `EXACT`, `PREFIX`. Defaults to `PREFIX`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Optional) `headers` - The condition of HTTP request headers. Each block of `headers` as defined below.
(Required) `name` - The name of the HTTP header field.
(Required) `value` - The value of the HTTP header field.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP header matches the conditions. Valid values are `EXACT`, `PREFIX`, `CONTAINS`. Defaults to `EXACT`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Required) `action_type` - The action type for the rule of the service. Valid values are `FORWARD`, `FIXED_RESPONSE`.
(Optional) `action_parameters` - The configuration for the parameters of the routing action. `action_parameters` block as defined below.
(Optional) `status_code` - Custom HTTP status code to drop client requests and return a custom HTTP response. Valid values are `404`. Only supported if `action_type` is `FIXED_RESPONSE`.
(Optional) `destinations` - A list of one or more target groups to route traffic. Only supported if `action_type` is `FORWARD`. Each item of `destinations` block as defined below.
(Required) `target_group` - The ID or ARN of the target group to which to route traffic.
(Optional) `weight` - The weight to use routing traffic to `target_group`. how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. Valid value is `0` to `999`. Defaults to `100`. | 
list(object({
    priority = number
    name     = optional(string)

    conditions = object({
      method = optional(string)
      path = object({
        value          = string
        operator       = optional(string, "PREFIX")
        case_sensitive = optional(bool, false)
      })
      headers = optional(list(object({
        name           = string
        value          = string
        operator       = optional(string, "EXACT")
        case_sensitive = optional(bool, false)
      })), [])
    })

    action_type = string
    action_parameters = optional(object({
      status_code = optional(number, 404)
      destinations = optional(list(object({
        target_group = string
        weight       = optional(number, 100)
      })), [])
    }), {})
  }))
| `[]` | no | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | ## Outputs diff --git a/modules/lattice-service-listener/variables.tf b/modules/lattice-service-listener/variables.tf index 8ae63ff..8b1fbdd 100644 --- a/modules/lattice-service-listener/variables.tf +++ b/modules/lattice-service-listener/variables.tf @@ -86,8 +86,7 @@ variable "default_action_parameters" { variable "rules" { description = < [auth\_type](#input\_auth\_type) | (Optional) The type of authentication and authorization that manages client access to the service. Valid values are `AWS_IAM` or `NONE`. Defaults to `NONE`.
`NONE` - Authentication and authorization is turned off at the service level. Access to this service remains subject to the service network policy, if present. If a policy is not present, all traffic from VPCs associated to the service network is allowed.
`AWS_IAM` - Applies an AWS IAM resource policy on the service giving service owners the ability to enforce authentication and write fine grained permissions. This policy is evaluated in addition to any policy present at the service network. | `string` | `"NONE"` | no | | [custom\_domain](#input\_custom\_domain) | (Optional) The configuration for a custom domain name to use in addition to the domain name that is generated by VPC Lattice. For HTTPS requests, you must also specify an SSL/TLS certificate that matches the custom domain name. If you specify a custom domain name, you must configure DNS routing after your service is created. This is to map DNS queries for the custom domain name to the VPC Lattice endpoint. If you’re using Route 53 as your DNS service, you can configure a CNAME record within the hosted zone that you own. `custom_domain` as defined below.
