diff --git a/.gitignore b/.gitignore index c9636478..4c0af394 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .terragrunt-cache -.DS_Store \ No newline at end of file +.DS_Store +.terraform.lock.hcl +.terraform diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..de70ecd6 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,36 @@ +default_language_version: + # default language version for each language + python: python3.9 +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + # See https://pre-commit.com/hooks.html for more hooks + - id: check-added-large-files + - id: check-byte-order-marker + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-json + - id: check-shebang-scripts-are-executable + - id: check-merge-conflict + - id: check-symlinks + - id: check-toml + - id: check-xml + - id: destroyed-symlinks + - id: detect-aws-credentials + - id: detect-private-key + - id: end-of-file-fixer + - id: trailing-whitespace + # - id: pretty-format-json + # - id: check-yaml + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.17 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases + hooks: + - id: terraform-fmt + - id: helmlint + # - id: terraform-validate + # - id: terragrunt-hclfmt + # - id: tflint + # - id: shellcheck + # - id: yapf + # - id: markdown-link-check diff --git a/AUTHORS.md b/AUTHORS.md new file mode 100644 index 00000000..2efcc610 --- /dev/null +++ b/AUTHORS.md @@ -0,0 +1,13 @@ +# Credits + +## Development Leads + +- Lawrence McDaniel ([@lpm0073](https://github.com/lpm0073)) + +## Core Committers + +Add yourself here. + +## Contributors + +Add yourself here. diff --git a/README.rst b/README.rst index 8a52dd1b..336ede24 100644 --- a/README.rst +++ b/README.rst @@ -1,4 +1,4 @@ -CookieCutter Tutor Open edX Production Devops Tools +Cookiecutter Tutor Open edX Production Devops Tools ====================================== .. image:: https://img.shields.io/badge/hack.d-Lawrence%20McDaniel-orange.svg :target: https://lawrencemcdaniel.com @@ -44,10 +44,10 @@ CookieCutter Tutor Open edX Production Devops Tools | -This repository contains a `CookieCutter `_ to create a new repository that includes Terraform code for managing your AWS infrastructure, and Github Actions workflows for building and deploying your Open edX applications. +This repository contains a `Cookiecutter `_ to create a new repository that includes Terraform code for managing your AWS infrastructure, and Github Actions workflows for building and deploying your Open edX applications. -Your new repository will deploy a `Tutor `_ Kubernetes-managed production installation of Open edX that will scale automatically, reliably supporting anywhere from a few hundred to as many as several hundred thousand learners. -The CI workflows generated by this CookieCutter create a Tutor build based on the current latest version of Open edX (maple.2) along with a custom Open edX theme and Open edX plugin, and one sample optional Xblock; all of which can be modified later on. +Your new repository will deploy a `Tutor `_ Kubernetes-managed production installation of Open edX that will scale automatically, reliably supporting anywhere from a few hundred to as many as several hundred thousand learners. +The CI workflows generated by this Cookiecutter create a Tutor build based on the current latest version of Open edX ({{ cookiecutter.ci_build_open_edx_version }}) along with a custom Open edX theme and Open edX plugin, and one sample optional Xblock; all of which can be modified later on. The Terraform scripts in your new repo will provide a 1-click means of creating / updating / destroying the following for each environment: @@ -58,7 +58,7 @@ The Terraform scripts in your new repo will provide a 1-click means of creating - public ssh access via a t2.micro Ubuntu 20.04 LTS bastion EC2 instance at bastion.courses.yourschool.edu - daily data backups archived into a private S3 bucket named courses-yourschool-virginia-mongodb-backup -You can also optionally automatically create additional environments for say, dev and test and QA and so forth. +You can also optionally automatically create additional environments for say, dev and test and QA and so forth. These would result in environments like the following: - LMS at https://dev.courses.yourschool.edu @@ -70,18 +70,19 @@ These would result in environments like the following: Important Considerations ------------------------ -- this CookieCutter can only generate a GitHub repository. +- this Cookiecutter can only generate a GitHub repository. - the Terraform code and Github Actions workflows in your new