forked from wandb/terraform-aws-wandb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
180 lines (134 loc) · 6.15 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
module "kms" {
source = "./modules/kms"
key_alias = var.kms_key_alias == null ? "${var.namespace}-kms-alias" : var.kms_key_alias
key_deletion_window = var.kms_key_deletion_window
key_policy = var.kms_key_policy
}
locals {
kms_key_arn = module.kms.key.arn
provision_file_storage = var.bucket_name == ""
}
module "file_storage" {
count = local.provision_file_storage ? 1 : 0
source = "./modules/file_storage"
namespace = var.namespace
create_queue = !var.use_internal_queue
sse_algorithm = "aws:kms"
kms_key_arn = local.kms_key_arn
deletion_protection = var.deletion_protection
}
locals {
bucket_name = local.provision_file_storage ? module.file_storage.0.bucket_name : var.bucket_name
bucket_queue_name = !var.use_internal_queue && local.provision_file_storage ? module.file_storage.0.bucket_queue_name : null
}
data "aws_s3_bucket" "file_storage" {
depends_on = [module.file_storage]
bucket = local.bucket_name
}
data "aws_sqs_queue" "file_storage" {
count = var.use_internal_queue ? 0 : 1
depends_on = [module.file_storage]
name = local.bucket_queue_name
}
module "networking" {
source = "./modules/networking"
namespace = var.namespace
create_vpc = var.create_vpc
cidr = var.network_cidr
private_subnet_cidrs = var.network_private_subnet_cidrs
public_subnet_cidrs = var.network_public_subnet_cidrs
database_subnet_cidrs = var.network_database_subnet_cidrs
create_elasticache_subnet = var.create_elasticache
elasticache_subnet_cidrs = var.network_elasticache_subnet_cidrs
}
locals {
network_id = var.create_vpc ? module.networking.vpc_id : var.network_id
network_public_subnets = var.create_vpc ? module.networking.public_subnets : var.network_public_subnets
network_private_subnets = var.create_vpc ? module.networking.private_subnets : var.network_private_subnets
network_private_subnet_cidrs = var.create_vpc ? module.networking.private_subnet_cidrs : var.network_private_subnet_cidrs
network_database_subnets = var.create_vpc ? module.networking.database_subnets : var.network_database_subnets
network_database_subnet_cidrs = var.create_vpc ? module.networking.database_subnet_cidrs : var.network_database_subnet_cidrs
network_database_create_subnet_group = !var.create_vpc
network_database_subnet_group_name = var.create_vpc ? module.networking.database_subnet_group_name : "${var.namespace}-database-subnet"
network_elasticache_subnet_group_name = module.networking.elasticache_subnet_group_name
}
module "database" {
source = "./modules/database"
namespace = var.namespace
kms_key_arn = local.kms_key_arn
instance_class = var.database_instance_class
engine_version = var.database_engine_version
snapshot_identifier = var.database_snapshot_identifier
sort_buffer_size = var.database_sort_buffer_size
deletion_protection = var.deletion_protection
vpc_id = local.network_id
create_db_subnet_group = local.network_database_create_subnet_group
db_subnet_group_name = local.network_database_subnet_group_name
subnets = local.network_database_subnets
allowed_cidr_blocks = local.network_private_subnet_cidrs
}
locals {
create_certificate = var.public_access && var.acm_certificate_arn == null
fqdn = var.subdomain == null ? var.domain_name : "${var.subdomain}.${var.domain_name}"
}
# Create SSL Ceritifcation if applicable
module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "~> 3.0"
create_certificate = local.create_certificate
domain_name = var.external_dns ? local.fqdn : var.domain_name
zone_id = var.zone_id
wait_for_validation = true
}
locals {
acm_certificate_arn = local.create_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
url = local.acm_certificate_arn == null ? "http://${local.fqdn}" : "https://${local.fqdn}"
internal_app_port = 32543
}
module "app_eks" {
source = "./modules/app_eks"
namespace = var.namespace
kms_key_arn = local.kms_key_arn
map_accounts = var.kubernetes_map_accounts
map_roles = var.kubernetes_map_roles
map_users = var.kubernetes_map_users
bucket_kms_key_arn = local.provision_file_storage ? local.kms_key_arn : var.bucket_kms_key_arn
bucket_arn = data.aws_s3_bucket.file_storage.arn
bucket_sqs_queue_arn = var.use_internal_queue ? null : data.aws_sqs_queue.file_storage.0.arn
network_id = local.network_id
network_private_subnets = local.network_private_subnets
lb_security_group_inbound_id = module.app_lb.security_group_inbound_id
database_security_group_id = module.database.security_group_id
create_elasticache_security_group = var.create_elasticache
elasticache_security_group_id = var.create_elasticache ? module.redis.0.security_group_id : null
cluster_endpoint_public_access = var.kubernetes_public_access
cluster_endpoint_public_access_cidrs = var.kubernetes_public_access_cidrs
}
module "app_lb" {
source = "./modules/app_lb"
namespace = var.namespace
load_balancing_scheme = var.public_access ? "PUBLIC" : "PRIVATE"
acm_certificate_arn = local.acm_certificate_arn
zone_id = var.zone_id
fqdn = local.fqdn
allowed_inbound_cidr = var.allowed_inbound_cidr
allowed_inbound_ipv6_cidr = var.allowed_inbound_ipv6_cidr
target_port = local.internal_app_port
network_id = local.network_id
network_private_subnets = local.network_private_subnets
network_public_subnets = local.network_public_subnets
}
resource "aws_autoscaling_attachment" "autoscaling_attachment" {
for_each = module.app_eks.autoscaling_group_names
autoscaling_group_name = each.value
alb_target_group_arn = module.app_lb.tg_app_arn
}
module "redis" {
count = var.create_elasticache ? 1 : 0
source = "./modules/redis"
namespace = var.namespace
vpc_id = local.network_id
redis_subnet_group_name = local.network_elasticache_subnet_group_name
vpc_subnets_cidr_blocks = module.networking.elasticache_subnet_cidrs
kms_key_arn = local.kms_key_arn
}