Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use default tagging #183

Merged
merged 15 commits into from
Jun 16, 2021
31 changes: 10 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,41 +57,29 @@ Certificate validation can take up two hours, causing timeouts during module app
## How to Use This Module

- Ensure account meets module pre-requisites from above.
- You may also choose to use this module with a custom AMI image as shown in the [`existing-image`](./examples/existing-image) example.
- Please note that while some resources are individually and uniquely tagged, all common tags are expected to be configured within the AWS provider as shown in the example code snippet below.

- Create a Terraform configuration that pulls in this module and specifies values
of the required variables:

```hcl
provider "aws" {
region = "<your AWS region>"
default_tags {
tags = var.common_tags
}
}

module "tfe_node" {
source = "<filepath to cloned module directory>"
friendly_name_prefix = "<prefix for tagging/naming AWS resources>"
friendly_name_prefix = "<prefix for naming AWS resources>"
domain_name = "<domain for creating the Terraform Enterprise subdomain on. >"
tfe_license_filepath = "<filepath to your .rli file>"
acm_certificate_arn = "<ARN for ACM cert to be used with load balancer>"
}
```

- _OPTIONAL_: This module can be deployed with a custom AMI rather than the default base given (Ubuntu 20.04 LTS), and has been verified to be functional with Ubuntu 20.04 LTS and RHEL 7.x based images. To deploy using a custom image, use the following configuration instead:

```hcl
provider "aws" {
region = "<your AWS region>"
}

module "tfe_node" {
source = "<filepath to cloned module directory>"
ami_id = "<the ID of your preferred AMI>"
friendly_name_prefix = "<prefix for tagging/naming AWS resources>"
domain_name = "<domain for creating the Terraform Enterprise subdomain on. >"
tfe_license_filepath = "<filepath to your .rli file>"
acm_certificate_arn = "<ARN for ACM cert to be used with load balancer>"
}
```

- Run `terraform init` and `terraform apply`

## Module Manifest
Expand All @@ -115,9 +103,10 @@ The resources created are:

We have included documentation and reference examples for additional common installation scenarios for TFE, as well as examples for supporting resources that lack official modules.

- [Example: Deploying behind a proxy](./examples/behind-proxy)
- [Example: Deploying into an existing private network](./examples/existing-private-network)
- [Example: Deploying while managing DNS outside of AWS](./examples/external-dns)
- [Example: Deploying with an existing, custom image](./examples/existing-image)
- [Example: Deploying behind a proxy (coming soon...)](./examples/behind-proxy)
- [Example: Deploying into an existing private network (coming soon...)](./examples/existing-private-network)
- [Example: Deploying while managing DNS outside of AWS (coming soon...)](./examples/external-dns)

## License

Expand Down
3 changes: 0 additions & 3 deletions examples/existing-image/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,6 @@ module "existing_image_example" {
ami_id = local.ami_id
iact_subnet_list = var.iact_subnet_list
load_balancing_scheme = var.load_balancing_scheme

