From dff38ec0e89b47d2e26b3f5fb9a059b80e9f20ff Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Wed, 27 Aug 2025 18:02:31 -0300 Subject: [PATCH 1/4] Fixing name --- .../deployment/terraform/modules/aws/waf/aws_waf.tf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/waf/aws_waf.tf b/operations/deployment/terraform/modules/aws/waf/aws_waf.tf index d424f5ad..ca15025a 100644 --- a/operations/deployment/terraform/modules/aws/waf/aws_waf.tf +++ b/operations/deployment/terraform/modules/aws/waf/aws_waf.tf @@ -375,6 +375,10 @@ resource "aws_wafv2_web_acl_association" "waf_association" { resource_arn = var.aws_lb_resource_arn web_acl_arn = aws_wafv2_web_acl.waf[0].arn } +resource "aws_wafv2_web_acl_logging_configuration" "example" { + log_destination_configs = [aws_cloudwatch_log_group.example.arn] + resource_arn = aws_wafv2_web_acl.example.arn +} # WAF Logging Configuration (optional) resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { @@ -393,16 +397,17 @@ resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { name = "cookie" } } + depends_on = [ aws_cloudwatch_log_group.waf_log_group, aws_wafv2_web_acl.waf ] } # CloudWatch Log Group for WAF (optional) resource "aws_cloudwatch_log_group" "waf_log_group" { count = var.aws_waf_enable && var.aws_waf_logging_enable ? 1 : 0 - name = "/aws/wafv2/${var.aws_resource_identifier}" + name = "aws-waf-logs-${var.aws_resource_identifier}" retention_in_days = var.aws_waf_log_retention_days tags = { - Name = "${var.aws_resource_identifier}-waf-logs" + Name = "aws-waf-logs-${var.aws_resource_identifier}" } } From 6d8d77a263ac0a050d5b69a32cd261b919a3d39b Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Wed, 27 Aug 2025 18:14:12 -0300 Subject: [PATCH 2/4] Typo --- operations/deployment/terraform/modules/aws/waf/aws_waf.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/waf/aws_waf.tf b/operations/deployment/terraform/modules/aws/waf/aws_waf.tf index ca15025a..52fb2780 100644 --- a/operations/deployment/terraform/modules/aws/waf/aws_waf.tf +++ b/operations/deployment/terraform/modules/aws/waf/aws_waf.tf @@ -375,10 +375,6 @@ resource "aws_wafv2_web_acl_association" "waf_association" { resource_arn = var.aws_lb_resource_arn web_acl_arn = aws_wafv2_web_acl.waf[0].arn } -resource "aws_wafv2_web_acl_logging_configuration" "example" { - log_destination_configs = [aws_cloudwatch_log_group.example.arn] - resource_arn = aws_wafv2_web_acl.example.arn -} # WAF Logging Configuration (optional) resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { From 561834441b272bdcc2b5f147c9df2efacab7260e Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 28 Aug 2025 12:09:11 -0300 Subject: [PATCH 3/4] Adding dependency for http_redirect --- .../deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf index 899a5ae5..17bb6207 100644 --- a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf +++ b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf @@ -82,6 +82,7 @@ resource "aws_alb_listener" "lb_listener_ssl" { lifecycle { replace_triggered_by = [null_resource.http_redirect_dep.id] } + depends_on = [ aws_alb_listener.http_redirect ] } resource "aws_alb_listener" "lb_listener" { @@ -96,6 +97,7 @@ resource "aws_alb_listener" "lb_listener" { lifecycle { replace_triggered_by = [null_resource.http_redirect_dep.id] } + depends_on = [ aws_alb_listener.http_redirect ] } resource "aws_alb_listener_rule" "redirect_based_on_path" { @@ -122,7 +124,6 @@ resource "aws_alb_listener" "http_redirect" { default_action { - #type = var.aws_certificates_selected_arn != "" ? "redirect" : "forward" type = var.aws_certificate_enabled != "" ? "redirect" : "forward" target_group_arn = var.aws_certificates_selected_arn != "" ? null : aws_alb_target_group.lb_targets[0].id From 13636659f00c4c1a6b64f3430396c7be5a078db9 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 28 Aug 2025 12:28:43 -0300 Subject: [PATCH 4/4] Fixing aws_alb_listener http_redirect --- .../terraform/modules/aws/ecs/aws_ecs_networking.tf | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf index 17bb6207..3811f382 100644 --- a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf +++ b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf @@ -118,17 +118,17 @@ resource "aws_alb_listener_rule" "redirect_based_on_path" { resource "aws_alb_listener" "http_redirect" { count = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) ? 1 : 0 - load_balancer_arn = "${aws_alb.ecs_lb.id}" + load_balancer_arn = aws_alb.ecs_lb.id port = "80" protocol = "HTTP" default_action { - type = var.aws_certificate_enabled != "" ? "redirect" : "forward" - target_group_arn = var.aws_certificates_selected_arn != "" ? null : aws_alb_target_group.lb_targets[0].id + type = var.aws_certificate_enabled ? "redirect" : "forward" + target_group_arn = var.aws_certificate_enabled ? null : aws_alb_target_group.lb_targets[0].id dynamic "redirect" { - for_each = var.aws_certificates_selected_arn != "" ? [1] : [0] + for_each = var.aws_certificate_enabled ? [1] : [0] content { port = 443 protocol = "HTTPS" @@ -136,6 +136,10 @@ resource "aws_alb_listener" "http_redirect" { } } } + depends_on = [ + aws_alb.ecs_lb, + aws_alb_target_group.lb_targets + ] } resource "aws_security_group_rule" "incoming_alb_http" {