Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 0.2.0 #55

Draft
wants to merge 8 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions .github/workflows/testsuite-master.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ jobs:
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: setup Terraform
uses: hashicorp/setup-terraform@v1.3.2
uses: hashicorp/setup-terraform@v2.0.0
with:
terraform_version: 0.15.5
terraform_version: 1.1.7
- name: Terraform init
run: terraform init --backend=false
- name: tflint
Expand All @@ -27,11 +27,11 @@ jobs:
tfsec:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: setup Terraform
uses: hashicorp/setup-terraform@v1.3.2
uses: hashicorp/setup-terraform@v2.0.0
with:
terraform_version: 0.15.5
terraform_version: 1.1.7
- name: Terraform init
run: terraform init --backend=false
- name: tfsec
Expand All @@ -44,21 +44,21 @@ jobs:
misspell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: misspell
uses: reviewdog/action-misspell@v1
uses: reviewdog/action-misspell@v1.12.0
with:
github_token: ${{ secrets.ACTIONS_TOKEN }}
locale: "US"
locale: "UK"
reporter: github-check
filter_mode: added
level: error
yamllint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: yamllint
uses: reviewdog/action-yamllint@v1.2.0
uses: reviewdog/action-yamllint@v1.6.0
with:
github_token: ${{ secrets.ACTIONS_TOKEN }}
reporter: github-check
Expand Down
26 changes: 13 additions & 13 deletions .github/workflows/testsuite.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: Set up Python
uses: actions/[email protected]
- name: Install prerequisites
Expand All @@ -24,7 +24,7 @@ jobs:
no-commit-to-branch,
terraform_tflint_nocreds,
terraform_tfsec
- uses: stefanzweifel/git-auto-commit-action@v4.11.0
- uses: stefanzweifel/git-auto-commit-action@v4.14.1
if: ${{ failure() }}
with:
commit_message: Apply automatic changes
Expand All @@ -36,11 +36,11 @@ jobs:
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: setup Terraform
uses: hashicorp/setup-terraform@v1.3.2
uses: hashicorp/setup-terraform@v2.0.0
with:
terraform_version: 0.15.5
terraform_version: 1.1.7
- name: Terraform init
run: terraform init --backend=false
- name: tflint
Expand All @@ -54,11 +54,11 @@ jobs:
tfsec:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: setup Terraform
uses: hashicorp/setup-terraform@v1.3.2
uses: hashicorp/setup-terraform@v2.0.0
with:
terraform_version: 0.15.5
terraform_version: 1.1.7
- name: Terraform init
run: terraform init --backend=false
- name: tfsec
Expand All @@ -71,21 +71,21 @@ jobs:
misspell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: misspell
uses: reviewdog/action-misspell@v1
uses: reviewdog/action-misspell@v1.12.0
with:
github_token: ${{ secrets.ACTIONS_TOKEN }}
locale: "US"
locale: "UK"
reporter: github-pr-check
filter_mode: added
level: error
yamllint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: actions/checkout@v3.0.2
- name: yamllint
uses: reviewdog/action-yamllint@v1.2.0
uses: reviewdog/action-yamllint@v1.6.0
with:
github_token: ${{ secrets.ACTIONS_TOKEN }}
reporter: github-pr-check
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ modules/codebuild/codebuild_files/php.ini
# *.tfstate
# *.tfstate.*
.terraform.lock.hcl

plan.plan
# Crash log files
crash.log
Expand All @@ -35,3 +36,4 @@ override.tf.json
# example: *tfplan*

.idea
.vscode
29 changes: 27 additions & 2 deletions .header.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ As such you should include the following in your provider configuration:

```
terraform {
required_version = "> 0.15.1"
required_version = "> 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
version = "~> 4.0"
configuration_aliases = [aws.ue1]
}
}
Expand All @@ -66,6 +66,9 @@ provider "aws" {

The `ue1` alias is essential for this module to work correctly.

## Severless Static Wordpress V2 Upgrade Guide
See [UPGRADING](docs/UPGRADING.md) for Version 2 upgrade guidance, including for Version 4 of the AWS Terraform Provider.

## Module instantiation example

```
Expand Down Expand Up @@ -206,6 +209,28 @@ in your module definition.
Gentle reminder that no backup options are currently bundled with this module - the most effective means would be to
generate and retain a backup from within Wordpress for maximum flexibility. We recommend the UpdraftPlus plugin.

## Permanent Redirects

Basic url path based permanent redirects are supported via the CloudFront function. The variable `cloudfront_function_301_redirects` can be set with a custom map of match to destination mappings.

Some aspects that need to be taken into consideration for the match:

* It's a regular expression
* Group replacements are supported
* Runs in a Javascript function, escaping needs to be taken into consideration
* Passed through a TF var, so escaping that needs to be taking into account as well

An example to match a path like `/category-name`, a suitable match would be `"^\\/(category-name)$"`. Breaking down the `\\/` part, the first `\` tells TF to escape the second `\`, which is the Regex escape for the `/` character.

