├── .pre-commit-config.yaml ├── LICENSE ├── README.md ├── context.tf ├── examples └── complete │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # To use: 2 | # brew install pre-commit gawk terraform-docs tflint coreutils 3 | repos: 4 | - repo: git://github.com/antonbabenko/pre-commit-terraform 5 | rev: v1.50.0 6 | hooks: 7 | - id: terraform_fmt 8 | - id: terraform_validate 9 | args: ['--envs=AWS_DEFAULT_REGION="us-west-2"'] 10 | - id: terraform_docs 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Masterpoint 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Masterpoint Logo](https://i.imgur.com/RDLnuQO.png)](https://masterpoint.io) 2 | 3 | # NOTE! This module is no longer maintained. 4 | 5 | This module is old and the good folks at [Cloud Posse](https://cloudposse.com/) have built a better module, so we're sunsetting this module in favor of using that one. Check it out here: https://github.com/cloudposse/terraform-aws-amplify-app 6 | 7 | Reach out if you have any issues - Thanks! 8 | 9 | # terraform-aws-amplify-app (Archived) 10 | 11 | A Terraform module for building simple Amplify apps. This creates the `master` and `develop` branches, sets up the domain association, and creates webhooks for both branches. 12 | 13 | ## Usage 14 | 15 | ```hcl 16 | module "amplify" { 17 | source = "git::https://github.com/masterpointio/terraform-aws-amplify-app.git?ref=tags/0.1.0" 18 | 19 | namespace = var.namespace 20 | stage = var.stage 21 | name = "mattgowie" 22 | organization = "Gowiem" 23 | repo = "mattgowie.com" 24 | gh_access_token = var.gh_access_token 25 | domain_name = "mattgowie.com" 26 | description = "The Personal site of Matt Gowie." 27 | enable_basic_auth_on_master = false 28 | enable_basic_auth_on_develop = true 29 | basic_auth_username = var.basic_auth_username 30 | basic_auth_password = var.basic_auth_password 31 | develop_pull_request_preview = true 32 | 33 | custom_rules = [{ 34 | source = "https://www.mattgowie.com" 35 | target = "https://mattgowie.com" 36 | status = "301" 37 | condition = null 38 | }, { 39 | source = "/<*>" 40 | target = "/index.html" 41 | status = "404" 42 | condition = null 43 | }] 44 | } 45 | ``` 46 | 47 | ## Credits 48 | 49 | 1. [@k24d](https://github.com/k24d)'s creation of the Amplify Resources for the AWS Provider! 50 | 1. [cloudposse/terraform-null-label](https://github.com/cloudposse/terraform-null-label) 51 | 52 | 53 | ## Requirements 54 | 55 | | Name | Version | 56 | |------|---------| 57 | | [terraform](#requirement\_terraform) | >= 0.14.0 | 58 | | [aws](#requirement\_aws) | ~> 3.32 | 59 | | [local](#requirement\_local) | ~> 2.1 | 60 | 61 | ## Providers 62 | 63 | | Name | Version | 64 | |------|---------| 65 | | [aws](#provider\_aws) | ~> 3.32 | 66 | 67 | ## Modules 68 | 69 | | Name | Source | Version | 70 | |------|--------|---------| 71 | | [develop\_branch\_label](#module\_develop\_branch\_label) | cloudposse/label/null | 0.24.1 | 72 | | [master\_branch\_label](#module\_master\_branch\_label) | cloudposse/label/null | 0.24.1 | 73 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | 74 | 75 | ## Resources 76 | 77 | | Name | Type | 78 | |------|------| 79 | | [aws_amplify_app.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_app) | resource | 80 | | [aws_amplify_backend_environment.develop](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_backend_environment) | resource | 81 | | [aws_amplify_backend_environment.master](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_backend_environment) | resource | 82 | | [aws_amplify_branch.develop](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_branch) | resource | 83 | | [aws_amplify_branch.master](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_branch) | resource | 84 | | [aws_amplify_domain_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association) | resource | 85 | | [aws_amplify_webhook.develop](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_webhook) | resource | 86 | | [aws_amplify_webhook.master](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_webhook) | resource | 87 | | [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | 88 | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | 89 | 90 | ## Inputs 91 | 92 | | Name | Description | Type | Default | Required | 93 | |------|-------------|------|---------|:--------:| 94 | | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | 95 | | [amplify\_service\_role\_enabled](#input\_amplify\_service\_role\_enabled) | Whether to enable the IAM Service Role for Amplify or not. See