From 1f78ca0785b710d352a2481348e0447a99eac8fe Mon Sep 17 00:00:00 2001 From: Siddharth Barhate Date: Wed, 10 May 2023 14:35:23 +0530 Subject: [PATCH 1/2] Added pre-commit hook and improved Descriptions --- .pre-commit-config.yaml | 29 +++++++++++ README.md | 110 ++++++++++++++++++++++++++++++++++++++++ eks.tf | 91 +++++++++++++++++---------------- output.tf | 32 ++++-------- readme.md | 52 ------------------- tfstate/README.md | 49 ++++-------------- tfstate/main.tf | 6 +-- tfstate/output.tf | 6 +-- vpc.tf | 16 +++--- 9 files changed, 220 insertions(+), 171 deletions(-) create mode 100644 .pre-commit-config.yaml create mode 100644 README.md delete mode 100644 readme.md diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d1cc181 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,29 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + - id: trailing-whitespace + args: ['--markdown-linebreak-ext=md'] + - id: end-of-file-fixer + - id: check-merge-conflict + - id: detect-private-key + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.77.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - '--args=--lockfile=false' + - --hook-config=--add-to-existing-file=true + - --hook-config=--create-file-if-not-exist=true + + - id: terraform_tflint + args: + - --args=--config=.tflint.hcl + - id: terraform_tfsec + files: ^examples/ # only scan `examples/*` which are the implementation + args: + - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml + - --args=--concise-output diff --git a/README.md b/README.md new file mode 100644 index 0000000..2234af2 --- /dev/null +++ b/README.md @@ -0,0 +1,110 @@ + +## Requirements and Prerequisites + +1. An AWS account +2. A system with [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) and [kubectl](https://kubernetes.io/docs/tasks/tools/) installed + +This repository contains Terraform configuration files for deploying a set of modules in a specific order. The tfstate module must be deployed first, followed by main module. + +## Deploying the tfstate Module + +The tfstate module is used for storing the Terraform state file remotely, which is a recommended practice to ensure consistency and collaboration among team members. + +To deploy the tfstate module, navigate to the **tfstate** directory and run the following commands: + +1. terraform init +2. terraform plan +3. terraform apply + +Once you have provided the required input, Terraform will create the necessary resources for the tfstate module. + +## Deploying the EKS Cluster + +After the tfstate module has been deployed, you can deploy the the EKS cluster setup. Creating an EKS cluster involves several steps, including setting up a Virtual Private Cloud (VPC), creating an EKS cluster, configuring an EKS node group, and bootstrapping the cluster. + +### VPC + +The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/vpc/aws/latest) module available on the Terraform Registry is designed to create and manage Virtual Private Cloud (VPC) resources in AWS (Amazon Web Services). + +The module can be used to create a new VPC along with its associated resources such as Subnets, Route Tables, Security Groups, Network ACL(s) (NACL), and Internet Gateway (IGW). It offers a simplified and standardized way to create VPC infrastructure, while also providing flexibility to customize VPC resources based on specific requirements. + +The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/vpc/aws/latest) module offers a range of configuration options, including the ability to specify CIDR blocks for VPC and subnet ranges, assign names and tags to VPC resources, enable DNS support, and configure NAT gateways. Additionally, the module provides pre-configured modules for creating subnets in different availability zones(AZs), route tables, and security groups. + +By using this module, AWS users can save time and effort in setting up VPC infrastructure, and ensure that their VPCs are created in a consistent and reproducible manner. