diff --git a/README.md b/README.md index dbb15d0bb..0142e99de 100644 --- a/README.md +++ b/README.md @@ -521,9 +521,12 @@ The following inputs can be used as `step.with` keys | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `api,audit,authenticator`. | | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. | -| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.28` | +| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.32` | +| `aws_eks_create_bk_node_group` | Boolean | Creates a backup node group in order to migrate the main one. Any changes after creation of it will be ignored. (For safety reasons) | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | -| `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. | +| `aws_eks_instance_ami_type` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. See [here](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for options. Defaults to `AL2_x86_64.` (Legacy reasons)| +| `aws_eks_instance_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | +| `aws_eks_instance_ami_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. | | `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. | | `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. | diff --git a/action.yaml b/action.yaml index 7caf8b74d..3f00cde26 100644 --- a/action.yaml +++ b/action.yaml @@ -1048,12 +1048,21 @@ inputs: required: false aws_eks_cluster_version: description: 'Specify the k8s cluster version' - required: false + required: false + aws_eks_create_bk_node_group: + description: 'Create a backup node group' + required: false aws_eks_instance_type: description: 'enter the aws instance type' required: false - aws_eks_instance_ami_id: - description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.' + aws_eks_instance_ami_type: + description: 'Type of AMI to use. Defaults to AL2_x86_64' + required: false + aws_eks_instance_type_bk: + description: 'enter the aws instance type' + required: false + aws_eks_instance_ami_type_bk: + description: 'Type of AMI to use. Defaults to AL2_x86_64' required: false aws_eks_instance_user_data_file: description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.' @@ -1561,7 +1570,7 @@ runs: AWS_ECR_REGISTRY_POLICY_INPUT: ${{ inputs.aws_ecr_registry_policy_input }} AWS_ECR_ADDITIONAL_TAGS: ${{ inputs.aws_ecr_additional_tags }} - # AWS EKS + # EKS AWS_EKS_CREATE: ${{ inputs.aws_eks_create }} AWS_EKS_SECURITY_GROUP_NAME_CLUSTER: ${{ inputs.aws_eks_security_group_name_cluster }} AWS_EKS_SECURITY_GROUP_NAME_NODE: ${{ inputs.aws_eks_security_group_name_node }} @@ -1575,8 +1584,11 @@ runs: AWS_EKS_CLUSTER_LOG_RETENTION_DAYS: ${{ inputs.aws_eks_cluster_log_retention_days }} AWS_EKS_CLUSTER_LOG_SKIP_DESTROY: ${{ inputs.aws_eks_cluster_log_skip_destroy }} AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }} + AWS_EKS_CREATE_BK_NODE_GROUP: ${{ inputs.aws_eks_create_bk_node_group }} AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }} - AWS_EKS_INSTANCE_AMI_ID: ${{ inputs.aws_eks_instance_ami_id }} + AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }} + AWS_EKS_INSTANCE_TYPE_BK: ${{ inputs.aws_eks_instance_type_bk }} + AWS_EKS_INSTANCE_AMI_TYPE_BK: ${{ inputs.aws_eks_instance_ami_type_bk }} AWS_EKS_INSTANCE_USER_DATA_FILE: ${{ inputs.aws_eks_instance_user_data_file }} AWS_EKS_EC2_KEY_PAIR: ${{ inputs.aws_eks_ec2_key_pair }} AWS_EKS_STORE_KEYPAIR_SM: ${{ inputs.aws_eks_store_keypair_sm }} diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh index f36fd40e2..38fa90667 100644 --- a/operations/_scripts/generate/generate_vars_terraform.sh +++ b/operations/_scripts/generate/generate_vars_terraform.sh @@ -405,8 +405,11 @@ if [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then aws_eks_cluster_log_retention_days=$(generate_var aws_eks_cluster_log_retention_days $AWS_EKS_CLUSTER_LOG_RETENTION_DAYS) aws_eks_cluster_log_skip_destroy=$(generate_var aws_eks_cluster_log_skip_destroy $AWS_EKS_CLUSTER_LOG_SKIP_DESTROY) aws_eks_cluster_version=$(generate_var aws_eks_cluster_version $AWS_EKS_CLUSTER_VERSION) + aws_eks_create_bk_node_group=$(generate_var aws_eks_create_bk_node_group $AWS_EKS_CREATE_BK_NODE_GROUP) aws_eks_instance_type=$(generate_var aws_eks_instance_type $AWS_EKS_INSTANCE_TYPE) - aws_eks_instance_ami_id=$(generate_var aws_eks_instance_ami_id $AWS_EKS_INSTANCE_AMI_ID) + aws_eks_instance_ami_type=$(generate_var aws_eks_instance_ami_type $AWS_EKS_INSTANCE_AMI_TYPE) + aws_eks_instance_type_bk=$(generate_var aws_eks_instance_type_bk $AWS_EKS_INSTANCE_TYPE_BK) + aws_eks_instance_ami_type_bk=$(generate_var aws_eks_instance_ami_type_bk $AWS_EKS_INSTANCE_AMI_TYPE_BK) aws_eks_instance_user_data_file=$(generate_var aws_eks_instance_user_data_file $AWS_EKS_INSTANCE_USER_DATA_FILE) aws_eks_ec2_key_pair=$(generate_var aws_eks_ec2_key_pair $AWS_EKS_EC2_KEY_PAIR) aws_eks_store_keypair_sm=$(generate_var aws_eks_store_keypair_sm $AWS_EKS_STORE_KEYPAIR_SM) @@ -767,8 +770,11 @@ $aws_eks_cluster_log_types $aws_eks_cluster_log_retention_days $aws_eks_cluster_log_skip_destroy $aws_eks_cluster_version +$aws_eks_create_bk_node_group $aws_eks_instance_type -$aws_eks_instance_ami_id +$aws_eks_instance_ami_type +$aws_eks_instance_type_bk +$aws_eks_instance_ami_type_bk $aws_eks_instance_user_data_file $aws_eks_ec2_key_pair $aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 2071fbd43..1b467746e 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -125,7 +125,7 @@ variable "aws_ec2_port_list" { default = "" } -variable "aws_ec2_user_data_replace_on_change" { +variable "aws_ec2_user_data_replace_on_change" { type = bool description = "Forces destruction of EC2 instance" default = true @@ -145,21 +145,21 @@ variable "aws_vpc_create" { } variable "aws_vpc_name" { - type = string + type = string description = "Name for the aws vpc" - default = "" + default = "" } variable "aws_vpc_id" { - type = string + type = string description = "aws vpc id" - default = "" + default = "" } variable "aws_vpc_subnet_id" { - type = string + type = string