https://docs.aws.amazon.com/amplify/latest/userguide/how-to-service-role-amplify-console.html for full details. | `bool` | `false` | no | 96 | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | 97 | | [basic\_auth\_password](#input\_basic\_auth\_password) | The password to use for the basic auth configuration. | `string` | n/a | yes | 98 | | [basic\_auth\_username](#input\_basic\_auth\_username) | The username to use for the basic auth configuration. | `string` | n/a | yes | 99 | | [build\_spec\_content](#input\_build\_spec\_content) | Your build spec file contents. If not provided then it will use the `amplify.yml` at the root of your project / branch. | `string` | `""` | no | 100 | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | 
object({
    enabled             = bool
    namespace           = string
    environment         = string
    stage               = string
    name                = string
    delimiter           = string
    attributes          = list(string)
    tags                = map(string)
    additional_tag_map  = map(string)
    regex_replace_chars = string
    label_order         = list(string)
    id_length_limit     = number
  })
| 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_order": [],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | 101 | | [custom\_rules](#input\_custom\_rules) | The custom rules to apply to the Amplify App. | 
list(object({
    source    = string # Required
    target    = string # Required
    status    = any    # Use null if not passing
    condition = any    # Use null if not passing
  }))
| `[]` | no | 102 | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | 103 | | [description](#input\_description) | The description to associate with the Amplify App. | `string` | n/a | yes | 104 | | [develop\_backend\_environment\_enabled](#input\_develop\_backend\_environment\_enabled) | Whether to create the backend environment for develop or not. | `bool` | `false` | no | 105 | | [develop\_branch\_name](#input\_develop\_branch\_name) | The name of the 'develop'-like branch that you'd like to use. | `string` | `"develop"` | no | 106 | | [develop\_environment\_variables](#input\_develop\_environment\_variables) | Environment variables for the develop branch. | `map(string)` | `{}` | no | 107 | | [develop\_pull\_request\_preview](#input\_develop\_pull\_request\_preview) | Whether to enable preview on PR's into develop. | `bool` | `true` | no | 108 | | [domain\_name](#input\_domain\_name) | The Custom Domain Name to associate with this Amplify App. | `string` | `""` | no | 109 | | [enable\_basic\_auth\_globally](#input\_enable\_basic\_auth\_globally) | To enable basic auth for all branches or not. | `bool` | `false` | no | 110 | | [enable\_basic\_auth\_on\_develop](#input\_enable\_basic\_auth\_on\_develop) | To enable basic auth on the develop branch subdomain or not. | `bool` | `true` | no | 111 | | [enable\_basic\_auth\_on\_master](#input\_enable\_basic\_auth\_on\_master) | To enable basic auth the root subdomain or not. | `bool` | `false` | no | 112 | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | 113 | | [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | 114 | | [gh\_access\_token](#input\_gh\_access\_token) | Personal Access token for 3rd party source control system for an Amplify App, used to create webhook and read-only deploy key. Token is not stored. | `string` | n/a | yes | 115 | | [global\_environment\_variables](#input\_global\_environment\_variables) | Environment variables that are set across all branches. | `map(string)` | `{}` | no | 116 | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | 117 | | [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | 118 | | [master\_backend\_environment\_enabled](#input\_master\_backend\_environment\_enabled) | Whether to create the backend environment for master or not. | `bool` | `false` | no | 119 | | [master\_branch\_name](#input\_master\_branch\_name) | The name of the 'master'-like branch that you'd like to use. | `string` | `"master"` | no | 120 | | [master\_environment\_variables](#input\_master\_environment\_variables) | Environment variables for the master branch. | `map(string)` | `{}` | no | 121 | | [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | 122 | | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | 123 | | [organization](#input\_organization) | The GitHub organization or user where the repo lives. | `string` | n/a | yes | 124 | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | 125 | | [repo](#input\_repo) | The name of