Fixing aws_cloudwatch_log_group name for WAF logging and alb_listener http_redirect issue (#94)

LeoDiazL · web-flow · commit 3de8c37d7147 · 2025-08-28T12:55:28.000-03:00
* Adding dependency for aws_alb_listener http_redirect and fixing conditionals
* Adjusting ALB WAF log group name
diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf
@@ -82,6 +82,7 @@ resource "aws_alb_listener" "lb_listener_ssl" {
   lifecycle {
     replace_triggered_by = [null_resource.http_redirect_dep.id]
   }
+  depends_on = [ aws_alb_listener.http_redirect ]
 }
 
 resource "aws_alb_listener" "lb_listener" {
@@ -96,6 +97,7 @@ resource "aws_alb_listener" "lb_listener" {
   lifecycle {
     replace_triggered_by = [null_resource.http_redirect_dep.id]
   }
+  depends_on = [ aws_alb_listener.http_redirect ]
 }
 
 resource "aws_alb_listener_rule" "redirect_based_on_path" {
@@ -116,25 +118,28 @@ resource "aws_alb_listener_rule" "redirect_based_on_path" {
 
 resource "aws_alb_listener" "http_redirect" {
   count             = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) ? 1 : 0
-  load_balancer_arn = "${aws_alb.ecs_lb.id}"
+  load_balancer_arn = aws_alb.ecs_lb.id
   port              = "80"
   protocol          = "HTTP"
 
 
   default_action {
-    #type = var.aws_certificates_selected_arn != "" ? "redirect" : "forward"
-    type = var.aws_certificate_enabled != "" ? "redirect" : "forward"
-    target_group_arn = var.aws_certificates_selected_arn != "" ? null : aws_alb_target_group.lb_targets[0].id
+    type = var.aws_certificate_enabled ? "redirect" : "forward"
+    target_group_arn = var.aws_certificate_enabled ? null : aws_alb_target_group.lb_targets[0].id
 
     dynamic "redirect" {
-      for_each = var.aws_certificates_selected_arn != "" ? [1] : [0]
+      for_each = var.aws_certificate_enabled ? [1] : [0]
       content {
         port        = 443
         protocol    = "HTTPS"
         status_code = "HTTP_301"
       }
     }
   }
+  depends_on = [
+    aws_alb.ecs_lb,
+    aws_alb_target_group.lb_targets
+  ]
 }
 
 resource "aws_security_group_rule" "incoming_alb_http" {
diff --git a/operations/deployment/terraform/modules/aws/waf/aws_waf.tf b/operations/deployment/terraform/modules/aws/waf/aws_waf.tf
@@ -393,16 +393,17 @@ resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" {
       name = "cookie"
     }
   }
+  depends_on = [ aws_cloudwatch_log_group.waf_log_group, aws_wafv2_web_acl.waf ]
 }
 
 # CloudWatch Log Group for WAF (optional)
 resource "aws_cloudwatch_log_group" "waf_log_group" {
   count             = var.aws_waf_enable && var.aws_waf_logging_enable ? 1 : 0
-  name              = "/aws/wafv2/${var.aws_resource_identifier}"
+  name              = "aws-waf-logs-${var.aws_resource_identifier}"
   retention_in_days = var.aws_waf_log_retention_days
 
   tags = {
-    Name = "${var.aws_resource_identifier}-waf-logs"
+    Name = "aws-waf-logs-${var.aws_resource_identifier}"
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,7 @@ resource "aws_alb_listener" "lb_listener_ssl" {`
`82`	`82`	`lifecycle {`
`83`	`83`	`replace_triggered_by = [null_resource.http_redirect_dep.id]`
`84`	`84`	`}`
	`85`	`+ depends_on = [ aws_alb_listener.http_redirect ]`
`85`	`86`	`}`
`86`	`87`
`87`	`88`	`resource "aws_alb_listener" "lb_listener" {`
`@@ -96,6 +97,7 @@ resource "aws_alb_listener" "lb_listener" {`
`96`	`97`	`lifecycle {`
`97`	`98`	`replace_triggered_by = [null_resource.http_redirect_dep.id]`
`98`	`99`	`}`
	`100`	`+ depends_on = [ aws_alb_listener.http_redirect ]`
`99`	`101`	`}`
`100`	`102`
`101`	`103`	`resource "aws_alb_listener_rule" "redirect_based_on_path" {`
`@@ -116,25 +118,28 @@ resource "aws_alb_listener_rule" "redirect_based_on_path" {`
`116`	`118`
`117`	`119`	`resource "aws_alb_listener" "http_redirect" {`
`118`	`120`	`count = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) ? 1 : 0`
`119`		`- load_balancer_arn = "${aws_alb.ecs_lb.id}"`
	`121`	`+ load_balancer_arn = aws_alb.ecs_lb.id`
`120`	`122`	`port = "80"`
`121`	`123`	`protocol = "HTTP"`
`122`	`124`
`123`	`125`
`124`	`126`	`default_action {`
`125`		`- #type = var.aws_certificates_selected_arn != "" ? "redirect" : "forward"`
`126`		`- type = var.aws_certificate_enabled != "" ? "redirect" : "forward"`
`127`		`- target_group_arn = var.aws_certificates_selected_arn != "" ? null : aws_alb_target_group.lb_targets[0].id`
	`127`	`+ type = var.aws_certificate_enabled ? "redirect" : "forward"`
	`128`	`+ target_group_arn = var.aws_certificate_enabled ? null : aws_alb_target_group.lb_targets[0].id`
`128`	`129`
`129`	`130`	`dynamic "redirect" {`
`130`		`- for_each = var.aws_certificates_selected_arn != "" ? [1] : [0]`
	`131`	`+ for_each = var.aws_certificate_enabled ? [1] : [0]`
`131`	`132`	`content {`
`132`	`133`	`port = 443`
`133`	`134`	`protocol = "HTTPS"`
`134`	`135`	`status_code = "HTTP_301"`
`135`	`136`	`}`
`136`	`137`	`}`
`137`	`138`	`}`
	`139`	`+ depends_on = [`
	`140`	`+ aws_alb.ecs_lb,`
	`141`	`+ aws_alb_target_group.lb_targets`
	`142`	`+ ]`
`138`	`143`	`}`
`139`	`144`
`140`	`145`	`resource "aws_security_group_rule" "incoming_alb_http" {`
Original file line number	Diff line number	Diff line change
`@@ -393,16 +393,17 @@ resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" {`
`393`	`393`	`name = "cookie"`
`394`	`394`	`}`
`395`	`395`	`}`
	`396`	`+ depends_on = [ aws_cloudwatch_log_group.waf_log_group, aws_wafv2_web_acl.waf ]`
`396`	`397`	`}`
`397`	`398`
`398`	`399`	`# CloudWatch Log Group for WAF (optional)`
`399`	`400`	`resource "aws_cloudwatch_log_group" "waf_log_group" {`
`400`	`401`	`count = var.aws_waf_enable && var.aws_waf_logging_enable ? 1 : 0`
`401`		`- name = "/aws/wafv2/${var.aws_resource_identifier}"`
	`402`	`+ name = "aws-waf-logs-${var.aws_resource_identifier}"`
`402`	`403`	`retention_in_days = var.aws_waf_log_retention_days`
`403`	`404`
`404`	`405`	`tags = {`
`405`		`- Name = "${var.aws_resource_identifier}-waf-logs"`
	`406`	`+ Name = "aws-waf-logs-${var.aws_resource_identifier}"`
`406`	`407`	`}`
`407`	`408`	`}`
`408`	`409`