diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index e853b98..a1ea92f 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,124 +2,144 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.8.0" - constraints = ">= 2.23.0, >= 3.72.0, >= 4.36.0, >= 4.47.0, >= 4.57.0, >= 4.59.0, >= 5.0.0, ~> 5.1" + version = "5.97.0" + constraints = ">= 2.23.0, >= 4.33.0, >= 4.36.0, >= 4.47.0, >= 4.59.0, >= 5.0.0, ~> 5.1, >= 5.95.0" hashes = [ - "h1:CYWeH3ii7UQNc+rpNLixWilueA5sV9FF9kcBCz+D48U=", - "zh:0974311d5e1becfdcbdae43d022d52689fdad32a4145659e56ac534bcb8cba02", - "zh:100dc64a90fc0d36cf6e2882b4358fde17705edd8ab3c5f2c06d219c36b21565", - "zh:467a86de8a7d77cde5c3386f9e82d7f1bf5972d1b3d177e797d1d9d2e87fd357", - "zh:4ad1f8ef5c5522f81d271b93594a43a7666b3409ca201a1911cd950e489ef12b", - "zh:540a50ab7061c6df2057ec9580890a9e86a687233120af738985fa84dde2a20a", - "zh:6e7b73b770e92891da94751c3e0cff1e1b852f5121da8c4a689056833eeb7d94", - "zh:879d42721e86331b05ff77bd219ca9a062485cdb2fa803d2dcf63084f25d484c", - "zh:980563e615fbba127c02df6dc8872ce60f7137df45fdb8cd801cdcbae6cf192a", + "h1:rUDE0OgA+6IiEA+w0cPp3/QQNH4SpjFjYcQ6p7byKS4=", + "zh:02790ad98b767d8f24d28e8be623f348bcb45590205708334d52de2fb14f5a95", + "zh:088b4398a161e45762dc28784fcc41c4fa95bd6549cb708b82de577f2d39ffc7", + "zh:0c381a457b7af391c43fc0167919443f6105ad2702bde4d02ddea9fd7c9d3539", + "zh:1a4b57a5043dcca64d8b8bae8b30ef4f6b98ed2144f792f39c4e816d3f1e2c56", + "zh:1bf00a67f39e67664337bde065180d41d952242801ebcd1c777061d4ffaa1cc1", + "zh:24c549f53d6bd022af31426d3e78f21264d8a72409821669e7fd41966ae68b2b", + "zh:3abda50bbddb35d86081fe39522e995280aea7f004582c4af22112c03ac8b375", + "zh:7388ed7f21ce2eb46bd9066626ce5f3e2a5705f67f643acce8ae71972f66eaf6", + "zh:96740f2ff94e5df2b2d29a5035a1a1026fe821f61712b2099b224fb2c2277663", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a6ad25c4d3edde466ea68731097aedad4b68278af0742fc1ab71d2c30491f92e", - "zh:af8df9e06f576c11ce67ac2b675d0d8db4aac618fec95d27c10aa59436feebbf", - "zh:b625ca7c4b99c6b3af34041b9773ccd9d80b0dde264c40b5d163a6abd73793af", - "zh:c9e0ca6aa48ebaa0892ac438392c49052a86605f490950d5317855f35ab7d74a", - "zh:dc500a03d3ed6b1fed3f118a55a7fb93bf172965ae6b2f25cc7f4a152e44edd7", - "zh:e0438bf67d93a29f0d56f9a4544297155ca85c0f10626778d4c3aa68c7e93581", + "zh:9f399f8e8683a3a3a6d63a41c7c3a5a5f266eedef40ea69eba75bacf03699879", + "zh:bcf2b288d4706ebd198f75d2159663d657535483331107f2cdef381f10688baf", + "zh:cc76c8a9fc3bad05a8779c1f80fe8c388734f1ec1dd0affa863343490527b466", + "zh:de4359cf1b057bfe7a563be93829ec64bf72e7a2b85a72d075238081ef5eb1db", + "zh:e208fa77051a1f9fa1eff6c5c58aabdcab0de1695b97cdea7b8dd81df3e0ed73", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.2" + version = "2.3.7" constraints = ">= 2.0.0" hashes = [ - "h1:Ar/DAbZQ9Nsj0BrqX6camrEE6U+Yq4E87DCNVqxqx8k=", - "zh:2487e498736ed90f53de8f66fe2b8c05665b9f8ff1506f751c5ee227c7f457d1", - "zh:3d8627d142942336cf65eea6eb6403692f47e9072ff3fa11c3f774a3b93130b3", - "zh:434b643054aeafb5df28d5529b72acc20c6f5ded24decad73b98657af2b53f4f", - "zh:436aa6c2b07d82aa6a9dd746a3e3a627f72787c27c80552ceda6dc52d01f4b6f", - "zh:458274c5aabe65ef4dbd61d43ce759287788e35a2da004e796373f88edcaa422", - "zh:54bc70fa6fb7da33292ae4d9ceef5398d637c7373e729ed4fce59bd7b8d67372", + "h1:M9TpQxKAE/hyOwytdX9MUNZw30HoD/OXqYIug5fkqH8=", + "zh:06f1c54e919425c3139f8aeb8fcf9bceca7e560d48c9f0c1e3bb0a8ad9d9da1e", + "zh:0e1e4cf6fd98b019e764c28586a386dc136129fef50af8c7165a067e7e4a31d5", + "zh:1871f4337c7c57287d4d67396f633d224b8938708b772abfc664d1f80bd67edd", + "zh:2b9269d91b742a71b2248439d5e9824f0447e6d261bfb86a8a88528609b136d1", + "zh:3d8ae039af21426072c66d6a59a467d51f2d9189b8198616888c1b7fc42addc7", + "zh:3ef4e2db5bcf3e2d915921adced43929214e0946a6fb11793085d9a48995ae01", + "zh:42ae54381147437c83cbb8790cc68935d71b6357728a154109d3220b1beb4dc9", + "zh:4496b362605ae4cbc9ef7995d102351e2fe311897586ffc7a4a262ccca0c782a", + "zh:652a2401257a12706d32842f66dac05a735