description = "aws vpc subnet id" - default = "" + default = "" } variable "aws_vpc_cidr_block" { @@ -1602,13 +1602,13 @@ variable "aws_ecs_additional_tags" { } # ECR -variable "aws_ecr_repo_create" { +variable "aws_ecr_repo_create" { description = "Determines whether a repository will be created" type = bool default = false } -variable "aws_ecr_repo_type" { +variable "aws_ecr_repo_type" { description = "The type of repository to create. Either `public` or `private`" type = string default = "private" @@ -1736,7 +1736,7 @@ variable "aws_ecr_public_repo_catalog" { default = {} } -variable "aws_ecr_registry_policy_input" { +variable "aws_ecr_registry_policy_input" { description = "The policy document. This is a JSON formatted string" type = string default = "" @@ -1809,7 +1809,7 @@ variable "aws_eks_cluster_log_types" { } variable "aws_eks_cluster_log_retention_days" { - description = "enter the kubernetes version" + description = "Log retention days" type = string default = "7" } @@ -1822,8 +1822,14 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" - type = number - default = "1.28" + type = string + default = 1.28 +} + +variable "aws_eks_create_bk_node_group" { + description = "create a backup node group" + type = bool + default = false } variable "aws_eks_instance_type" { @@ -1832,8 +1838,20 @@ variable "aws_eks_instance_type" { default = "t3a.medium" } -variable "aws_eks_instance_ami_id" { - description = "AWS AMI ID" +variable "aws_eks_instance_type_bk" { + description = "enter the aws instance type" + type = string + default = "" +} + +variable "aws_eks_instance_ami_type" { + description = "Type of AMI to use. Defaults to AL2_x86_64" + type = string + default = "AL2_x86_64" +} + +variable "aws_eks_instance_ami_type_bk" { + description = "Type of AMI to use. Defaults to AL2_x86_64" type = string default = "" } diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf index cfaa57986..354cfed4a 100644 --- a/operations/deployment/terraform/aws/bitovi_main.tf +++ b/operations/deployment/terraform/aws/bitovi_main.tf @@ -1,6 +1,6 @@ module "ec2" { source = "../modules/aws/ec2" - count = var.aws_ec2_instance_create ? 1 : 0 + count = var.aws_ec2_instance_create ? 1 : 0 # EC2 aws_ec2_ami_filter = var.aws_ec2_ami_filter aws_ec2_ami_owner = var.aws_ec2_ami_owner @@ -11,20 +11,20 @@ module "ec2" { aws_ec2_user_data_replace_on_change = var.aws_ec2_user_data_replace_on_change aws_ec2_instance_root_vol_size = var.aws_ec2_instance_root_vol_size aws_ec2_instance_root_vol_preserve = var.aws_ec2_instance_root_vol_preserve - aws_ec2_create_keypair_sm = var.aws_ec2_create_keypair_sm + aws_ec2_create_keypair_sm = var.aws_ec2_create_keypair_sm aws_ec2_security_group_name = var.aws_ec2_security_group_name aws_ec2_iam_instance_profile = var.aws_ec2_iam_instance_profile aws_ec2_port_list = var.aws_ec2_port_list # Data inputs - aws_ec2_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_vpc_dns_enabled = module.vpc.aws_vpc_dns_enabled - aws_subnet_selected_id = module.vpc.aws_vpc_subnet_selected - preferred_az = module.vpc.preferred_az + aws_ec2_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_vpc_dns_enabled = module.vpc.aws_vpc_dns_enabled + aws_subnet_selected_id = module.vpc.aws_vpc_subnet_selected + preferred_az = module.vpc.preferred_az # Others - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - ec2_tags = local.ec2_tags - depends_on = [module.vpc] + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + ec2_tags = local.ec2_tags + depends_on = [module.vpc] providers = { aws = aws.ec2 @@ -37,13 +37,13 @@ module "ec2_sg_to_rds" { # Inputs sg_type = "ingress" sg_rule_description = "${var.aws_resource_identifier} - EC2 Incoming" - sg_rule_from_port = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port) - sg_rule_to_port = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port) + sg_rule_from_port = try(module.db_proxy_rds[0].db_proxy_port, module.rds[0].db_port) + sg_rule_to_port = try(module.db_proxy_rds[0].db_proxy_port, module.rds[0].db_port) sg_rule_protocol = "tcp" source_security_group_id = module.ec2[0].aws_security_group_ec2_sg_id - target_security_group_id = try(module.db_proxy_rds[0].db_proxy_sg_id,module.rds[0].rds_sg_id) - - depends_on = [ module.ec2,module.rds ] + target_security_group_id = try(module.db_proxy_rds[0].db_proxy_sg_id, module.rds[0].rds_sg_id) + + depends_on = [module.ec2, module.rds] } module "efs_to_ec2_sg" { @@ -57,22 +57,22 @@ module "efs_to_ec2_sg" { sg_rule_protocol = "tcp" source_security_group_id = try(module.efs[0].aws_efs_sg_id) target_security_group_id = module.ec2[0].aws_security_group_ec2_sg_id - depends_on = [ module.ec2,module.efs ] + depends_on = [module.ec2, module.efs] } module "aws_certificates" { source = "../modules/aws/certificates" - count = ( var.aws_ec2_instance_create || var.aws_ecs_enable ) && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 + count = (var.aws_ec2_instance_create || var.aws_ecs_enable) && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 # Cert aws_r53_cert_arn = var.aws_r53_cert_arn aws_r53_create_root_cert = var.aws_r53_create_root_cert aws_r53_create_sub_cert = var.aws_r53_create_sub_cert # R53 - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name # Others - fqdn_provided = local.fqdn_provided - + fqdn_provided = local.fqdn_provided + providers = { aws = aws.r53 } @@ -82,17 +82,17 @@ module "aws_route53" { source = "../modules/aws/route53" count = var.aws_ec2_instance_create && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 # R53 values - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name - aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy - aws_r53_enable_cert = var.aws_r53_enable_cert + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy + aws_r53_enable_cert = var.aws_r53_enable_cert # ELB - aws_elb_dns_name = try(module.aws_elb[0].aws_elb_dns_name,"") - aws_elb_zone_id = try(module.aws_elb[0].aws_elb_zone_id,"") + aws_elb_dns_name = try(module.aws_elb[0].aws_elb_dns_name, "") + aws_elb_zone_id = try(module.aws_elb[0].aws_elb_zone_id, "") # Certs aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others - fqdn_provided = local.fqdn_provided + fqdn_provided = local.fqdn_provided providers = { aws = aws.r53 @@ -103,28 +103,28 @@ module "aws_elb" { source = "../modules/aws/elb" count = var.aws_ec2_instance_create && var.aws_elb_create ? 