diff --git a/README.md b/README.md index 51e50297..ccc0b4f2 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,8 @@ Certificate validation can take up two hours, causing timeouts during module app ## How to Use This Module - Ensure account meets module pre-requisites from above. +- You may also choose to use this module with a custom AMI image as shown in the [`existing-image`](./examples/existing-image) example. +- Please note that while some resources are individually and uniquely tagged, all common tags are expected to be configured within the AWS provider as shown in the example code snippet below. - Create a Terraform configuration that pulls in this module and specifies values of the required variables: @@ -64,34 +66,20 @@ Certificate validation can take up two hours, causing timeouts during module app ```hcl provider "aws" { region = "" + default_tags { + tags = var.common_tags + } } module "tfe_node" { source = "" - friendly_name_prefix = "" + friendly_name_prefix = "" domain_name = "" tfe_license_filepath = "" acm_certificate_arn = "" } ``` -- _OPTIONAL_: This module can be deployed with a custom AMI rather than the default base given (Ubuntu 20.04 LTS), and has been verified to be functional with Ubuntu 20.04 LTS and RHEL 7.x based images. To deploy using a custom image, use the following configuration instead: - -```hcl -provider "aws" { - region = "" -} - -module "tfe_node" { - source = "" - ami_id = "" - friendly_name_prefix = "" - domain_name = "" - tfe_license_filepath = "" - acm_certificate_arn = "" -} -``` - - Run `terraform init` and `terraform apply` ## Module Manifest @@ -115,9 +103,10 @@ The resources created are: We have included documentation and reference examples for additional common installation scenarios for TFE, as well as examples for supporting resources that lack official modules. -- [Example: Deploying behind a proxy](./examples/behind-proxy) -- [Example: Deploying into an existing private network](./examples/existing-private-network) -- [Example: Deploying while managing DNS outside of AWS](./examples/external-dns) +- [Example: Deploying with an existing, custom image](./examples/existing-image) +- [Example: Deploying behind a proxy (coming soon...)](./examples/behind-proxy) +- [Example: Deploying into an existing private network (coming soon...)](./examples/existing-private-network) +- [Example: Deploying while managing DNS outside of AWS (coming soon...)](./examples/external-dns) ## License diff --git a/examples/existing-image/README.md b/examples/existing-image/README.md index a6394c67..d88f9ab6 100644 --- a/examples/existing-image/README.md +++ b/examples/existing-image/README.md @@ -60,8 +60,6 @@ module "existing_image_example" { ami_id = local.ami_id iact_subnet_list = var.iact_subnet_list load_balancing_scheme = var.load_balancing_scheme - - common_tags = var.common_tags } ``` @@ -83,7 +81,6 @@ The variable inputs described in this document serve as a reference configuratio | `tfe_subdomain` | Desired DNS record subdomain | string | `tfe` | | `tfe_license_name` | The name to use when copying the TFE license file to the EC2 instance. | string | `license.rli` | | `tfe_license_filepath` | The absolute path to the TFE license file on the system running Terraform. | string | `Users/yourname/license.rli` | -| `common_tags` | Map of tags to use for resources | map(string) | `{ Owner = "Your Name" }` | | `iact_subnet_list` | A list of CIDR masks that configure the ability to retrieve the IACT from outside the host. | list(string) | `["0.0.0.0/0"]` | | `load_balancing_scheme` | Load Balancing Scheme. Supported values are: "PRIVATE"; "PRIVATE_TCP"; "PUBLIC". | string | `PUBLIC` | | `ami_id` | AMI ID of the custom image to use for TFE instances. If this value is provided, you do not need any of the following ami variable values. | string | `ami-12345` | diff --git a/examples/existing-image/main.tf b/examples/existing-image/main.tf