693abcb3e6517d6b5e2573729ba13", + "zh:7406c30806f5979eaed5f50c548eced2ea18ea121e01801d2f0d4d87a04f6a14", + "zh:7848429fd5a5bcf35f6fee8487df0fb64b09ec071330f3ff240c0343fe2a5224", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:893ba267e18749c1a956b69be569f0d7bc043a49c3a0eb4d0d09a8e8b2ca3136", - "zh:95493b7517bce116f75cdd4c63b7c82a9d0d48ec2ef2f5eb836d262ef96d0aa7", - "zh:9ae21ab393be52e3e84e5cce0ef20e690d21f6c10ade7d9d9d22b39851bfeddc", - "zh:cc3b01ac2472e6d59358d54d5e4945032efbc8008739a6d4946ca1b621a16040", - "zh:f23bfe9758f06a1ec10ea3a81c9deedf3a7b42963568997d84a5153f35c5839a", ] } provider "registry.terraform.io/hashicorp/helm" { - version = "2.10.1" + version = "2.17.0" constraints = ">= 2.9.0, ~> 2.10" hashes = [ - "h1:OFRsk+lMoRoNoJjJzRngH8hAq++Sb6LwrEKIjd7PeWA=", - "zh:0717312baed39fb0a00576297241b69b419880cad8771bf72dec97ebdc96b200", - "zh:0e0e287b4e8429a0700143c8159764502eba0b33b1d094bf0d4ef4d93c7802cb", - "zh:4f74605377dab4065aaad35a2c5fa6186558c6e2e57b9058bdc8a62cf91857b9", - "zh:505f4af4dedb7a4f8f45b4201900b8e16216bdc2a01cc84fe13cdbf937570e7e", - "zh:83f37fe692513c0ce307d487248765383e00f9a84ed95f993ce0d3efdf4204d3", - "zh:840e5a84e1b5744f0211f611a2c6890da58016a40aafd5971f12285164d4e29b", - "zh:8c03d8dee292fa0367b0511cf3e95b706e034f78025f5dff0388116e1798bf47", - "zh:937800d1860f6b3adbb20e65f11e5fcd940b21ce8bdb48198630426244691325", - "zh:c1853aa5cbbdd1d46f4b169e84c3482103f0e8575a9bb044dbde908e27348c5d", - "zh:c9b0f640590da20931c30818b0b0587aa517d5606cb6e8052e4e4bf38f97b54d", + "h1:kQMkcPVvHOguOqnxoEU2sm1ND9vCHiT8TvZ2x6v/Rsw=", + "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", + "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", + "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3", + "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c", + "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd", + "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940", + "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e", + "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930", + "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f", + "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654", + "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fe8bd4dd09dc7ca218959eda1ced9115408c2cdc9b4a76964bfa455f3bcadfd3", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.22.0" + version = "2.36.0" constraints = ">= 2.10.0, >= 2.20.0, ~> 2.21" hashes = [ - "h1:N2Nta6li+07oT02gcgLzAU4goGIWNXY2zqKUV/9rLLE=", - "zh:1eac662b1f238042b2068401e510f0624efaf51fd6a4dd9c49d710a49d383b61", - "zh:4c35651603493437b0b13e070148a330c034ac62c8967c2de9da6620b26adca4", - "zh:50c0e8654efb46e3a3666c638ca2e0c8aec07f985fbc80f9205bed960386dc9b", - "zh:5f65194ddd6ea7e89b378297d882083a4b84962edb35dd35752f0c7e9d6282a0", - "zh:6fc0c2d65864324edde4db84f528268065df58229fc3ee321626687b0e603637", - "zh:73c58d007aba7f67c0aa9029794e10c2517bec565b7cb57d0f5948ea3f30e407", - "zh:7d6fc9d3c1843baccd2e1fc56317925a2f9df372427d30fcb5052d123adc887a", - "zh:a0ad9eb863b51586ea306c5f2beef74476c96684aed41a3ee99eb4b6d8898d01", - "zh:e218fcfbf4994ff741408a023a9d9eb6c697ce9f63ce5540d3b35226d86c963e", + "h1:94wlXkBzfXwyLVuJVhMdzK+VGjFnMjdmFkYhQ1RUFhI=", + "zh:07f38fcb7578984a3e2c8cf0397c880f6b3eb2a722a120a08a634a607ea495ca", + "zh:1adde61769c50dbb799d8bf8bfd5c8c504a37017dfd06c7820f82bcf44ca0d39", + "zh:39707f23ab58fd0e686967c0f973c0f5a39c14d6ccfc757f97c345fdd0cd4624", + "zh:4cc3dc2b5d06cc22d1c734f7162b0a8fdc61990ff9efb64e59412d65a7ccc92a", + "zh:8382dcb82ba7303715b5e67939e07dd1c8ecddbe01d12f39b82b2b7d7357e1d9", + "zh:88e8e4f90034186b8bfdea1b8d394621cbc46a064ff2418027e6dba6807d5227", + "zh:a6276a75ad170f76d88263fdb5f9558998bf3a3f7650d7bd3387b396410e59f3", + "zh:bc816c7e0606e5df98a0c7634b240bb0c8100c3107b8b17b554af702edc6a0c5", + "zh:cb2f31d58f37020e840af52755c18afd1f09a833c4903ac59270ab440fab57b7", + "zh:ee0d103b8d0089fb1918311683110b4492a9346f0471b136af46d3b019576b22", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f95625f317795f0e38cc6293dd31c85863f4e225209d07d1e233c50d9295083c", - "zh:f96e0923a632bc430267fe915794972be873887f5e761ed11451d67202e256c8", + "zh:f688b9ec761721e401f6859c19c083e3be20a650426f4747cd359cdc079d212a", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.4" + constraints = ">= 3.0.0" + hashes = [ + "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=", + "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", + "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", + "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", + "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", + "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", + "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", + "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", + "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", + "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", + "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", ] } provider "registry.terraform.io/hashicorp/time" { - version = "0.9.1" + version = "0.13.1" constraints = ">= 0.9.0" hashes = [ - "h1:UHcDnIYFZ00uoou0TwPGMwOrE8gTkoRephIvdwDAK70=", - "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", - "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", - "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "h1:ZT5ppCNIModqk3iOkVt5my8b8yBHmDpl663JtXAIRqM=", + "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74", + "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f", + "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a", + "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", - "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", - "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", - "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", - "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", - "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", - "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", - "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328", + "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8", + "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b", + "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0", + "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d", + "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75", + "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5", ] } provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" + version = "4.1.0" constraints = ">= 3.0.0" hashes = [ - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "h1:zEv9tY1KR5vaLSyp2lkrucNJ+Vq3c+sTFK9GyQGLtFs=", + "zh:14c35d89307988c835a7f8e26f1b83ce771e5f9b41e407f86a644c0152089ac2", + "zh:2fb9fe7a8b5afdbd3e903acb6776ef1be3f2e587fb236a8c60f11a9fa165faa8", + "zh:35808142ef850c0c60dd93dc06b95c747720ed2c40c89031781165f0c2baa2fc", + "zh:35b5dc95bc75f0b3b9c5ce54d4d7600c1ebc96fbb8dfca174536e8bf103c8cdc", + "zh:38aa27c6a6c98f1712aa5cc30011884dc4b128b4073a4a27883374bfa3ec9fac", + "zh:51fb247e3a2e88f0047cb97bb9df7c228254a3b3021c5534e4563b4007e6f882", + "zh:62b981ce491e38d892ba6364d1d0cdaadcee37cc218590e07b310b1dfa34be2d", + "zh:bc8e47efc611924a79f947ce072a9ad698f311d4a60d0b4dfff6758c912b7298", + "zh:c149508bd131765d1bc085c75a870abb314ff5a6d7f5ac1035a8892d686b6297", + "zh:d38d40783503d278b63858978d40e07ac48123a2925e1a6b47e62179c046f87a", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fb07f708e3316615f6d218cec198504984c0ce7000b9f1eebff7516e384f4b54", ] } diff --git a/main.tf b/main.tf index 0086351..be11861 100644 --- a/main.tf +++ b/main.tf @@ -1,20 +1,19 @@ -data "aws_eks_cluster_auth" "this" { - count = var.enable_eks ? 1 : 0 - name = module.comet_eks[0].cluster_name -} - locals { resource_name = "comet-${var.environment}" - tags = { - Terraform = "true" - Environment = var.environment - } + all_tags = merge( + { + Terraform = "true" + Environment = var.environment_tag + }, + var.common_tags + ) } module "comet_vpc" { source = "./modules/comet_vpc" count = var.enable_vpc ? 