Merge pull request #5 from DNXLabs/org_name

Adding new VARs to module and S3 bucket new resources

Author: Fabio Ramos

README.md

@@ -31,6 +31,7 @@
 | logging\_configuration | The Apache Airflow logs you want to send to Amazon CloudWatch Logs. | `any` | n/a | yes |
 | max\_workers | The maximum number of workers that can be automatically scaled up. Value need to be between 1 and 25. Will be 10 by default. | `number` | `10` | no |
 | min\_workers | The minimum number of workers that you want to run in your environment. Will be 1 by default. | `number` | `1` | no |
+| org\_name | Name of the Organisation | `any` | n/a | yes |
 | plugins\_s3\_path | The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. | `string` | `"plugins.zip"` | no |
 | private\_subnet\_ids | The private subnet IDs in which the environment should be created. MWAA requires two subnets. | `list(string)` | n/a | yes |
 | requirements\_s3\_path | The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. | `string` | `"requirements.txt"` | no |

_variables.tf

@@ -2,6 +2,10 @@ variable "environment_name" {
   description = "Name of MWAA Environment"
 }
 
+variable "org_name" {
+  description = "Name of the Organisation"
+}
+
 variable "airflow_version" {
   description = "Airflow version of the MWAA environment"
 }

mwaa-environment.tf

@@ -26,6 +26,10 @@ resource "aws_mwaa_environment" "mwaa" {
     # Airflow webserver timeout
     "webserver.web_server_master_timeout" = var.airflow_configuration_options["webserver_timeout"]["master"]
     "webserver.web_server_worker_timeout" = var.airflow_configuration_options["webserver_timeout"]["worker"]
+
+    # Replace fixed values
+    "secrets.backend"        = var.airflow_configuration_options["secrets.backend"]
+    "secrets.backend_kwargs" = var.airflow_configuration_options["secrets.backend_kwargs"]
   }
 
   logging_configuration {

mwaa-iam.tf

@@ -33,12 +33,12 @@ data "aws_iam_policy_document" "mwaa_assume_role" {
 }
 
 resource "aws_iam_role" "mwaa_role" {
-  name               = "mwaa-executor-${var.environment_name}"
+  name               = "mwaa-executor-${var.environment_name}-${data.aws_region.current.name}"
   assume_role_policy = data.aws_iam_policy_document.mwaa_assume_role.json
 }
 
 resource "aws_iam_role_policy" "mwaa_policy" {
-  name   = "mwaa-executor-policy-${var.environment_name}"
+  name   = "mwaa-executor-policy-${var.environment_name}-${data.aws_region.current.name}"
   role   = aws_iam_role.mwaa_role.id
   policy = data.aws_iam_policy_document.mwaa_policy.json
 }

mwaa-s3.tf

@@ -2,11 +2,18 @@
 #  - S3 bucket needs to start with prefix "airflow"
 #  - Mandatory to set Block Public Access
 resource "aws_s3_bucket" "mwaa_content" {
-  bucket = "mwaa-${var.environment_name}-${data.aws_region.current.name}"
+  bucket = "mwaa-${var.org_name}-${var.environment_name}-${data.aws_region.current.name}"
+}
+
+resource "aws_s3_bucket_acl" "mwaa_content" {
+  bucket = aws_s3_bucket.mwaa_content.id
   acl    = "private"
+}
 
-  versioning {
-    enabled = true
+resource "aws_s3_bucket_versioning" "mwaa_content" {
+  bucket = aws_s3_bucket.mwaa_content.id
+  versioning_configuration {
+    status = "Enabled"
   }
 }
 

ssm.tf

@@ -0,0 +1,6 @@
+resource "aws_ssm_parameter" "mwaa_env" {
+  name        = "/mwaa/ENV"
+  description = "MWAA Environment"
+  value       = var.environment_name
+  type        = "String"
+}