Fix bugs and refactor

terraform/modules/apigw/main.tf

@@ -13,87 +13,29 @@ resource "aws_api_gateway_resource" "this" {
   rest_api_id = aws_api_gateway_rest_api.this.id
 }
 
-resource "aws_api_gateway_method" "stock_get" {
-  rest_api_id   = aws_api_gateway_rest_api.this.id
-  resource_id   = aws_api_gateway_resource.this.id
-  http_method   = var.lambda[0].http_method
-  authorization = "NONE"
-}
-
 resource "aws_api_gateway_method" "this" {
-  rest_api_id   = aws_api_gateway_rest_api.this.id
-  resource_id   = aws_api_gateway_resource.this.id
-  http_method   = "POST"
-  authorization = "NONE"
-}
+  for_each = var.method
 
-resource "aws_api_gateway_method" "options" {
   rest_api_id   = aws_api_gateway_rest_api.this.id
   resource_id   = aws_api_gateway_resource.this.id
-  http_method   = "OPTIONS"
+  http_method   = each.value.http_method
   authorization = "NONE"
 }
 
-resource "aws_api_gateway_integration" "stock_get" {
-  rest_api_id             = aws_api_gateway_rest_api.this.id
-  resource_id             = aws_api_gateway_resource.this.id
-  http_method             = aws_api_gateway_method.stock_get.http_method
-  integration_http_method = "POST"
-  type                    = "AWS_PROXY"
-  uri                     = var.lambda[0].lambda_function_arn
-}
-
 resource "aws_api_gateway_integration" "this" {
+  for_each = var.integration
+
   rest_api_id             = aws_api_gateway_rest_api.this.id
   resource_id             = aws_api_gateway_resource.this.id
-  http_method             = aws_api_gateway_method.this.http_method
-  integration_http_method = "POST"
-  type                    = "AWS"
-  credentials             = var.role_arn
-  uri                     = var.sqs_arn
+  http_method             = aws_api_gateway_method.this[each.key].http_method
+  integration_http_method = each.value.integration_http_method
+  type                    = each.value.type
+  credentials             = each.value.credentials
+  uri                     = each.value.uri
+  request_parameters      = each.value.request_parameters
+  request_templates       = each.value.request_templates
 
-  request_parameters = {
-    "integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
-  }
-
-  request_templates = {
-    "application/json" = <<EOF
-Action=SendMessage&MessageBody={
-  "method": "$context.httpMethod",
-  "body-json" : $input.json('$'),
-  "queryParams": {
-    #foreach($param in $input.params().querystring.keySet())
-    "$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
-  #end
-  },
-  "pathParams": {
-    #foreach($param in $input.params().path.keySet())
-    "$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
-    #end
-  }
-}
-EOF
-  }
-
-  depends_on = [aws_api_gateway_method.options]
-}
-
-resource "aws_api_gateway_integration" "options" {
-  rest_api_id = aws_api_gateway_rest_api.this.id
-  resource_id = aws_api_gateway_resource.this.id
-  http_method = aws_api_gateway_method.options.http_method
-  type        = "MOCK"
-
-  request_parameters = {}
-  request_templates = {
-    "application/json" = jsonencode(
-      {
-        statusCode = 200
-      }
-    )
-  }
-
-  depends_on = [aws_api_gateway_method.options]
+  depends_on = [aws_api_gateway_method.this]
 }
 
 resource "aws_api_gateway_stage" "this" {
@@ -102,88 +44,31 @@ resource "aws_api_gateway_stage" "this" {
   stage_name    = "production"
 }
 
-resource "aws_api_gateway_method_response" "http200" {
+resource "aws_api_gateway_method_response" "this" {
+  for_each = var.method_response
+
   rest_api_id = aws_api_gateway_rest_api.this.id
   resource_id = aws_api_gateway_resource.this.id
-  http_method = aws_api_gateway_method.this.http_method
+  http_method = aws_api_gateway_method.this[each.key].http_method
   status_code = 200
 