index d08ba413..2f420b5f 100644 --- a/examples/existing-image/main.tf +++ b/examples/existing-image/main.tf @@ -33,6 +33,4 @@ module "existing_image_example" { ami_id = local.ami_id iact_subnet_list = var.iact_subnet_list load_balancing_scheme = var.load_balancing_scheme - - common_tags = var.common_tags } diff --git a/examples/existing-image/variables.tf b/examples/existing-image/variables.tf index bea055ba..57f22462 100644 --- a/examples/existing-image/variables.tf +++ b/examples/existing-image/variables.tf @@ -33,12 +33,6 @@ variable "tfe_license_filepath" { description = "The absolute path to the TFE license file on the system running Terraform." } -variable "common_tags" { - default = {} - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." -} - variable "iact_subnet_list" { default = ["0.0.0.0/0"] type = list(string) diff --git a/examples/existing-image/versions.tf b/examples/existing-image/versions.tf index eae5104f..e7c8bf52 100644 --- a/examples/existing-image/versions.tf +++ b/examples/existing-image/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } \ No newline at end of file diff --git a/main.tf b/main.tf index 0eaaa3aa..c0749dd0 100644 --- a/main.tf +++ b/main.tf @@ -23,10 +23,11 @@ resource "aws_kms_key" "tfe_key" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" - tags = merge( - { Name = "${var.friendly_name_prefix}-tfe-kms-key" }, - var.common_tags, - ) + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + tags = { + # Name = "${var.friendly_name_prefix}-tfe-kms-key" + Name = "tfe-kms-key" + } } resource "aws_kms_alias" "key_alias" { @@ -51,8 +52,6 @@ module "object_storage" { tfe_license_name = var.tfe_license_name proxy_cert_bundle_filepath = var.proxy_cert_bundle_filepath proxy_cert_bundle_name = var.proxy_cert_bundle_name - - common_tags = var.common_tags } module "service_accounts" { @@ -62,9 +61,7 @@ module "service_accounts" { aws_bucket_data_arn = module.object_storage.s3_bucket_data_arn friendly_name_prefix = var.friendly_name_prefix kms_key_arn = aws_kms_key.tfe_key.arn - - common_tags = var.common_tags - iam_role_policy_arns = var.iam_role_policy_arns + iam_role_policy_arns = var.iam_role_policy_arns } module "secrets_manager" { @@ -72,8 +69,6 @@ module "secrets_manager" { friendly_name_prefix = var.friendly_name_prefix deploy_secretsmanager = var.deploy_secretsmanager - - common_tags = var.common_tags } module "networking" { @@ -85,8 +80,6 @@ module "networking" { network_cidr = var.network_cidr network_private_subnet_cidrs = var.network_private_subnet_cidrs network_public_subnet_cidrs = var.network_public_subnet_cidrs - - common_tags = var.common_tags } locals { @@ -114,8 +107,6 @@ module "redis" { redis_encryption_in_transit = var.redis_encryption_in_transit redis_encryption_at_rest = var.redis_encryption_at_rest redis_require_password = var.redis_require_password - - common_tags = var.common_tags } module "database" { @@ -128,8 +119,6 @@ module "database" { network_private_subnet_cidrs = var.network_private_subnet_cidrs network_subnets_private = local.network_private_subnets tfe_instance_sg = module.vm.tfe_instance_sg - - common_tags = var.common_tags } module "user_data" { @@ -173,8 +162,6 @@ module "load_balancer" { network_public_subnets = local.network_public_subnets network_private_subnets = local.network_private_subnets ssl_policy = var.ssl_policy - - common_tags = var.common_tags } module "private_tcp_load_balancer" { @@ -189,8 +176,6 @@ module "private_tcp_load_balancer" { network_id = local.network_id network_private_subnets = local.network_private_subnets ssl_policy = var.ssl_policy - - common_tags = var.common_tags } module "vm" { @@ -202,7 +187,7 @@ module "vm" { aws_lb = var.load_balancing_scheme == "PRIVATE_TCP" ? null : module.load_balancer[0].aws_lb_security_group aws_lb_target_group_tfe_tg_443_arn = var.load_balancing_scheme == "PRIVATE_TCP" ? module.private_tcp_load_balancer[0].aws_lb_target_group_tfe_tg_443_arn : module.load_balancer[0].aws_lb_target_group_tfe_tg_443_arn aws_lb_target_group_tfe_tg_8800_arn = var.load_balancing_scheme == "PRIVATE_TCP" ? module.private_tcp_load_balancer[0].aws_lb_target_group_tfe_tg_8800_arn : module.load_balancer[0].aws_lb_target_group_tfe_tg_8800_arn - common_tags = var.common_tags + asg_tags = var.asg_tags default_ami_id = local.default_ami_id friendly_name_prefix = var.friendly_name_prefix key_name = var.key_name diff --git a/modules/application_load_balancer/main.tf b/modules/application_load_balancer/main.tf index c0a2f20f..9a7c5301 100644 --- a/modules/application_load_balancer/main.tf +++ b/modules/application_load_balancer/main.tf @@ -1,8 +1,6 @@ resource "aws_security_group" "tfe_lb_allow" { name = "${var.friendly_name_prefix}-tfe-lb-allow" vpc_id = var.network_id - - tags = var.common_tags } resource "aws_security_group_rule" "tfe_lb_allow_inbound_http" { @@ -39,8 +37,6 @@ resource "aws_security_group_rule" "tfe_lb_allow_inbound_dashboard" { resource "aws_security_group" "tfe_outbound_allow" { name = "${var.friendly_name_prefix}-tfe-outbound-allow" vpc_id = var.network_id - - tags = var.common_tags } resource "aws_security_group_rule" "tfe_outbound_allow_all" { @@ -64,8 +60,6 @@ resource "aws_lb" "tfe_lb" { aws_security_group.tfe_lb_allow.id, aws_security_group.tfe_outbound_allow.id ] - - tags = var.common_tags } resource "aws_lb_listener" "tfe_listener_80" { @@ -108,8 +102,6 @@ resource "aws_lb_target_group" "tfe_tg_443" { protocol = "HTTPS" matcher = "200-399" } - - tags = var.common_tags } resource "aws_lb_listener" "tfe_listener_8800" { @@ -139,8 +131,6 @@ resource "aws_lb_target_group" "tfe_tg_8800" { protocol = "HTTPS" matcher = "200-399" } - - tags = var.common_tags } data "aws_route53_zone" "tfe" { diff --git a/modules/application_load_balancer/variables.tf b/modules/application_load_balancer/variables.tf index 88bb5cb0..5e0ddd89 100644 --- a/modules/application_load_balancer/variables.tf +++ b/modules/application_load_balancer/variables.tf @@ -57,9 +57,3 @@ variable "friendly_name_prefix" { type = string description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } - -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} diff --git a/modules/application_load_balancer/versions.tf b/modules/application_load_balancer/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/application_load_balancer/versions.tf +++ b/modules/application_load_balancer/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/database/main.tf b/modules/database/main.tf index 66390cdb..8937ce83 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -7,8 +7,6 @@ resource "aws_security_group" "postgresql" { description = "The security group of the PostgreSQL deployment for TFE." name = "${var.friendly_name_prefix}-tfe-postgresql" vpc_id = var.network_id - - tags = var.common_tags } resource "aws_security_group_rule" "postgresql_tfe_ingress" { @@ -50,8 +48,6 @@ resource "aws_security_group_rule" "postgresql_egress" { resource "aws_db_subnet_group" "tfe" { name = var.friendly_name_prefix subnet_ids = var.network_subnets_private - - tags = var.common_tags } resource "aws_db_instance" "postgresql" { @@ -80,6 +76,4 @@ resource "aws_db_instance" "postgresql" { storage_encrypted = true storage_type = "gp2" vpc_security_group_ids = [aws_security_group.postgresql.id] - - tags = var.common_tags } diff --git a/modules/database/variables.tf b/modules/database/variables.tf index a83e165f..8cce30cd 100644 --- a/modules/database/variables.tf +++ b/modules/database/variables.tf @@ -41,9 +41,3 @@ variable "network_private_subnet_cidrs" { description = "(Optional) List of private subnet CIDR ranges to create in VPC." default = ["10.0.32.0/20", "10.0.48.0/20"] } - -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} diff --git a/modules/database/versions.tf b/modules/database/versions.tf index e20bb5f3..4c3fe642 100644 --- a/modules/database/versions.tf +++ b/modules/database/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } random = { source = "hashicorp/random" diff --git a/modules/network_load_balancer/main.tf b/modules/network_load_balancer/main.tf index 9bfe1f6e..5cd31dca 100644 --- a/modules/network_load_balancer/main.tf +++ b/modules/network_load_balancer/main.tf @@ -3,8 +3,6 @@ resource "aws_lb" "tfe_lb" { internal = true load_balancer_type = "network" subnets = var.network_private_subnets - - tags = var.common_tags } resource "aws_lb_listener" "tfe_listener_443" { @@ -27,8 +25,6 @@ resource "aws_lb_target_group" "tfe_tg_443" { health_check { protocol = "TCP" } - - tags = var.common_tags } resource "aws_lb_listener" "tfe_listener_8800" { @@ -57,8 +53,6 @@ resource "aws_lb_target_group" "tfe_tg_8800" { path = "/" protocol = "TCP" } - - tags = var.common_tags } data "aws_route53_zone" "tfe" { diff --git a/modules/network_load_balancer/variables.tf b/modules/network_load_balancer/variables.tf index b2b14d5e..62f1d815 100644 --- a/modules/network_load_balancer/variables.tf +++ b/modules/network_load_balancer/variables.tf @@ -37,9 +37,3 @@ variable "friendly_name_prefix" { type = string description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } - -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} diff --git a/modules/network_load_balancer/versions.tf b/modules/network_load_balancer/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/network_load_balancer/versions.tf +++ b/modules/network_load_balancer/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/networking/main.tf b/modules/networking/main.tf index a0d1a022..54f0533b 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -27,38 +27,45 @@ module "vpc" { private_subnets = var.network_private_subnet_cidrs public_subnets = var.network_public_subnet_cidrs single_nat_gateway = false - tags = var.common_tags + # Prefixes removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved igw_tags = { - Name = "${var.friendly_name_prefix}-tfe-igw" + # Name = "${var.friendly_name_prefix}-tfe-igw" + Name = "tfe-igw" } nat_eip_tags = { - Name = "${var.friendly_name_prefix}-tfe-nat-eip" + # Name = "${var.friendly_name_prefix}-tfe-nat-eip" + Name = "tfe-nat-eip" } nat_gateway_tags = { - Name = "${var.friendly_name_prefix}-tfe-tgw" + # Name = "${var.friendly_name_prefix}-tfe-tgw" + Name = "tfe-tgw" } private_route_table_tags = { - Name = "${var.friendly_name_prefix}-tfe-rtb-private" + # Name = "${var.friendly_name_prefix}-tfe-rtb-private" + Name = "tfe-rtb-private" } private_subnet_tags = { - Name = "${var.friendly_name_prefix}-private" + # Name = "${var.friendly_name_prefix}-private" + Name = "private" } public_route_table_tags = { - Name = "${var.friendly_name_prefix}-tfe-rtb-public" + # Name = "${var.friendly_name_prefix}-tfe-rtb-public" + Name = "tfe-rtb-public" } public_subnet_tags = { - Name = "${var.friendly_name_prefix}-public" + # Name = "${var.friendly_name_prefix}-public" + Name = "public" } vpc_tags = { - Name = "${var.friendly_name_prefix}-tfe-vpc" + # Name = "${var.friendly_name_prefix}-tfe-vpc" + Name = "tfe-vpc" } } resource "aws_security_group" "ssm" { description = "The security group of Systems Manager for TFE." name = "${var.friendly_name_prefix}-tfe" - tags = var.common_tags vpc_id = module.vpc.vpc_id ingress { @@ -77,7 +84,6 @@ module "vpc_endpoints" { security_group_ids = [aws_security_group.ssm.id] vpc_id = module.vpc.vpc_id - tags = var.common_tags endpoints = { ec2 = { @@ -91,8 +97,10 @@ module "vpc_endpoints" { service = "ec2messages" service_type = "Interface" subnet_ids = module.vpc.private_subnets + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" + Name = "tfe-ec2messages-vpc-endpoint" } } kms = { @@ -105,8 +113,10 @@ module "vpc_endpoints" { route_table_ids = module.vpc.private_route_table_ids service = "s3" service_type = "Gateway" + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" + Name = "tfe-s3-vpc-endpoint" } } ssm = { @@ -114,8 +124,10 @@ module "vpc_endpoints" { service = "ssm" service_type = "Interface" subnet_ids = module.vpc.private_subnets + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" + Name = "tfe-ssm-vpc-endpoint" } } ssmmessages = { @@ -123,8 +135,10 @@ module "vpc_endpoints" { service = "ssmmessages" service_type = "Interface" subnet_ids = module.vpc.private_subnets + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" + Name = "tfe-ssmmessages-vpc-endpoint" } } } diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf index fcbc17f9..b20b9745 100644 --- a/modules/networking/variables.tf +++ b/modules/networking/variables.tf @@ -3,12 +3,6 @@ variable "friendly_name_prefix" { description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} - # Network variable "network_cidr" { type = string diff --git a/modules/networking/versions.tf b/modules/networking/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/networking/versions.tf +++ b/modules/networking/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/object_storage/main.tf b/modules/object_storage/main.tf index 8d71217d..70b7de8d 100644 --- a/modules/object_storage/main.tf +++ b/modules/object_storage/main.tf @@ -16,8 +16,6 @@ resource "aws_s3_bucket" "tfe_bootstrap_bucket" { } force_destroy = true - - tags = var.common_tags } resource "aws_s3_bucket_object" "tfe_license" { @@ -25,8 +23,6 @@ resource "aws_s3_bucket_object" "tfe_license" { bucket = aws_s3_bucket.tfe_bootstrap_bucket.id key = var.tfe_license_name source = var.tfe_license_filepath - - tags = var.common_tags } resource "aws_s3_bucket_object" "proxy_cert_bundle" { @@ -34,8 +30,6 @@ resource "aws_s3_bucket_object" "proxy_cert_bundle" { bucket = aws_s3_bucket.tfe_bootstrap_bucket.id key = var.proxy_cert_bundle_name source = var.proxy_cert_bundle_filepath - - tags = var.common_tags } resource "aws_s3_bucket_public_access_block" "tfe_bootstrap_bucket" { @@ -65,8 +59,6 @@ resource "aws_s3_bucket" "tfe_data_bucket" { } force_destroy = true - - tags = var.common_tags } resource "aws_s3_bucket_public_access_block" "tfe_data" { diff --git a/modules/object_storage/variables.tf b/modules/object_storage/variables.tf index 267a19f4..9f873ae5 100644 --- a/modules/object_storage/variables.tf +++ b/modules/object_storage/variables.tf @@ -1,9 +1,3 @@ -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} - variable "kms_key_arn" { description = "The Amazon Resource Name of the KMS key with which S3 storage bucket objects will be encrypted." type = string diff --git a/modules/object_storage/versions.tf b/modules/object_storage/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/object_storage/versions.tf +++ b/modules/object_storage/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/redis/main.tf b/modules/redis/main.tf index f331ba4e..a0ecf2fe 100644 --- a/modules/redis/main.tf +++ b/modules/redis/main.tf @@ -8,8 +8,6 @@ resource "aws_security_group" "redis" { description = "The security group of the Redis deployment for TFE." name = "${var.friendly_name_prefix}-tfe-redis" vpc_id = var.network_id - - tags = var.common_tags } resource "aws_security_group_rule" "redis_tfe_ingress" { @@ -81,6 +79,4 @@ resource "aws_elasticache_replication_group" "redis" { at_rest_encryption_enabled = var.redis_encryption_at_rest kms_key_id = (var.redis_encryption_at_rest == true) ? var.kms_key_arn : null - - tags = var.common_tags } diff --git a/modules/redis/variables.tf b/modules/redis/variables.tf index 0e4df063..2be3793b 100644 --- a/modules/redis/variables.tf +++ b/modules/redis/variables.tf @@ -3,12 +3,6 @@ variable "active_active" { description = "Flag for active-active configuation: true for active-active, false for standalone" } -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} - variable "kms_key_arn" { description = <<-EOD The Amazon Resource Name of the KMS key which will be used by the Redis Elasticache replication group to encrypt