(Required) `name` - The name of the custom domain. The custom domain name will be used in addition to the domain name that VPC Lattice generates for the service. You can't change the custom domain name after the service is created. For a custom domain name change, you would need to create a new service.
(Optional) `tls_certificate` - The ARN (Amazon Resource Name) of the SSL/TLS certificate. The certificate will be required to process HTTPS requests for the custom domain name. | 
object({
    name            = string
    tls_certificate = optional(string)
  })
| `null` | no | | [description](#input\_description) | (Optional) The description of the service. This creates a tag with a key of `Description` and a value that you specify. | `string` | `"Managed by Terraform."` | no | -| [listeners](#input\_listeners) | (Optional) The configuration to add one or more listeners for the service. Set up listeners and rules to define how network traffic is routed within the service. A listener is a process that checks for connection requests, using the protocol and port that you configure. Each listener has a default action, and you can optionally define rules to enable content-based routing to the target groups that make up your service. Each block of `listeners` as defined below.
(Required) `name` - The name of the service listener. The name must be unique within the service. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
(Optional) `port` - The number of port on which the listener of the service is listening. Valid values are from `1` to `65535`. If `port` is not specified and `protocol` is `HTTP`, the value will default to `80`. If `port` is not specified and `protocol` is `HTTPS`, the value will default to `443`.
(Required) `protocol` - The protocol for the service listener. Valid values are `HTTP` and `HTTPS`.
(Required) `default_action_type` - The type of default routing action. Default action apply to traffic that does not meet the conditions of rules on your listener. Rules can be configured after the listener is created. Valid values are `FORWARD`, `FIXED_RESPONSE`.
(Optional) `default_action_parameters` - The configuration for the parameters of the default routing action. `default_action_parameters` block as defined below.
(Optional) `status_code` - Custom HTTP status code to drop client requests and return a custom HTTP response. Valid values are `404`. Only supported if `default_action_type` is `FIXED_RESPONSE`.
(Optional) `destinations` - A list of one or more target groups to route traffic. Only supported if `default_action_type` is `FORWARD`. Each item of `destinations` block as defined below.
(Required) `target_group` - The ID or ARN of the target group to which to route traffic.
(Optional) `weight` - The weight to use routing traffic to `target_group`. how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. Valid value is `0` to `999`. Defaults to `100`.
(Optional) `rules` -
(Optional) `tags` - A map of tags to add to the service listeners. | 
list(object({
    name     = string
    port     = optional(number)
    protocol = string