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. + +### EKS + +The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module available on the Terraform Registry is designed to create and manage an EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services). + +The module provides a simplified and standardized way to create and manage the kubernetes control plane and worker nodes in EKS. It automates the process of creating the necessary EKS resources such as security groups, IAM roles and policies, and the EKS cluster itself. + +The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module offers a range of configuration options, such as the ability to specify the number of worker nodes, instance types, and desired capacity. It also provides pre-configured modules for configuring worker node groups with different instance types, adding custom tags. + +By using this module, AWS users can set up a kubernetes cluster on EKS in a simple, efficient, and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. + +### EKS-BOOTSTRAP + +The [squareops/eks-bootstrap/aws](https://registry.terraform.io/modules/squareops/eks-bootstrap/aws/latest) module available on the Terraform Registry is designed to bootstrap an EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services) with the necessary resources to run a kubernetes workload. + +The module provides a simplified and standardized way to create the kubernetes worker nodes in EKS, and to deploy the necessary add-ons and configurations to run kubernetes workloads. It automates the process of creating the necessary EKS resources. + +By using this module, AWS users can save time and ensure that their kubernetes workloads are deployed in a consistent and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. + + +# terraform-eks-reference + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eks](#module\_eks) | squareops/eks/aws | 1.0.3 | +| [eks\_bootstrap](#module\_eks\_bootstrap) | squareops/eks-bootstrap/aws | 1.1.0 | +| [key\_pair\_eks](#module\_key\_pair\_eks) | squareops/keypair/aws | 1.0.2 | +| [key\_pair\_vpn](#module\_key\_pair\_vpn) | squareops/keypair/aws | 1.0.2 | +| [managed\_node\_group\_production](#module\_managed\_node\_group\_production) | squareops/eks/aws//modules/managed-nodegroup | 1.0.3 | +| [vpc](#module\_vpc) | squareops/vpc/aws | 2.1.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for EKS Control Plane | +| [cluster\_name](#output\_cluster\_name) | EKS Cluster Name | +| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | +| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group IDs attached to the cluster control plane | +| [database\_subnets](#output\_database\_subnets) | List of IDs of Database Subnets | +| [efs\_id](#output\_efs\_id) | The ID of the EFS | +| [intra\_subnets](#output\_intra\_subnets) | List of IDs of Intra Subnets | +| [kms\_policy\_arn](#output\_kms\_policy\_arn) | ARN of KMS policy | +| [nginx\_ingress\_controller\_dns\_hostname](#output\_nginx\_ingress\_controller\_dns\_hostname) | NGINX Ingress Controller DNS Hostname | +| [private\_subnets](#output\_private\_subnets) | List of IDs of Private Subnets | +| [public\_subnets](#output\_public\_subnets) | List of IDs of Public Subnets | +| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of VPC | +| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | +| [vpn\_host\_public\_ip](#output\_vpn\_host\_public\_ip) | Public IP Adress of VPN Server | +| [vpn\_security\_group](#output\_vpn\_security\_group) | Security Group ID of VPN Server | +| [worker\_iam\_role\_arn](#output\_worker\_iam\_role\_arn) | ARN of the EKS Worker Role | +| [worker\_iam\_role\_name](#output\_worker\_iam\_role\_name) | The name of the EKS Worker IAM role | + diff --git a/eks.tf b/eks.tf index 4edfcf4..df0dd8d 100644 --- a/eks.tf +++ b/eks.tf @@ -1,4 +1,4 @@ - module "key_pair_eks" { +module "key_pair_eks" { source = "squareops/keypair/aws" version = "1.0.2" key_name = format("%s-%s-eks", local.environment, local.name) @@ -12,13 +12,14 @@ module "eks" { name = local.name vpc_id = module.vpc.vpc_id environment = local.environment - kms_key_arn = "" cluster_version = "1.23" + kms_key_arn = "" cluster_log_types = ["api", "scheduler"] cluster_log_retention_in_days = 30 cluster_endpoint_public_access = true cluster_endpoint_public_access_cidrs = ["0.0.0.0/0"] } + data "aws_eks_cluster" "cluster" { name = module.eks.cluster_name } @@ -32,18 +33,18 @@ module "managed_node_group_production" { version = "1.0.3" depends_on = [module.vpc, module.eks] name = "Infra" + environment = local.environment + eks_cluster_name = module.eks.cluster_name + eks_nodes_keypair_name = module.key_pair_eks.key_pair_name + subnet_ids = [module.vpc.private_subnets[0]] + kms_policy_arn = module.eks.kms_policy_arn + worker_iam_role_name = module.eks.worker_iam_role_name min_size = 1 max_size = 3 desired_size = 1 - subnet_ids = [module.vpc.private_subnets[0]] - environment = local.environment - kms_key_arn = "" capacity_type = "SPOT" instance_types = ["t3a.large", "t2.large", "t2.xlarge", "t3.large", "m5.large"] - kms_policy_arn = module.eks.kms_policy_arn - eks_cluster_name = module.eks.cluster_name - worker_iam_role_name = module.eks.worker_iam_role_name - eks_nodes_keypair_name = module.key_pair_eks.key_pair_name + kms_key_arn = "" k8s_labels = { "Infra-Services" = "true" } @@ -52,51 +53,51 @@ module "managed_node_group_production" { - module "eks_bootstrap" { - source = "squareops/eks-bootstrap/aws" - version = "1.1.0" - name = local.name - vpc_id = module.vpc.vpc_id - environment = local.environment - kms_key_arn = "" - keda_enabled = true - istio_enabled = false - kms_policy_arn = module.eks.kms_policy_arn ## eks module will create kms_policy_arn - eks_cluster_name = module.eks.cluster_name - reloader_enabled = true - karpenter_enabled = true - single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }] - cert_manager_enabled = true - worker_iam_role_name = module.eks.worker_iam_role_name - ingress_nginx_enabled = true - metrics_server_enabled = false - external_secrets_enabled = true - amazon_eks_vpc_cni_enabled = true - cluster_autoscaler_enabled = true - service_monitor_crd_enabled = true - karpenter_provisioner_enabled = false +module "eks_bootstrap" { + source = "squareops/eks-bootstrap/aws" + version = "1.1.0" + name = local.name + environment = local.environment + eks_cluster_name = module.eks.cluster_name + vpc_id = module.vpc.vpc_id + kms_key_arn = "" + worker_iam_role_name = module.eks.worker_iam_role_name + kms_policy_arn = module.eks.kms_policy_arn # eks module will create kms_policy_arn + keda_enabled = true + istio_enabled = false + reloader_enabled = true + metrics_server_enabled = false + external_secrets_enabled = true + amazon_eks_vpc_cni_enabled = true + service_monitor_crd_enabled = true + cert_manager_enabled = true + cert_manager_letsencrypt_email = "admin@example.com" + cert_manager_install_letsencrypt_http_issuers = true + ingress_nginx_enabled = true + internal_ingress_nginx_enabled = true + efs_storage_class_enabled = false + single_az_sc_config = [{ name = "infra-service-sc", zone = "us-east-2a" }] + amazon_eks_aws_ebs_csi_driver_enabled = true + single_az_ebs_gp3_storage_class_enabled = true + cluster_autoscaler_enabled = true + cluster_propotional_autoscaler_enabled = true + aws_node_termination_handler_enabled = true + karpenter_enabled = true + karpenter_provisioner_enabled = false karpenter_provisioner_config = { private_subnet_name = format("%s-%s-private-subnet", local.environment, local.name) instance_capacity_type = ["spot"] excluded_instance_type = ["nano", "micro", "small"] } - cert_manager_letsencrypt_email = "rohit.kumar@squareops.com" - internal_ingress_nginx_enabled = true - efs_storage_class_enabled = false - aws_node_termination_handler_enabled = true - amazon_eks_aws_ebs_csi_driver_enabled = true - cluster_propotional_autoscaler_enabled = true - single_az_ebs_gp3_storage_class_enabled = true - cert_manager_install_letsencrypt_http_issuers = true - velero_enabled = true + velero_enabled = true velero_config = { - namespaces = "" ## If you want full cluster backup, leave it blank else provide namespace. - slack_notification_token = "4559734786594-qQ8486bluEuvmxrYxRatsM8R" + namespaces = "" # If you want full cluster backup, leave it blank else provide namespace. + slack_notification_token = "4559734786594" slack_notification_channel_name = "demo-notifications" retention_period_in_days = 45 schedule_backup_cron_time = "* 1 * * *" - velero_backup_name = "clusterback" + velero_backup_name = "clusterbackup" backup_bucket_name = "velero-backup" } -} \ No newline at end of file +} diff --git a/output.tf b/output.tf index c0e3cd1..90962a3 100644 --- a/output.tf +++ b/output.tf @@ -4,32 +4,32 @@ output "vpc_id" { } output "vpc_cidr_block" { - description = "AWS Region" + description = "The CIDR block of VPC" value = module.vpc.vpc_cidr_block } output "public_subnets" { - description = "List of IDs of public subnets" + description = "List of IDs of Public Subnets" value = module.vpc.public_subnets } output "private_subnets" { - description = "List of IDs of private subnets" + description = "List of IDs of Private Subnets" value = module.vpc.private_subnets } output "database_subnets" { - description = "List of IDs of database subnets" + description = "List of IDs of Database Subnets" value = module.vpc.database_subnets } output "intra_subnets" { - description = "List of IDs of Intra subnets" + description = "List of IDs of Intra Subnets" value = module.vpc.intra_subnets } output "vpn_host_public_ip" { - description = "IP Adress of VPN Server" + description = "Public IP Adress of VPN Server" value = module.vpc.vpn_host_public_ip } @@ -39,25 +39,20 @@ output "vpn_security_group" { } output "cluster_name" { - description = "Kubernetes Cluster Name" + description = "EKS Cluster Name" value = module.eks.cluster_name } output "cluster_endpoint" { - description = "Endpoint for EKS control plane" + description = "Endpoint for EKS Control Plane" value = module.eks.cluster_endpoint } output "cluster_security_group_id" { - description = "Security group ids attached to the cluster control plane" + description = "Security group IDs attached to the cluster control plane" value = module.eks.cluster_security_group_id } -output "cluster_arn" { - description = "Name of the kubeconfig context" - value = module.eks.cluster_arn -} - output "cluster_oidc_issuer_url" { description = "The URL on the EKS cluster for the OpenID Connect identity provider" value = module.eks.cluster_oidc_issuer_url @@ -83,12 +78,7 @@ output "nginx_ingress_controller_dns_hostname" { value = module.eks_bootstrap.nginx_ingress_controller_dns_hostname } -output "ebs_encryption" { - description = "Is AWS EBS encryption is enabled or not?" - value = "Encrypted by default" -} - output "efs_id" { value = module.eks_bootstrap.efs_id - description = "EFS ID" -} \ No newline at end of file + description = "The ID of the EFS" +} diff --git a/readme.md b/readme.md deleted file mode 100644 index e74259e..0000000 --- a/readme.md +++ /dev/null @@ -1,52 +0,0 @@ -## Requirements and Prerequisites - -1. A system with Terraform and kubectl installed. -2. An AWS account. -3. Knowledge of syntax and structure of the Terraform configuration file. -4. A version control system to manage Terraform code and track changes (e.g. Git). - -This repository contains Terraform configuration files for deploying a set of modules in a specific order. The tfstate module must be deployed first, followed by main module. - -## Deploying the tfstate Module - -The tfstate module is used for storing the Terraform state file remotely, which is a recommended practice to ensure consistency and collaboration among team members. - -To deploy the tfstate module, navigate to the tfstate directory and run the following command: - -1. terraform init -2. terraform plan -3. terraform apply - -Once you have provided the required input, Terraform will create the necessary resources for the tfstate module. - -## Deploying the EKS Cluster - -After the tfstate module has been deployed, you can deploy the the EKS cluster setup. Creating an EKS cluster involves several steps, including setting up a Virtual Private Cloud (VPC), creating an EKS cluster, configuring an EKS node group, and bootstrapping the cluster. - -## VPC - -The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module available on the Terraform Registry is designed to create and manage Amazon Virtual Private Cloud (VPC) resources in AWS (Amazon Web Services). - -The module can be used to create a new VPC or use an existing one, along with its associated resources such as subnets, route tables, security groups, network ACLs, and Internet Gateway (IGW). It offers a simplified and standardized way to create VPC infrastructure, while also providing flexibility to customize VPC resources based on specific requirements. - -The [squareops/vpc/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module offers a range of configuration options, including the ability to specify CIDR blocks for VPC and subnet ranges, assign names to VPC resources, enable DNS support, and configure NAT gateways. Additionally, the module provides pre-configured modules for creating subnets with different availability zones, route tables, and security groups. - -By using this module, AWS users can save time and effort in setting up VPC infrastructure, and ensure that their VPCs are created in a consistent and reproducible manner. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. - -## EKS - -The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module available on the Terraform Registry is designed to create and manage an Amazon EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services). - -The module provides a simplified and standardized way to create and manage the Kubernetes control plane and worker nodes in EKS. It automates the process of creating the necessary EKS resources such as VPC, subnets, security groups, IAM roles and policies, and the EKS cluster itself. - -The [squareops/eks/aws](https://registry.terraform.io/modules/squareops/eks/aws/latest) module offers a range of configuration options, such as the ability to specify the number of worker nodes, instance types, and desired capacity. It also provides pre-configured modules for configuring worker node groups with different instance types, adding custom tags, and setting up the Kubernetes metrics server. - -By using this module, AWS users can set up a Kubernetes cluster on EKS in a simple, efficient, and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. - -## EKS-BOOTSTRAP - -The [squareops/eks-bootstrap/aws](https://registry.terraform.io/modules/squareops/eks-bootstrap/aws/latest) module available on the Terraform Registry is designed to bootstrap an Amazon EKS (Elastic Kubernetes Service) cluster in AWS (Amazon Web Services) with the necessary resources to run a Kubernetes workload. - -The module provides a simplified and standardized way to create the Kubernetes worker nodes in EKS, and to deploy the necessary add-ons and configurations to run Kubernetes workloads. It automates the process of creating the necessary EKS resources. - -By using this module, AWS users can save time and ensure that their Kubernetes workloads are deployed in a consistent and reproducible manner. It also ensures that the EKS cluster is created with the best practices in mind, and that it is secured according to industry standards. The module is open source and maintained by [SquareOps](https://squareops.com/), a consulting company that specializes in cloud infrastructure and DevOps automation. \ No newline at end of file diff --git a/tfstate/README.md b/tfstate/README.md index c8e6a9f..c1d82d0 100644 --- a/tfstate/README.md +++ b/tfstate/README.md @@ -21,7 +21,7 @@ module "backend" { } ``` -Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details. +Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details. ## IAM Permissions The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-tfstate/blob/main/IAM.md) @@ -41,61 +41,33 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.9 | +No requirements. ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.9 | +No providers. ## Modules | Name | Source | Version | |------|--------|---------| -| [kms\_key](#module\_kms\_key) | clouddrove/kms/aws | 0.15.0 | -| [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 | +| [backend](#module\_backend) | squareops/tfstate/aws | 1.0.0 | ## Resources -| Name | Type | -|------|------| -| [aws_cloudtrail.s3_cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource | -| [aws_cloudwatch_log_group.s3_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_dynamodb_table.dynamodb_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | -| [aws_iam_policy.s3_cloudtrail_cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.s3_cloudtrail_cloudwatch_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.s3_cloudtrail_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_kms_key.mykey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.cloudtrail_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +No resources. ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [bucket\_name](#input\_bucket\_name) | bucket name | `string` | `""` | no | -| [environment](#input\_environment) | Select enviroment type: dev, demo, prod | `string` | `"demo"` | no | -| [force\_destroy](#input\_force\_destroy) | Indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| [logging](#input\_logging) | Map containing access bucket logging configuration | `bool` | `false` | no | -| [region](#input\_region) | In which region S3 bucket will create | `string` | `""` | no | -| [versioning\_enabled](#input\_versioning\_enabled) | keeping multiple variants of an object in the same bucket | `bool` | `false` | no | +No inputs. ## Outputs | Name | Description | |------|-------------| -| [bucket\_region](#output\_bucket\_region) | In which region S3 bucket will create | -| [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | dynamodb table name | -| [log\_bucket\_name](#output\_log\_bucket\_name) | logging table name | -| [state\_bucket\_name](#output\_state\_bucket\_name) | bucket name with id | +| [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | DynamoDB Table Name | +| [log\_bucket\_name](#output\_log\_bucket\_name) | S3 Logging Bucket Name | +| [state\_bucket\_name](#output\_state\_bucket\_name) | S3 State Bucket Name | ## Contribution & Issue Reporting @@ -104,7 +76,7 @@ To report an