data diff --git a/modules/redis/versions.tf b/modules/redis/versions.tf index e20bb5f3..4c3fe642 100644 --- a/modules/redis/versions.tf +++ b/modules/redis/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } random = { source = "hashicorp/random" diff --git a/modules/secrets_manager/main.tf b/modules/secrets_manager/main.tf index 120ef594..0bacba69 100644 --- a/modules/secrets_manager/main.tf +++ b/modules/secrets_manager/main.tf @@ -4,10 +4,11 @@ resource "aws_secretsmanager_secret" "tfe_install" { name = var.secretsmanager_secret_name == null ? "${var.friendly_name_prefix}-tfe-install-secrets" : var.secretsmanager_secret_name description = "TFE install secret metadata" - tags = merge( - { Name = "${var.friendly_name_prefix}-tfe-install-secrets" }, - var.common_tags - ) + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + tags = { + # Name = "${var.friendly_name_prefix}-tfe-install-secrets" + Name = "tfe-install-secrets" + } } resource "aws_secretsmanager_secret_version" "tfe_install_secrets" { diff --git a/modules/secrets_manager/variables.tf b/modules/secrets_manager/variables.tf index 6f541179..fbbd0c04 100644 --- a/modules/secrets_manager/variables.tf +++ b/modules/secrets_manager/variables.tf @@ -3,12 +3,6 @@ variable "friendly_name_prefix" { type = string } -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} - variable "deploy_secretsmanager" { type = bool description = "(Optional) Boolean indicating whether to deploy AWS Secrets Manager secret (true) or not (false)." diff --git a/modules/secrets_manager/versions.tf b/modules/secrets_manager/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/secrets_manager/versions.tf +++ b/modules/secrets_manager/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf index db050c51..5b059ce7 100644 --- a/modules/service_accounts/main.tf +++ b/modules/service_accounts/main.tf @@ -6,8 +6,6 @@ resource "aws_iam_instance_profile" "tfe" { resource "aws_iam_role" "instance_role" { name_prefix = "${var.friendly_name_prefix}-tfe" assume_role_policy = data.aws_iam_policy_document.instance_role.json - - tags = var.common_tags } data "aws_iam_policy_document" "instance_role" { diff --git a/modules/service_accounts/variables.tf b/modules/service_accounts/variables.tf index 88427aff..f264d3e0 100644 --- a/modules/service_accounts/variables.tf +++ b/modules/service_accounts/variables.tf @@ -18,12 +18,6 @@ variable "kms_key_arn" { type = string } -variable "common_tags" { - type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." - default = {} -} - variable "iam_role_policy_arns" { default = [] description = "A set of Amazon Resource Names of IAM role policys to be attached to the TFE IAM role." diff --git a/modules/service_accounts/versions.tf b/modules/service_accounts/versions.tf index e672adcd..241fbd9e 100644 --- a/modules/service_accounts/versions.tf +++ b/modules/service_accounts/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.15" + version = "~> 3.38" } } } diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 0696ca5f..919c59c5 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -4,8 +4,6 @@ resource "aws_security_group" "tfe_instance" { name = "${var.friendly_name_prefix}-tfe-ec2-sg" vpc_id = var.network_id - - tags = var.common_tags } resource "aws_security_group_rule" "tfe_ui" { @@ -101,7 +99,7 @@ resource "aws_autoscaling_group" "tfe_asg" { }, ], [ - for k, v in var.common_tags : { + for k, v in var.asg_tags : { key = k value = v propagate_at_launch = true diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf index 71c49d36..a814c2dc 100644 --- a/modules/vm/variables.tf +++ b/modules/vm/variables.tf @@ -74,9 +74,13 @@ variable "node_count" { description = "The number of nodes you want in your autoscaling group (1 for standalone, 2 for active-active configuration)" } -variable "common_tags" { +variable "asg_tags" { type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." + description = <