1 : 0 # ELB Values - aws_elb_security_group_name = var.aws_elb_security_group_name - aws_elb_app_port = var.aws_elb_app_port - aws_elb_app_protocol = var.aws_elb_app_protocol - aws_elb_listen_port = var.aws_elb_listen_port - aws_elb_listen_protocol = var.aws_elb_listen_protocol - aws_elb_healthcheck = var.aws_elb_healthcheck - aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name - aws_elb_access_log_expire = var.aws_elb_access_log_expire + aws_elb_security_group_name = var.aws_elb_security_group_name + aws_elb_app_port = var.aws_elb_app_port + aws_elb_app_protocol = var.aws_elb_app_protocol + aws_elb_listen_port = var.aws_elb_listen_port + aws_elb_listen_protocol = var.aws_elb_listen_protocol + aws_elb_healthcheck = var.aws_elb_healthcheck + aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name + aws_elb_access_log_expire = var.aws_elb_access_log_expire # EC2 - aws_instance_server_az = [module.vpc.preferred_az] - aws_vpc_selected_id = module.vpc.aws_selected_vpc_id - aws_vpc_subnet_selected = module.vpc.aws_vpc_subnet_selected - aws_instance_server_id = module.ec2[0].aws_instance_server_id - aws_elb_target_sg_id = module.ec2[0].aws_security_group_ec2_sg_id + aws_instance_server_az = [module.vpc.preferred_az] + aws_vpc_selected_id = module.vpc.aws_selected_vpc_id + aws_vpc_subnet_selected = module.vpc.aws_vpc_subnet_selected + aws_instance_server_id = module.ec2[0].aws_instance_server_id + aws_elb_target_sg_id = module.ec2[0].aws_security_group_ec2_sg_id # Certs - aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" + aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others aws_resource_identifier = var.aws_resource_identifier aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Module dependencies - depends_on = [module.vpc,module.ec2] - + depends_on = [module.vpc, module.ec2] + providers = { aws = aws.elb } @@ -134,10 +134,10 @@ module "efs" { source = "../modules/aws/efs" count = var.aws_efs_enable ? 1 : 0 # EFS - aws_efs_create = var.aws_efs_create - aws_efs_fs_id = var.aws_efs_fs_id - aws_efs_create_mount_target = var.aws_efs_create_mount_target - aws_efs_create_ha = var.aws_efs_create_ha + aws_efs_create = var.aws_efs_create + aws_efs_fs_id = var.aws_efs_fs_id + aws_efs_create_mount_target = var.aws_efs_create_mount_target + aws_efs_create_ha = var.aws_efs_create_ha aws_efs_vol_encrypted = var.aws_efs_vol_encrypted aws_efs_kms_key_id = var.aws_efs_kms_key_id @@ -151,12 +151,12 @@ module "efs" { aws_efs_replication_destination = var.aws_efs_replication_destination aws_efs_enable_backup_policy = var.aws_efs_enable_backup_policy aws_efs_transition_to_inactive = var.aws_efs_transition_to_inactive - + # VPC Inputs - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnet_id = module.vpc.aws_vpc_subnet_selected - aws_resource_identifier = var.aws_resource_identifier - depends_on = [module.vpc] + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnet_id = module.vpc.aws_vpc_subnet_selected + aws_resource_identifier = var.aws_resource_identifier + depends_on = [module.vpc] providers = { aws = aws.efs @@ -204,10 +204,10 @@ module "rds" { aws_rds_db_copy_tags_to_snapshot = var.aws_rds_db_copy_tags_to_snapshot # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies depends_on = [module.vpc] @@ -220,29 +220,29 @@ module "db_proxy_rds" { source = "../modules/aws/db_proxy" count = var.aws_rds_db_proxy ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = module.rds[0].db_id - aws_db_proxy_cluster = false - aws_db_proxy_secret_name = module.rds[0].db_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = module.rds[0].db_id + aws_db_proxy_cluster = false + aws_db_proxy_secret_name = module.rds[0].db_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = module.rds[0].random_string + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = module.rds[0].random_string # Dependencies - depends_on = [module.vpc,module.rds] + depends_on = [module.vpc, module.rds] providers = { aws = aws.db_proxy @@ -260,17 +260,17 @@ module "aurora_rds" { aws_aurora_availability_zones = var.aws_aurora_availability_zones aws_aurora_cluster_apply_immediately = var.aws_aurora_cluster_apply_immediately # Storage - aws_aurora_allocated_storage = var.aws_aurora_allocated_storage - aws_aurora_storage_encrypted = var.aws_aurora_storage_encrypted - aws_aurora_kms_key_id = var.aws_aurora_kms_key_id - aws_aurora_storage_type = var.aws_aurora_storage_type - aws_aurora_storage_iops = var.aws_aurora_storage_iops + aws_aurora_allocated_storage = var.aws_aurora_allocated_storage + aws_aurora_storage_encrypted = var.aws_aurora_storage_encrypted + aws_aurora_kms_key_id = var.aws_aurora_kms_key_id + aws_aurora_storage_type = var.aws_aurora_storage_type + aws_aurora_storage_iops = var.aws_aurora_storage_iops # DB Details - aws_aurora_database_name = var.aws_aurora_database_name - aws_aurora_master_username = var.aws_aurora_master_username - aws_aurora_database_group_family = var.aws_aurora_database_group_family - aws_aurora_iam_auth_enabled = var.aws_aurora_iam_auth_enabled - aws_aurora_iam_roles = var.aws_aurora_iam_roles + aws_aurora_database_name = var.aws_aurora_database_name + aws_aurora_master_username = var.aws_aurora_master_username + aws_aurora_database_group_family = var.aws_aurora_database_group_family + aws_aurora_iam_auth_enabled = var.aws_aurora_iam_auth_enabled + aws_aurora_iam_roles = var.aws_aurora_iam_roles # Net aws_aurora_cluster_db_instance_class = var.aws_aurora_cluster_db_instance_class aws_aurora_security_group_name = var.aws_aurora_security_group_name @@ -295,11 +295,11 @@ module "aurora_rds" { aws_aurora_snapshot_name = var.aws_aurora_snapshot_name aws_aurora_snapshot_overwrite = var.aws_aurora_snapshot_overwrite # DB Parameters - aws_aurora_db_instances_count = var.aws_aurora_db_instances_count - aws_aurora_db_instance_class = var.aws_aurora_db_instance_class - aws_aurora_db_apply_immediately = var.aws_aurora_db_apply_immediately - aws_aurora_db_ca_cert_identifier = var.aws_aurora_db_ca_cert_identifier - aws_aurora_db_maintenance_window = var.aws_aurora_db_maintenance_window + aws_aurora_db_instances_count = var.aws_aurora_db_instances_count + aws_aurora_db_instance_class = var.aws_aurora_db_instance_class + aws_aurora_db_apply_immediately = var.aws_aurora_db_apply_immediately + aws_aurora_db_ca_cert_identifier = var.aws_aurora_db_ca_cert_identifier + aws_aurora_db_maintenance_window = var.aws_aurora_db_maintenance_window # Extras aws_aurora_performance_insights_enable = var.aws_aurora_performance_insights_enable aws_aurora_performance_insights_kms_key_id = var.aws_aurora_performance_insights_kms_key_id @@ -307,12 +307,12 @@ module "aurora_rds" { # Others # Incoming #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.aurora @@ -323,29 +323,29 @@ module "db_proxy_aurora" { source = "../modules/aws/db_proxy" count = var.aws_aurora_proxy ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = module.aurora_rds[0].aurora_db_id - aws_db_proxy_cluster = true - aws_db_proxy_secret_name = module.aurora_rds[0].aurora_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = module.aurora_rds[0].aurora_db_id + aws_db_proxy_cluster = true + aws_db_proxy_secret_name = module.aurora_rds[0].aurora_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = module.aurora_rds[0].random_string + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = module.aurora_rds[0].random_string # Dependencies - depends_on = [module.vpc,module.aurora_rds] + depends_on = [module.vpc, module.aurora_rds] providers = { aws = aws.db_proxy @@ -357,29 +357,29 @@ module "db_proxy" { source = "../modules/aws/db_proxy" count = var.aws_db_proxy_enable ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = var.aws_db_proxy_database_id - aws_db_proxy_cluster = var.aws_db_proxy_cluster - aws_db_proxy_secret_name = var.aws_db_proxy_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = var.aws_db_proxy_database_id + aws_db_proxy_cluster = var.aws_db_proxy_cluster + aws_db_proxy_secret_name = var.aws_db_proxy_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = null + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = null # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.db_proxy @@ -387,11 +387,11 @@ module "db_proxy" { } module "proxy_dot_env" { - source = "../modules/commons/dot_env" - count = var.aws_aurora_proxy ? 1 : var.aws_db_proxy_enable ? 1 : var.aws_rds_db_proxy ? 1 : 0 - filename = "proxy.env" - content = join("\n",[try(module.db_proxy_aurora[0].proxy_dot_env,""),try(module.db_proxy_rds[0].proxy_dot_env,""),try(module.db_proxy[0].proxy_dot_env,"")]) - depends_on = [ module.db_proxy_aurora,module.db_proxy_rds,module.db_proxy_rds ] + source = "../modules/commons/dot_env" + count = var.aws_aurora_proxy ? 1 : var.aws_db_proxy_enable ? 1 : var.aws_rds_db_proxy ? 1 : 0 + filename = "proxy.env" + content = join("\n", [try(module.db_proxy_aurora[0].proxy_dot_env, ""), try(module.db_proxy_rds[0].proxy_dot_env, ""), try(module.db_proxy[0].proxy_dot_env, "")]) + depends_on = [module.db_proxy_aurora, module.db_proxy_rds, module.db_proxy_rds] } module "redis" { @@ -429,13 +429,13 @@ module "redis" { aws_redis_cloudwatch_retention_days = var.aws_redis_cloudwatch_retention_days aws_redis_single_line_url_secret = var.aws_redis_single_line_url_secret # Others - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.redis } @@ -445,25 +445,25 @@ module "vpc" { source = "../modules/aws/vpc" #count = var.aws_ec2_instance_create || var.aws_efs_enable || var.aws_aurora_enable ? 1 : 0 # VPC - aws_vpc_create = var.aws_vpc_create - aws_vpc_id = var.aws_vpc_id - aws_vpc_subnet_id = var.aws_vpc_subnet_id - aws_vpc_cidr_block = var.aws_vpc_cidr_block - aws_vpc_name = var.aws_vpc_name - aws_vpc_public_subnets = var.aws_vpc_public_subnets - aws_vpc_private_subnets = var.aws_vpc_private_subnets - aws_vpc_availability_zones = var.aws_vpc_availability_zones + aws_vpc_create = var.aws_vpc_create + aws_vpc_id = var.aws_vpc_id + aws_vpc_subnet_id = var.aws_vpc_subnet_id + aws_vpc_cidr_block = var.aws_vpc_cidr_block + aws_vpc_name = var.aws_vpc_name + aws_vpc_public_subnets = var.aws_vpc_public_subnets + aws_vpc_private_subnets = var.aws_vpc_private_subnets + aws_vpc_availability_zones = var.aws_vpc_availability_zones # Data inputs aws_ec2_instance_type = var.aws_ec2_instance_type aws_ec2_security_group_name = var.aws_ec2_security_group_name # Others - aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier = var.aws_resource_identifier # NEW aws_vpc_enable_nat_gateway = var.aws_vpc_enable_nat_gateway aws_vpc_single_nat_gateway = var.aws_vpc_single_nat_gateway aws_vpc_external_nat_ip_ids = var.aws_vpc_external_nat_ip_ids # Toggle EKS flag to add tags to subnets - aws_eks_create = var.aws_eks_create + aws_eks_create = var.aws_eks_create providers = { aws = aws.vpc } @@ -479,41 +479,41 @@ module "aws_ecs" { source = "../modules/aws/ecs" count = var.aws_ecs_enable ? 