the repo that the Amplify App will be created around. | `string` | n/a | yes | 126 | | [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | 127 | | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | 128 | 129 | ## Outputs 130 | 131 | | Name | Description | 132 | |------|-------------| 133 | | [arn](#output\_arn) | The ARN of the main Amplify resource. | 134 | | [custom\_domains](#output\_custom\_domains) | List of custom domains that are associated with this resource (if any). | 135 | | [default\_domain](#output\_default\_domain) | The amplify domain (non-custom). | 136 | | [develop\_webhook\_arn](#output\_develop\_webhook\_arn) | The ARN of the develop webhook. | 137 | | [develop\_webhook\_url](#output\_develop\_webhook\_url) | The URL of the develop webhook. | 138 | | [domain\_association\_arn](#output\_domain\_association\_arn) | The ARN of the domain association resource. | 139 | | [master\_webhook\_arn](#output\_master\_webhook\_arn) | The ARN of the master webhook. | 140 | | [master\_webhook\_url](#output\_master\_webhook\_url) | The URL of the master webhook. | 141 | 142 | -------------------------------------------------------------------------------- /context.tf: -------------------------------------------------------------------------------- 1 | # 2 | # ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label 3 | # All other instances of this file should be a copy of that one 4 | # 5 | # 6 | # Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf 7 | # and then place it in your Terraform module to automatically get 8 | # Cloud Posse's standard configuration inputs suitable for passing 9 | # to Cloud Posse modules. 10 | # 11 | # Modules should access the whole context as `module.this.context` 12 | # to get the input variables with nulls for defaults, 13 | # for example `context = module.this.context`, 14 | # and access individual variables as `module.this.`, 15 | # with final values filled in. 16 | # 17 | # For example, when using defaults, `module.this.context.delimiter` 18 | # will be null, and `module.this.delimiter` will be `-` (hyphen). 19 | # 20 | 21 | module "this" { 22 | source = "cloudposse/label/null" 23 | version = "0.24.1" # requires Terraform >= 0.13.0 24 | 25 | enabled = var.enabled 26 | namespace = var.namespace 27 | environment = var.environment 28 | stage = var.stage 29 | name = var.name 30 | delimiter = var.delimiter 31 | attributes = var.attributes 32 | tags = var.tags 33 | additional_tag_map = var.additional_tag_map 34 | label_order = var.label_order 35 | regex_replace_chars = var.regex_replace_chars 36 | id_length_limit = var.id_length_limit 37 | 38 | context = var.context 39 | } 40 | 41 | # Copy contents of cloudposse/terraform-null-label/variables.tf here 42 | 43 | variable "context" { 44 | type = object({ 45 | enabled = bool 46 | namespace = string 47 | environment = string 48 | stage = string 49 | name = string 50 | delimiter = string 51 | attributes = list(string) 52 | tags = map(string) 53 | additional_tag_map = map(string) 54 | regex_replace_chars = string 55 | label_order = list(string) 56 | id_length_limit = number 57 | }) 58 | default = { 59 | enabled = true 60 | namespace = null 61 | environment = null 62 | stage = null 63 | name = null 64 | delimiter = null 65 | attributes = [] 66 | tags = {} 67 | additional_tag_map = {} 68 | regex_replace_chars = null 69 | label_order = [] 70 | id_length_limit = null 71 | } 72 | description = <<-EOT 73 | Single object for setting entire context at once. 74 | See description of individual variables for details. 75 | Leave string and numeric variables as `null` to use default value. 76 | Individual variable settings (non-null) override settings in context object, 77 | except for attributes, tags, and additional_tag_map, which are merged. 78 | EOT 79 | } 80 | 81 | variable "enabled" { 82 | type = bool 83 | default = null 84 | description = "Set to false to prevent the module from creating any resources" 85 | } 86 | 87 | variable "namespace" { 88 | type = string 89 | default = null 90 | description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" 91 | } 92 | 93 | variable "environment" { 94 | type = string 95 | default = null 96 | description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" 97 | } 98 | 99 | variable "stage" { 100 | type = string 101 | default = null 102 | description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" 103 | } 104 | 105 | variable "name" { 106 | type = string 107 | default = null 108 | description = "Solution name, e.g. 