kaffa/was-cf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd196a1d36f6c10154195b0d77eb03dd4ee1bb11
was-cf/outputs.tf
kappa b87947e3e3 Complete infrastructure and integration updates 
Infrastructure improvements:
- Update CloudFront distribution with ACM certificate support
- Enable custom domain aliases when certificate is available
- Add comprehensive WAF outputs for CrowdSec integration
- Update variables with current configuration defaults

New files:
- Add CrowdSec WAF integration documentation
- Add sync script for CrowdSec to WAF automation
- Add MCP configuration for development tools

Configuration updates:
- Align Terraform configuration with deployed state
- Enable ACM certificate and Route53 DNS by default
- Maintain HTTP-only origin protocol for compatibility

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-09 15:33:36 +09:00

137 lines
4.3 KiB
HCL
Raw Blame History

# CloudFront Distribution Outputs
output "cloudfront_distribution_id" {
description = "CloudFront distribution ID"
value = aws_cloudfront_distribution.main.id
}
output "cloudfront_distribution_arn" {
description = "CloudFront distribution ARN"
value = aws_cloudfront_distribution.main.arn
}
output "cloudfront_domain_name" {
description = "CloudFront distribution domain name"
value = aws_cloudfront_distribution.main.domain_name
}
output "cloudfront_hosted_zone_id" {
description = "CloudFront distribution hosted zone ID"
value = aws_cloudfront_distribution.main.hosted_zone_id
}
output "cloudfront_status" {
description = "CloudFront distribution status"
value = aws_cloudfront_distribution.main.status
}
# CloudFormation Stack Outputs (conditional)
output "cloudformation_stack_id" {
description = "CloudFormation stack ID"
value = var.enable_cloudformation_stack ? aws_cloudformation_stack.network[0].id : null
}
output "cloudformation_stack_name" {
description = "CloudFormation stack name"
value = var.enable_cloudformation_stack ? aws_cloudformation_stack.network[0].name : null
}
output "vpc_id" {
description = "VPC ID from CloudFormation stack"
value = var.enable_cloudformation_stack ? data.aws_cloudformation_stack.network[0].outputs["VPCId"] : null
}
output "public_subnet_id" {
description = "Public subnet ID from CloudFormation stack"
value = var.enable_cloudformation_stack ? data.aws_cloudformation_stack.network[0].outputs["PublicSubnetId"] : null
}
# Security Group Outputs (conditional)
output "alb_security_group_id" {
description = "ALB security group ID"
value = var.create_alb_security_group ? aws_security_group.alb[0].id : null
}
output "web_security_group_id" {
description = "Web server security group ID"
value = var.create_web_security_group ? aws_security_group.web[0].id : null
}
# WAF Outputs (conditional)
output "waf_web_acl_arn" {
description = "WAF Web ACL ARN"
value = var.enable_waf ? aws_wafv2_web_acl.cloudfront[0].arn : null
}
output "waf_web_acl_id" {
description = "WAF Web ACL ID"
value = var.enable_waf ? aws_wafv2_web_acl.cloudfront[0].id : null
}
output "waf_blocked_ips_set_arn" {
description = "WAF Blocked IPs IP Set ARN"
value = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].arn : null
}
output "waf_blocked_ips_set_id" {
description = "WAF Blocked IPs IP Set ID"
value = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].id : null
}
# Origin Information
output "origin_domain" {
description = "Origin domain name"
value = var.origin_domain
}
# ACM Certificate Outputs
output "acm_certificate_arn" {
description = "ACM certificate ARN"
value = var.create_acm_certificate ? aws_acm_certificate.main[0].arn : null
}
output "acm_certificate_domain_validation_options" {
description = "ACM certificate domain validation options"
value = var.create_acm_certificate ? aws_acm_certificate.main[0].domain_validation_options : null
}
# Route53 Outputs
output "route53_zone_id" {
description = "Route53 hosted zone ID"
value = var.create_route53_records ? data.aws_route53_zone.main[0].zone_id : null
}
# CloudFront URLs for testing
output "cloudfront_url" {
description = "CloudFront distribution URL"
value = "https://${aws_cloudfront_distribution.main.domain_name}"
}
output "custom_domain_urls" {
description = "Custom domain URLs"
value = [for alias in var.cloudfront_aliases : "https://${alias}"]
}
output "domain_validation_records" {
description = "DNS records needed for domain validation (if not using Route53)"
value = var.create_route53_records || !var.create_acm_certificate ? null : [
for dvo in aws_acm_certificate.main[0].domain_validation_options : {
name = dvo.resource_record_name
type = dvo.resource_record_type
value = dvo.resource_record_value
}
]
}
# CrowdSec Integration Information
output "crowdsec_sync_command" {
description = "Command to synchronize CrowdSec with WAF"
value = "incus exec crowdsec -- /usr/local/bin/crowdsec-waf-sync sync"
}
output "waf_ip_set_id" {
description = "WAF IP Set ID for CrowdSec integration"
value = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].id : null
}
Reference in New Issue View Git Blame Copy Permalink