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Origin" = "true"
-  }
+  response_models     = each.value.response_models
+  response_parameters = each.value.response_parameters
 
   depends_on = [aws_api_gateway_method.this]
 }
 
-resource "aws_api_gateway_method_response" "stock200" {
+resource "aws_api_gateway_integration_response" "this" {
+  for_each = var.integration_response
+
   rest_api_id         = aws_api_gateway_rest_api.this.id
   resource_id         = aws_api_gateway_resource.this.id
-  http_method = aws_api_gateway_method.stock_get.http_method
-  status_code = 200
+  http_method         = aws_api_gateway_method.this[each.key].http_method
+  status_code         = aws_api_gateway_method_response.this[each.key].status_code
+  selection_pattern   = each.value.selection_pattern
+  response_parameters = each.value.response_parameters
 
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Origin" = "true"
-  }
-
-  depends_on = [aws_api_gateway_method.stock_get]
-}
-
-resource "aws_api_gateway_method_response" "options200" {
-  rest_api_id = aws_api_gateway_rest_api.this.id
-  resource_id = aws_api_gateway_resource.this.id
-  http_method = aws_api_gateway_method.options.http_method
-  status_code = 200
-  response_models = {
-    "application/json" = "Empty"
-  }
-
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Headers" = true,
-    "method.response.header.Access-Control-Allow-Methods" = true,
-    "method.response.header.Access-Control-Allow-Origin"  = true
-  }
-
-  depends_on = [aws_api_gateway_method.options]
-}
-
-resource "aws_api_gateway_integration_response" "http200" {
-  rest_api_id       = aws_api_gateway_rest_api.this.id
-  resource_id       = aws_api_gateway_resource.this.id
-  http_method       = aws_api_gateway_method.this.http_method
-  status_code       = aws_api_gateway_method_response.http200.status_code
-  selection_pattern = "^2[0-9][0-9]"
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Origin" = "'*'"
-  }
-
-  depends_on = [aws_api_gateway_method_response.http200]
-}
-
-resource "aws_api_gateway_integration_response" "stock200" {
-  rest_api_id       = aws_api_gateway_rest_api.this.id
-  resource_id       = aws_api_gateway_resource.this.id
-  http_method       = aws_api_gateway_method.stock_get.http_method
-  status_code       = aws_api_gateway_method_response.stock200.status_code
-  selection_pattern = "^2[0-9][0-9]"
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Origin" = "'*'"
-  }
-
-  depends_on = [aws_api_gateway_method_response.stock200]
-}
-
-resource "aws_api_gateway_integration_response" "options200" {
-  rest_api_id = aws_api_gateway_rest_api.this.id
-  resource_id = aws_api_gateway_resource.this.id
-  http_method = aws_api_gateway_method.options.http_method
-  status_code = aws_api_gateway_method_response.http200.status_code
-  response_parameters = {
-    "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
-    "method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST'",
-    "method.response.header.Access-Control-Allow-Origin"  = "'*'"
-  }
-
-  depends_on = [aws_api_gateway_method_response.options200]
+  depends_on = [aws_api_gateway_method_response.this]
 }
 
 resource "aws_api_gateway_deployment" "this" {
@@ -192,12 +77,12 @@ resource "aws_api_gateway_deployment" "this" {
   triggers = {
     redeployment = sha1(jsonencode([
       aws_api_gateway_resource.this.id,
-      aws_api_gateway_method.this.id,
-      aws_api_gateway_method.options.id,
-      aws_api_gateway_method.stock_get.id,
-      aws_api_gateway_integration.this.id,
-      aws_api_gateway_integration.options.id,
-      aws_api_gateway_integration.stock_get.id,
+      aws_api_gateway_method.this["get"].id,
+      aws_api_gateway_method.this["post"].id,
+      aws_api_gateway_method.this["options"].id,
+      aws_api_gateway_integration.this["get"].id,
+      aws_api_gateway_integration.this["post"].id,
+      aws_api_gateway_integration.this["options"].id,
     ]))
   }
 