'app' or 'jenkins'" 109 | } 110 | 111 | variable "delimiter" { 112 | type = string 113 | default = null 114 | description = <<-EOT 115 | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. 116 | Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. 117 | EOT 118 | } 119 | 120 | variable "attributes" { 121 | type = list(string) 122 | default = [] 123 | description = "Additional attributes (e.g. `1`)" 124 | } 125 | 126 | variable "tags" { 127 | type = map(string) 128 | default = {} 129 | description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" 130 | } 131 | 132 | variable "additional_tag_map" { 133 | type = map(string) 134 | default = {} 135 | description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." 136 | } 137 | 138 | variable "label_order" { 139 | type = list(string) 140 | default = null 141 | description = <<-EOT 142 | The naming order of the id output and Name tag. 143 | Defaults to ["namespace", "environment", "stage", "name", "attributes"]. 144 | You can omit any of the 5 elements, but at least one must be present. 145 | EOT 146 | } 147 | 148 | variable "regex_replace_chars" { 149 | type = string 150 | default = null 151 | description = <<-EOT 152 | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. 153 | If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. 154 | EOT 155 | } 156 | 157 | variable "id_length_limit" { 158 | type = number 159 | default = null 160 | description = <<-EOT 161 | Limit `id` to this many characters. 162 | Set to `0` for unlimited length. 163 | Set to `null` for default, which is `0`. 164 | Does not affect `id_full`. 165 | EOT 166 | } 167 | 168 | #### End of copy of cloudposse/terraform-null-label/variables.tf 169 | -------------------------------------------------------------------------------- /examples/complete/main.tf: -------------------------------------------------------------------------------- 1 | # complete.tf 2 | -------------------------------------------------------------------------------- /examples/complete/outputs.tf: -------------------------------------------------------------------------------- 1 | # complete.tf 2 | -------------------------------------------------------------------------------- /examples/complete/variables.tf: -------------------------------------------------------------------------------- 1 | # complete.tf 2 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | basic_auth_creds = try(base64encode("${var.basic_auth_username}:${var.basic_auth_password}"), null) 3 | } 4 | 5 | module "master_branch_label" { 6 | source = "cloudposse/label/null" 7 | version = "0.24.1" 8 | 9 | attributes = concat(var.attributes, ["master"]) 10 | 11 | context = module.this.context 12 | } 13 | 14 | module "develop_branch_label" { 15 | source = "cloudposse/label/null" 16 | version = "0.24.1" 17 | 18 | attributes = concat(var.attributes, ["develop"]) 19 | 20 | context = module.this.context 21 | } 22 | 23 | data "aws_iam_policy_document" "assume_role" { 24 | count = module.this.enabled && var.amplify_service_role_enabled ? 1 : 0 25 | 26 | statement { 27 | effect = "Allow" 28 | actions = ["sts:AssumeRole"] 29 | 30 | principals { 31 | type = "Service" 32 | identifiers = ["amplify.amazonaws.com"] 33 | } 34 | } 35 | } 36 | 37 | resource "aws_iam_role" "default" { 38 | count = module.this.enabled && var.amplify_service_role_enabled ? 1 : 0 39 | 40 | name = module.this.id 41 | assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json) 42 | managed_policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"] 43 | tags = module.this.tags 44 | } 45 | 46 | resource "aws_amplify_app" "this" { 47 | name = module.this.id 48 | description = var.description != null ? var.description : "Amplify App for the github.com/${var.organization}/${var.repo} project." 49 | repository = "https://github.com/${var.organization}/${var.repo}" 50 | access_token = var.gh_access_token 51 | enable_branch_auto_build = true 52 | build_spec = var.build_spec_content != "" ? var.build_spec_content : null 53 | environment_variables = var.global_environment_variables 54 | iam_service_role_arn = var.amplify_service_role_enabled ? aws_iam_role.default[0].arn : null 55 | tags = module.this.tags 56 | 57 | enable_basic_auth = var.enable_basic_auth_globally 58 | basic_auth_credentials = local.basic_auth_creds 59 | 60 | dynamic "custom_rule" { 61 | for_each = var.custom_rules 62 | iterator = rule 63 | 64 | content { 65 | source = rule.value.source 66 | target = rule.value.target 67 | status = rule.value.status 68 | condition = lookup(rule.value, "condition", null) 69 | } 70 | } 71 | 72 | lifecycle { 73 | ignore_changes = [platform, custom_rule] 74 | } 75 | } 76 | 77 | resource "aws_amplify_branch" "master" { 78 | app_id = aws_amplify_app.this.id 79 | branch_name = var.master_branch_name 80 | display_name = module.master_branch_label.id 81 | tags = module.master_branch_label.tags 82 | backend_environment_arn = var.master_backend_environment_enabled ? aws_amplify_backend_environment.master[0].arn : null 83 | 84 | environment_variables = var.master_environment_variables 85 | 86 | enable_basic_auth = var.enable_basic_auth_on_master 87 | basic_auth_credentials = local.basic_auth_creds 88 | 89 | lifecycle { 90 | ignore_changes = [framework] 91 | } 92 | } 93 | 94 | resource "aws_amplify_branch" "develop" { 95 | app_id = aws_amplify_app.this.id 96 | branch_name = var.develop_branch_name 97 | display_name = module.develop_branch_label.id 98 | enable_pull_request_preview = var.develop_pull_request_preview 99 | tags = module.develop_branch_label.tags 100 | backend_environment_arn = var.develop_backend_environment_enabled ? aws_amplify_backend_environment.develop[0].arn : null 101 | 102 | environment_variables = var.develop_environment_variables 103 | 104 | enable_basic_auth = var.enable_basic_auth_on_develop 105 | basic_auth_credentials = local.basic_auth_creds 106 | 107 | lifecycle { 108 | ignore_changes = [framework] 109 | } 110 | } 111 | 112 | resource "aws_amplify_backend_environment" "master" { 113 | count = var.master_backend_environment_enabled ? 1 : 0 114 | app_id = aws_amplify_app.this.id 115 | environment_name = var.master_branch_name 116 | } 117 | 118 | resource "aws_amplify_backend_environment" "develop" { 119 | count = var.develop_backend_environment_enabled ? 1 : 0 120 | app_id = aws_amplify_app.this.id 121 | environment_name = var.develop_branch_name 122 | } 123 | 124 | resource "aws_amplify_domain_association" "this" { 125 | count = var.domain_name != "" ? 1 : 0 126 | 127 | app_id = aws_amplify_app.this.id 128 | domain_name = var.domain_name 129 | 130 | sub_domain { 131 | branch_name = aws_amplify_branch.master.branch_name 132 | prefix = "" 133 | } 134 | 135 | sub_domain { 136 | branch_name = aws_amplify_branch.master.branch_name 137 | prefix = "www" 138 | } 139 | 140 | sub_domain { 141 | branch_name = aws_amplify_branch.master.branch_name 142 | prefix = "master" 143 | } 144 | 145 | sub_domain { 146 | branch_name = aws_amplify_branch.develop.branch_name 147 | prefix = "dev" 148 | } 149 | } 150 | 151 | resource "aws_amplify_webhook" "master" { 152 | app_id = aws_amplify_app.this.id 153 | branch_name = aws_amplify_branch.master.branch_name 154 | description = "trigger-master" 155 | 156 | # NOTE: We trigger the webhook via local-exec so as to kick off the first build on creation of Amplify App. 157 | provisioner "local-exec" { 158 | command = "curl -X POST -d {} '${aws_amplify_webhook.master.url}&operation=startbuild' -H 'Content-Type:application/json'" 159 | } 160 | } 161 | 162 | resource "aws_amplify_webhook" "develop" { 163 | app_id = aws_amplify_app.this.id 164 | branch_name = aws_amplify_branch.develop.branch_name 165 | description = "trigger-develop" 166 | 167 | # NOTE: We trigger the webhook via local-exec so as to kick off the first build on creation of Amplify App. 168 | provisioner "local-exec" { 169 | command = "curl -X POST -d {} '${aws_amplify_webhook.develop.url}&operation=startbuild' -H 'Content-Type:application/json'" 170 | } 171 | } 172 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | description = "The ARN of the main Amplify resource." 3 | value = aws_amplify_app.this.arn 4 | } 5 | 6 | output "default_domain" { 7 | description = "The amplify domain (non-custom)." 8 | value = aws_amplify_app.this.default_domain 9 | } 10 | 11 | output "domain_association_arn" { 12 | description = "The ARN of the domain association resource." 13 | value = var.domain_name == "" ? null : join("", concat([""], aws_amplify_domain_association.this.*.arn)) 14 | } 15 | 16 | output "custom_domains" { 17 | description = "List of custom domains that are associated with this resource (if any)." 18 | value = var.domain_name == "" ? [] : [ 19 | var.domain_name, 20 | "www.${var.domain_name}", 21 | "main.${var.domain_name}", 22 | "dev.${var.domain_name}", 23 | "pub.${var.domain_name}", 24 | ] 25 | } 26 | 27 | output "master_webhook_arn" { 28 | description = "The ARN of the master webhook." 29 | value = aws_amplify_webhook.master.arn 30 | } 31 | 32 | output "master_webhook_url" { 33 | description = "The URL of the master webhook." 