repository will only work for AWS. - the application domain for your Open edX installation (ie courses.yourschool.edu) must be hosted in `AWS Route53 `_. Terraform will create several DNS entries inside of this hosted zone, and it will optionally create additional hosted zones (one for each additional optional environment) that will be linked to the hosted zone of your application domain. - the Github Actions workflows in your new repository will depend on secrets located in the repository settings page. Look for further instructions in the README of your new repository. - the Github Actions workflows in your new repository will use an AWS IAM key pair from an IAM user named *ci* that you must manually create. - the collection of resources created by these scripts **will generate AWS costs of around $0.41 USD per hour ($10.00 USD per day)** while the platform is in a mostly-idle pre-production state. This cost will grow proportionally to your production work loads. - **BE ADVISED** that MySQL RDS, MongoDB and Redis ElastiCache are vertically scaled **manually** and therefore require some insight and potential adjustments on your part. All of these services are defaulted to their minimum instance sizes which you can modify in the environment configuration file. +- TO DO: `NSA Updated: Kubernetes Hardening Guide `_ Usage ----- -You use a popular command-line tool named `CookieCutter `_ to generate your git code repository using this repo as a template. +You use a popular command-line tool named `Cookiecutter `_ to generate your git code repository using this repo as a template. First, get Cookiecutter. Trust me, it's awesome: @@ -107,56 +108,56 @@ Answer the prompts with your own desired options. For example: remote: Total 550 (delta 283), reused 479 (delta 222) Receiving objects: 100% (550/550), 127.66 KiB | 58 KiB/s, done. Resolving deltas: 100% (283/283), done. - github_account_name [lpm0073]: - repo_name [openedx_devops]: - global_platform_name [yourschool]: - global_platform_description [Your School]: - global_platform_region [virginia]: - global_root_domain [yourschool.edu]: - global_aws_route53_hosted_zone_id [For your root domain. Values look like this: Z0232691KVI7Y7U23HBD]: - global_aws_region [us-east-1]: - global_account_id [123456789012]: - global_ec2_ssh_key_name [any-valid-pem-key-file-name]: - prod_environment [courses]: - ci_build_TUTOR_VERSION [v13.1.5]: - ci_build_theme_repository [lpm0073/edx-theme-example]: - ci_build_theme_ref [main]: - ci_build_plugin_repository [lpm0073/openedx-plugin-example]: - ci_build_plugin_ref [main]: - ci_build_xblock_org [openedx]: - ci_build_xblock_repository [edx-ora2]: - ci_build_xblock_ref [master]: - ci_deploy_OPENEDX_COMMON_VERSION [open-release/maple.2]: - mongodb_master_username [root]: - mongodb_db_port [27017]: - mongodb_deletion_protection [False]: - mongodb_engine [docdb]: - mongodb_engine_version [3.6.0]: - mongodb_retention_period [7]: - mongodb_preferred_maintenance_window []: - mongodb_preferred_backup_window [07:00-09:00]: - mongodb_auto_minor_version_upgrade [True]: - mysql_username [root]: - mysql_port [3306]: - mysql_engine [mysql]: - mysql_family [mysql5.7]: - mysql_major_engine_version [5.7]: - mysql_engine_version [5.7.33]: - mysql_allocated_storage [10]: - mysql_create_random_password [true]: - mysql_iam_database_authentication_enabled [False]: - mysql_maintenance_window [Sun:00:00-Sun:03:00]: - mysql_backup_window [03:00-06:00]: - mysql_backup_retention_period [7]: - mysql_deletion_protection [False]: - mysql_skip_final_snapshot [True]: - redis_engine_version [6.x]: - redis_number_cache_clusters [1]: - redis_port [6379]: - redis_family [redis6.x]: - ci_deploy_EMAIL_HOST [email-smtp.us-east-1.amazonaws.com]: - ci_deploy_EMAIL_PORT [587]: - ci_deploy_EMAIL_USE_TLS [True]: + github_account_name [lpm0073]: + github_repo_name [openedx_devops]: + global_platform_name [yourschool]: + global_platform_description [Your School]: + global_platform_region [virginia]: + global_root_domain [yourschool.edu]: + global_aws_route53_hosted_zone_id [For your root domain. Values look like this: Z0232691KVI7Y7U23HBD]: + global_aws_region [us-east-1]: + global_account_id [123456789012]: + global_ec2_ssh_key_name [any-valid-pem-key-file-name]: + prod_environment [courses]: + ci_build_tutor_version [v13.1.5]: + ci_build_theme_repository [lpm0073/edx-theme-example]: + ci_build_theme_ref [main]: + ci_build_plugin_repository [lpm0073/openedx-plugin-example]: + ci_build_plugin_ref [main]: + ci_build_xblock_org [openedx]: + ci_build_xblock_repository [edx-ora2]: + ci_build_xblock_ref [master]: + ci_deploy_OPENEDX_COMMON_VERSION [open-release/{{ cookiecutter.ci_build_open_edx_version }}]: + mongodb_master_username [root]: + mongodb_db_port [27017]: + mongodb_deletion_protection [False]: + mongodb_engine [docdb]: + mongodb_engine_version [3.6.0]: + mongodb_retention_period [7]: + mongodb_preferred_maintenance_window []: + mongodb_preferred_backup_window [07:00-09:00]: + mongodb_auto_minor_version_upgrade [True]: + mysql_username [root]: + mysql_port [3306]: + mysql_engine [mysql]: + mysql_family [mysql5.7]: + mysql_major_engine_version [5.7]: + mysql_engine_version [5.7.33]: + mysql_allocated_storage [10]: + mysql_create_random_password [true]: + mysql_iam_database_authentication_enabled [False]: + mysql_maintenance_window [Sun:00:00-Sun:03:00]: + mysql_backup_window [03:00-06:00]: + mysql_backup_retention_period [7]: + mysql_deletion_protection [False]: + mysql_skip_final_snapshot [True]: + redis_engine_version [6.x]: + redis_number_cache_clusters [1]: + redis_port [6379]: + redis_family [redis6.x]: + ci_deploy_EMAIL_HOST [email-smtp.us-east-1.amazonaws.com]: + ci_deploy_EMAIL_PORT [587]: + ci_deploy_EMAIL_USE_TLS [True]: Enter the project and take a look around: @@ -179,13 +180,13 @@ Create a git repo and push it there: Now take a look at your repo. Don't forget to carefully look at the generated README. Awesome, right? -Quick Start (After running CookieCutter) +Quick Start (After running Cookiecutter) ---------------------------------------- I. Add Your Secret Credentials To Your New Repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The Github Actions workflows in your new repository will depend on several workflow secrets including two sets of AWS IAM keypairs, one for CI workflows and another for the AWS Simple Email Service. +The Github Actions workflows in your new repository will depend on several workflow secrets including two sets of AWS IAM keypairs, one for CI workflows and another for the AWS Simple Email Service. Additionally, they require a Github Personal Access Token (PAT) for a Github user account with all requisite privileges in your new repository as well as any other repositories that are cloned during any of the build / installation pipelines. .. image:: doc/repository-secrets.png @@ -195,7 +196,7 @@ Additionally, they require a Github Personal Access Token (PAT) for a Github use II. Review The Configuration For Your Open edX Back End ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Review your global parameters. These will be pre-populated from your responses to the CookieCutter command-line questionnaire. +Review your global parameters. These will be pre-populated from your responses to the Cookiecutter command-line questionnaire. .. code-block:: hcl @@ -209,7 +210,7 @@ Review your global parameters. These will be pre-populated from your responses t } -Review your production environment parameters. +Review your production environment parameters. .. code-block:: hcl @@ -237,7 +238,7 @@ Review your production environment parameters. redis_node_type = "cache.t2.small" # 2 vCPU 8gb - eks_worker_group_instance_type = "t3.large" + eks_worker_group_instance_type = "t3.large" } @@ -246,10 +247,10 @@ Review your production environment parameters. III. Build Your Open edX Backend ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The backend build procedure is automated using `Terragrunt `_ for `Terraform `_. -Installation instructions are avilable at both of these web sites. +The backend build procedure is automated using `Terragrunt `_ for `Terraform `_. +Installation instructions are avilable at both of these web sites. -Terraform scripts rely on the `AWS CLI (Command Line Interface) Tools `_. Installation instructions for Windows, macOS and Linux are available on this site. +Terraform scripts rely on the `AWS CLI (Command Line Interface) Tools `_. Installation instructions for Windows, macOS and Linux are available on this site. We also recommend that you install `k9s `_, a popular tool for adminstering a Kubernetes cluster. .. code-block:: shell @@ -307,15 +308,15 @@ Specifically with regard to MySQL, several 3rd party analytics tools provide out Continuous Integration (CI) --------------------------- -Both the Build as well as the Deploy workflows will be pre-configured based on your responses to the CookieCutter questionnaire. +Both the Build as well as the Deploy workflows will be pre-configured based on your responses to the Cookiecutter questionnaire. I. Build your Tutor Docker Image ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The