common_tags = var.common_tags
}
```

Expand All @@ -83,7 +81,6 @@ The variable inputs described in this document serve as a reference configuratio
| `tfe_subdomain` | Desired DNS record subdomain | string | `tfe` |
| `tfe_license_name` | The name to use when copying the TFE license file to the EC2 instance. | string | `license.rli` |
| `tfe_license_filepath` | The absolute path to the TFE license file on the system running Terraform. | string | `Users/yourname/license.rli` |
| `common_tags` | Map of tags to use for resources | map(string) | `{ Owner = "Your Name" }` |
| `iact_subnet_list` | A list of CIDR masks that configure the ability to retrieve the IACT from outside the host. | list(string) | `["0.0.0.0/0"]` |
| `load_balancing_scheme` | Load Balancing Scheme. Supported values are: "PRIVATE"; "PRIVATE_TCP"; "PUBLIC". | string | `PUBLIC` |
| `ami_id` | AMI ID of the custom image to use for TFE instances. If this value is provided, you do not need any of the following ami variable values. | string | `ami-12345` |
Expand Down
2 changes: 0 additions & 2 deletions examples/existing-image/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,4 @@ module "existing_image_example" {
ami_id = local.ami_id
iact_subnet_list = var.iact_subnet_list
load_balancing_scheme = var.load_balancing_scheme

common_tags = var.common_tags
}
6 changes: 0 additions & 6 deletions examples/existing-image/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,6 @@ variable "tfe_license_filepath" {
description = "The absolute path to the TFE license file on the system running Terraform."
}

variable "common_tags" {
default = {}
type = map(string)
description = "(Optional) Map of common tags for all taggable AWS resources."
}

variable "iact_subnet_list" {
default = ["0.0.0.0/0"]
type = list(string)
Expand Down
2 changes: 1 addition & 1 deletion examples/existing-image/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.15"
version = "~> 3.38"
}
}
}
29 changes: 7 additions & 22 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,11 @@ resource "aws_kms_key" "tfe_key" {
is_enabled = true
key_usage = "ENCRYPT_DECRYPT"

tags = merge(
{ Name = "${var.friendly_name_prefix}-tfe-kms-key" },
var.common_tags,
)
# Prefix removed until https://github.com/hashicorp/terraform-provider-aws/issues/19583 is resolved
tags = {
# Name = "${var.friendly_name_prefix}-tfe-kms-key"
Name = "tfe-kms-key"
}
}

resource "aws_kms_alias" "key_alias" {
Expand All @@ -51,8 +52,6 @@ module "object_storage" {
tfe_license_name = var.tfe_license_name
proxy_cert_bundle_filepath = var.proxy_cert_bundle_filepath
proxy_cert_bundle_name = var.proxy_cert_bundle_name

common_tags = var.common_tags
}

module "service_accounts" {
Expand All @@ -62,18 +61,14 @@ module "service_accounts" {
aws_bucket_data_arn = module.object_storage.s3_bucket_data_arn
friendly_name_prefix = var.friendly_name_prefix
kms_key_arn = aws_kms_key.tfe_key.arn

common_tags = var.common_tags
iam_role_policy_arns = var.iam_role_policy_arns
iam_role_policy_arns = var.iam_role_policy_arns
}

module "secrets_manager" {
source = "./modules/secrets_manager"

friendly_name_prefix = var.friendly_name_prefix
deploy_secretsmanager = var.deploy_secretsmanager

common_tags = var.common_tags
}

module "networking" {
Expand All @@ -85,8 +80,6 @@ module "networking" {
network_cidr = var.network_cidr
network_private_subnet_cidrs = var.network_private_subnet_cidrs
network_public_subnet_cidrs = var.network_public_subnet_cidrs

common_tags = var.common_tags
}

locals {
Expand Down Expand Up @@ -114,8 +107,6 @@ module "redis" {
redis_encryption_in_transit = var.redis_encryption_in_transit
redis_encryption_at_rest = var.redis_encryption_at_rest
redis_require_password = var.redis_require_password

common_tags = var.common_tags
}

module "database" {
Expand All @@ -128,8 +119,6 @@ module "database" {
network_private_subnet_cidrs = var.network_private_subnet_cidrs
network_subnets_private = local.network_private_subnets
tfe_instance_sg = module.vm.tfe_instance_sg

common_tags = var.common_tags
}

module "user_data" {
Expand Down Expand Up @@ -173,8 +162,6 @@ module "load_balancer" {
network_public_subnets = local.network_public_subnets
network_private_subnets = local.network_private_subnets
ssl_policy = var.ssl_policy

common_tags = var.common_tags
}

module "private_tcp_load_balancer" {
Expand All @@ -189,8 +176,6 @@ module "private_tcp_load_balancer" {
network_id = local.network_id
network_private_subnets = local.network_private_subnets
ssl_policy = var.ssl_policy

common_tags = var.common_tags
}

module "vm" {
Expand All @@ -202,7 +187,7 @@ module "vm" {
aws_lb = var.load_balancing_scheme == "PRIVATE_TCP" ? null : module.load_balancer[0].aws_lb_security_group
aws_lb_target_group_tfe_tg_443_arn = var.load_balancing_scheme == "PRIVATE_TCP" ? module.private_tcp_load_balancer[0].aws_lb_target_group_tfe_tg_443_arn : module.load_balancer[0].aws_lb_target_group_tfe_tg_443_arn