@@ -206,25 +91,17 @@ resource "aws_api_gateway_deployment" "this" {
   }
 
   depends_on = [
-    aws_api_gateway_integration.options,
     aws_api_gateway_integration.this,
-    aws_api_gateway_integration.stock_get,
-    aws_api_gateway_method.options,
     aws_api_gateway_method.this,
-    aws_api_gateway_method.stock_get,
-    aws_api_gateway_method_response.options200,
-    aws_api_gateway_method_response.http200,
-    aws_api_gateway_method_response.stock200,
-    aws_api_gateway_integration_response.options200,
-    aws_api_gateway_integration_response.http200,
-    aws_api_gateway_integration_response.stock200,
+    aws_api_gateway_method_response.this,
+    aws_api_gateway_integration_response.this
   ]
 }
 
 resource "aws_lambda_permission" "this" {
   statement_id  = "AllowExecutionFromAPIGateway"
   action        = "lambda:InvokeFunction"
-  function_name = var.lambda[0].lambda_function_name
+  function_name = var.lambda[0].function_name
   principal     = "apigateway.amazonaws.com"
-  source_arn    = "${var.lambda[0].lambda_source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.stock_get.http_method}${aws_api_gateway_resource.this.path}"
+  source_arn    = "${var.lambda[0].source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.this["get"].http_method}${aws_api_gateway_resource.this.path}"
 }

terraform/modules/apigw/outputs.tf

@@ -2,18 +2,15 @@
 # Amazon API Gateway outputs
 # --------------------------------------------------------------------
 
-output "api_endpoint" {
+output "endpoint" {
   value = aws_api_gateway_stage.this.invoke_url
 }
 
-output "api_rest_id" {
+output "rest_id" {
   value = aws_api_gateway_resource.this.rest_api_id
 }
 
-output "api_resource_path" {
+output "resource_path" {
   value = aws_api_gateway_resource.this.path
 }
 
-output "api_http_method" {
-  value = aws_api_gateway_method.this.http_method
-}

terraform/modules/apigw/variables.tf

@@ -5,7 +5,6 @@
 variable "name" {
   description = "The name of the API."
   type        = string
-  default     = ""
 }
 
 variable "tags" {
@@ -28,3 +27,23 @@ variable "lambda" {
   description = "List of lambdas the API will execute."
   type        = list(any)
 }
+
+variable "method" {
+  description = "Map of API gateway methods."
+  type        = map(any)
+}
+
+variable "integration" {
+  description = "Map of API gateway integrations."
+  type        = map(any)
+}
+
+variable "method_response" {
+  description = "Map of API gateway method response."
+  type        = map(any)
+}
+
+variable "integration_response" {
+  description = "Map of API gateway method integrations."
+  type        = map(any)
+}

terraform/modules/cloudfront/outputs.tf

@@ -1,3 +0,0 @@
-# --------------------------------------------------------------------
-# CloudFront outputs
-# --------------------------------------------------------------------

terraform/modules/cloudfront/variables.tf

@@ -5,19 +5,19 @@
 variable "web_acl_id" {
   description = "Id or ARN of the AWS WAF web ACL that is associated with the distribution."
   type        = string
-  default     = null
+  nullable    = false
 }
 
 variable "tags" {
   description = "A map of tags to assign to the resource."
   type        = map(string)
-  default     = null
+  default     = {}
 }
 
 variable "origin" {
   description = "One or more origins for this distribution."
   type        = any
-  default     = null
+  nullable    = false
 }
 
 variable "default_root_object" {
@@ -29,7 +29,7 @@ variable "default_root_object" {
 variable "default_cache_behavior" {
   description = "The default cache behavior for this distribution"
   type        = any
-  default     = null
+  nullable    = false
 }
 
 variable "enabled" {

terraform/modules/lambda/outputs.tf

@@ -2,12 +2,12 @@
 # Lambda outputs
 # --------------------------------------------------------------------
 
-output "lambda_function_arn" {
+output "function_arn" {
   description = "The ARN of the Lambda Function"
   value       = aws_lambda_function.this.invoke_arn
 }
 