1 : 0 # ECS - aws_ecs_service_name = var.aws_ecs_service_name - aws_ecs_cluster_name = var.aws_ecs_cluster_name - aws_ecs_service_launch_type = var.aws_ecs_service_launch_type - aws_ecs_task_type = var.aws_ecs_task_type - aws_ecs_task_name = var.aws_ecs_task_name - aws_ecs_task_ignore_definition = var.aws_ecs_task_ignore_definition - aws_ecs_task_execution_role = var.aws_ecs_task_execution_role - aws_ecs_task_json_definition_file = var.aws_ecs_task_json_definition_file - aws_ecs_task_network_mode = var.aws_ecs_task_network_mode - aws_ecs_task_cpu = var.aws_ecs_task_cpu - aws_ecs_task_mem = var.aws_ecs_task_mem - aws_ecs_container_cpu = var.aws_ecs_container_cpu - aws_ecs_container_mem = var.aws_ecs_container_mem - aws_ecs_node_count = var.aws_ecs_node_count - aws_ecs_app_image = var.aws_ecs_app_image - aws_ecs_security_group_name = var.aws_ecs_security_group_name - aws_ecs_assign_public_ip = var.aws_ecs_assign_public_ip - aws_ecs_container_port = var.aws_ecs_container_port - aws_ecs_lb_port = var.aws_ecs_lb_port - aws_ecs_lb_redirect_enable = var.aws_ecs_lb_redirect_enable - aws_ecs_lb_container_path = var.aws_ecs_lb_container_path - aws_ecs_lb_ssl_policy = var.aws_ecs_lb_ssl_policy - aws_ecs_lb_www_to_apex_redirect = var.aws_r53_root_domain_deploy ? var.aws_ecs_lb_www_to_apex_redirect : false - aws_ecs_autoscaling_enable = var.aws_ecs_autoscaling_enable - aws_ecs_autoscaling_max_nodes = var.aws_ecs_autoscaling_max_nodes - aws_ecs_autoscaling_min_nodes = var.aws_ecs_autoscaling_min_nodes - aws_ecs_autoscaling_max_mem = var.aws_ecs_autoscaling_max_mem - aws_ecs_autoscaling_max_cpu = var.aws_ecs_autoscaling_max_cpu - aws_ecs_cloudwatch_enable = var.aws_ecs_cloudwatch_enable - aws_ecs_cloudwatch_lg_name = var.aws_ecs_cloudwatch_enable ? ( var.aws_ecs_cloudwatch_lg_name != null ? var.aws_ecs_cloudwatch_lg_name : "${var.aws_resource_identifier}-ecs-logs" ) : null - aws_ecs_cloudwatch_skip_destroy = var.aws_ecs_cloudwatch_skip_destroy - aws_ecs_cloudwatch_retention_days = var.aws_ecs_cloudwatch_retention_days - aws_region_current_name = module.vpc.aws_region_current_name - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_ecs_service_name = var.aws_ecs_service_name + aws_ecs_cluster_name = var.aws_ecs_cluster_name + aws_ecs_service_launch_type = var.aws_ecs_service_launch_type + aws_ecs_task_type = var.aws_ecs_task_type + aws_ecs_task_name = var.aws_ecs_task_name + aws_ecs_task_ignore_definition = var.aws_ecs_task_ignore_definition + aws_ecs_task_execution_role = var.aws_ecs_task_execution_role + aws_ecs_task_json_definition_file = var.aws_ecs_task_json_definition_file + aws_ecs_task_network_mode = var.aws_ecs_task_network_mode + aws_ecs_task_cpu = var.aws_ecs_task_cpu + aws_ecs_task_mem = var.aws_ecs_task_mem + aws_ecs_container_cpu = var.aws_ecs_container_cpu + aws_ecs_container_mem = var.aws_ecs_container_mem + aws_ecs_node_count = var.aws_ecs_node_count + aws_ecs_app_image = var.aws_ecs_app_image + aws_ecs_security_group_name = var.aws_ecs_security_group_name + aws_ecs_assign_public_ip = var.aws_ecs_assign_public_ip + aws_ecs_container_port = var.aws_ecs_container_port + aws_ecs_lb_port = var.aws_ecs_lb_port + aws_ecs_lb_redirect_enable = var.aws_ecs_lb_redirect_enable + aws_ecs_lb_container_path = var.aws_ecs_lb_container_path + aws_ecs_lb_ssl_policy = var.aws_ecs_lb_ssl_policy + aws_ecs_lb_www_to_apex_redirect = var.aws_r53_root_domain_deploy ? var.aws_ecs_lb_www_to_apex_redirect : false + aws_ecs_autoscaling_enable = var.aws_ecs_autoscaling_enable + aws_ecs_autoscaling_max_nodes = var.aws_ecs_autoscaling_max_nodes + aws_ecs_autoscaling_min_nodes = var.aws_ecs_autoscaling_min_nodes + aws_ecs_autoscaling_max_mem = var.aws_ecs_autoscaling_max_mem + aws_ecs_autoscaling_max_cpu = var.aws_ecs_autoscaling_max_cpu + aws_ecs_cloudwatch_enable = var.aws_ecs_cloudwatch_enable + aws_ecs_cloudwatch_lg_name = var.aws_ecs_cloudwatch_enable ? (var.aws_ecs_cloudwatch_lg_name != null ? var.aws_ecs_cloudwatch_lg_name : "${var.aws_resource_identifier}-ecs-logs") : null + aws_ecs_cloudwatch_skip_destroy = var.aws_ecs_cloudwatch_skip_destroy + aws_ecs_cloudwatch_retention_days = var.aws_ecs_cloudwatch_retention_days + aws_region_current_name = module.vpc.aws_region_current_name + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets # Others aws_r53_domain_name = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : "" aws_certificate_enabled = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false @@ -522,7 +522,7 @@ module "aws_ecs" { aws_resource_identifier_supershort = var.aws_resource_identifier_supershort app_repo_name = var.app_repo_name # Dependencies - depends_on = [ module.aws_certificates ] + depends_on = [module.aws_certificates] providers = { aws = aws.ecs } @@ -530,28 +530,28 @@ module "aws_ecs" { module "aws_route53_ecs" { source = "../modules/aws/route53" - count = var.aws_ecs_enable && var.aws_r53_enable && var.aws_r53_domain_name != "" && ( var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition ) ? 1 : 0 + count = var.aws_ecs_enable && var.aws_r53_enable && var.aws_r53_domain_name != "" && (var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition) ? 1 : 0 # R53 values - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name - aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy - aws_r53_enable_cert = var.aws_r53_enable_cert + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy + aws_r53_enable_cert = var.aws_r53_enable_cert # ELB - aws_elb_dns_name = module.aws_ecs[0].load_balancer_dns - aws_elb_zone_id = module.aws_ecs[0].load_balancer_zone_id + aws_elb_dns_name = module.aws_ecs[0].load_balancer_dns + aws_elb_zone_id = module.aws_ecs[0].load_balancer_zone_id # Certs aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others - fqdn_provided = local.fqdn_provided - depends_on = [ module.aws_certificates ] + fqdn_provided = local.fqdn_provided + depends_on = [module.aws_certificates] providers = { aws = aws.r53 } } module "aws_waf_ecs" { - source = "../modules/aws/waf" - count = var.aws_waf_enable && var.aws_ecs_enable && ( var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition ) ? 1 : 0 + source = "../modules/aws/waf" + count = var.aws_waf_enable && var.aws_ecs_enable && (var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition) ? 