chore: fix cors config

Author: marcellmueller

infrastructure/api/alb.tf

@@ -1,5 +1,5 @@
 locals {
-  common_tags        = var.common_tags
+  common_tags = var.common_tags
 }
 
 resource "aws_alb" "app-alb" {

infrastructure/api/api-gateway.tf

@@ -23,13 +23,9 @@ resource "aws_apigatewayv2_api" "app" {
     for_each = var.enable_cors ? [1] : []
 
     content {
-      allow_origins     = [
-        "https://${data.terraform_remote_state.frontend.outputs.cloudfront.domain_name}",
-        "https://sitesandtrailsbc.ca",
-        "https://beta.sitesandtrailsbc.ca"
-      ]
+      allow_origins     = local.cors_allowed_origins
       allow_methods     = var.cors_allowed_methods
-      allow_headers     = var.cors_allowed_headers
+      allow_headers     = local.cors_headers
       allow_credentials = var.cors_allow_credentials
       max_age           = 3600
     }

infrastructure/api/autoscaling.tf

@@ -8,7 +8,7 @@ resource "aws_appautoscaling_target" "api_target" {
 
 # Automatically scale capacity up by one
 resource "aws_appautoscaling_policy" "api_up" {
-  name            = "${var.app_name}-scale-up"
+  name               = "${var.app_name}-scale-up"
   service_namespace  = "ecs"
   resource_id        = "service/${aws_ecs_cluster.ecs_cluster.name}/${aws_ecs_service.node_api_service.name}"
   scalable_dimension = "ecs:service:DesiredCount"
@@ -28,7 +28,7 @@ resource "aws_appautoscaling_policy" "api_up" {
 }
 # Automatically scale capacity down by one
 resource "aws_appautoscaling_policy" "api_down" {
-  name            = "${var.app_name}-scale-down"
+  name               = "${var.app_name}-scale-down"
   service_namespace  = "ecs"
   resource_id        = "service/${aws_ecs_cluster.ecs_cluster.name}/${aws_ecs_service.node_api_service.name}"
   scalable_dimension = "ecs:service:DesiredCount"

infrastructure/api/ecs.tf

@@ -1,6 +1,6 @@
 locals {
-  container_name = "${var.app_name}"
-  rds_app_env = (contains(["dev", "test", "prod"], var.app_env) ? var.app_env : "dev") # if app_env is not dev, test, or prod, default to dev
+  container_name = var.app_name
+  rds_app_env    = (contains(["dev", "test", "prod"], var.app_env) ? var.app_env : "dev") # if app_env is not dev, test, or prod, default to dev
 }
 
 data "aws_secretsmanager_secret" "db_master_creds" {
@@ -42,7 +42,7 @@ resource "aws_ecs_cluster_capacity_providers" "ecs_cluster_capacity_providers" {
 }
 
 resource "terraform_data" "trigger_deployment" {
-  input = "${timestamp()}"
+  input = timestamp()
 }
 