-output "lambda_function_name" {
+output "function_name" {
   description = "The name of the Lambda Function"
   value       = aws_lambda_function.this.function_name
 }

terraform/modules/lambda/variables.tf

@@ -8,29 +8,24 @@ variable "package" {
   default     = null
 }
 
-
 variable "function_name" {
   description = "A unique name for your Lambda Function."
   type        = string
-  default     = ""
 }
 
 variable "handler" {
   description = "Lambda Function entrypoint in your code."
   type        = string
-  default     = ""
 }
 
 variable "runtime" {
   description = "Lambda Function runtime."
   type        = string
-  default     = ""
 }
 
 variable "iam_role" {
   description = "IAM role ARN attached to the Lambda Function."
   type        = string
-  default     = ""
 }
 
 variable "tags" {

terraform/modules/s3/main.tf

@@ -66,3 +66,12 @@ resource "aws_s3_object" "this" {
   content_type  = each.value.content_type
   storage_class = try(each.value.tier, "STANDARD")
 }
+
+resource "aws_s3_object" "index" {
+  count         = length(try([var.website["index_document"]], [])) > 0 ? 1 : 0
+  bucket        = var.website_id
+  key           = "index.html"
+  content       = var.content
+  content_type  = "text/html"
+  storage_class = "STANDARD"
+}

terraform/modules/s3/variables.tf

@@ -9,13 +9,13 @@ variable "bucket_name" {
 
 variable "objects" {
   type        = map(any)
-  description = ""
+  description = "Map of objects to upload to the bucket."
   default     = {}
 }
 
 variable "website" {
   type        = map(any)
-  description = ""
+  description = "Map that defines the configuration of the website."
   default     = {}
 }
 
@@ -36,3 +36,13 @@ variable "type" {
   default     = 1
   description = "Determines the type of the bucket. 1 for static website and 2 for logs."
 }
+
+variable "website_id" {
+  description = "Website bucket ID."
+  type        = string
+}
+
+variable "content" {
+  description = "Website bucket content."
+  type        = string
+}

terraform/modules/sqs/variables.tf

@@ -8,49 +8,49 @@ variable "name" {
 }
 
 variable "message_retention_seconds" {
-  description = "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)"
+  description = "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)."
   type        = number
   default     = 345600
 }
 
 variable "max_message_size" {
-  description = "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)"
+  description = "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)."
   type        = number
   default     = 262144
 }
 
 variable "delay_seconds" {
-  description = "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)"
+  description = "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)."
   type        = number
   default     = 0
 }
 
 variable "receive_wait_time_seconds" {
-  description = "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)"
+  description = "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)."
   type        = number
   default     = 0
 }
 
 variable "fifo_queue" {
-  description = "Boolean designating a FIFO queue"
+  description = "Boolean designating a FIFO queue."
   type        = bool
   default     = false
 }
 
 variable "content_based_deduplication" {
-  description = "Enables content-based deduplication for FIFO queues"
+  description = "Enables content-based deduplication for FIFO queues."
   type        = bool
   default     = false
 }
 
 variable "tags" {
-  description = "A mapping of tags to assign to all resources"
+  description = "A mapping of tags to assign to all resources."
   type        = map(string)
   default     = {}
 }
 
 variable "lambda_name" {
-  description = "."
+  description = "The name of the lambda to trigger when a message is queued."
   type        = string
   default     = null
 }

terraform/modules/waf/main.tf

@@ -10,9 +10,12 @@ resource "aws_wafv2_web_acl" "this" {
     allow {}
   }
 
-  rule {
-    name     = "AWS-AWSManagedRulesCommonRuleSet"
-    priority = 1
+  dynamic "rule" {
+    for_each = var.rule
+
+    content {
+      name     = rule.value.name
+      priority = rule.value.priority
 
       override_action {
         none {}
@@ -20,63 +23,21 @@ resource "aws_wafv2_web_acl" "this" {
 
       statement {
         managed_rule_group_statement {
-        name        = "AWSManagedRulesCommonRuleSet"
+          name        = rule.value.managed_rule_group_statement
           vendor_name = "AWS"
         }
       }
 
