From 40ea76a4f56b82b3ba96fc3995bcdf2fb97549d2 Mon Sep 17 00:00:00 2001
From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com>
Date: Wed, 18 Jan 2023 15:08:24 -0500
Subject: [PATCH] Module variable fix (#9411)

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---
 terraform/byo-vpc/byo-db/main.tf | 13 ++++++---
 terraform/variables.tf           | 45 +++++++++++++++++++++++---------
 2 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/terraform/byo-vpc/byo-db/main.tf b/terraform/byo-vpc/byo-db/main.tf
index 3616e990b9..6a3c3beedf 100644
--- a/terraform/byo-vpc/byo-db/main.tf
+++ b/terraform/byo-vpc/byo-db/main.tf
@@ -38,7 +38,7 @@ module "alb" {
 
   target_groups = [
     {
-      name_prefix      = var.alb_config.name
+      name             = var.alb_config.name
       backend_protocol = "HTTP"
       backend_port     = 80
       target_type      = "ip"
@@ -64,9 +64,14 @@ module "alb" {
 
   http_tcp_listeners = [
     {
-      port               = 80
-      protocol           = "HTTP"
-      target_group_index = 0
+      port        = 80
+      protocol    = "HTTP"
+      action_type = "redirect"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
     }
   ]
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
index c1e04d05b1..857ebbee75 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -8,7 +8,7 @@ variable "vpc" {
     database_subnets    = optional(list(string), ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"])
     elasticache_subnets = optional(list(string), ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"])
 
-    create_database_subnet_group          = optional(bool, true)
+    create_database_subnet_group          = optional(bool, false)
     create_database_subnet_route_table    = optional(bool, true)
     create_elasticache_subnet_group       = optional(bool, true)
     create_elasticache_subnet_route_table = optional(bool, true)
@@ -26,7 +26,7 @@ variable "vpc" {
     database_subnets    = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
     elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]
 
-    create_database_subnet_group          = true
+    create_database_subnet_group          = false
     create_database_subnet_route_table    = true
     create_elasticache_subnet_group       = true
     create_elasticache_subnet_route_table = true
@@ -80,8 +80,8 @@ variable "redis_config" {
     replication_group_id          = optional(string)
     elasticache_subnet_group_name = optional(string)
     allowed_security_group_ids    = optional(list(string), [])
-    subnets                       = list(string)
-    availability_zones            = list(string)
+    subnets                       = optional(list(string))
+    availability_zones            = optional(list(string))
     cluster_size                  = optional(number, 3)
     instance_type                 = optional(string, "cache.m5.large")
     apply_immediately             = optional(bool, true)
@@ -116,14 +116,35 @@ variable "redis_config" {
 
 variable "ecs_cluster" {
   type = object({
-    autoscaling_capacity_providers        = any
-    cluster_configuration                 = any
-    cluster_name                          = string
-    cluster_settings                      = map(string)
-    create                                = bool
-    default_capacity_provider_use_fargate = bool
-    fargate_capacity_providers            = any
-    tags                                  = map(string)
+    autoscaling_capacity_providers = optional(any, {})
+    cluster_configuration = optional(any, {
+      execute_command_configuration = {
+        logging = "OVERRIDE"
+        log_configuration = {
+          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
+        }
+      }
+    })
+    cluster_name = optional(string, "fleet")
+    cluster_settings = optional(map(string), {
+      "name" : "containerInsights",
+      "value" : "enabled",
+    })
+    create                                = optional(bool, true)
+    default_capacity_provider_use_fargate = optional(bool, true)
+    fargate_capacity_providers = optional(any, {
+      FARGATE = {
+        default_capacity_provider_strategy = {
+          weight = 100
+        }
+      }
+      FARGATE_SPOT = {
+        default_capacity_provider_strategy = {
+          weight = 0
+        }
+      }
+    })
+    tags = optional(map(string))
   })
   default = {
     autoscaling_capacity_providers = {}