1 : 0 environment = var.environment + common_tags = local.all_tags eks_enabled = var.enable_eks single_nat_gateway = var.single_nat_gateway @@ -24,6 +23,7 @@ module "comet_ec2" { source = "./modules/comet_ec2" count = var.enable_ec2 ? 1 : 0 environment = var.environment + common_tags = local.all_tags vpc_id = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id comet_ec2_subnet = var.enable_vpc ? module.comet_vpc[0].public_subnets[0] : var.comet_public_subnets[0] @@ -46,6 +46,7 @@ module "comet_ec2_alb" { source = "./modules/comet_ec2_alb" count = var.enable_ec2_alb ? 1 : 0 environment = var.environment + common_tags = local.all_tags vpc_id = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id public_subnets = var.enable_vpc ? module.comet_vpc[0].public_subnets : var.comet_public_subnets @@ -56,6 +57,12 @@ module "comet_eks" { source = "./modules/comet_eks" count = var.enable_eks ? 1 : 0 environment = var.environment + common_tags = local.all_tags + + providers = { + kubernetes = kubernetes.eks + helm = helm.eks + } vpc_id = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id eks_private_subnets = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets @@ -88,6 +95,7 @@ module "comet_elasticache" { source = "./modules/comet_elasticache" count = var.enable_elasticache ? 1 : 0 environment = var.environment + common_tags = local.all_tags vpc_id = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id elasticache_private_subnets = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets @@ -107,6 +115,7 @@ module "comet_rds" { source = "./modules/comet_rds" count = var.enable_rds ? 1 : 0 environment = var.environment + common_tags = local.all_tags availability_zones = var.enable_vpc ? module.comet_vpc[0].azs : var.availability_zones vpc_id = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id @@ -130,6 +139,7 @@ module "comet_s3" { source = "./modules/comet_s3" count = var.enable_s3 ? 1 : 0 environment = var.environment + common_tags = local.all_tags comet_s3_bucket = var.s3_bucket_name s3_force_destroy = var.s3_force_destroy diff --git a/modules/comet_ec2/main.tf b/modules/comet_ec2/main.tf index 9251e8f..21e24fb 100644 --- a/modules/comet_ec2/main.tf +++ b/modules/comet_ec2/main.tf @@ -4,11 +4,6 @@ locals { https_port = 443 any_port = 0 cidr_anywhere = "0.0.0.0/0" - - tags = { - Terraform = "true" - Environment = var.environment - } } data "aws_ami" "al2" { @@ -145,12 +140,16 @@ resource "aws_instance" "comet_ec2" { root_block_device { volume_type = var.comet_ec2_volume_type volume_size = var.comet_ec2_volume_size + tags = var.common_tags } - tags = merge(local.tags, { - Name = "${var.environment}-comet-ml-${count.index}" - }) - + tags = merge( + var.common_tags, + { + Name = "${var.environment}-comet-ml-${count.index}" + } + ) + lifecycle { create_before_destroy = true } @@ -161,7 +160,6 @@ resource "aws_eip" "comet_ec2_eip" { instance = aws_instance.comet_ec2[0].id domain = "vpc" } - resource "aws_security_group" "comet_ec2_sg" { name = "comet_${var.environment}_ec2_sg" description = "Comet EC2 instance security group" diff --git a/modules/comet_ec2/variables.tf b/modules/comet_ec2/variables.tf index 2bdc738..4f21b07 100644 --- a/modules/comet_ec2/variables.tf +++ b/modules/comet_ec2/variables.tf @@ -68,4 +68,10 @@ variable "comet_ec2_s3_iam_policy" { variable "comet_ec2_alb_sg" { description = "ID of the security group attached to an associated application load balancer, for creating ingress EC2 SG rule" type = string -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_ec2_alb/main.tf b/modules/comet_ec2_alb/main.tf index 8af36ed..2811868 100644 --- a/modules/comet_ec2_alb/main.tf +++ b/modules/comet_ec2_alb/main.tf @@ -3,11 +3,6 @@ locals { https_port = 443 any_port = 0 cidr_anywhere = "0.0.0.0/0" - - tags = { - Terraform = "true" - Environment = var.environment - } } resource "aws_security_group" "comet_alb_sg" { @@ -43,6 +38,7 @@ resource "aws_vpc_security_group_egress_rule" "comet_ec2_alb_egress" { module "alb" { source = "terraform-aws-modules/alb/aws" version = "~> 8.0" + tags = var.common_tags name = "comet-${var.environment}-alb" @@ -82,6 +78,4 @@ module "alb" { } } ] - - tags = local.tags } \ No newline at end of file diff --git a/modules/comet_ec2_alb/variables.tf b/modules/comet_ec2_alb/variables.tf index 9f429a7..4748521 100644 --- a/modules/comet_ec2_alb/variables.tf +++ b/modules/comet_ec2_alb/variables.tf @@ -16,4 +16,10 @@ variable "public_subnets" { variable "ssl_certificate_arn" { description = "ARN of the ACM certificate to use for the ALB" type = string -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_eks/main.tf b/modules/comet_eks/main.tf index 1592375..8e7b207 100644 --- a/modules/comet_eks/main.tf +++ b/modules/comet_eks/main.tf @@ -1,21 +1,32 @@ +data "aws_caller_identity" "current" {} + +data "aws_iam_policy" "ebs_csi_policy" { + arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" +} + locals { - tags = { - Terraform = "true" - Environment = var.environment - } volume_type = "gp3" volume_encrypted = false volume_delete_on_termination = true -} -data "aws_iam_policy" "ebs_csi_policy" { - arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" + aws_auth_roles = startswith(data.aws_caller_identity.current.arn, "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/") ? [{ + rolearn = data.aws_caller_identity.current.arn + username = "admin" + groups = ["system:masters"] + }]: [] + + aws_auth_users = startswith(data.aws_caller_identity.current.arn, "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/") ? [{ + userarn = data.aws_caller_identity.current.arn + username = "admin" + groups = ["system:masters"] + }]: [] } module "eks" { source = "terraform-aws-modules/eks/aws" - version = "~> 19.9" + version = "~> 20.0" + authentication_mode = "API_AND_CONFIG_MAP" cluster_name = var.eks_cluster_name cluster_version = var.eks_cluster_version cluster_endpoint_public_access = true @@ -23,7 +34,12 @@ module "eks" { vpc_id = var.vpc_id subnet_ids = var.eks_private_subnets - eks_managed_node_group_defaults = { ami_type = var.eks_mng_ami_type } + eks_managed_node_group_defaults = { + ami_type = var.eks_mng_ami_type + tags = var.common_tags + tags_launch_template = var.common_tags + tags_propagate_at_launch = true + } eks_managed_node_groups = merge( { @@ -47,6 +63,9 @@ module "eks" { labels = { nodegroup_name = "comet" } + tags = var.common_tags # Tags applied at the node group level + tags_launch_template = var.common_tags # Tags applied at the launch template level + tags_propagate_at_launch = true iam_role_additional_policies = var.s3_enabled ? { comet_s3_access = var.comet_ec2_s3_iam_policy } : {} } }, @@ -71,6 +90,7 @@ module "eks" { labels = { nodegroup_name = "druid" } + tags = var.common_tags iam_role_additional_policies = var.s3_enabled ? { comet_s3_access = var.comet_ec2_s3_iam_policy } : {} }, airflow = { @@ -93,14 +113,13 @@ module "eks" { labels = { nodegroup_name = "airflow" } + tags = var.common_tags iam_role_additional_policies = var.s3_enabled ? { comet_s3_access = var.comet_ec2_s3_iam_policy } : {} } } : {} ) - tags = local.tags } - module "irsa-ebs-csi" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" version = "4.7.0" @@ -112,10 +131,27 @@ module "irsa-ebs-csi" { oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] } +resource "time_sleep" "wait_for_eks" { + depends_on = [module.eks] + create_duration = "60s" +} + +module "eks_aws-auth" { + source = "terraform-aws-modules/eks/aws//modules/aws-auth" + + manage_aws_auth_configmap = true + aws_auth_roles = local.aws_auth_roles + aws_auth_users = local.aws_auth_users + + depends_on = [ time_sleep.wait_for_eks ] +} + module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" version = "1.9.1" + depends_on = [ time_sleep.wait_for_eks ] + cluster_name = module.eks.cluster_name cluster_endpoint = module.eks.cluster_endpoint oidc_provider_arn = module.eks.oidc_provider_arn @@ -133,6 +169,4 @@ module "eks_blueprints_addons" { enable_aws_cloudwatch_metrics = var.eks_aws_cloudwatch_metrics enable_external_dns = var.eks_external_dns external_dns_route53_zone_arns = var.eks_external_dns_r53_zones - - tags = local.tags } \ No newline at end of file diff --git a/modules/comet_eks/variables.tf b/modules/comet_eks/variables.tf index d803ca3..5c86907 100644 --- a/modules/comet_eks/variables.tf +++ b/modules/comet_eks/variables.tf @@ -113,4 +113,10 @@ variable "eks_airflow_instance_type" { variable "eks_airflow_node_count" { description = "Instance count for EKS Airflow nodes" type = number -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_eks/versions.tf b/modules/comet_eks/versions.tf index 42c96cf..23f582e 100644 --- a/modules/comet_eks/versions.tf +++ b/modules/comet_eks/versions.tf @@ -8,5 +8,9 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.10" } + helm = { + source = "hashicorp/helm" + version = ">= 2.0.0" + } } -} \ No newline at end of file +} diff --git a/modules/comet_elasticache/main.tf b/modules/comet_elasticache/main.tf index c75865c..44cf7d2 100644 --- a/modules/comet_elasticache/main.tf +++ b/modules/comet_elasticache/main.tf @@ -1,10 +1,5 @@ locals { redis_port = 6379 - - tags = { - Terraform = "true" - Environment = var.environment - } } resource "aws_elasticache_replication_group" "comet-ml-ec-redis" { diff --git a/modules/comet_elasticache/variables.tf b/modules/comet_elasticache/variables.tf index 33dd9ef..c2c440a 100644 --- a/modules/comet_elasticache/variables.tf +++ b/modules/comet_elasticache/variables.tf @@ -52,4 +52,10 @@ variable "elasticache_auth_token" { description = "Auth token for ElastiCache" type = string default = null -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_rds/main.tf b/modules/comet_rds/main.tf index a2d324c..1eb0106 100644 --- a/modules/comet_rds/main.tf +++ b/modules/comet_rds/main.tf @@ -1,18 +1,16 @@ locals { mysql_port = 3306 - - tags = { - Terraform = "true" - Environment = var.environment - } } resource "aws_db_subnet_group" "comet-ml-rds-subnet" { name = "cometml-rds-sgn-${var.environment}" subnet_ids = var.rds_private_subnets - tags = merge(local.tags, { - Name = "cometml-rds-sng-${var.environment}" - }) + tags = merge( + var.common_tags, + { + Name = "cometml-rds-sng-${var.environment}" + } + ) } resource "aws_rds_cluster_instance" "comet-ml-rds-mysql" { diff --git a/modules/comet_rds/variables.tf b/modules/comet_rds/variables.tf index 379f2ee..881019f 100644 --- a/modules/comet_rds/variables.tf +++ b/modules/comet_rds/variables.tf @@ -72,3 +72,9 @@ variable "rds_root_password" { description = "Root password for RDS database" type = string } + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_s3/main.tf b/modules/comet_s3/main.tf index f05ee95..5403b99 100644 --- a/modules/comet_s3/main.tf +++ b/modules/comet_s3/main.tf @@ -1,8 +1,4 @@ locals { - tags = { - Terraform = "true" - Environment = var.environment - } suffix = substr(sha1("${var.environment}"), 0, 8) } @@ -11,9 +7,12 @@ resource "aws_s3_bucket" "comet_s3_bucket" { force_destroy = var.s3_force_destroy - tags = merge(local.tags, { - Name = var.comet_s3_bucket - }) + tags = merge( + var.common_tags, + { + Name = var.comet_s3_bucket + } + ) } resource "aws_s3_bucket" "comet_druid_bucket" { @@ -23,9 +22,12 @@ resource "aws_s3_bucket" "comet_druid_bucket" { force_destroy = var.s3_force_destroy - tags = merge(local.tags, { - Name = "comet-druid-${local.suffix}" - }) + tags = merge( + var.common_tags, + { + Name = "comet-druid-${local.suffix}" + } + ) } resource "aws_s3_bucket" "comet_airflow_bucket" { @@ -35,9 +37,12 @@ resource "aws_s3_bucket" "comet_airflow_bucket" { force_destroy = var.s3_force_destroy - tags = merge(local.tags, { - Name = "comet-airflow-${local.suffix}" - }) + tags = merge( + var.common_tags, + { + Name = "comet-airflow-${local.suffix}" + } + ) } resource "aws_iam_policy" "comet_s3_iam_policy" { diff --git a/modules/comet_s3/variables.tf b/modules/comet_s3/variables.tf index f2b5676..3db03d3 100644 --- a/modules/comet_s3/variables.tf +++ b/modules/comet_s3/variables.tf @@ -16,4 +16,10 @@ variable "s3_force_destroy" { variable "enable_mpm_infra" { description = "Sets buckets to be created for MPM Druid/Airflow" type = bool -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/modules/comet_vpc/main.tf b/modules/comet_vpc/main.tf index 379b2a7..7bd9857 100644 --- a/modules/comet_vpc/main.tf +++ b/modules/comet_vpc/main.tf @@ -4,11 +4,6 @@ locals { resource_name = "comet-${var.environment}" vpc_cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Terraform = "true" - Environment = var.environment - } } module "vpc" { @@ -28,15 +23,13 @@ module "vpc" { # Manage so we can name manage_default_network_acl = true - default_network_acl_tags = { Name = "${local.resource_name}-default" } + default_network_acl_tags = merge(var.common_tags, { Name = "${local.resource_name}-default" }) manage_default_route_table = true - default_route_table_tags = { Name = "${local.resource_name}-default" } + default_route_table_tags = merge(var.common_tags, { Name = "${local.resource_name}-default" }) manage_default_security_group = true - default_security_group_tags = { Name = "${local.resource_name}-default" } + default_security_group_tags = merge(var.common_tags, { Name = "${local.resource_name}-default" }) # if EKS deployment, set subnet tags for AWS Load Balancer Controller auto-discovery public_subnet_tags = var.eks_enabled ? { "kubernetes.io/role/elb" = 1 } : null private_subnet_tags = var.eks_enabled ? { "kubernetes.io/role/internal-elb" = 1 } : null - - tags = local.tags } \ No newline at end of file diff --git a/modules/comet_vpc/variables.tf b/modules/comet_vpc/variables.tf index 427953f..bdb770d 100644 --- a/modules/comet_vpc/variables.tf +++ b/modules/comet_vpc/variables.tf @@ -11,4 +11,10 @@ variable "eks_enabled" { variable "single_nat_gateway" { description = "Controls whether single NAT gateway used for all public subnets" type = bool -} \ No newline at end of file +} + +variable "common_tags" { + type = map(string) + description = "A map of common tags" + default = {} +} diff --git a/providers.tf b/providers.tf index 7e6e068..81428a9 100644 --- a/providers.tf +++ b/providers.tf @@ -1,14 +1,33 @@ +data "aws_eks_cluster_auth" "this" { + count = var.enable_eks ? 1 : 0 + name = module.comet_eks[0].cluster_name +} + +data "aws_caller_identity" "current" {} + provider "aws" { region = var.region + + default_tags { + tags = merge( + { + Terraform = "true" + Environment = var.environment_tag + }, + var.common_tags + ) + } } provider "kubernetes" { + alias = "eks" host = var.enable_eks ? module.comet_eks[0].cluster_endpoint : null cluster_ca_certificate = var.enable_eks ? base64decode(module.comet_eks[0].cluster_certificate_authority_data) : null token = var.enable_eks ? data.aws_eks_cluster_auth.this[0].token : null } provider "helm" { + alias = "eks" kubernetes { host = var.enable_eks ? module.comet_eks[0].cluster_endpoint : null cluster_ca_certificate = var.enable_eks ? base64decode(module.comet_eks[0].cluster_certificate_authority_data) : null diff --git a/terraform.tfvars b/terraform.tfvars index e142213..4a71312 100644 --- a/terraform.tfvars +++ b/terraform.tfvars @@ -1,29 +1,40 @@ +########################### +#### AWS Resource Tags #### +########################### +# common_tags = { +# # Place your dictionary of customized AWS resource tags here. eg. +# Owner = "firstName-lastName" +# DeployedBy = "Devops" +# TTL = "2025-01-01 12:00:00" +# Customer = "Model-Ops" +# } + ######################## #### Module toggles #### ######################## # Create a VPC to launch other resources in -enable_vpc = false +enable_vpc = true # Create an EC2 instance for running Comet -enable_ec2 = false +enable_ec2 = true # Create an ALB for the Comet EC2 instance -enable_ec2_alb = false +enable_ec2_alb = true # Create an EKS cluster for running Comet -enable_eks = false +enable_eks = true # Create ElastiCache resources for running Comet Redis -enable_elasticache = false +enable_elasticache = true # Create RDS resources for running Comet MySQL -enable_rds = false +enable_rds = true # Create S3 resources for storing Comet objects -enable_s3 = false +enable_s3 = true # Create EKS nodegroups for MPM compute -enable_mpm_infra = false +enable_mpm_infra = true ################ #### Global #### @@ -34,11 +45,14 @@ region = "us-east-1" # Name for Comet environment, for use in resource naming environment = "prod" -# If not setting enable_vpc to provision a VPC for the Comet resources, set the variables below to specify the existing VPC in which resources will be launched -comet_vpc_id = "vpc-012345abcdefghijkl" -availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] -comet_public_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"] -comet_private_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"] +# Deployment identifier +environment_tag = "test" + +## If not setting enable_vpc to provision a VPC for the Comet resources, set the variables below to specify the existing VPC in which resources will be launched +# comet_vpc_id = "vpc-012345abcdefghijkl" +# availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] +# comet_public_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"] +# comet_private_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"] ####################### #### Module inputs #### @@ -53,24 +67,24 @@ comet_private_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl ssl_certificate_arn = null #### comet_eks #### -# +# eks_aws_cloudwatch_metrics = false #### comet_elasticache #### # If setting enable_elasticache with existing compute, set the variable below to specify an SG that connections will be allowed from -elasticache_allow_from_sg = "sg-012345abcdefghijkl" +# elasticache_allow_from_sg = "sg-012345abcdefghijkl" ## Set the following to enable the auth token for Redis #elasticache_transit_encryption = true #elasticache_auth_token = "your-cometml-redis-token" #### comet_rds #### # If setting enable_rds, specify the root password for RDS below, or leave null and enter at the prompt during apply -rds_root_password = null +#rds_root_password = null # If setting enable_rds with existing compute, set the variable below to specify an SG that connections will be allowed from -rds_allow_from_sg = "sg-012345abcdefghijkl" +# rds_allow_from_sg = "sg-012345abcdefghijkl" #### comet_s3 #### # If setting enable_s3, specify the bucket name below -s3_bucket_name = null +#s3_bucket_name = null #### comet_vpc #### # diff --git a/variables.tf b/variables.tf index bf08efc..e4b6dfd 100644 --- a/variables.tf +++ b/variables.tf @@ -258,7 +258,7 @@ variable "elasticache_engine" { variable "elasticache_engine_version" { description = "Version number for ElastiCache engine" type = string - default = "7.1.0" + default = "7.1" } variable "elasticache_instance_type" { @@ -270,7 +270,7 @@ variable "elasticache_instance_type" { variable "elasticache_param_group_name" { description = "Name for the ElastiCache cluster parameter group" type = string - default = "default.redis5.0" + default = "default.redis7" } variable "elasticache_num_cache_nodes" { @@ -375,3 +375,13 @@ variable "single_nat_gateway" { type = bool default = true } + +variable "common_tags" { + description = "A map of tags to apply to resources" + type = map(string) +} + +variable "environment_tag" { + description = "Deployment identifier" + type = string +}