Update Amplify domain config (#12)

* updates * updates * updates * updates
cloudposse · Jul 27, 2023 · c495a4e · c495a4e
1 parent fa90481
commit c495a4e
Show file tree

Hide file tree

Showing 17 changed files with 214 additions and 232 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,13 +1,14 @@
 {
   "extends": [
     "config:base",
-    ":preserveSemverRanges"
+    ":preserveSemverRanges",
+    ":rebaseStalePrs"
   ],
-  "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+  "baseBranches": ["main"],
   "labels": ["auto-update"],
   "dependencyDashboardAutoclose": true,
   "enabledManagers": ["terraform"],
   "terraform": {
-    "ignorePaths": ["**/context.tf", "examples/**"]
+    "ignorePaths": ["**/context.tf"]
   }
 }
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write

diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/README.md b/README.md
@@ -88,10 +88,6 @@ We highly recommend that in your code you pin the version to the exact version y
 using so that your infrastructure remains stable, and update versions in a
 systematic way so that they do not catch you by surprise.
 
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
 
 For a complete example, see [examples/complete](examples/complete).
 
@@ -192,20 +188,21 @@ module "amplify_app" {
     }
   }
 
-  domain_config = {
-    domain_name            = "test.net"
-    enable_auto_sub_domain = true
-    wait_for_verification  = false
-    sub_domain = [
-      {
-        branch_name = "main"
-        prefix      = ""
-      },
-      {
-        branch_name = "dev"
-        prefix      = "dev"
-      }
-    ]
+  domains = {
+    "test.net" = {
+      enable_auto_sub_domain = true
+      wait_for_verification  = false
+      sub_domain = [
+        {
+          branch_name = "main"
+          prefix      = ""
+        },
+        {
+          branch_name = "dev"
+          prefix      = "dev"
+        }
+      ]
+    }
   }
 
   context = module.label.context
@@ -252,7 +249,7 @@ Available targets:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_role"></a> [role](#module\_role) | cloudposse/iam-role/aws | 0.17.0 |
+| <a name="module_role"></a> [role](#module\_role) | cloudposse/iam-role/aws | 0.18.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources
@@ -282,7 +279,8 @@ Available targets:
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description for the Amplify app | `string` | `null` | no |
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
-| <a name="input_domain_config"></a> [domain\_config](#input\_domain\_config) | Amplify custom domain configuration | <pre>object({<br>    domain_name            = string<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_domain_config"></a> [domain\_config](#input\_domain\_config) | DEPRECATED: Use the `domains` variable instead.<br>Amplify custom domain configuration. | <pre>object({<br>    domain_name            = string<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_domains"></a> [domains](#input\_domains) | Amplify custom domain configurations | <pre>map(object({<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  }))</pre> | `null` | no |
 | <a name="input_enable_auto_branch_creation"></a> [enable\_auto\_branch\_creation](#input\_enable\_auto\_branch\_creation) | Enables automated branch creation for the Amplify app | `bool` | `false` | no |
 | <a name="input_enable_basic_auth"></a> [enable\_basic\_auth](#input\_enable\_basic\_auth) | Enables basic authorization for the Amplify app.<br>This will apply to all branches that are part of this app. | `bool` | `false` | no |
 | <a name="input_enable_branch_auto_build"></a> [enable\_branch\_auto\_build](#input\_enable\_branch\_auto\_build) | Enables auto-building of branches for the Amplify App | `bool` | `true` | no |
@@ -317,11 +315,9 @@ Available targets:
 | <a name="output_backend_environments"></a> [backend\_environments](#output\_backend\_environments) | Created backend environments |
 | <a name="output_branch_names"></a> [branch\_names](#output\_branch\_names) | The names of the created Amplify branches |
 | <a name="output_default_domain"></a> [default\_domain](#output\_default\_domain) | Amplify App domain (non-custom) |
-| <a name="output_domain_association_arn"></a> [domain\_association\_arn](#output\_domain\_association\_arn) | ARN of the domain association |
-| <a name="output_domain_association_certificate_verification_dns_record"></a> [domain\_association\_certificate\_verification\_dns\_record](#output\_domain\_association\_certificate\_verification\_dns\_record) | The DNS record for certificate verification |
+| <a name="output_domain_associations"></a> [domain\_associations](#output\_domain\_associations) | Created domain associations |
 | <a name="output_id"></a> [id](#output\_id) | Amplify App Id |
 | <a name="output_name"></a> [name](#output\_name) | Amplify App name |
-| <a name="output_sub_domains"></a> [sub\_domains](#output\_sub\_domains) | DNS records and the verified status for the subdomains |
 | <a name="output_webhooks"></a> [webhooks](#output\_webhooks) | Created webhooks |
 <!-- markdownlint-restore -->
 

diff --git a/README.yaml b/README.yaml
@@ -177,20 +177,21 @@ usage: |-
       }
     }
 