 
@@ -56,45 +56,45 @@ module "flyway_task" {
   execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
   task_role_arn      = aws_iam_role.app_container_role.arn
   environment = [
-      {
-        name = "APP_ENV"
-        value = local.rds_app_env
-      },
-      {
-        name  = "FLYWAY_URL"
-        value = "jdbc:postgresql://${data.aws_rds_cluster.rds_cluster.endpoint}/${var.db_name}"
-      },
-      {
-        name  = "FLYWAY_USER"
-        value = local.db_master_creds.username
-      },
-      {
-        name  = "FLYWAY_PASSWORD"
-        value = local.db_master_creds.password
-      },
-      {
-        name  = "FLYWAY_DEFAULT_SCHEMA"
-        value = "${var.db_schema}"
-      },
-      {
-        name  = "FLYWAY_CONNECT_RETRIES"
-        value = "2"
-      },
-      {
-        name  = "FLYWAY_GROUP"
-        value = "true"
-      },
-      {
-        # This defaults to true, though we want to enable it only in dev to reset the database
-        # also needs an update in migrations/rst/entrypoint.sh file for the flyaway ecs task to run correctly
-        name = "FLYWAY_CLEAN_DISABLED"
-        value = contains(["dev"], local.rds_app_env) ? "false" : "true"
-      }
+    {
+      name  = "APP_ENV"
+      value = local.rds_app_env
+    },
+    {
+      name  = "FLYWAY_URL"
+      value = "jdbc:postgresql://${data.aws_rds_cluster.rds_cluster.endpoint}/${var.db_name}"
+    },
+    {
+      name  = "FLYWAY_USER"
+      value = local.db_master_creds.username
+    },
+    {
+      name  = "FLYWAY_PASSWORD"
+      value = local.db_master_creds.password
+    },
+    {
+      name  = "FLYWAY_DEFAULT_SCHEMA"
+      value = "${var.db_schema}"
+    },
+    {
+      name  = "FLYWAY_CONNECT_RETRIES"
+      value = "2"
+    },
+    {
+      name  = "FLYWAY_GROUP"
+      value = "true"
+    },
+    {
+      # This defaults to true, though we want to enable it only in dev to reset the database
+      # also needs an update in migrations/rst/entrypoint.sh file for the flyaway ecs task to run correctly
+      name  = "FLYWAY_CLEAN_DISABLED"
+      value = contains(["dev"], local.rds_app_env) ? "false" : "true"
+    }
   ]
-  aws_region      = var.aws_region
-  cluster_id      = aws_ecs_cluster.ecs_cluster.id
-  security_group  = data.aws_security_group.app.id
-  subnet          = data.aws_subnets.app.ids[0]
+  aws_region     = var.aws_region
+  cluster_id     = aws_ecs_cluster.ecs_cluster.id
+  security_group = data.aws_security_group.app.id
+  subnet         = data.aws_subnets.app.ids[0]
 }
 
 
@@ -137,7 +137,7 @@ resource "aws_ecs_task_definition" "node_api_task" {
           value = "8000"
         },
         {
-          name = "FOREST_CLIENT_API_KEY"
+          name  = "FOREST_CLIENT_API_KEY"
           value = var.forest_client_api_key
         },
         {
@@ -193,23 +193,23 @@ resource "aws_ecs_task_definition" "node_api_task" {
 
 
 resource "aws_ecs_service" "node_api_service" {
-  name            = "${var.app_name}-service"
-  cluster         = aws_ecs_cluster.ecs_cluster.id
-  task_definition = aws_ecs_task_definition.node_api_task.arn
-  desired_count   = var.min_capacity
+  name                              = "${var.app_name}-service"
+  cluster                           = aws_ecs_cluster.ecs_cluster.id
+  task_definition                   = aws_ecs_task_definition.node_api_task.arn
+  desired_count                     = var.min_capacity
   health_check_grace_period_seconds = 60
 
   # fargate spot which may get interrupted
   #https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-capacity-providers.html
   capacity_provider_strategy {
     capacity_provider = "FARGATE_SPOT"
-    weight            = "${var.fargate_spot_weight}"
+    weight            = var.fargate_spot_weight
   }
   # non interrupted service by fargate, makes sure there is alaways minimum capacity
   capacity_provider_strategy {
     capacity_provider = "FARGATE"
-    weight            = "${var.fargate_base_weight}"
-    base              = "${var.fargate_base_capacity}"
+    weight            = var.fargate_base_weight
+    base              = var.fargate_base_capacity
   }
 
 
@@ -221,10 +221,10 @@ resource "aws_ecs_service" "node_api_service" {
 
   load_balancer {
     target_group_arn = aws_alb_target_group.app.id
-    container_name   = "${local.container_name}"
+    container_name   = local.container_name
     container_port   = var.app_port
   }
   wait_for_steady_state = true
-  depends_on = [aws_iam_role_policy_attachment.ecs_task_execution_role]
-  tags = local.common_tags
+  depends_on            = [aws_iam_role_policy_attachment.ecs_task_execution_role]
+  tags                  = local.common_tags
 }