aws_lb_target_group_tfe_tg_8800_arn = var.load_balancing_scheme == "PRIVATE_TCP" ? module.private_tcp_load_balancer[0].aws_lb_target_group_tfe_tg_8800_arn : module.load_balancer[0].aws_lb_target_group_tfe_tg_8800_arn
common_tags = var.common_tags
asg_tags = var.asg_tags
default_ami_id = local.default_ami_id
friendly_name_prefix = var.friendly_name_prefix
key_name = var.key_name
Expand Down
10 changes: 0 additions & 10 deletions modules/application_load_balancer/main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
resource "aws_security_group" "tfe_lb_allow" {
name = "${var.friendly_name_prefix}-tfe-lb-allow"
vpc_id = var.network_id

tags = var.common_tags
}

resource "aws_security_group_rule" "tfe_lb_allow_inbound_http" {
Expand Down Expand Up @@ -39,8 +37,6 @@ resource "aws_security_group_rule" "tfe_lb_allow_inbound_dashboard" {
resource "aws_security_group" "tfe_outbound_allow" {
name = "${var.friendly_name_prefix}-tfe-outbound-allow"
vpc_id = var.network_id

tags = var.common_tags
}

resource "aws_security_group_rule" "tfe_outbound_allow_all" {
Expand All @@ -64,8 +60,6 @@ resource "aws_lb" "tfe_lb" {
aws_security_group.tfe_lb_allow.id,
aws_security_group.tfe_outbound_allow.id
]

tags = var.common_tags
}

resource "aws_lb_listener" "tfe_listener_80" {
Expand Down Expand Up @@ -108,8 +102,6 @@ resource "aws_lb_target_group" "tfe_tg_443" {
protocol = "HTTPS"
matcher = "200-399"
}

tags = var.common_tags
}

resource "aws_lb_listener" "tfe_listener_8800" {
Expand Down Expand Up @@ -139,8 +131,6 @@ resource "aws_lb_target_group" "tfe_tg_8800" {
protocol = "HTTPS"
matcher = "200-399"
}

tags = var.common_tags
}

data "aws_route53_zone" "tfe" {
Expand Down
6 changes: 0 additions & 6 deletions modules/application_load_balancer/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,3 @@ variable "friendly_name_prefix" {
type = string
description = "(Required) Friendly name prefix used for tagging and naming AWS resources."
}

variable "common_tags" {
type = map(string)
description = "(Optional) Map of common tags for all taggable AWS resources."
default = {}
}
2 changes: 1 addition & 1 deletion modules/application_load_balancer/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.15"
version = "~> 3.38"
}
}
}
6 changes: 0 additions & 6 deletions modules/database/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ resource "aws_security_group" "postgresql" {
description = "The security group of the PostgreSQL deployment for TFE."
name = "${var.friendly_name_prefix}-tfe-postgresql"
vpc_id = var.network_id

tags = var.common_tags
}

resource "aws_security_group_rule" "postgresql_tfe_ingress" {
Expand Down Expand Up @@ -50,8 +48,6 @@ resource "aws_security_group_rule" "postgresql_egress" {
resource "aws_db_subnet_group" "tfe" {
name = var.friendly_name_prefix
subnet_ids = var.network_subnets_private

tags = var.common_tags
}

resource "aws_db_instance" "postgresql" {
Expand Down Expand Up @@ -80,6 +76,4 @@ resource "aws_db_instance" "postgresql" {
storage_encrypted = true
storage_type = "gp2"
vpc_security_group_ids = [aws_security_group.postgresql.id]

tags = var.common_tags
}
6 changes: 0 additions & 6 deletions modules/database/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,3 @@ variable "network_private_subnet_cidrs" {
description = "(Optional) List of private subnet CIDR ranges to create in VPC."
default = ["10.0.32.0/20", "10.0.48.0/20"]
}

variable "common_tags" {
type = map(string)
description = "(Optional) Map of common tags for all taggable AWS resources."
default = {}
}
2 changes: 1 addition & 1 deletion modules/database/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.15"
version = "~> 3.38"
}
random = {
source = "hashicorp/random"
Expand Down
6 changes: 0 additions & 6 deletions modules/network_load_balancer/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ resource "aws_lb" "tfe_lb" {
internal = true
load_balancer_type = "network"
subnets = var.network_private_subnets

tags = var.common_tags
}

resource "aws_lb_listener" "tfe_listener_443" {
Expand All @@ -27,8 +25,6 @@ resource "aws_lb_target_group" "tfe_tg_443" {
health_check {
protocol = "TCP"
}

tags = var.common_tags
}

resource "aws_lb_listener" "tfe_listener_8800" {
Expand Down Expand Up @@ -57,8 +53,6 @@ resource "aws_lb_target_group" "tfe_tg_8800" {
path = "/"
protocol = "TCP"
}

tags = var.common_tags
}

data "aws_route53_zone" "tfe" {
Expand Down
6 changes: 0 additions & 6 deletions modules/network_load_balancer/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,3 @@ variable "friendly_name_prefix" {
type = string
description = "(Required) Friendly name prefix used for tagging and naming AWS resources."
}

variable "common_tags" {
type = map(string)
description = "(Optional) Map of common tags for all taggable AWS resources."
default = {}
}
2 changes: 1 addition & 1 deletion modules/network_load_balancer/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.15"
version = "~> 3.38"
}
}
}
Loading