-    domain_config = {
-      domain_name            = "test.net"
-      enable_auto_sub_domain = true
-      wait_for_verification  = false
-      sub_domain = [
-        {
-          branch_name = "main"
-          prefix      = ""
-        },
-        {
-          branch_name = "dev"
-          prefix      = "dev"
-        }
-      ]
+    domains = {
+      "test.net" = {
+        enable_auto_sub_domain = true
+        wait_for_verification  = false
+        sub_domain = [
+          {
+            branch_name = "main"
+            prefix      = ""
+          },
+          {
+            branch_name = "dev"
+            prefix      = "dev"
+          }
+        ]
+      }
     }
 
     context = module.label.context

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_role"></a> [role](#module\_role) | cloudposse/iam-role/aws | 0.17.0 |
+| <a name="module_role"></a> [role](#module\_role) | cloudposse/iam-role/aws | 0.18.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources
@@ -46,7 +46,8 @@
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description for the Amplify app | `string` | `null` | no |
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
-| <a name="input_domain_config"></a> [domain\_config](#input\_domain\_config) | Amplify custom domain configuration | <pre>object({<br>    domain_name            = string<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_domain_config"></a> [domain\_config](#input\_domain\_config) | DEPRECATED: Use the `domains` variable instead.<br>Amplify custom domain configuration. | <pre>object({<br>    domain_name            = string<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  })</pre> | `null` | no |
+| <a name="input_domains"></a> [domains](#input\_domains) | Amplify custom domain configurations | <pre>map(object({<br>    enable_auto_sub_domain = optional(bool, false)<br>    wait_for_verification  = optional(bool, false)<br>    sub_domain = list(object({<br>      branch_name = string<br>      prefix      = string<br>    }))<br>  }))</pre> | `null` | no |
 | <a name="input_enable_auto_branch_creation"></a> [enable\_auto\_branch\_creation](#input\_enable\_auto\_branch\_creation) | Enables automated branch creation for the Amplify app | `bool` | `false` | no |
 | <a name="input_enable_basic_auth"></a> [enable\_basic\_auth](#input\_enable\_basic\_auth) | Enables basic authorization for the Amplify app.<br>This will apply to all branches that are part of this app. | `bool` | `false` | no |
 | <a name="input_enable_branch_auto_build"></a> [enable\_branch\_auto\_build](#input\_enable\_branch\_auto\_build) | Enables auto-building of branches for the Amplify App | `bool` | `true` | no |
@@ -81,10 +82,8 @@
 | <a name="output_backend_environments"></a> [backend\_environments](#output\_backend\_environments) | Created backend environments |
 | <a name="output_branch_names"></a> [branch\_names](#output\_branch\_names) | The names of the created Amplify branches |
 | <a name="output_default_domain"></a> [default\_domain](#output\_default\_domain) | Amplify App domain (non-custom) |
-| <a name="output_domain_association_arn"></a> [domain\_association\_arn](#output\_domain\_association\_arn) | ARN of the domain association |
-| <a name="output_domain_association_certificate_verification_dns_record"></a> [domain\_association\_certificate\_verification\_dns\_record](#output\_domain\_association\_certificate\_verification\_dns\_record) | The DNS record for certificate verification |
+| <a name="output_domain_associations"></a> [domain\_associations](#output\_domain\_associations) | Created domain associations |
 | <a name="output_id"></a> [id](#output\_id) | Amplify App Id |
 | <a name="output_name"></a> [name](#output\_name) | Amplify App name |
-| <a name="output_sub_domains"></a> [sub\_domains](#output\_sub\_domains) | DNS records and the verified status for the subdomains |
 | <a name="output_webhooks"></a> [webhooks](#output\_webhooks) | Created webhooks |
 <!-- markdownlint-restore -->
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
@@ -99,18 +99,33 @@ environments = {
   }
 }
 
