From bf33a5e1dc77f992e5ce024aed4adacce4a131f7 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Fri, 11 Jun 2021 12:12:08 -0600 Subject: [PATCH 01/11] employ AWS provider's default tags --- examples/existing-image/variables.tf | 8 ++++++-- main.tf | 1 + modules/application_load_balancer/variables.tf | 6 +++++- modules/database/variables.tf | 6 +++++- modules/network_load_balancer/variables.tf | 8 ++++++-- modules/networking/variables.tf | 6 +++++- modules/object_storage/variables.tf | 6 +++++- modules/redis/variables.tf | 6 +++++- modules/secrets_manager/variables.tf | 6 +++++- modules/service_accounts/variables.tf | 6 +++++- modules/vm/main.tf | 7 +++++++ modules/vm/variables.tf | 16 +++++++++++++++- tests/private-active-active/locals.tf | 1 + tests/private-active-active/main.tf | 6 +++++- tests/private-active-active/proxy.tf | 2 -- tests/private-tcp-active-active/locals.tf | 1 + tests/private-tcp-active-active/main.tf | 6 +++++- tests/private-tcp-active-active/proxy.tf | 15 ++++++--------- tests/public-active-active/locals.tf | 1 + tests/public-active-active/main.tf | 6 +++++- variables.tf | 16 +++++++++++++++- 21 files changed, 109 insertions(+), 27 deletions(-) diff --git a/examples/existing-image/variables.tf b/examples/existing-image/variables.tf index bea055ba..150a7400 100644 --- a/examples/existing-image/variables.tf +++ b/examples/existing-image/variables.tf @@ -34,9 +34,13 @@ variable "tfe_license_filepath" { } variable "common_tags" { - default = {} type = map(string) - description = "(Optional) Map of common tags for all taggable AWS resources." + description = < Date: Fri, 11 Jun 2021 12:51:16 -0600 Subject: [PATCH 02/11] adding a test name tag --- tests/private-active-active/locals.tf | 3 ++- tests/private-active-active/main.tf | 4 ++-- tests/private-tcp-active-active/locals.tf | 4 ++-- tests/private-tcp-active-active/main.tf | 4 ++-- tests/private-tcp-active-active/proxy.tf | 2 +- tests/public-active-active/locals.tf | 4 ++-- tests/public-active-active/main.tf | 4 ++-- 7 files changed, 13 insertions(+), 12 deletions(-) diff --git a/tests/private-active-active/locals.tf b/tests/private-active-active/locals.tf index a0299f05..f7981d57 100644 --- a/tests/private-active-active/locals.tf +++ b/tests/private-active-active/locals.tf @@ -1,7 +1,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = "tfe_modules_test" + Environment = local.test_name Description = "Private Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" @@ -10,4 +10,5 @@ locals { friendly_name_prefix = random_string.friendly_name.id ssm_policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + test_name = "${local.friendly_name_prefix}-test-private-active-active" } diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index dcaf4f7b..f17b712d 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -50,7 +50,7 @@ module "private_active_active" { iam_role_policy_arns = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.4xlarge" key_name = var.key_name - kms_key_alias = "${local.friendly_name_prefix}-test-private-active-active" + kms_key_alias = local.test_name load_balancing_scheme = "PRIVATE" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -58,7 +58,7 @@ module "private_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = "${local.friendly_name_prefix}-test-private-active-active" + tfe_subdomain = local.test_name asg_tags = local.common_tags } diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index 928308a5..adb4f1f9 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -3,7 +3,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = "tfe_modules_test" + Environment = local.test_name Description = "Private TCP Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" @@ -11,5 +11,5 @@ locals { } friendly_name_prefix = random_string.friendly_name.id - + test_name = "${local.friendly_name_prefix}-test-private-tcp-active-active" } diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 15092d8f..47d3a9fa 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -61,7 +61,7 @@ module "private_tcp_active_active" { iact_subnet_list = ["0.0.0.0/0"] iam_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.8xlarge" - kms_key_alias = "${local.friendly_name_prefix}-test-private-tcp-active-active" + kms_key_alias = local.test_name load_balancing_scheme = "PRIVATE_TCP" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -70,7 +70,7 @@ module "private_tcp_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = "${local.friendly_name_prefix}-test-private-tcp-active-active" + tfe_subdomain = local.test_name asg_tags = local.common_tags } diff --git a/tests/private-tcp-active-active/proxy.tf b/tests/private-tcp-active-active/proxy.tf index 07445921..bbb93feb 100644 --- a/tests/private-tcp-active-active/proxy.tf +++ b/tests/private-tcp-active-active/proxy.tf @@ -2,7 +2,7 @@ resource "aws_security_group" "proxy" { name = "${local.friendly_name_prefix}-sg-proxy-allow" vpc_id = module.private_tcp_active_active.network_id - tags = { + tags = { Name = "${local.friendly_name_prefix}-sg-proxy-allow" } } diff --git a/tests/public-active-active/locals.tf b/tests/public-active-active/locals.tf index c41432f4..546d28b4 100644 --- a/tests/public-active-active/locals.tf +++ b/tests/public-active-active/locals.tf @@ -1,7 +1,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = "tfe_modules_test" + Environment = local.test_name Description = "Public Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" @@ -9,5 +9,5 @@ locals { } friendly_name_prefix = random_string.friendly_name.id - + test_name = "${local.friendly_name_prefix}-test-public-active-active" } diff --git a/tests/public-active-active/main.tf b/tests/public-active-active/main.tf index 2db66f10..b32d3b1a 100644 --- a/tests/public-active-active/main.tf +++ b/tests/public-active-active/main.tf @@ -28,14 +28,14 @@ module "public_active_active" { iam_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] iact_subnet_list = var.iact_subnet_list instance_type = "m5.xlarge" - kms_key_alias = "${local.friendly_name_prefix}-test-public-active-active" + kms_key_alias = local.test_name load_balancing_scheme = "PUBLIC" node_count = 2 redis_encryption_at_rest = false redis_encryption_in_transit = false redis_require_password = false tfe_license_filepath = "" - tfe_subdomain = "${local.friendly_name_prefix}-test-public-active-active" + tfe_subdomain = local.test_name asg_tags = local.common_tags } From 056a11068db98fbf741ce477107b39711e1c1d44 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Fri, 11 Jun 2021 16:17:29 -0600 Subject: [PATCH 03/11] remove common_tags in favor of provider default_tags --- README.md | 31 ++++++------------- examples/existing-image/README.md | 3 -- examples/existing-image/main.tf | 2 -- examples/existing-image/variables.tf | 10 ------ examples/existing-image/versions.tf | 2 +- main.tf | 26 +++------------- modules/application_load_balancer/main.tf | 10 ------ .../application_load_balancer/variables.tf | 10 ------ modules/application_load_balancer/versions.tf | 2 +- modules/database/main.tf | 6 ---- modules/database/variables.tf | 10 ------ modules/database/versions.tf | 2 +- modules/network_load_balancer/main.tf | 6 ---- modules/network_load_balancer/variables.tf | 10 ------ modules/network_load_balancer/versions.tf | 2 +- modules/networking/main.tf | 3 -- modules/networking/variables.tf | 10 ------ modules/networking/versions.tf | 2 +- modules/object_storage/main.tf | 8 ----- modules/object_storage/variables.tf | 10 ------ modules/object_storage/versions.tf | 2 +- modules/redis/main.tf | 4 --- modules/redis/variables.tf | 10 ------ modules/redis/versions.tf | 2 +- modules/secrets_manager/main.tf | 7 ++--- modules/secrets_manager/variables.tf | 10 ------ modules/secrets_manager/versions.tf | 2 +- modules/service_accounts/main.tf | 2 -- modules/service_accounts/variables.tf | 10 ------ modules/service_accounts/versions.tf | 2 +- modules/vm/main.tf | 9 ------ modules/vm/variables.tf | 10 ------ modules/vm/versions.tf | 2 +- tests/private-active-active/proxy.tf | 7 ++--- tests/private-active-active/versions.tf | 3 +- tests/private-tcp-active-active/versions.tf | 2 +- tests/public-active-active/versions.tf | 2 +- variables.tf | 10 ------ versions.tf | 2 +- 39 files changed, 35 insertions(+), 228 deletions(-) diff --git a/README.md b/README.md index 17496220..b5ed0372 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,8 @@ Certificate validation can take up two hours, causing timeouts during module app ## How to Use This Module - Ensure account meets module pre-requisites from above. +- You may also choose to use this module with a custom AMI image as shown in the [`existing-image`](./examples/existing-image) example. +- Please note that while some resources are individually and uniquely tagged, all common tags are expected to be configured within the AWS provider as shown in the example code snippet below. - Create a Terraform configuration that pulls in this module and specifies values of the required variables: @@ -64,34 +66,20 @@ Certificate validation can take up two hours, causing timeouts during module app ```hcl provider "aws" { region = "" + default_tags { + tags = var.common_tags + } } module "tfe_node" { source = "" - friendly_name_prefix = "" + friendly_name_prefix = "" domain_name = "" tfe_license_filepath = "" acm_certificate_arn = "" } ``` -- _OPTIONAL_: This module can be deployed with a custom AMI rather than the default base given (Ubuntu 20.04 LTS), and has been verified to be functional with Ubuntu 20.04 LTS and RHEL 7.x based images. To deploy using a custom image, use the following configuration instead: - -```hcl -provider "aws" { - region = "" -} - -module "tfe_node" { - source = "" - ami_id = "" - friendly_name_prefix = "" - domain_name = "" - tfe_license_filepath = "" - acm_certificate_arn = "" -} -``` - - Run `terraform init` and `terraform apply` ## Module Manifest @@ -115,9 +103,10 @@ The resources created are: We have included documentation and reference examples for additional common installation scenarios for TFE, as well as examples for supporting resources that lack official modules. -- [Example: Deploying behind a proxy](./examples/behind-proxy) -- [Example: Deploying into an existing private network](./examples/existing-private-network) -- [Example: Deploying while managing DNS outside of AWS](./examples/external-dns) +- [Example: Deploying with an existing, custom image](./examples/existing-image) +- [Example: Deploying behind a proxy (coming soon...)](./examples/behind-proxy) +- [Example: Deploying into an existing private network (coming soon...)](./examples/existing-private-network) +- [Example: Deploying while managing DNS outside of AWS (coming soon...)](./examples/external-dns) ## License diff --git a/examples/existing-image/README.md b/examples/existing-image/README.md index a6394c67..d88f9ab6 100644 --- a/examples/existing-image/README.md +++ b/examples/existing-image/README.md @@ -60,8 +60,6 @@ module "existing_image_example" { ami_id = local.ami_id iact_subnet_list = var.iact_subnet_list load_balancing_scheme = var.load_balancing_scheme - - common_tags = var.common_tags } ``` @@ -83,7 +81,6 @@ The variable inputs described in this document serve as a reference configuratio | `tfe_subdomain` | Desired DNS record subdomain | string | `tfe` | | `tfe_license_name` | The name to use when copying the TFE license file to the EC2 instance. | string | `license.rli` | | `tfe_license_filepath` | The absolute path to the TFE license file on the system running Terraform. | string | `Users/yourname/license.rli` | -| `common_tags` | Map of tags to use for resources | map(string) | `{ Owner = "Your Name" }` | | `iact_subnet_list` | A list of CIDR masks that configure the ability to retrieve the IACT from outside the host. | list(string) | `["0.0.0.0/0"]` | | `load_balancing_scheme` | Load Balancing Scheme. Supported values are: "PRIVATE"; "PRIVATE_TCP"; "PUBLIC". | string | `PUBLIC` | | `ami_id` | AMI ID of the custom image to use for TFE instances. If this value is provided, you do not need any of the following ami variable values. | string | `ami-12345` | diff --git a/examples/existing-image/main.tf b/examples/existing-image/main.tf index d08ba413..2f420b5f 100644 --- a/examples/existing-image/main.tf +++ b/examples/existing-image/main.tf @@ -33,6 +33,4 @@ module "existing_image_example" { ami_id = local.ami_id iact_subnet_list = var.iact_subnet_list load_balancing_scheme = var.load_balancing_scheme - - common_tags = var.common_tags } diff --git a/examples/existing-image/variables.tf b/examples/existing-image/variables.tf index 150a7400..57f22462 100644 --- a/examples/existing-image/variables.tf +++ b/examples/existing-image/variables.tf @@ -33,16 +33,6 @@ variable "tfe_license_filepath" { description = "The absolute path to the TFE license file on the system running Terraform." } -variable "common_tags" { - type = map(string) - description = < Date: Fri, 11 Jun 2021 16:39:06 -0600 Subject: [PATCH 04/11] revert Environment tag --- tests/private-active-active/locals.tf | 2 +- tests/private-tcp-active-active/locals.tf | 2 +- tests/public-active-active/locals.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/private-active-active/locals.tf b/tests/private-active-active/locals.tf index f7981d57..863a3414 100644 --- a/tests/private-active-active/locals.tf +++ b/tests/private-active-active/locals.tf @@ -1,7 +1,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = local.test_name + Environment = "tfe_modules_test" Description = "Private Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index adb4f1f9..e52a43d0 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -3,7 +3,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = local.test_name + Environment = "tfe_modules_test" Description = "Private TCP Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" diff --git a/tests/public-active-active/locals.tf b/tests/public-active-active/locals.tf index 546d28b4..c8bef4af 100644 --- a/tests/public-active-active/locals.tf +++ b/tests/public-active-active/locals.tf @@ -1,7 +1,7 @@ locals { common_tags = { Terraform = "cloud" - Environment = local.test_name + Environment = "tfe_modules_test" Description = "Public Active/Active" Repository = "hashicorp/terraform-aws-terraform-enterprise" Team = "Terraform Enterprise on Prem" From 8ba2d35ba23da8678871a8e9db82a9dc9633fdf9 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Fri, 11 Jun 2021 17:13:35 -0600 Subject: [PATCH 05/11] temporarily remove computed tag values --- main.tf | 4 ++- modules/networking/main.tf | 41 +++++++++++++++++------- modules/secrets_manager/main.tf | 4 ++- tests/private-active-active/proxy.tf | 4 ++- tests/private-tcp-active-active/proxy.tf | 2 ++ 5 files changed, 40 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index f8eabaad..0dec83eb 100644 --- a/main.tf +++ b/main.tf @@ -23,8 +23,10 @@ resource "aws_kms_key" "tfe_key" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-kms-key" + // Name = "${var.friendly_name_prefix}-tfe-kms-key" + Name = "tfe-kms-key" } } diff --git a/modules/networking/main.tf b/modules/networking/main.tf index a2cac2e9..644a1f91 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -28,29 +28,38 @@ module "vpc" { public_subnets = var.network_public_subnet_cidrs single_nat_gateway = false + // Prefixes removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved igw_tags = { - Name = "${var.friendly_name_prefix}-tfe-igw" + // Name = "${var.friendly_name_prefix}-tfe-igw" + Name = "tfe-igw" } nat_eip_tags = { - Name = "${var.friendly_name_prefix}-tfe-nat-eip" + // Name = "${var.friendly_name_prefix}-tfe-nat-eip" + Name = "tfe-nat-eip" } nat_gateway_tags = { - Name = "${var.friendly_name_prefix}-tfe-tgw" + // Name = "${var.friendly_name_prefix}-tfe-tgw" + Name = "tfe-tgw" } private_route_table_tags = { - Name = "${var.friendly_name_prefix}-tfe-rtb-private" + // Name = "${var.friendly_name_prefix}-tfe-rtb-private" + Name = "tfe-rtb-private" } private_subnet_tags = { - Name = "${var.friendly_name_prefix}-private" + // Name = "${var.friendly_name_prefix}-private" + Name = "private" } public_route_table_tags = { - Name = "${var.friendly_name_prefix}-tfe-rtb-public" + // Name = "${var.friendly_name_prefix}-tfe-rtb-public" + Name = "tfe-rtb-public" } public_subnet_tags = { - Name = "${var.friendly_name_prefix}-public" + // Name = "${var.friendly_name_prefix}-public" + Name = "public" } vpc_tags = { - Name = "${var.friendly_name_prefix}-tfe-vpc" + // Name = "${var.friendly_name_prefix}-tfe-vpc" + Name = "tfe-vpc" } } @@ -88,8 +97,10 @@ module "vpc_endpoints" { service = "ec2messages" service_type = "Interface" subnet_ids = module.vpc.private_subnets + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" + // Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" + Name = "tfe-ec2messages-vpc-endpoint" } } kms = { @@ -102,8 +113,10 @@ module "vpc_endpoints" { route_table_ids = module.vpc.private_route_table_ids service = "s3" service_type = "Gateway" + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" + // Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" + Name = "tfe-s3-vpc-endpoint" } } ssm = { @@ -111,8 +124,10 @@ module "vpc_endpoints" { service = "ssm" service_type = "Interface" subnet_ids = module.vpc.private_subnets + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" + // Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" + Name = "tfe-ssm-vpc-endpoint" } } ssmmessages = { @@ -120,8 +135,10 @@ module "vpc_endpoints" { service = "ssmmessages" service_type = "Interface" subnet_ids = module.vpc.private_subnets + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" + // Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" + Name = "tfe-ssmmessages-vpc-endpoint" } } } diff --git a/modules/secrets_manager/main.tf b/modules/secrets_manager/main.tf index 92c066db..f60b63a1 100644 --- a/modules/secrets_manager/main.tf +++ b/modules/secrets_manager/main.tf @@ -4,8 +4,10 @@ resource "aws_secretsmanager_secret" "tfe_install" { name = var.secretsmanager_secret_name == null ? "${var.friendly_name_prefix}-tfe-install-secrets" : var.secretsmanager_secret_name description = "TFE install secret metadata" + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${var.friendly_name_prefix}-tfe-install-secrets" + // Name = "${var.friendly_name_prefix}-tfe-install-secrets" + Name = "tfe-install-secrets" } } diff --git a/tests/private-active-active/proxy.tf b/tests/private-active-active/proxy.tf index 13f38fa8..45af030f 100644 --- a/tests/private-active-active/proxy.tf +++ b/tests/private-active-active/proxy.tf @@ -36,8 +36,10 @@ resource "aws_security_group" "proxy" { name = "${local.friendly_name_prefix}-sg-proxy-allow" vpc_id = module.private_active_active.network_id + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - Name = "${local.friendly_name_prefix}-sg-proxy-allow" + // Name = "${local.friendly_name_prefix}-sg-proxy-allow" + Name = "sg-proxy-allow" } } diff --git a/tests/private-tcp-active-active/proxy.tf b/tests/private-tcp-active-active/proxy.tf index bbb93feb..0adbd7da 100644 --- a/tests/private-tcp-active-active/proxy.tf +++ b/tests/private-tcp-active-active/proxy.tf @@ -2,7 +2,9 @@ resource "aws_security_group" "proxy" { name = "${local.friendly_name_prefix}-sg-proxy-allow" vpc_id = module.private_tcp_active_active.network_id + // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { + // Name = "${local.friendly_name_prefix}-sg-proxy-allow" Name = "${local.friendly_name_prefix}-sg-proxy-allow" } } From 4cd9f2578feb81cd34f528823eec85fad78f03ae Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Fri, 11 Jun 2021 17:18:42 -0600 Subject: [PATCH 06/11] linting fix --- main.tf | 4 +-- modules/networking/main.tf | 34 ++++++++++++------------ modules/secrets_manager/main.tf | 4 +-- tests/private-active-active/proxy.tf | 4 +-- tests/private-tcp-active-active/proxy.tf | 4 +-- 5 files changed, 25 insertions(+), 25 deletions(-) diff --git a/main.tf b/main.tf index 0dec83eb..c0749dd0 100644 --- a/main.tf +++ b/main.tf @@ -23,9 +23,9 @@ resource "aws_kms_key" "tfe_key" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-kms-key" + # Name = "${var.friendly_name_prefix}-tfe-kms-key" Name = "tfe-kms-key" } } diff --git a/modules/networking/main.tf b/modules/networking/main.tf index 644a1f91..54f0533b 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -28,37 +28,37 @@ module "vpc" { public_subnets = var.network_public_subnet_cidrs single_nat_gateway = false - // Prefixes removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefixes removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved igw_tags = { - // Name = "${var.friendly_name_prefix}-tfe-igw" + # Name = "${var.friendly_name_prefix}-tfe-igw" Name = "tfe-igw" } nat_eip_tags = { - // Name = "${var.friendly_name_prefix}-tfe-nat-eip" + # Name = "${var.friendly_name_prefix}-tfe-nat-eip" Name = "tfe-nat-eip" } nat_gateway_tags = { - // Name = "${var.friendly_name_prefix}-tfe-tgw" + # Name = "${var.friendly_name_prefix}-tfe-tgw" Name = "tfe-tgw" } private_route_table_tags = { - // Name = "${var.friendly_name_prefix}-tfe-rtb-private" + # Name = "${var.friendly_name_prefix}-tfe-rtb-private" Name = "tfe-rtb-private" } private_subnet_tags = { - // Name = "${var.friendly_name_prefix}-private" + # Name = "${var.friendly_name_prefix}-private" Name = "private" } public_route_table_tags = { - // Name = "${var.friendly_name_prefix}-tfe-rtb-public" + # Name = "${var.friendly_name_prefix}-tfe-rtb-public" Name = "tfe-rtb-public" } public_subnet_tags = { - // Name = "${var.friendly_name_prefix}-public" + # Name = "${var.friendly_name_prefix}-public" Name = "public" } vpc_tags = { - // Name = "${var.friendly_name_prefix}-tfe-vpc" + # Name = "${var.friendly_name_prefix}-tfe-vpc" Name = "tfe-vpc" } } @@ -97,9 +97,9 @@ module "vpc_endpoints" { service = "ec2messages" service_type = "Interface" subnet_ids = module.vpc.private_subnets - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ec2messages-vpc-endpoint" Name = "tfe-ec2messages-vpc-endpoint" } } @@ -113,9 +113,9 @@ module "vpc_endpoints" { route_table_ids = module.vpc.private_route_table_ids service = "s3" service_type = "Gateway" - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-s3-vpc-endpoint" Name = "tfe-s3-vpc-endpoint" } } @@ -124,9 +124,9 @@ module "vpc_endpoints" { service = "ssm" service_type = "Interface" subnet_ids = module.vpc.private_subnets - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ssm-vpc-endpoint" Name = "tfe-ssm-vpc-endpoint" } } @@ -135,9 +135,9 @@ module "vpc_endpoints" { service = "ssmmessages" service_type = "Interface" subnet_ids = module.vpc.private_subnets - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" + # Name = "${var.friendly_name_prefix}-tfe-ssmmessages-vpc-endpoint" Name = "tfe-ssmmessages-vpc-endpoint" } } diff --git a/modules/secrets_manager/main.tf b/modules/secrets_manager/main.tf index f60b63a1..0bacba69 100644 --- a/modules/secrets_manager/main.tf +++ b/modules/secrets_manager/main.tf @@ -4,9 +4,9 @@ resource "aws_secretsmanager_secret" "tfe_install" { name = var.secretsmanager_secret_name == null ? "${var.friendly_name_prefix}-tfe-install-secrets" : var.secretsmanager_secret_name description = "TFE install secret metadata" - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${var.friendly_name_prefix}-tfe-install-secrets" + # Name = "${var.friendly_name_prefix}-tfe-install-secrets" Name = "tfe-install-secrets" } } diff --git a/tests/private-active-active/proxy.tf b/tests/private-active-active/proxy.tf index 45af030f..5a90a6e0 100644 --- a/tests/private-active-active/proxy.tf +++ b/tests/private-active-active/proxy.tf @@ -36,9 +36,9 @@ resource "aws_security_group" "proxy" { name = "${local.friendly_name_prefix}-sg-proxy-allow" vpc_id = module.private_active_active.network_id - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${local.friendly_name_prefix}-sg-proxy-allow" + # Name = "${local.friendly_name_prefix}-sg-proxy-allow" Name = "sg-proxy-allow" } } diff --git a/tests/private-tcp-active-active/proxy.tf b/tests/private-tcp-active-active/proxy.tf index 0adbd7da..47c33ed5 100644 --- a/tests/private-tcp-active-active/proxy.tf +++ b/tests/private-tcp-active-active/proxy.tf @@ -2,9 +2,9 @@ resource "aws_security_group" "proxy" { name = "${local.friendly_name_prefix}-sg-proxy-allow" vpc_id = module.private_tcp_active_active.network_id - // Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved + # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { - // Name = "${local.friendly_name_prefix}-sg-proxy-allow" + # Name = "${local.friendly_name_prefix}-sg-proxy-allow" Name = "${local.friendly_name_prefix}-sg-proxy-allow" } } From fcc75d58185d0bb1d5ea59f853cee4f77a7eec93 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Fri, 11 Jun 2021 17:35:34 -0600 Subject: [PATCH 07/11] copy/pasta oversight --- tests/private-tcp-active-active/proxy.