issue with a project: 1. Check the repository's [issue tracker](https://github.com/squareops/terraform-aws-tfstate/issues) on GitHub 2. Search to see if the issue has already been reported - 3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details . + 3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details . ## License @@ -136,4 +108,3 @@ We believe that the key to success in the digital age is the ability to deliver We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be. You can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/). - diff --git a/tfstate/main.tf b/tfstate/main.tf index b08ec31..58da812 100644 --- a/tfstate/main.tf +++ b/tfstate/main.tf @@ -3,15 +3,15 @@ provider "aws" { } locals { + name = "tfstate" region = "us-east-2" environment = "prod" - name = "skaf" bucket_name = "stage" } module "backend" { - source = "squareops/tfstate/aws" - version = "1.0.0" + source = "squareops/tfstate/aws" + version = "1.0.0" logging = false environment = local.environment bucket_name = local.bucket_name #unique global s3 bucket name diff --git a/tfstate/output.tf b/tfstate/output.tf index 25ccbd8..aa826a8 100644 --- a/tfstate/output.tf +++ b/tfstate/output.tf @@ -1,14 +1,14 @@ output "state_bucket_name" { - description = "bucket name with id" + description = "S3 State Bucket Name" value = module.backend.state_bucket_name } output "dynamodb_table_name" { - description = "dynamodb table name" + description = "DynamoDB Table Name" value = module.backend.dynamodb_table_name } output "log_bucket_name" { - description = "logging table name" + description = "S3 Logging Bucket Name" value = module.backend.log_bucket_name } diff --git a/vpc.tf b/vpc.tf index 11893a5..93bb79f 100644 --- a/vpc.tf +++ b/vpc.tf @@ -1,18 +1,18 @@ locals { region = "us-east-2" environment = "prod" - name = "skaf" + name = "vpc" additional_aws_tags = { - Owner = "SquareOps" + Owner = "organization_name" Expires = "Never" Department = "Engineering" } - vpc_cidr = "172.10.0.0/16" + vpc_cidr = "172.10.0.0/16" + vpn_server_enabled = false } -data "aws_availability_zones" "available" {} - module "key_pair_vpn" { + count = local.vpn_server_enabled ? 1 : 0 source = "squareops/keypair/aws" version = "1.0.2" environment = local.environment @@ -26,16 +26,16 @@ module "vpc" { name = local.name vpc_cidr = local.vpc_cidr environment = local.environment - flow_log_enabled = true - vpn_key_pair_name = module.key_pair_vpn.key_pair_name availability_zones = 2 - vpn_server_enabled = false intra_subnet_enabled = true public_subnet_enabled = true private_subnet_enabled = true one_nat_gateway_per_az = true database_subnet_enabled = true + vpn_server_enabled = local.vpn_server_enabled + vpn_key_pair_name = local.vpn_server_enabled ? module.key_pair_vpn[0].key_pair_name : null vpn_server_instance_type = "t3a.small" + flow_log_enabled = true flow_log_max_aggregation_interval = 60 flow_log_cloudwatch_log_group_retention_in_days = 90 } From 841ac4f677634f607c06f02826ca254b0da85613 Mon Sep 17 00:00:00 2001 From: Siddharth Barhate Date: Fri, 12 May 2023 17:21:00 +0530 Subject: [PATCH 2/2] Updated EKS version 1.24 and improved README --- README.md | 3 +++ eks.tf | 2 +- tfstate/main.tf | 4 ---- tfstate/versions.tf | 3 +++ 4 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 tfstate/versions.tf diff --git a/README.md b/README.md index 2234af2..278fc1b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +## Terraform EKS Reference + +Terraform reference to deploy a production ready EKS cluster. This reference takes care of provisioning a secure VPC network with VPN , deploy an EKS cluster and configure it with required resources,controllers and utilities to start deploying applications. ## Requirements and Prerequisites diff --git a/eks.tf b/eks.tf index df0dd8d..e561155 100644 --- a/eks.tf +++ b/eks.tf @@ -12,7 +12,7 @@ module "eks" { name = local.name vpc_id = module.vpc.vpc_id environment = local.environment - cluster_version = "1.23" + cluster_version = "1.24" kms_key_arn = "" cluster_log_types = ["api", "scheduler"] cluster_log_retention_in_days = 30 diff --git a/tfstate/main.tf b/tfstate/main.tf index 58da812..0fec879 100644 --- a/tfstate/main.tf +++ b/tfstate/main.tf @@ -1,7 +1,3 @@ -provider "aws" { - region = local.region -} - locals { name = "tfstate" region = "us-east-2" diff --git a/tfstate/versions.tf b/tfstate/versions.tf new file mode 100644 index 0000000..c291cce --- /dev/null +++ b/tfstate/versions.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = local.region +}