-domain_config = {
-  domain_name            = "test.net"
-  enable_auto_sub_domain = true
-  wait_for_verification  = false
-  sub_domain = [
-    {
-      branch_name = "main"
-      prefix      = ""
-    },
-    {
-      branch_name = "dev"
-      prefix      = "dev"
-    }
-  ]
+domains = {
+  "test.net" = {
+    enable_auto_sub_domain = true
+    wait_for_verification  = false
+    sub_domain = [
+      {
+        branch_name = "main"
+        prefix      = ""
+      },
+      {
+        branch_name = "dev"
+        prefix      = "dev"
+      }
+    ]
+  }
+  "test.io" = {
+    enable_auto_sub_domain = true
+    wait_for_verification  = false
+    sub_domain = [
+      {
+        branch_name = "main"
+        prefix      = ""
+      },
+      {
+        branch_name = "dev"
+        prefix      = "dev"
+      }
+    ]
+  }
 }
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -25,7 +25,7 @@ module "amplify_app" {
   iam_service_role_arn          = var.iam_service_role_arn
   iam_service_role_actions      = var.iam_service_role_actions
   environments                  = var.environments
-  domain_config                 = var.domain_config
+  domains                       = var.domains
 
   context = module.this.context
 }
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -28,17 +28,7 @@ output "webhooks" {
   value       = module.amplify_app.webhooks
 }
 
-output "domain_association_arn" {
-  description = "ARN of the domain association"
-  value       = module.amplify_app.domain_association_arn
-}
-
-output "domain_association_certificate_verification_dns_record" {
-  description = "The DNS record for certificate verification"
-  value       = module.amplify_app.domain_association_certificate_verification_dns_record
-}
-
-output "sub_domains" {
-  description = "DNS records and the verified status for the subdomains"
-  value       = module.amplify_app.sub_domains
+output "domain_associations" {
+  description = "Created domain associations"
+  value       = module.amplify_app.domain_associations
 }
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -175,16 +175,15 @@ variable "environments" {
   nullable    = false
 }
 
-variable "domain_config" {
-  type = object({
-    domain_name            = string
+variable "domains" {
+  type = map(object({
     enable_auto_sub_domain = optional(bool, false)
     wait_for_verification  = optional(bool, false)
     sub_domain = list(object({
       branch_name = string
       prefix      = string
     }))
-  })
-  description = "Amplify custom domain configuration"
+  }))
+  description = "Amplify custom domain configurations"
   default     = null
 }
diff --git a/iam.tf b/iam.tf
@@ -96,7 +96,7 @@ data "aws_iam_policy_document" "default" {
 
 module "role" {
   source  = "cloudposse/iam-role/aws"
-  version = "0.17.0"
+  version = "0.18.0"
 
   enabled = local.create_iam_role
 

diff --git a/main.tf b/main.tf
@@ -2,6 +2,8 @@ locals {
   enabled = module.this.enabled
 
   environments = { for k, v in var.environments : k => v if local.enabled }
+
+  domains = merge(local.domain_config, { for k, v in var.domains : k => v if local.enabled })
 }
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_app
@@ -94,15 +96,15 @@ resource "aws_amplify_branch" "default" {
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association
 resource "aws_amplify_domain_association" "default" {
-  count = local.enabled && var.domain_config != null ? 1 : 0
+  for_each = local.domains
 
   app_id                 = one(aws_amplify_app.default[*].id)
-  domain_name            = lookup(var.domain_config, "domain_name")
-  enable_auto_sub_domain = lookup(var.domain_config, "enable_auto_sub_domain", null)
-  wait_for_verification  = lookup(var.domain_config, "wait_for_verification", null)
+  domain_name            = each.key
+  enable_auto_sub_domain = lookup(each.value, "enable_auto_sub_domain", null)
+  wait_for_verification  = lookup(each.value, "wait_for_verification", null)
 
   dynamic "sub_domain" {
-    for_each = lookup(var.domain_config, "sub_domain")
+    for_each = lookup(each.value, "sub_domain")
 
     content {
       branch_name = aws_amplify_branch.default[sub_domain.value.branch_name].branch_name

diff --git a/outputs.tf b/outputs.tf
@@ -33,17 +33,7 @@ output "webhooks" {
   value       = aws_amplify_webhook.default
 }
 
-output "domain_association_arn" {
-  description = "ARN of the domain association"
-  value       = one(aws_amplify_domain_association.default[*].arn)
-}
-
-output "domain_association_certificate_verification_dns_record" {
-  description = "The DNS record for certificate verification"
-  value       = one(aws_amplify_domain_association.default[*].certificate_verification_dns_record)
-}
-
-output "sub_domains" {
-  description = "DNS records and the verified status for the subdomains"
-  value       = one(aws_amplify_domain_association.default[*].sub_domain)
+output "domain_associations" {
+  description = "Created domain associations"
+  value       = aws_amplify_domain_association.default
 }