    default_action_type = string
    default_action_parameters = optional(object({
      status_code = optional(number, 404)
      destinations = optional(list(object({
        target_group = string
        weight       = optional(number, 100)
      })), [])
    }), {})

    rules = optional(list(object({
      priority = number
      name     = optional(string)

      conditions = object({
        method = optional(string)
        path = object({
          value          = string
          operator       = optional(string, "PREFIX")
          case_sensitive = optional(bool, false)
        })
        headers = optional(list(object({
          name           = string
          value          = string
          operator       = optional(string, "EXACT")
          case_sensitive = optional(bool, false)
        })), [])
      })

      action_type = string
      action_parameters = optional(object({
        status_code = optional(number, 404)
        destinations = optional(list(object({
          target_group = string
          weight       = optional(number, 100)
        })), [])
      }), {})
    })), [])

    tags = optional(map(string), {})
  }))
| `[]` | no | +| [listeners](#input\_listeners) | (Optional) The configuration to add one or more listeners for the service. Set up listeners and rules to define how network traffic is routed within the service. A listener is a process that checks for connection requests, using the protocol and port that you configure. Each listener has a default action, and you can optionally define rules to enable content-based routing to the target groups that make up your service. Each block of `listeners` as defined below.
(Required) `name` - The name of the service listener. The name must be unique within the service. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.
(Optional) `port` - The number of port on which the listener of the service is listening. Valid values are from `1` to `65535`. If `port` is not specified and `protocol` is `HTTP`, the value will default to `80`. If `port` is not specified and `protocol` is `HTTPS`, the value will default to `443`.
(Required) `protocol` - The protocol for the service listener. Valid values are `HTTP` and `HTTPS`.
(Required) `default_action_type` - The type of default routing action. Default action apply to traffic that does not meet the conditions of rules on your listener. Rules can be configured after the listener is created. Valid values are `FORWARD`, `FIXED_RESPONSE`.
(Optional) `default_action_parameters` - The configuration for the parameters of the default routing action. `default_action_parameters` block as defined below.
(Optional) `status_code` - Custom HTTP status code to drop client requests and return a custom HTTP response. Valid values are `404`. Only supported if `default_action_type` is `FIXED_RESPONSE`.
(Optional) `destinations` - A list of one or more target groups to route traffic. Only supported if `default_action_type` is `FORWARD`. Each item of `destinations` block as defined below.
(Required) `target_group` - The ID or ARN of the target group to which to route traffic.
(Optional) `weight` - The weight to use routing traffic to `target_group`. how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. Valid value is `0` to `999`. Defaults to `100`.
(Optional) `rules` - A list of rules to enable content-based routing to the target groups that make up the service. Each rule consists of a priority, one or more actions, and one or more conditions. Each block of `rules` block as defined below.
(Required) `priority` - The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.
(Optional) `name` - A rule name can describe the purpose of the rule or the type of traffic it is intended to handle. Rule names can't be changed after creation. Defaults to `$(service)-$(priority)`.
(Required) `conditions` - The rule conditions. `conditions` block as defined below.
(Optional) `method` - The condition of HTTP request method. Valid values are `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`.
(Required) `path` - The condition of HTTP request path. `path` block as defined below.
(Required) `value` - The path pattern. The pattern must start with `/`.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP request path matches the conditions. Valid values are `EXACT`, `PREFIX`. Defaults to `PREFIX`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Optional) `headers` - The condition of HTTP request headers. Each block of `headers` as defined below.
(Required) `name` - The name of the HTTP header field.
(Required) `value` - The value of the HTTP header field.
(Optional) `operator` - The operator that you want to use to determine whether an HTTP header matches the conditions. Valid values are `EXACT`, `PREFIX`, `CONTAINS`. Defaults to `EXACT`.
(Optional) `case_sensitive` - Whether to match the `value` condition using a case-sensitive match. Defaults to `false`.
(Required) `action_type` - The action type for the rule of the service. Valid values are `FORWARD`, `FIXED_RESPONSE`.
(Optional) `action_parameters` - The configuration for the parameters of the routing action. `action_parameters` block as defined below.
(Optional) `status_code` - Custom HTTP status code to drop client requests and return a custom HTTP response. Valid values are `404`. Only supported if `action_type` is `FIXED_RESPONSE`.
(Optional) `destinations` - A list of one or more target groups to route traffic. Only supported if `action_type` is `FORWARD`. Each item of `destinations` block as defined below.
(Required) `target_group` - The ID or ARN of the target group to which to route traffic.
(Optional) `weight` - The weight to use routing traffic to `target_group`. how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. Valid value is `0` to `999`. Defaults to `100`.
(Optional) `tags` - A map of tags to add to the service listeners. | 
list(object({
    name     = string
    port     = optional(number)
    protocol = string

    default_action_type = string
    default_action_parameters = optional(object({
      status_code = optional(number, 404)
      destinations = optional(list(object({
        target_group = string
        weight       = optional(number, 100)
      })), [])
    }), {})

    rules = optional(list(object({
      priority = number
      name     = optional(string)

      conditions = object({
        method = optional(string)
        path = object({
          value          = string
          operator       = optional(string, "PREFIX")
          case_sensitive = optional(bool, false)
        })
        headers = optional(list(object({
          name           = string
          value          = string
          operator       = optional(string, "EXACT")
          case_sensitive = optional(bool, false)
        })), [])
      })

      action_type = string
      action_parameters = optional(object({
        status_code = optional(number, 404)
        destinations = optional(list(object({
          target_group = string
          weight       = optional(number, 100)
        })), [])
      }), {})
    })), [])