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/private-tcp-active-active/proxy.tf b/tests/private-tcp-active-active/proxy.tf index 47c33ed5..c7119c4d 100644 --- a/tests/private-tcp-active-active/proxy.tf +++ b/tests/private-tcp-active-active/proxy.tf @@ -5,7 +5,7 @@ resource "aws_security_group" "proxy" { # Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved tags = { # Name = "${local.friendly_name_prefix}-sg-proxy-allow" - Name = "${local.friendly_name_prefix}-sg-proxy-allow" + Name = "sg-proxy-allow" } } From 33c62ab5677ae1b6dc2cbf83f5012cfcd02740c1 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Mon, 14 Jun 2021 12:40:56 -0600 Subject: [PATCH 08/11] troubleshooting --- tests/private-active-active/locals.tf | 1 - tests/private-active-active/main.tf | 4 ++-- tests/private-tcp-active-active/locals.tf | 1 - tests/private-tcp-active-active/main.tf | 4 ++-- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/private-active-active/locals.tf b/tests/private-active-active/locals.tf index 863a3414..a0299f05 100644 --- a/tests/private-active-active/locals.tf +++ b/tests/private-active-active/locals.tf @@ -10,5 +10,4 @@ locals { friendly_name_prefix = random_string.friendly_name.id ssm_policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - test_name = "${local.friendly_name_prefix}-test-private-active-active" } diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index f17b712d..dcaf4f7b 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -50,7 +50,7 @@ module "private_active_active" { iam_role_policy_arns = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.4xlarge" key_name = var.key_name - kms_key_alias = local.test_name + kms_key_alias = "${local.friendly_name_prefix}-test-private-active-active" load_balancing_scheme = "PRIVATE" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -58,7 +58,7 @@ module "private_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = local.test_name + tfe_subdomain = "${local.friendly_name_prefix}-test-private-active-active" asg_tags = local.common_tags } diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index e52a43d0..ab0b24dd 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -11,5 +11,4 @@ locals { } friendly_name_prefix = random_string.friendly_name.id - test_name = "${local.friendly_name_prefix}-test-private-tcp-active-active" } diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 47d3a9fa..15092d8f 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -61,7 +61,7 @@ module "private_tcp_active_active" { iact_subnet_list = ["0.0.0.0/0"] iam_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.8xlarge" - kms_key_alias = local.test_name + kms_key_alias = "${local.friendly_name_prefix}-test-private-tcp-active-active" load_balancing_scheme = "PRIVATE_TCP" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -70,7 +70,7 @@ module "private_tcp_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = local.test_name + tfe_subdomain = "${local.friendly_name_prefix}-test-private-tcp-active-active" asg_tags = local.common_tags } From 08da63f2676e6b692e3ab77a736fbd8c7c2fde04 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 16 Jun 2021 10:26:22 -0600 Subject: [PATCH 09/11] create local test_name --- tests/private-active-active/locals.tf | 1 + tests/private-active-active/main.tf | 4 ++-- tests/private-tcp-active-active/locals.tf | 2 ++ tests/private-tcp-active-active/main.tf | 6 +++--- tests/private-tcp-active-active/proxy.tf | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/tests/private-active-active/locals.tf b/tests/private-active-active/locals.tf index a0299f05..863a3414 100644 --- a/tests/private-active-active/locals.tf +++ b/tests/private-active-active/locals.tf @@ -10,4 +10,5 @@ locals { friendly_name_prefix = random_string.friendly_name.id ssm_policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + test_name = "${local.friendly_name_prefix}-test-private-active-active" } diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 41d7c3aa..da7d763a 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -50,7 +50,7 @@ module "private_active_active" { iam_role_policy_arns = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.4xlarge" key_name = var.key_name - kms_key_alias = "${local.friendly_name_prefix}-test-private-active-active" + kms_key_alias = local.test_name load_balancing_scheme = "PRIVATE" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -58,7 +58,7 @@ module "private_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = "${local.friendly_name_prefix}-test-private-active-active" + tfe_subdomain = local.test_name asg_tags = local.common_tags } diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index ab0b24dd..92b2542f 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -11,4 +11,6 @@ locals { } friendly_name_prefix = random_string.friendly_name.id + ssm_policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + test_name = "${local.friendly_name_prefix}-test-private-tcp-active-active } diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 15092d8f..9b136150 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -59,9 +59,9 @@ module "private_tcp_active_active" { deploy_secretsmanager = false external_bootstrap_bucket = var.external_bootstrap_bucket iact_subnet_list = ["0.0.0.0/0"] - iam_role_policy_arns = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] + iam_role_policy_arns = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"] instance_type = "m5.8xlarge" - kms_key_alias = "${local.friendly_name_prefix}-test-private-tcp-active-active" + kms_key_alias = local.test_name load_balancing_scheme = "PRIVATE_TCP" node_count = 2 proxy_ip = "${aws_instance.proxy.private_ip}:${local.http_proxy_port}" @@ -70,7 +70,7 @@ module "private_tcp_active_active" { redis_encryption_in_transit = true redis_require_password = true tfe_license_filepath = "" - tfe_subdomain = "${local.friendly_name_prefix}-test-private-tcp-active-active" + tfe_subdomain = local.test_name asg_tags = local.common_tags } diff --git a/tests/private-tcp-active-active/proxy.tf b/tests/private-tcp-active-active/proxy.tf index c7119c4d..b25960c6 100644 --- a/tests/private-tcp-active-active/proxy.tf +++ b/tests/private-tcp-active-active/proxy.tf @@ -68,7 +68,7 @@ data "aws_iam_policy_document" "instance_role" { resource "aws_iam_role_policy_attachment" "ssm" { role = aws_iam_role.instance_role.name - policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + policy_arn = local.ssm_policy_arn } resource "aws_instance" "proxy" { From 9368320fa74832c53b549bee7b8e0ab6231790cc Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 16 Jun 2021 10:32:20 -0600 Subject: [PATCH 10/11] missed quote --- tests/private-tcp-active-active/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/private-tcp-active-active/locals.tf b/tests/private-tcp-active-active/locals.tf index 92b2542f..e63653d5 100644 --- a/tests/private-tcp-active-active/locals.tf +++ b/tests/private-tcp-active-active/locals.tf @@ -12,5 +12,5 @@ locals { friendly_name_prefix = random_string.friendly_name.id ssm_policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - test_name = "${local.friendly_name_prefix}-test-private-tcp-active-active + test_name = "${local.friendly_name_prefix}-test-private-tcp-active-active" } From 767ddee22b41440c4538b1d6bf38267e8d549b34 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 16 Jun 2021 11:34:35 -0600 Subject: [PATCH 11/11] add key_name to private test --- tests/private-active-active/proxy.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/private-active-active/proxy.tf b/tests/private-active-active/proxy.tf index 5a90a6e0..acaa5c37 100644 --- a/tests/private-active-active/proxy.tf +++ b/tests/private-active-active/proxy.tf @@ -17,6 +17,7 @@ resource "aws_instance" "proxy" { ami = data.aws_ami.rhel.id instance_type = "m4.large" iam_instance_profile = aws_iam_instance_profile.proxy_ssm.name + key_name = var.key_name subnet_id = module.private_active_active.private_subnet_ids[0]