infrastructure/api/iam.tf

@@ -85,8 +85,8 @@ resource "aws_iam_role_policy" "cloudwatch_metrics" {
     Version = "2012-10-17"
     Statement = [
       {
-        Effect = "Allow"
-        Action = "cloudwatch:PutMetricData"
+        Effect   = "Allow"
+        Action   = "cloudwatch:PutMetricData"
         Resource = "*"
       }
     ]
@@ -157,7 +157,7 @@ resource "aws_iam_user_policy" "s3_upload_policy" {
         Effect = "Allow",
         Action = "iam:PassRole",
         Resource = [
-           "*"
+          "*"
         ]
       },
       {

infrastructure/api/monitoring.tf

@@ -43,8 +43,8 @@ locals {
   client_error_threshold = 20
 
   # Period and evaluation period for alarms
-  alarm_period = 60  # 1 minute
-  evaluation_periods = 2    # Check for 2 consecutive periods
+  alarm_period       = 60 # 1 minute
+  evaluation_periods = 2  # Check for 2 consecutive periods
 
   alarm_alert_email_recipients = split(",", var.alarm_alert_email_recipients)
 
@@ -194,7 +194,7 @@ resource "aws_cloudwatch_dashboard" "api_dashboard" {
           region  = local.region
           period  = local.period
           view    = "timeSeries"
-          yAxis = { left = { label = "ms" } }
+          yAxis   = { left = { label = "ms" } }
           metrics = local.latency_tm99_metrics
           annotations = {
             horizontal = [
@@ -218,7 +218,7 @@ resource "aws_cloudwatch_dashboard" "api_dashboard" {
           region  = local.region
           period  = local.period
           view    = "timeSeries"
-          yAxis = { left = { label = "ms" } }
+          yAxis   = { left = { label = "ms" } }
           metrics = local.latency_tm95_metrics
           annotations = {
             horizontal = [
@@ -251,7 +251,7 @@ resource "aws_cloudwatch_metric_alarm" "latency_alarms" {
   statistic           = "Average"
   threshold           = each.value
   alarm_description   = "Latency for ${each.key} exceeds ${each.value}ms in 2/${local.evaluation_periods} periods"
-  alarm_actions = [aws_sns_topic.alarm_topic.arn]
+  alarm_actions       = [aws_sns_topic.alarm_topic.arn]
   treat_missing_data  = "notBreaching"
 
   dimensions = {
@@ -277,7 +277,7 @@ resource "aws_cloudwatch_metric_alarm" "server_error_rate_alarm" {
   statistic           = "Sum"
   threshold           = local.server_error_threshold
   alarm_description   = "High server error rate (5xx) detected for operation ${each.value}."
-  alarm_actions = [aws_sns_topic.alarm_topic.arn]
+  alarm_actions       = [aws_sns_topic.alarm_topic.arn]
   treat_missing_data  = "notBreaching"
 
   dimensions = {
@@ -303,7 +303,7 @@ resource "aws_cloudwatch_metric_alarm" "client_error_rate_alarm" {
   statistic           = "Sum"
   threshold           = local.client_error_threshold
   alarm_description   = "High client error rate (4xx) detected for operation ${each.value}."
-  alarm_actions = [aws_sns_topic.alarm_topic.arn]
+  alarm_actions       = [aws_sns_topic.alarm_topic.arn]
   treat_missing_data  = "notBreaching"
 
   dimensions = {
@@ -324,7 +324,7 @@ resource "aws_kms_key" "alarm_topic_sns_key" {
 }
 
 resource "aws_sns_topic" "alarm_topic" {
-  name = "${var.app_env}-api-monitoring-alarms"
+  name              = "${var.app_env}-api-monitoring-alarms"
   kms_master_key_id = aws_kms_key.alarm_topic_sns_key.arn
 
   tags = merge(local.common_resource_tags, {

infrastructure/api/network.tf

@@ -6,7 +6,7 @@ locals {
     tools   = "Tools"
     unclass = "UnClass"
   }
-  environment = local.env_map[lower(var.target_env) == "test" ? "dev" : lower(var.target_env)]
+  environment        = local.env_map[lower(var.target_env) == "test" ? "dev" : lower(var.target_env)]
   vpc_name           = "${local.environment}_vpc"
   availability_zones = ["a", "b"]
   web_subnet_names   = [for az in local.availability_zones : "Web_${local.environment}_az${az}_net"]