    tags = optional(map(string), {})
  }))
| `[]` | no | | [logging\_to\_cloudwatch](#input\_logging\_to\_cloudwatch) | (Optional) The configuration to enable access logs to be sent to Amazon CloudWatch Log Group. The service owner can use the access logs to audit the services in the network. The service owner will only see access logs from clients and services that are associated with their service. Access log entries represent traffic originated from VPCs associated with that network. `logging_to_cloudwatch` as defined below.
(Optional) `enabled` - Whether to enable access logs to be sent to Amazon CloudWatch Log Group.
(Optional) `log_group` - The ARN (Amazon Resource Name) of the CloudWatch Log Group. | 
object({
    enabled   = optional(bool, false)
    log_group = optional(string, "")
  })
| `{}` | no | | [logging\_to\_kinesis\_data\_firehose](#input\_logging\_to\_kinesis\_data\_firehose) | (Optional) The configuration to enable access logs to be sent to Amazon Kinesis Data Firehose. The service owner can use the access logs to audit the services in the network. The service owner will only see access logs from clients and services that are associated with their service. Access log entries represent traffic originated from VPCs associated with that network. `logging_to_kinesis_data_firehose` as defined below.
(Optional) `enabled` - Whether to enable access logs to be sent to Amazon Kinesis Data
Firehose.
(Optional) `delivery_stream` - The ARN (Amazon Resource Name) of the Kinesis Data Firehose
delivery stream. | 
object({
    enabled         = optional(bool, false)
    delivery_stream = optional(string, "")
  })
| `{}` | no | | [logging\_to\_s3](#input\_logging\_to\_s3) | (Optional) The configuration to enable access logs to be sent to Amazon S3 Bucket. The service owner can use the access logs to audit the services in the network. The service owner will only see access logs from clients and services that are associated with their service. Access log entries represent traffic originated from VPCs associated with that network. `logging_to_s3` as defined below.
(Optional) `enabled` - Whether to enable access logs to be sent to Amazon S3 Bucket.
(Optional) `bucket` - The ARN (Amazon Resource Name) of the S3 Bucket. | 
object({
    enabled = optional(bool, false)
    bucket  = optional(string, "")
  })
| `{}` | no | @@ -77,7 +77,7 @@ This module creates following resources. | [description](#output\_description) | The description of the service. | | [domain](#output\_domain) | The DNS name of the service. | | [id](#output\_id) | The ID of the service. | -| [listeners](#output\_listeners) | The configuration for listeners of the service.
`id` - The ID of the service listener.
`arn` - The ARN of the service listener.
`name` - The name of the service listener.
`port` - The number of port on which the listener of the service is listening.
`protocol` - The protocol for the service listener.
`default_action` - The configuration for default routing action of the service listener.
`rules` -
`created_at` - Date and time that the listener was created, specified in ISO-8601 format.
`updated_at` - Date and time that the listener was last updated, specified in ISO-8601 format. | +| [listeners](#output\_listeners) | The configuration for listeners of the service.
`id` - The ID of the service listener.
`arn` - The ARN of the service listener.
`name` - The name of the service listener.
`port` - The number of port on which the listener of the service is listening.
`protocol` - The protocol for the service listener.
`default_action` - The configuration for default routing action of the service listener.
`rules` - The list of rules to enable content-based routing to the target groups that make up the service.
`created_at` - Date and time that the listener was created, specified in ISO-8601 format.
`updated_at` - Date and time that the listener was last updated, specified in ISO-8601 format. | | [logging](#output\_logging) | The configuration for access logs of the service.
`cloudwatch` - The configuration for access logs to be sent to Amazon CloudWatch Log Group.
`kinesis_data_firehose` - The configuration for access logs to be sent to Amazon Kinesis Data Firehose Delivery Stream.
`s3` - The configuration for access logs to be sent to Amazon S3 BUcket. | | [name](#output\_name) | The name of the service. | | [service\_network\_associations](#output\_service\_network\_associations) | The configuration for the service network associations with the service.
`id` - The ID of the association.
`arn` - The ARN of the Association.
`status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.
`created_by` - The principal that created the association.

`service_network` - The ARN (Amazon Resource Name) of the service network. | diff --git a/modules/lattice-service/outputs.tf b/modules/lattice-service/outputs.tf index 61af11f..0b10a58 100644 --- a/modules/lattice-service/outputs.tf +++ b/modules/lattice-service/outputs.tf @@ -69,7 +69,6 @@ output "service_network_associations" { } } -# TODO: output "listeners" { description = <