feat: Add initial support for access points

terraform-aws-modules · Oct 24, 2022 · 7aa8a44 · 7aa8a44
1 parent dba58e9
commit 7aa8a44
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -45,6 +45,7 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_efs_access_point.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource |
 | [aws_efs_file_system.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource |
 | [aws_efs_file_system_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system_policy) | resource |
 | [aws_efs_mount_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource |
@@ -56,6 +57,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_points"></a> [access\_points](#input\_access\_points) | A map of access point definitions to create | `any` | `{}` | no |
 | <a name="input_attach_policy"></a> [attach\_policy](#input\_attach\_policy) | Determines whether a policy is attached to the file system | `bool` | `true` | no |
 | <a name="input_availability_zone_name"></a> [availability\_zone\_name](#input\_availability\_zone\_name) | The AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes | `string` | `null` | no |
 | <a name="input_bypass_policy_lockout_safety_check"></a> [bypass\_policy\_lockout\_safety\_check](#input\_bypass\_policy\_lockout\_safety\_check) | A flag to indicate whether to bypass the `aws_efs_file_system_policy` lockout safety check. Defaults to `false` | `bool` | `null` | no |
@@ -83,6 +85,7 @@ No modules.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_access_points"></a> [access\_points](#output\_access\_points) | Map of access points created and their attributes |
 | <a name="output_arn"></a> [arn](#output\_arn) | Amazon Resource Name of the file system |
 | <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html) |
 | <a name="output_id"></a> [id](#output\_id) | The ID that identifies the file system (e.g., `fs-ccfc0d65`) |

diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -48,6 +48,7 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_access_points"></a> [access\_points](#output\_access\_points) | Map of access points created and their attributes |
 | <a name="output_arn"></a> [arn](#output\_arn) | Amazon Resource Name of the file system |
 | <a name="output_dns_name"></a> [dns\_name](#output\_dns\_name) | The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html) |
 | <a name="output_id"></a> [id](#output\_id) | The ID that identifies the file system (e.g., `fs-ccfc0d65`) |

diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -44,3 +44,12 @@ output "security_group_id" {
   description = "ID of the security group"
   value       = module.efs.security_group_id
 }
+
+################################################################################
+# Access Point(s)
+################################################################################
+
+output "access_points" {
+  description = "Map of access points created and their attributes"
+  value       = module.efs.access_points
+}
diff --git a/main.tf b/main.tf
@@ -147,3 +147,43 @@ resource "aws_security_group_rule" "this" {
   self                     = try(each.value.self, null)
   source_security_group_id = try(each.value.source_security_group_id, null)
 }
+
+################################################################################
+# Access Point(s)
+################################################################################
+
+resource "aws_efs_access_point" "this" {
+  for_each = { for k, v in var.access_points : k => v if var.create }
+
+  file_system_id = aws_efs_file_system.this[0].id
+
+  dynamic "posix_user" {
+    for_each = try([each.value.posix_user], [])
+
+    content {
+      gid            = posix_user.value.gid
+      uid            = posix_user.value.uid
+      secondary_gids = try(posix_user.value.secondary_gids, null)
+    }
+  }
+
+  dynamic "root_directory" {
+    for_each = try([each.value.root_directory], [])
+
+    content {
+      path = try(root_directory.value.path, null)
+
+      dynamic "creation_info" {
+        for_each = try([root_directory.value.creation_info], [])
+
+        content {
+          owner_gid   = creation_info.value.owner_gid
+          owner_uid   = creation_info.value.owner_uid
+          permissions = creation_info.value.permissions
+        }
+      }
+    }
+  }
+
+  tags = merge(var.tags, try(each.value.tags, {}))
+}
diff --git a/outputs.tf b/outputs.tf
@@ -44,3 +44,12 @@ output "security_group_id" {
   description = "ID of the security group"
   value       = try(aws_security_group.this[0].id, null)
 }
+
+################################################################################
+# Access Point(s)
+################################################################################
+
+output "access_points" {
+  description = "Map of access points created and their attributes"
+  value       = aws_efs_access_point.this
+}
diff --git a/variables.tf b/variables.tf
@@ -145,3 +145,13 @@ variable "security_group_rules" {
   type        = any
   default     = {}
 }
+
+################################################################################
+# Access Point(s)
+################################################################################
+
+variable "access_points" {
+  description = "A map of access point definitions to create"
+  type        = any
+  default     = {}
+}