An example:

```
cloudfront_function_301_redirects = {
# Redirects /travel to /category/travel/
"^\\/(travel)$": "/category/$1/",
}
```

## Troubleshooting

If you experience issues with the publish element of WP2Static, you can retry. It can be more reliable to proceed to
Expand Down
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ repos:
args: ["--output-file", "README.md", "markdown", "modules/waf"]
pass_filenames: false
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.31.0
rev: v1.64.0
hooks:
- id: terraform_fmt
- id: terraform_tflint
Expand Down
31 changes: 25 additions & 6 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,35 @@
# Changelog

## 0.2.0 - UNRELEASED

! BREAKING CHANGES ! - See [UPGRADING.md](docs/UPGRADING.md) for guidance on upgrading from v0.1.x

### **Maintenance**:

- Module upgraded to AWS Terraform v4. Existing installations will need Terraform state moved for forwards
compatibility.

### **New Features**
- Added support for Graviton-based CodeBuild if supported in deployment region. Will gracefully fallback to
non-Graviton if not supported.
- Added support for Graviton-based ECS Fargate if supported in deployment region. Will fallback to non-Graviton
if not supported, however source docker image used for ECS container MUST be AMD64/ARM64 architecture respectively.
Note FARGATE_SPOT is not supported for Graviton-based ECS at this time.
- Added healthCheeck block to ECS Task Definition.
- Added EventBridge monitoring for ECS Service Action events (which captures placement failures when using FARGATE_SPOT
capacity provider)

## 0.1.2 - 23rd June 2021

Bugfix: Changed special characters used in RDS password generation to ensure compatibility.
Docs: Updated to fix typos in helper commands, and detailed supported RDS Aurora v1 regions.
- **Bugfix**: Changed special characters used in RDS password generation to ensure compatibility.
- **Docs**: Updated to fix typos in helper commands, and detailed supported RDS Aurora v1 regions.

## 0.1.1 - 19th June 2021

Bugfix: Refactor md5 calculation on archive_file in codebuild child module.
Bugfix: Re-typed AWS account number as string to avoid rounding on account numbers prepended with zeros.
Bugfix: Fix passed WAF variable values if set to inactive.
- **Bugfix**: Refactor md5 calculation on archive_file in codebuild child module.
- **Bugfix**: Re-typed AWS account number as string to avoid rounding on account numbers prepended with zeros.
-- **Bugfix**: Fix passed WAF variable values if set to inactive.

## 0.1.0 - 19th June 2021

Initial release of Serverless Static Wordpress Terraform module.
- Initial release of Serverless Static Wordpress Terraform module.
17 changes: 13 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ As such you should include the following in your provider configuration:

```
terraform {
required_version = "> 0.15.1"
required_version = "> 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
version = "~> 4.0"
configuration_aliases = [aws.ue1]
}
}
Expand All @@ -67,6 +67,9 @@ provider "aws" {

The `ue1` alias is essential for this module to work correctly.

## Severless Static Wordpress V2 Upgrade Guide
See [UPGRADING](docs/UPGRADING.md) for Version 2 upgrade guidance, including for Version 4 of the AWS Terraform Provider.

## Module instantiation example

```
Expand Down Expand Up @@ -227,8 +230,11 @@ For any issues relating to this module, [raise an issue against this repo.](http
| <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS account ID into which resources will be launched. | `string` | n/a | yes |
| <a name="input_cloudfront_aliases"></a> [cloudfront\_aliases](#input\_cloudfront\_aliases) | The domain and sub-domain aliases to use for the cloudfront distribution. | `list(any)` | `[]` | no |
| <a name="input_cloudfront_class"></a> [cloudfront\_class](#input\_cloudfront\_class) | The [price class](https://aws.amazon.com/cloudfront/pricing/) for the distribution. One of: PriceClass\_All, PriceClass\_200, PriceClass\_100 | `string` | `"PriceClass_All"` | no |
| <a name="input_cloudfront_function_301_redirects"></a> [cloudfront\_function\_301\_redirects](#input\_cloudfront\_function\_301\_redirects) | A list of key value pairs of Regex match and destination for 301 redirects at CloudFront. | `map(any)` | <pre>{<br> "^(.*)index\\.php$": "$1"<br>}</pre> | no |
| <a name="input_ecs_cpu"></a> [ecs\_cpu](#input\_ecs\_cpu) | The CPU limit password to the Wordpress container definition. | `number` | `256` | no |
| <a name="input_ecs_memory"></a> [ecs\_memory](#input\_ecs\_memory) | The memory limit password to the Wordpress container definition. | `number` | `512` | no |
| <a name="input_graviton_codebuild_enabled"></a> [graviton\_codebuild\_enabled](#input\_graviton\_codebuild\_enabled) | Flag that controls whether CodeBuild should use Graviton-based build agents in [supported regions](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). | `bool` | `false` | no |
| <a name="input_graviton_fargate_enabled"></a> [graviton\_fargate\_enabled](#input\_graviton\_fargate\_enabled) | Flag that controls whether ECS Fargate should use Graviton-based containers in [supported regions]https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate-Regions.html). | `bool` | `false` | no |
| <a name="input_hosted_zone_id"></a> [hosted\_zone\_id](#input\_hosted\_zone\_id) | The Route53 HostedZone ID to use to create records in. | `string` | n/a | yes |
| <a name="input_launch"></a> [launch](#input\_launch) | The number of tasks to launch of the Wordpress container. Used as a toggle to start/stop your Wordpress management session. | `number` | `"0"` | no |
| <a name="input_main_vpc_id"></a> [main\_vpc\_id](#input\_main\_vpc\_id) | The VPC ID into which to launch resources. | `string` | n/a | yes |
Expand All @@ -244,6 +250,7 @@ For any issues relating to this module, [raise an issue against this repo.](http
| <a name="input_wordpress_admin_email"></a> [wordpress\_admin\_email](#input\_wordpress\_admin\_email) | The email address of the default wordpress admin user. | `string` | `"[email protected]"` | no |
| <a name="input_wordpress_admin_password"></a> [wordpress\_admin\_password](#input\_wordpress\_admin\_password) | The password of the default wordpress admin user. | `string` | `"techtospeech.com"` | no |
| <a name="input_wordpress_admin_user"></a> [wordpress\_admin\_user](#input\_wordpress\_admin\_user) | The username of the default wordpress admin user. | `string` | `"supervisor"` | no |
| <a name="input_wordpress_memory_limit"></a> [wordpress\_memory\_limit](#input\_wordpress\_memory\_limit) | The memory to allow the Wordpress process to use (in M) | `string` | `"256M"` | no |
| <a name="input_wordpress_subdomain"></a> [wordpress\_subdomain](#input\_wordpress\_subdomain) | The subdomain used for the Wordpress container. | `string` | `"wordpress"` | no |
## Modules