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "AWS-AWSManagedRulesCommonRuleSet"
-      sampled_requests_enabled   = true
-    }
-  }
-
-  rule {
-    name     = "AWS-AWSManagedRulesLinuxRuleSet"
-    priority = 2
-
-    statement {
-      managed_rule_group_statement {
-        name        = "AWSManagedRulesLinuxRuleSet"
-        vendor_name = "AWS"
-      }
-    }
-
-    override_action {
-      none {}
-    }
 
       visibility_config {
         cloudwatch_metrics_enabled = true
-      metric_name                = "AWS-AWSManagedRulesLinuxRuleSet"
+        metric_name                = rule.value.metric_name
         sampled_requests_enabled   = true
       }
-  }
 
-  rule {
-    name     = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
-    priority = 3
-
-    override_action {
-      none {}
-    }
-
-    statement {
-      managed_rule_group_statement {
-        name        = "AWSManagedRulesKnownBadInputsRuleSet"
-        vendor_name = "AWS"
     }
   }
 
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
-      sampled_requests_enabled   = true
-    }
-  }
-
-
   visibility_config {
     cloudwatch_metrics_enabled = true
     metric_name                = "waf-bsmsapp"

terraform/modules/waf/variables.tf

@@ -17,3 +17,9 @@ variable "scope" {
   description = "WAF scope (cloudfront or regional)."
   type        = string
 }
+
+variable "rule" {
+  description = "Map of WAF rules."
+  type        = map(any)
+  default     = {}
+}

terraform/organization/apigw.tf

@@ -6,23 +6,120 @@ module "apigw" {
   }
 
   depends_on = [
-    module.lambda, module.sqs
+    module.lambda,
+    module.sqs
   ]
 
   name = "AWSAPIGateway-g3"
 
   lambda = [
     {
-      http_method          = "GET"
-      lambda_function_arn  = module.lambda["lambdaDB"].lambda_function_arn
-      lambda_function_name = module.lambda["lambdaDB"].lambda_function_name
-      lambda_source_arn    = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
+      function_arn  = module.lambda["lambdaDB"].function_arn
+      function_name = module.lambda["lambdaDB"].function_name
+      source_arn    = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
     }
   ]
 
   role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
   sqs_arn  = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/${module.sqs.name}"
 
+  method = {
+    get = {
+      http_method = "GET"
+    }
+    post = {
+      http_method = "POST"
+    },
+    options = {
+      http_method = "OPTIONS"
+    },
+  }
+
+  integration = {
+    get = {
+      integration_http_method = "POST",
+      type                    = "AWS_PROXY",
+      credentials             = null,
+      uri                     = module.lambda["lambdaDB"].function_arn,
+      request_parameters      = {},
+      request_templates       = {},
+    },
+    post = {
+      integration_http_method = "POST",
+      type                    = "AWS",
+      credentials             = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole",
+      uri                     = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/${module.sqs.name}",
+      request_parameters = {
+        "integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
+      },
+      request_templates = {
+        "application/json" = file("template.json")
+      }
+    },
+    options = {
+      integration_http_method = null,
+      type                    = "MOCK",
+      credentials             = null,
+      uri                     = null,
+      request_parameters      = {},
+      request_templates = {
+        "application/json" = jsonencode(
+          {
+            statusCode = 200
+          }
+        )
+      }
+    },
+  }
+
+  method_response = {
+    get = {
+      response_models = {}
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Origin" = "true"
+      }
+    },
+    post = {
+      response_models = {}
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Origin" = "true"
+      }
+    },
+    options = {
+      response_models = {
+        "application/json" = "Empty"
+      }
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Headers" = true,
+        "method.response.header.Access-Control-Allow-Methods" = true,
+        "method.response.header.Access-Control-Allow-Origin"  = true
+      }
+    }
+  }
+
+  integration_response = {
+    get = {
+      selection_pattern = "^2[0-9][0-9]"
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Origin" = "'*'"
+      }
+    },
+    post = {
+      selection_pattern = "^2[0-9][0-9]"
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Origin" = "'*'"
+      }
+    },
+    options = {
+      selection_pattern = null
+      response_parameters = {
+        "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
+        "method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST'",
+        "method.response.header.Access-Control-Allow-Origin"  = "'*'"
+      }
+    }
+  }
+
   tags = {
     name = "api-gateway-g3"
   }