1 : 0 aws_waf_enable = var.aws_waf_enable aws_waf_logging_enable = var.aws_waf_logging_enable aws_waf_log_retention_days = var.aws_waf_log_retention_days @@ -573,7 +573,7 @@ module "aws_waf_ecs" { # Incoming aws_lb_resource_arn = module.aws_ecs[0].load_balancer_arn # Others - depends_on = [ module.aws_ecs ] + depends_on = [module.aws_ecs] providers = { aws = aws.waf } @@ -607,7 +607,7 @@ module "aws_ecr" { aws_ecr_public_repo_catalog = var.aws_ecr_public_repo_catalog aws_ecr_registry_policy_input = var.aws_ecr_registry_policy_input # Others - aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier = var.aws_resource_identifier providers = { aws = aws.ecr @@ -620,45 +620,48 @@ module "eks" { # EKS #aws_eks_create = var.aws_eks_create aws_eks_security_group_name_cluster = var.aws_eks_security_group_name_cluster - aws_eks_security_group_name_node = var.aws_eks_security_group_name_node - aws_eks_environment = var.aws_eks_environment - aws_eks_management_cidr = var.aws_eks_management_cidr - aws_eks_allowed_ports = var.aws_eks_allowed_ports - aws_eks_allowed_ports_cidr = var.aws_eks_allowed_ports_cidr - aws_eks_cluster_name = var.aws_eks_cluster_name - aws_eks_cluster_admin_role_arn = var.aws_eks_cluster_admin_role_arn - aws_eks_cluster_log_types = var.aws_eks_cluster_log_types - aws_eks_cluster_log_retention_days = var.aws_eks_cluster_log_retention_days - aws_eks_cluster_log_skip_destroy = var.aws_eks_cluster_log_skip_destroy - aws_eks_cluster_version = var.aws_eks_cluster_version - aws_eks_instance_type = var.aws_eks_instance_type - aws_eks_instance_ami_id = var.aws_eks_instance_ami_id - aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file - aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair - aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm - aws_eks_desired_capacity = var.aws_eks_desired_capacity - aws_eks_max_size = var.aws_eks_max_size - aws_eks_min_size = var.aws_eks_min_size + aws_eks_security_group_name_node = var.aws_eks_security_group_name_node + aws_eks_environment = var.aws_eks_environment + aws_eks_management_cidr = var.aws_eks_management_cidr + aws_eks_allowed_ports = var.aws_eks_allowed_ports + aws_eks_allowed_ports_cidr = var.aws_eks_allowed_ports_cidr + aws_eks_cluster_name = var.aws_eks_cluster_name + aws_eks_cluster_admin_role_arn = var.aws_eks_cluster_admin_role_arn + aws_eks_cluster_log_types = var.aws_eks_cluster_log_types + aws_eks_cluster_log_retention_days = var.aws_eks_cluster_log_retention_days + aws_eks_cluster_log_skip_destroy = var.aws_eks_cluster_log_skip_destroy + aws_eks_cluster_version = var.aws_eks_cluster_version + aws_eks_create_bk_node_group = var.aws_eks_create_bk_node_group + aws_eks_instance_type = var.aws_eks_instance_type + aws_eks_instance_ami_type = var.aws_eks_instance_ami_type + aws_eks_instance_type_bk = var.aws_eks_instance_type_bk != "" ? var.aws_eks_instance_type_bk : var.aws_eks_instance_type + aws_eks_instance_ami_type_bk = var.aws_eks_instance_ami_type_bk != "" ? var.aws_eks_instance_ami_type_bk : var.aws_eks_instance_ami_type + aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file + aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair + aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm + aws_eks_desired_capacity = var.aws_eks_desired_capacity + aws_eks_max_size = var.aws_eks_max_size + aws_eks_min_size = var.aws_eks_min_size # Others - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_resource_identifier = var.aws_resource_identifier + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_resource_identifier = var.aws_resource_identifier providers = { - aws = aws.eks + aws = aws.eks kubernetes = kubernetes.eks } - depends_on = [ module.vpc ] + depends_on = [module.vpc] } module "ansible" { - source = "../modules/aws/ansible" - count = var.ansible_skip ? 0 : var.aws_ec2_instance_create ? 1 : 0 - aws_ec2_instance_ip = var.ansible_ssh_to_private_ip ? module.ec2[0].instance_private_ip : ( module.ec2[0].instance_public_ip != "" ? module.ec2[0].instance_public_ip : module.ec2[0].instance_private_ip ) - ansible_start_docker_timeout = var.ansible_start_docker_timeout - aws_efs_enable = var.aws_efs_enable - app_repo_name = var.app_repo_name - app_install_root = var.app_install_root - aws_resource_identifier = var.aws_resource_identifier - docker_remove_orphans = var.docker_remove_orphans + source = "../modules/aws/ansible" + count = var.ansible_skip ? 0 : var.aws_ec2_instance_create ? 1 : 0 + aws_ec2_instance_ip = var.ansible_ssh_to_private_ip ? module.ec2[0].instance_private_ip : (module.ec2[0].instance_public_ip != "" ? module.ec2[0].instance_public_ip : module.ec2[0].instance_private_ip) + ansible_start_docker_timeout = var.ansible_start_docker_timeout + aws_efs_enable = var.aws_efs_enable + app_repo_name = var.app_repo_name + app_install_root = var.app_install_root + aws_resource_identifier = var.aws_resource_identifier + docker_remove_orphans = var.docker_remove_orphans # Cloudwatch docker_cloudwatch_enable = var.docker_cloudwatch_enable docker_cloudwatch_lg_name = var.docker_cloudwatch_lg_name != "" ? var.docker_cloudwatch_lg_name : "${var.aws_resource_identifier}-docker-logs" @@ -670,7 +673,7 @@ module "ansible" { docker_efs_mount_target = var.docker_efs_mount_target aws_efs_fs_id = var.aws_efs_enable ? local.create_efs ? module.efs[0].aws_efs_fs_id : var.aws_efs_fs_id : null # Data inputs - private_key_filename = module.ec2[0].private_key_filename + private_key_filename = module.ec2[0].private_key_filename # Dependencies depends_on = [module.ec2] } @@ -688,20 +691,20 @@ locals { } default_tags = merge(local.aws_tags, jsondecode(var.aws_additional_tags)) # Module tagging - ec2_tags = merge(local.default_tags,jsondecode(var.aws_ec2_additional_tags)) - r53_tags = merge(local.default_tags,jsondecode(var.aws_r53_additional_tags)) - elb_tags = merge(local.default_tags,jsondecode(var.aws_elb_additional_tags)) - efs_tags = merge(local.default_tags,jsondecode(var.aws_efs_additional_tags)) - vpc_tags = var.aws_eks_create ? local.vpc_eks_tags : merge(local.default_tags,jsondecode(var.aws_vpc_additional_tags)) - vpc_eks_tags = merge(local.default_tags,jsondecode(var.aws_vpc_additional_tags),local.eks_vpc_tags) - eks_tags = merge(local.default_tags,jsondecode(var.aws_eks_additional_tags)) - rds_tags = merge(local.default_tags,jsondecode(var.aws_rds_db_additional_tags)) - ecs_tags = merge(local.default_tags,jsondecode(var.aws_ecs_additional_tags)) - aurora_tags = merge(local.default_tags,jsondecode(var.aws_aurora_additional_tags)) - ecr_tags = merge(local.default_tags,jsondecode(var.aws_ecr_additional_tags)) - db_proxy_tags = merge(local.default_tags,jsondecode(var.aws_db_proxy_additional_tags)) - redis_tags = merge(local.default_tags,jsondecode(var.aws_redis_additional_tags)) - waf_tags = merge(local.default_tags,jsondecode(var.aws_waf_additional_tags)) + ec2_tags = merge(local.default_tags, jsondecode(var.aws_ec2_additional_tags)) + r53_tags = merge(local.default_tags, jsondecode(var.aws_r53_additional_tags)) + elb_tags = merge(local.default_tags, jsondecode(var.aws_elb_additional_tags)) + efs_tags = merge(local.default_tags, jsondecode(var.aws_efs_additional_tags)) + vpc_tags = var.aws_eks_create ? local.vpc_eks_tags : merge(local.default_tags, jsondecode(var.aws_vpc_additional_tags)) + vpc_eks_tags = merge(local.default_tags, jsondecode(var.aws_vpc_additional_tags), local.eks_vpc_tags) + eks_tags = merge(local.default_tags, jsondecode(var.aws_eks_additional_tags)) + rds_tags = merge(local.default_tags, jsondecode(var.aws_rds_db_additional_tags)) + ecs_tags = merge(local.default_tags, jsondecode(var.aws_ecs_additional_tags)) + aurora_tags = merge(local.default_tags, jsondecode(var.aws_aurora_additional_tags)) + ecr_tags = merge(local.default_tags, jsondecode(var.aws_ecr_additional_tags)) + db_proxy_tags = merge(local.default_tags, jsondecode(var.aws_db_proxy_additional_tags)) + redis_tags = merge(local.default_tags, jsondecode(var.aws_redis_additional_tags)) + waf_tags = merge(local.default_tags, jsondecode(var.aws_waf_additional_tags)) eks_vpc_tags = { // This is needed for k8s to use VPC resources @@ -718,10 +721,10 @@ locals { false ) create_efs = var.aws_efs_create == true ? true : (var.aws_efs_create_ha == true ? true : false) - ec2_public_endpoint = var.aws_ec2_instance_create ? ( module.ec2[0].instance_public_dns != null ? module.ec2[0].instance_public_dns : module.ec2[0].instance_public_ip ) : null - ec2_private_endpoint = var.aws_ec2_instance_create ? ( module.ec2[0].instance_private_dns != null ? module.ec2[0].instance_private_dns : module.ec2[0].instance_private_ip ) : null - ec2_endpoint = var.aws_ec2_instance_create ? ( local.ec2_public_endpoint != null ? "http://${local.ec2_public_endpoint}" : "http://${local.ec2_private_endpoint}" ) : null - elb_url = try(module.aws_elb[0].aws_elb_dns_name,null ) != null ? "http://${module.aws_elb[0].aws_elb_dns_name}" : null + ec2_public_endpoint = var.aws_ec2_instance_create ? (module.ec2[0].instance_public_dns != null ? module.ec2[0].instance_public_dns : module.ec2[0].instance_public_ip) : null + ec2_private_endpoint = var.aws_ec2_instance_create ? (module.ec2[0].instance_private_dns != null ? module.ec2[0].instance_private_dns : module.ec2[0].instance_private_ip) : null + ec2_endpoint = var.aws_ec2_instance_create ? (local.ec2_public_endpoint != null ? "http://${local.ec2_public_endpoint}" : "http://${local.ec2_private_endpoint}") : null + elb_url = try(module.aws_elb[0].aws_elb_dns_name, null) != null ? "http://${module.aws_elb[0].aws_elb_dns_name}" : null } # VPC @@ -736,22 +739,22 @@ output "aws_vpc_prefered_az" { # EC2 output "instance_public_dns" { description = "Public DNS address of the EC2 instance" - value = try(module.ec2[0].instance_public_dns,null) + value = try(module.ec2[0].instance_public_dns, null) } output "instance_public_ip" { description = "Public IP address of the EC2 instance" - value = try(module.ec2[0].instance_public_ip,null) + value = try(module.ec2[0].instance_public_ip, null) } output "instance_private_dns" { description = "Public DNS address of the EC2 instance" - value = try(module.ec2[0].instance_private_dns,null) + value = try(module.ec2[0].instance_private_dns, null) } output "instance_private_ip" { description = "Private IP address of the EC2 instance" - value = try(module.ec2[0].instance_private_ip,null) + value = try(module.ec2[0].instance_private_ip, null) } output "instance_endpoint" { @@ -761,138 +764,138 @@ output "instance_endpoint" { output "ec2_sg_id" { description = "SG ID for the EC2 instance" - value = try(module.ec2[0].aws_security_group_ec2_sg_id,null) + value = try(module.ec2[0].aws_security_group_ec2_sg_id, null) } output "aws_elb_dns_name" { description = "Public DNS address of the LB" - value = try(module.aws_elb[0].aws_elb_dns_name,null) + value = try(module.aws_elb[0].aws_elb_dns_name, null) } output "application_public_dns" { description = "Public DNS address for the application or load balancer public DNS" - value = try(module.aws_route53[0].vm_url,null) + value = try(module.aws_route53[0].vm_url, null) } output "vm_url" { - value = try(module.aws_route53[0].vm_url,local.elb_url) + value = try(module.aws_route53[0].vm_url, local.elb_url) } # EFS output "aws_efs_fs_id" { - value = try(module.efs[0].aws_efs_fs_id,null) + value = try(module.efs[0].aws_efs_fs_id, null) } output "aws_efs_replica_fs_id" { - value = try(module.efs[0].aws_efs_replica_fs_id,null) + value = try(module.efs[0].aws_efs_replica_fs_id, null) } output "aws_efs_sg_id" { - value = try(module.efs[0].aws_efs_sg_id,null) + value = try(module.efs[0].aws_efs_sg_id, null) } # Aurora output "aurora_db_endpoint" { - value = try(module.aurora_rds[0].aurora_db_endpoint,null) + value = try(module.aurora_rds[0].aurora_db_endpoint, null) } output "aurora_db_secret_details_name" { - value = try(module.aurora_rds[0].aurora_secret_name,null) + value = try(module.aurora_rds[0].aurora_secret_name, null) } output "aurora_db_sg_id" { - value = try(module.aurora_rds[0].aurora_sg_id,null) + value = try(module.aurora_rds[0].aurora_sg_id, null) } # Aurora Proxy output "aurora_proxy_endpoint" { - value = try(module.db_proxy_aurora[0].db_proxy_endpoint,null) + value = try(module.db_proxy_aurora[0].db_proxy_endpoint, null) } output "aurora_proxy_secret_name" { - value = try(module.db_proxy_aurora[0].db_proxy_secret_name,null) + value = try(module.db_proxy_aurora[0].db_proxy_secret_name, null) } output "aurora_proxy_sg_id" { - value = try(module.db_proxy_aurora[0].db_proxy_sg_id,null) + value = try(module.db_proxy_aurora[0].db_proxy_sg_id, null) } # RDS output "db_endpoint" { - value = try(module.rds[0].db_endpoint,null) + value = try(module.rds[0].db_endpoint, null) } output "db_secret_details_name" { - value = try(module.rds[0].db_secret_name,null) + value = try(module.rds[0].db_secret_name, null) } output "db_sg_id" { - value = try(module.rds[0].db_sg_id,null) + value = try(module.rds[0].db_sg_id, null) } # RDS Proxy output "db_proxy_rds_endpoint" { - value = try(module.db_proxy_rds[0].db_proxy_endpoint,null) + value = try(module.db_proxy_rds[0].db_proxy_endpoint, null) } output "db_proxy_secret_name_rds" { - value = try(module.db_proxy_rds[0].db_proxy_secret_name,null) + value = try(module.db_proxy_rds[0].db_proxy_secret_name, null) } output "db_proxy_sg_id_rds" { - value = try(module.db_proxy_rds[0].db_proxy_sg_id,null) + value = try(module.db_proxy_rds[0].db_proxy_sg_id, null) } # Proxy output "db_proxy_endpoint" { - value = try(module.db_proxy[0].db_proxy_endpoint,null) + value = try(module.db_proxy[0].db_proxy_endpoint, null) } output "db_proxy_secret_name" { - value = try(module.db_proxy[0].db_proxy_secret_name,null) + value = try(module.db_proxy[0].db_proxy_secret_name, null) } output "db_proxy_sg_id" { - value = try(module.db_proxy[0].db_proxy_sg_id,null) + value = try(module.db_proxy[0].db_proxy_sg_id, null) } # ECS output "ecs_dns_record" { - value = try(module.aws_route53_ecs[0].vm_url,null) + value = try(module.aws_route53_ecs[0].vm_url, null) } output "ecs_load_balancer_dns" { - value = try(module.aws_ecs[0].load_balancer_dns,null) + value = try(module.aws_ecs[0].load_balancer_dns, null) } output "ecs_sg_id" { - value = try(module.aws_ecs[0].ecs_sg.id,null) + value = try(module.aws_ecs[0].ecs_sg.id, null) } output "ecs_lb_sg_id" { - value = try(module.aws_ecs[0].ecs_lb_sg.id,null) + value = try(module.aws_ecs[0].ecs_lb_sg.id, null) } # Redis output "redis_secret_name" { - value = try(module.redis[0].redis_secret_name,null) + value = try(module.redis[0].redis_secret_name, null) } output "redis_endpoint" { - value = try(module.redis[0].redis_endpoint,null) + value = try(module.redis[0].redis_endpoint, null) } output "redis_connection_string_secret" { - value = try(module.redis[0].redis_connection_string_secret,null) + value = try(module.redis[0].redis_connection_string_secret, null) } output "redis_sg_id" { - value = try(module.redis[0].redis_sg_id,null) + value = try(module.redis[0].redis_sg_id, null) } # ECR output "ecr_repository_arn" { - value = try(module.aws_ecr[0].repository_arn,null) + value = try(module.aws_ecr[0].repository_arn, null) } output "ecr_repository_url" { - value = try(module.aws_ecr[0].repository_url,null) + value = try(module.aws_ecr[0].repository_url, null) } # EKS output "eks_cluster_name" { - value = try(module.eks[0].aws_eks_cluster_name,null) + value = try(module.eks[0].aws_eks_cluster_name, null) } output "eks_cluster_role_arn" { - value = try(module.eks[0].aws_eks_cluster_role_arn,null) + value = try(module.eks[0].aws_eks_cluster_role_arn, null) } \ No newline at end of file diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index b4bcb6772..aa8b99d56 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -11,7 +11,7 @@ resource "aws_cloudwatch_log_group" "eks" { resource "aws_eks_cluster" "main" { name = var.aws_eks_cluster_name # Cluster name is defined during the code-generation phase - version = var.aws_eks_cluster_version + version = "${var.aws_eks_cluster_version}" role_arn = aws_iam_role.iam_role_cluster.arn vpc_config { security_group_ids = [aws_security_group.eks_security_group_cluster.id] @@ -72,7 +72,7 @@ resource "aws_eks_node_group" "node_nodes" { max_unavailable = 1 } - ami_type = "AL2_x86_64" + ami_type = var.aws_eks_instance_ami_type instance_types = [var.aws_eks_instance_type] remote_access { @@ -92,6 +92,51 @@ resource "aws_eks_node_group" "node_nodes" { tags_all = { "Name" = "${aws_eks_cluster.main.name}-node" } + lifecycle { + create_before_destroy = true + } +} + +resource "aws_eks_node_group" "bk_node_nodes" { + count = var.aws_eks_create_bk_node_group ? 1 : 0 + cluster_name = aws_eks_cluster.main.name + node_group_name = "${var.aws_resource_identifier}-bk" + node_role_arn = aws_iam_role.iam_role_node.arn + subnet_ids = data.aws_subnets.private.ids + + scaling_config { + desired_size = var.aws_eks_desired_capacity + max_size = var.aws_eks_max_size + min_size = var.aws_eks_min_size + } + + update_config { + max_unavailable = 1 + } + + ami_type = var.aws_eks_instance_ami_type_bk + instance_types = [var.aws_eks_instance_type_bk] + + remote_access { + ec2_ssh_key = var.aws_eks_ec2_key_pair != "" ? var.aws_eks_ec2_key_pair : aws_key_pair.aws_key[0].id + } + + depends_on = [ + aws_iam_role.iam_role_node, + aws_iam_role.iam_role_cluster, + aws_eks_cluster.main, + aws_security_group.eks_security_group_cluster, + aws_security_group.eks_security_group_node + ] + tags = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + tags_all = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + lifecycle { + ignore_changes = all + } } data "aws_caller_identity" "current" {} diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf index 958cdb7e8..0c4ae5832 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf @@ -10,8 +10,11 @@ variable "aws_eks_cluster_log_types" {} variable "aws_eks_cluster_log_retention_days" {} variable "aws_eks_cluster_log_skip_destroy" {} variable "aws_eks_cluster_version" {} +variable "aws_eks_create_bk_node_group" {} variable "aws_eks_instance_type" {} -variable "aws_eks_instance_ami_id" {} +variable "aws_eks_instance_ami_type" {} +variable "aws_eks_instance_type_bk" {} +variable "aws_eks_instance_ami_type_bk" {} variable "aws_eks_instance_user_data_file" {} variable "aws_eks_ec2_key_pair" {} variable "aws_eks_store_keypair_sm" {}