search

riboseinc / terraform-aws-s3-cloudfront-website

Terraform module for creating a static S3 website with CloudFront with an SSL certificate (e.g., from ACM)
Apache License 2.0
74 stars 40 forks source link

Add documentation on how to upgrade from 0.12 to 0.13 #35

Closed ronaldtse closed 3 years ago

ronaldtse commented 3 years ago

Use the first 0.13 version for the module.

module "site-main" {
  source = "github.com/riboseinc/terraform-aws-s3-cloudfront-website?ref=dd85d7f6218190b5a1a9298af136311c2ef8dd14"
...
}

module "site-root" {
  source = "github.com/riboseinc/terraform-aws-s3-cloudfront-redirect?ref=b4ab4a1ec7f373484074b27c73d93ce4bbe60b14"
...
}

Assume you are using terraform 0.12:

tfenv use 0.12.31
terraform init -upgrade

Then use terraform 0.13:

tfenv use 0.13.7
terraform 0.13upgrade -yes
terraform init -upgrade
terraform plan

If it fails you will have to replace the providers (remember to answer yes):

terraform state replace-provider -auto-approve registry.terraform.io/-/aws hashicorp/aws
terraform state replace-provider -auto-approve registry.terraform.io/-/null registry.terraform.io/hashicorp/null
terraform state replace-provider -auto-approve registry.terraform.io/-/archive registry.terraform.io/hashicorp/archive
terraform state replace-provider -auto-approve registry.terraform.io/-/local registry.terraform.io/hashicorp/local

Then this will succeed:

terraform plan

Run this to apply:

terraform apply -auto-approve
ronaldtse commented 3 years ago

Now remove the version restriction on the module:

module "site-root" {
  source = "github.com/riboseinc/terraform-aws-s3-cloudfront-website"
...

Then:

tfenv use 0.15.4
terraform init -upgrade
terraform plan
ronaldtse commented 3 years ago

When upgrading to 0.15.4, you need to update the ACM config from:

Original:

resource "aws_route53_record" "cert_validation-main" {
  provider = aws.cloudfront
  name     = aws_acm_certificate.cert-main.domain_validation_options[0].resource_record_name
  type     = aws_acm_certificate.cert-main.domain_validation_options[0].resource_record_type
  zone_id  = data.aws_route53_zone.main.id
  records  = [aws_acm_certificate.cert-main.domain_validation_options[0].resource_record_value]
  ttl      = 60
}

resource "aws_acm_certificate_validation" "cert-main" {
  provider                = aws.cloudfront
  certificate_arn         = aws_acm_certificate.cert-main.arn
  validation_record_fqdns = [aws_route53_record.cert_validation-main.fqdn]
}

Now:

resource "aws_route53_record" "cert_validation-main" {
  provider = aws.cloudfront
  for_each = {
    for dvo in aws_acm_certificate.cert-main.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = data.aws_route53_zone.main.zone_id
}

resource "aws_acm_certificate_validation" "cert-main" {
  provider                = aws.cloudfront
  certificate_arn         = aws_acm_certificate.cert-main.arn
  validation_record_fqdns = [for record in aws_route53_record.cert_validation-main : record.fqdn]
}
ronaldtse commented 3 years ago

Added to README.