34 | value = aws_amplify_webhook.master.url 35 | } 36 | 37 | output "develop_webhook_arn" { 38 | description = "The ARN of the develop webhook." 39 | value = aws_amplify_webhook.develop.arn 40 | } 41 | 42 | output "develop_webhook_url" { 43 | description = "The URL of the develop webhook." 44 | value = aws_amplify_webhook.develop.url 45 | } -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "organization" { 2 | type = string 3 | description = "The GitHub organization or user where the repo lives." 4 | } 5 | 6 | variable "repo" { 7 | type = string 8 | description = "The name of the repo that the Amplify App will be created around." 9 | } 10 | 11 | variable "amplify_service_role_enabled" { 12 | default = false 13 | type = bool 14 | description = "Whether to enable the IAM Service Role for Amplify or not. See https://docs.aws.amazon.com/amplify/latest/userguide/how-to-service-role-amplify-console.html for full details." 15 | } 16 | 17 | variable "global_environment_variables" { 18 | default = {} 19 | type = map(string) 20 | description = "Environment variables that are set across all branches." 21 | } 22 | 23 | variable "master_environment_variables" { 24 | default = {} 25 | type = map(string) 26 | description = "Environment variables for the master branch." 27 | } 28 | 29 | variable "develop_environment_variables" { 30 | default = {} 31 | type = map(string) 32 | description = "Environment variables for the develop branch." 33 | } 34 | 35 | variable "master_backend_environment_enabled" { 36 | default = false 37 | type = bool 38 | description = "Whether to create the backend environment for master or not." 39 | } 40 | 41 | variable "develop_backend_environment_enabled" { 42 | default = false 43 | type = bool 44 | description = "Whether to create the backend environment for develop or not." 45 | } 46 | 47 | variable "master_branch_name" { 48 | default = "master" 49 | type = string 50 | description = "The name of the 'master'-like branch that you'd like to use." 51 | } 52 | 53 | variable "develop_branch_name" { 54 | default = "develop" 55 | type = string 56 | description = "The name of the 'develop'-like branch that you'd like to use." 57 | } 58 | 59 | variable "gh_access_token" { 60 | type = string 61 | description = "Personal Access token for 3rd party source control system for an Amplify App, used to create webhook and read-only deploy key. Token is not stored." 62 | } 63 | 64 | variable "description" { 65 | type = string 66 | description = "The description to associate with the Amplify App." 67 | } 68 | 69 | variable "build_spec_content" { 70 | default = "" 71 | type = string 72 | description = "Your build spec file contents. If not provided then it will use the `amplify.yml` at the root of your project / branch." 73 | } 74 | 75 | variable "enable_basic_auth_globally" { 76 | default = false 77 | type = bool 78 | description = "To enable basic auth for all branches or not." 79 | } 80 | 81 | variable "enable_basic_auth_on_master" { 82 | default = false 83 | type = bool 84 | description = "To enable basic auth the root subdomain or not." 85 | } 86 | 87 | variable "enable_basic_auth_on_develop" { 88 | default = true 89 | type = bool 90 | description = "To enable basic auth on the develop branch subdomain or not." 91 | } 92 | 93 | variable "basic_auth_username" { 94 | type = string 95 | description = "The username to use for the basic auth configuration." 96 | } 97 | 98 | variable "basic_auth_password" { 99 | type = string 100 | description = "The password to use for the basic auth configuration." 101 | } 102 | 103 | variable "develop_pull_request_preview" { 104 | default = true 105 | type = bool 106 | description = "Whether to enable preview on PR's into develop." 107 | } 108 | 109 | variable "domain_name" { 110 | default = "" 111 | type = string 112 | description = "The Custom Domain Name to associate with this Amplify App." 113 | } 114 | 115 | variable "custom_rules" { 116 | default = [] 117 | type = list(object({ 118 | source = string # Required 119 | target = string # Required 120 | status = any # Use null if not passing 121 | condition = any # Use null if not passing 122 | })) 123 | description = "The custom rules to apply to the Amplify App." 124 | } 125 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.0" 3 | 4 | required_providers { 5 | aws = { 6 | source = "hashicorp/aws" 7 | version = "~> 3.32" 8 | } 9 | local = { 10 | source = "hashicorp/local" 11 | version = "~> 2.1" 12 | } 13 | } 14 | } 15 | --------------------------------------------------------------------------------