chore!: Rename resource aws_appsync_api_cache #70
Conversation
taufort
changed the title
|
I had to rename my PR's title from "refactor!" to "chore!" because the default authorized commit types in GitHub action
The GitHub action allows one to override this default list (see https://github.com/amannn/action-semantic-pull-request/blob/main/action.yml#L11), I think it would be appropriate to add |
taufort
force-pushed
the
refactor/rename-api-cache-resource
branch
2 times, most recently
from
d87286f to
4058eb2
Compare
examples/complete/main.tf
Outdated
| @@ -112,7 +94,7 @@ module "appsync" { | |||
| authentication_type = "OPENID_CONNECT" | |||
|
|
|||
| lambda_authorizer_config = { | |||
| authorizer_uri = "arn:aws:lambda:eu-west-1:835367859851:function:appsync_auth_1" | |||
| authorizer_uri = "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:appsync_auth_1" | |||
There was a problem hiding this comment.
Users could use this output lambda_function_arn_static if they create Lambda functions using that module.
In this example, we don't need to have any assumption on AWS region or AWS account being used.
There was a problem hiding this comment.
The lambda authorizer should be in the same account as the caller. If I use the hard-coded account ID 835367859851 to test the example on one of my AWS account, I get this error:
│ Error: updating AppSync GraphQL API (bntnbrrxdfcf3iqd5qpebe6ucu): operation error AppSync: UpdateGraphqlApi, https response error StatusCode: 400, RequestID: daa839ef-a9ba-47d7-b350-1b2adeb318e6, BadRequestException: Lambda Authorizer should be in the same account as caller
│
│ with module.appsync.aws_appsync_graphql_api.this[0],
│ on ../../main.tf line 9, in resource "aws_appsync_graphql_api" "this":
│ 9: resource "aws_appsync_graphql_api" "this" {
│
In my humble opinion, it's a bad practice having this account ID hard coded everywhere in the code for contributions because any contributor that will wish to apply this example on her/his AWS account will have to update the code to make the example work.
There was a problem hiding this comment.
Regarding the AWS region, I have the same opinion as the Account ID, it should be carried by the AWS provider you're using and not hard coded directly in the Terraform code. I have not changed the AWS region used previously, which was Ireland (eu-west-1).
taufort
force-pushed
the
refactor/rename-api-cache-resource
branch
2 times, most recently
from
f7b9cfa to
2d85cd0
Compare
taufort
force-pushed
the
refactor/rename-api-cache-resource
branch
from
2d85cd0 to
8388ce4
Compare
|
@antonbabenko For information, I'm seeing a constant Terraform drift when I Terraform apply the example several times in a row without any change in the code: There must be an issue with this Lambda authorizer block. |
There was a problem hiding this comment.
LGTM, it works in a similar way to the rest of our modules.
I think lambda_authorizer_config is drifting because the authorizer Lambda function is missing the required permissions, but it is out of the scope of this PR.
|
This PR is included in version 3.0.0 🎉 |
|
By accident (with |
Is it really? I thought we said this would end up with a new major release. I may be wrong but I think we are not backward compatible with the change of Terraform version in |
|
@taufort You are right! The change of the Terraform version requires to be major release. |
Description
The aws_appsync_api_cache resource is named "example", which is not adequate and should be renamed to "this".
I also took a bit of time to update the example to make it easier to be used on other AWS accounts and also to make it more customizable.
Motivation and Context
Fixes #69
Breaking Changes
We need to bump Terraform version to be able to use Terraform moved block.
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request