Expand All @@ -265,8 +272,8 @@ For any issues relating to this module, [raise an issue against this repo.](http

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.1.0 |
## Resources

Expand All @@ -279,6 +286,7 @@ For any issues relating to this module, [raise an issue against this repo.](http
| [aws_db_subnet_group.main_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
| [aws_ecr_repository.serverless_wordpress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |
| [aws_ecs_cluster.wordpress_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
| [aws_ecs_cluster_capacity_providers.wordpress_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster_capacity_providers) | resource |
| [aws_ecs_service.wordpress_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
| [aws_ecs_task_definition.wordpress_container](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
| [aws_efs_access_point.wordpress_efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource |
Expand Down Expand Up @@ -307,4 +315,5 @@ For any issues relating to this module, [raise an issue against this repo.](http
| [random_password.serverless_wordpress_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [aws_iam_policy_document.ecs_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.wordpress_bucket_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
<!-- END_TF_DOCS -->
36 changes: 36 additions & 0 deletions docs/UPGRADING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## Upgrading from 0.1.x to 0.2.x

Version 0.2 of Serverless Static Wordpress makes numerous updates to the resources used to deploy the solution, as well
as expanding functionality with additional options.

Where possible, this has been done in a way to be as backwards compatible as reasonably possible - however there are a
variety of quirks of Terraform behaviour that can mean that this is imperfect, and may require a manual tweak either to
the configuration in AWS, or to the Terraform state backing the resources.

### Upgrading to Version 4 of the Terraform AWS Provider
Version 4 of the AWS Provider introduced a few breaking changes to the way ECS and S3 resources are defined. Attributes
that would normally be specified as part of the single resource definition have now been split out into their own
resources. To cope with this, we have created these resources, and _existing_ resources can be handled with some
terraform state operations. To date, these are documented as follows.

NOTE, in these examples, the example `site_name` is `peterdotcloud` and the resources are named accordingly. You will
need to substitute these values with the value used for your own deployment

```
terraform import module.peterdotcloud_website.aws_ecs_cluster_capacity_providers.wordpress_cluster peterdotcloud_wordpress
terraform state rm module.peterdotcloud_website.module.codebuild.aws_s3_bucket_object.wordpress_dockerbuild
terraform import module.peterdotcloud_website.module.codebuild.aws_s3_object.wordpress_dockerbuild peterdotcloud-build/wordpress_docker.zip
terraform import module.peterdotcloud_website.module.cloudfront.aws_s3_bucket_server_side_encryption_configuration.wordpress_bucket www.peter.cloud
terraform import module.peterdotcloud_website.module.codebuild.aws_s3_bucket_acl.code_source peterdotcloud-build
terraform import module.peterdotcloud_website.module.codebuild.aws_s3_bucket_server_side_encryption_configuration.code_source peterdotcloud-build
```
### Graviton

With support for ARM in CodeBuild, and in ECS in regions where it is supported (strictly better for cost/performance),
the module will need to recreate your task definition and ECS service. This is nothing to be concerned with however you
**must** ensure your base image of Wordpress is an arm64 platform version (and preferably linux/arm64/v8) otherwise
your Wordpress container will error out with `exec user process caused: exec format error` which indicates your image
is of the mismatched architecture.

Note that when using Graviton-based containers for ECS, FARGATE_SPOT is not currently available (bear this in mind for
cost).
Loading