terraform/organization/cloudfront.tf

@@ -7,8 +7,7 @@ module "cloudfront" {
 
   depends_on = [
     module.s3,
-    module.apigw,
-    module.waf
+    module.apigw
   ]
 
   enabled    = true
@@ -16,7 +15,7 @@ module "cloudfront" {
 
   origin = {
     api-gateway = {
-      domain_name = replace(replace(module.apigw.api_endpoint, "https://", ""), "/", "")
+      domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
 
       custom_origin_config = {
         http_port              = 80

terraform/organization/datasources.tf

@@ -13,7 +13,7 @@ data "aws_caller_identity" "current" {
 data "template_file" "userdata" {
   template = file("${path.module}/html/index.html")
   vars = {
-    ENDPOINT = "${module.apigw.api_endpoint}"
+    ENDPOINT = "${module.apigw.endpoint}"
   }
 }
 

terraform/organization/provider.tf

@@ -5,6 +5,7 @@ provider "aws" {
   shared_credentials_files = ["~/.aws/credentials"]
   profile                  = "default"
 
+  s3_use_path_style           = true
   skip_requesting_account_id  = true
   skip_get_ec2_platforms      = true
   skip_metadata_api_check     = true

terraform/organization/s3.tf

@@ -11,14 +11,6 @@ module "s3" {
   website     = try(each.value.website, {})
   objects     = try(each.value.objects, {})
   bucket_acl  = each.value.bucket_acl
-}
-
-resource "aws_s3_object" "this" {
-  provider = aws.aws
-
-  bucket        = module.s3["website"].id
-  key           = "index.html"
+  website_id  = module.s3["website"].id
   content     = data.template_file.userdata.rendered
-  content_type  = "text/html"
-  storage_class = "STANDARD"
 }

terraform/organization/sqs.tf

@@ -10,7 +10,7 @@ module "sqs" {
   ]
 
   name        = "AWS-SQS-g3"
-  lambda_name = module.lambda["lambdaSQS"].lambda_function_name
+  lambda_name = module.lambda["lambdaSQS"].function_name
 
   tags = {
     name = "SQS"

terraform/organization/template.json

@@ -0,0 +1,14 @@
+Action=SendMessage&MessageBody={
+    "method": "$context.httpMethod",
+    "body-json" : $input.json('$'),
+    "queryParams": {
+      #foreach($param in $input.params().querystring.keySet())
+      "$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
+    #end
+    },
+    "pathParams": {
+      #foreach($param in $input.params().path.keySet())
+      "$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
+      #end
+    }
+}

terraform/organization/waf.tf

@@ -8,6 +8,27 @@ module "waf" {
   name  = "AWS-WAF-g3"
   scope = "CLOUDFRONT"
 
+  rule = {
+    common = {
+      name                         = "AWS-AWSManagedRulesCommonRuleSet",
+      priority                     = 1,
+      managed_rule_group_statement = "AWSManagedRulesCommonRuleSet",
+      metric_name                  = "AWS-AWSManagedRulesCommonRuleSet",
+    },
+    linux = {
+      name                         = "AWS-AWSManagedRulesLinuxRuleSet",
+      priority                     = 2,
+      managed_rule_group_statement = "AWSManagedRulesLinuxRuleSet",
+      metric_name                  = "AWS-AWSManagedRulesLinuxRuleSet",
+    },
+    input = {
+      name                         = "AWS-AWSManagedRulesKnownBadInputsRuleSet",
+      priority                     = 3,
+      managed_rule_group_statement = "AWSManagedRulesKnownBadInputsRuleSet",
+      metric_name                  = "AWS-AWSManagedRulesKnownBadInputsRuleSet",
+    }
+  }
+
   tags = {
     name = "WAF"
   }