R53 Cert fix - Add LB SSL policy (#2)

* Bump action branch * Update action.yaml * Adding ssl_policy and fixing cert issue
bitovi · Nov 20, 2023 · d8a0c56 · d8a0c56
1 parent 5b8b3a4
commit d8a0c56
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ jobs:
   deploy-ecs:
     runs-on: ubuntu-latest
     - name: Create Nginx example
-      uses: bitovi/[email protected].2
+      uses: bitovi/[email protected].3
       id: ecs
       with:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -80,7 +80,7 @@ jobs:
       url: ${{ steps.ecs.outputs.ecs_dns_record }}
     steps:
     - name: Create Nginx example
-      uses: bitovi/[email protected].2
+      uses: bitovi/[email protected].3
       id: ecs
       with:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -136,7 +136,7 @@ The following inputs can be used as `step.with` keys
 | `aws_secret_access_key` | String | AWS secret access key |
 | `aws_session_token` | String | AWS session token |
 | `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |
-| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. Use with destroy to destroy specific resources. |
+| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
 | `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources.|
 <hr/>
 <br/>
@@ -178,6 +178,7 @@ The following inputs can be used as `step.with` keys
 | `aws_ecs_lb_port`| String | Comma serparated list of ports exposed by the load balancer. One for each. |
 | `aws_ecs_lb_redirect_enable`| String | Toggle redirect from HTTP and/or HTTPS to the main port. |
 | `aws_ecs_lb_container_path`| String | Comma separated list of paths for subsequent deployed containers. Need `aws_ecs_lb_redirect_enable` to be true. eg. api. (For http://bitovi.com/api/). If you have multiple, set them to `api,monitor,prom,,` (This example is for 6 containers) |
+| `aws_ecs_lb_ssl_policy` | String | SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided. See [this link](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) for other policies. |
 | `aws_ecs_autoscaling_enable`| Boolean | Toggle ecs autoscaling policy. |
 | `aws_ecs_autoscaling_max_nodes`| String | Max ammount of nodes to scale up to. |
 | `aws_ecs_autoscaling_min_nodes`| String | Min ammount of nodes to scale down to. |
@@ -206,14 +207,14 @@ The following inputs can be used as `step.with` keys
 #### **VPC Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
-| `aws_vpc_create` | Boolean | Define if a VPC should be created |
+| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `false`. |
 | `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |
 | `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
 | `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.10.110.0/24`|
 | `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `<none>`. |
 | `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `aws_default_region+<random>` value. If a list is defined, the first zone will be the one used for the EC2 instance. |
-| `aws_vpc_id` | String | AWS VPC ID. Accepts `vpc-###` values. |
-| `aws_vpc_subnet_id` | String | AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one) |
+| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |
 | `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|
 <hr/>
 <br/>
@@ -222,9 +223,9 @@ The following inputs can be used as `step.with` keys
 #### **DNS Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
-| `aws_r53_enable` | Boolean | Set this to true if you wish to manage certificates through AWS Certificate Manager with Terraform. **See note**. Default is `false`. |
+| `aws_r53_enable` | Boolean | Set this to true if you wish to use an existing AWS Route53 domain. **See note**. Default is `false`. |
 | `aws_r53_domain_name` | String | Define the root domain name for the application. e.g. bitovi.com'. |
-| `aws_r53_sub_domain_name` | String | Define the sub-domain part of the URL. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
+| `aws_r53_sub_domain_name` | String | Define the sub-domain part of the URL. Defaults to `aws_resource_identifier`. |
 | `aws_r53_root_domain_deploy` | Boolean | Deploy application to root domain. Will create root and www records. Default is `false`. |
 | `aws_r53_enable_cert` | Boolean | Set this to true if you wish to manage certificates through AWS Certificate Manager with Terraform. **See note**. Default is `false`. | 
 | `aws_r53_cert_arn` | String | Define the certificate ARN to use for the application. **See note**. |

diff --git a/action.yaml b/action.yaml
@@ -116,6 +116,9 @@ inputs:
   aws_ecs_lb_container_path:
     description: 'Path for subsequent deployed images. eg. api.'
     required: false
+  aws_ecs_lb_ssl_policy:
+    description: 'SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided.'
+    required: false
   aws_ecs_autoscaling_enable:
     description: 'Toggle ecs autoscaling policy'
     required: false
@@ -233,7 +236,7 @@ runs:
   steps:
     - name: Deploy with BitOps
       id: deploy
-      uses: bitovi/[email protected].9
+      uses: bitovi/[email protected].11
       with:
         # Current repo vars
         gh_action_repo: ${{ github.action_path }}
@@ -279,6 +282,7 @@ runs:
         aws_ecs_lb_port: ${{ inputs.aws_ecs_lb_port }}
         aws_ecs_lb_redirect_enable: ${{ inputs.aws_ecs_lb_redirect_enable }}
         aws_ecs_lb_container_path: ${{ inputs.aws_ecs_lb_container_path }}
+        aws_ecs_lb_ssl_policy: ${{ inputs.aws_ecs_lb_ssl_policy }}
         aws_ecs_autoscaling_enable: ${{ inputs.aws_ecs_autoscaling_enable }}
         aws_ecs_autoscaling_max_nodes: ${{ inputs.aws_ecs_autoscaling_max_nodes }}
         aws_ecs_autoscaling_min_nodes: ${{ inputs.aws_ecs_autoscaling_min_nodes }}