automated Github Actions workflow "Tutor Build Image" in your new repository will build a customized Open edX Docker container based on the latest stable version of Open edX (currently maple.2) and +The automated Github Actions workflow "Tutor Build Image" in your new repository will build a customized Open edX Docker container based on the latest stable version of Open edX (currently {{ cookiecutter.ci_build_open_edx_version }}) and your Open edX custom theme repository and Open edX plugin repository. Your new Docker image will be automatically uploaded to AWS Amazon Elastic Container Registry. - + II. Deploy your Docker Image to a Kubernetes Cluster ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -325,17 +326,19 @@ The automated Github Actions workflow "Tutor Deploy Prod" in your new repository About The Open edX Platform Back End ------------------------------------ -The scripts in the `terraform `_ folder of your new repo will provide 1-click functionality to create and manage all resources in your AWS account. +The scripts in the `terraform `_ folder of your new repo will provide 1-click functionality to create and manage all resources in your AWS account. These scripts generally follow current best practices for implementing a large Python Django web platform like Open edX in a secure, cloud-hosted environment. -Besides reducing human error, there are other tangible improvements to managing your cloud infrastructure with Terraform as opposed to creating and managing your cloud infrastructure resources manually from the AWS console. +Besides reducing human error, there are other tangible improvements to managing your cloud infrastructure with Terraform as opposed to creating and managing your cloud infrastructure resources manually from the AWS console. For example, all AWS resources are systematically tagged which in turn facilitates use of CloudWatch and improved consolidated logging and AWS billing expense reporting. The Terraform scripts in your new repository will allow you to automatically create the following resources in your AWS account: +- **Compute Cluster**. uses either `AWS EC2 `_ behind a Classic Load Balancer (the default) or AWS' serverless compute cluster, `Fargate `_ behind an Application Load Balancer. +- **Kubernetes**. Uses `AWS Elastic Kubernetes Service `_ to implement a Kubernetes cluster onto which all applications and scheduled jobs are deployed as pods. - **MySQL**. uses `AWS RDS `_ for all MySQL data, accessible inside the vpc as mysql.courses.yourschool.edu:3306. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. - **MongoDB**. uses `AWS DocumentDB `_ for all MongoDB data, accessible insid the vpc as mongodb.master.courses.yourschool.edu:27017 and mongodb.reader.courses.yourschool.edu. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. - **Redis**. uses `AWS ElastiCache `_ for all Django application caches, accessible inside the vpc as cache.courses.yourschool.edu. Instance size settings are located in the `environment configuration file `_. This is necessary in order to make the Open edX application layer completely ephemeral. Most importantly, user's login session tokens are persisted in Redis and so these need to be accessible to all app containers from a single Redis cache. Common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. -- **Container Management**. uses this `automated Github Actions workflow <.github/workflows/tutor_build_image.yml>`_ to build your `tutor Open edX container `_ and then register it in `Amazon Elastic Container Registry (Amazon ECR) `_. Uses this `automated Github Actions workflow <.github/workflows/tutor_deploy_prod.yml>`_ to deploy your container to `AWS Amazon Elastic Kubernetes Service (EKS) `_. EKS worker instance size settings are located in the `environment configuration file `_. Note that tutor provides out-of-the-box support for Kubernetes. Terraform leverages Elastic Kubernetes Service to create a Kubernetes cluster onto which all services are deployed. Common configuration settings `are located here `_ +- **Container Registry**. uses this `automated Github Actions workflow <.github/workflows/tutor_build_image.yml>`_ to build your `tutor Open edX container `_ and then register it in `Amazon Elastic Container Registry (Amazon ECR) `_. Uses this `automated Github Actions workflow <.github/workflows/tutor_deploy_prod.yml>`_ to deploy your container to `AWS Amazon Elastic Kubernetes Service (EKS) `_. EKS worker instance size settings are located in the `environment configuration file `_. Note that tutor provides out-of-the-box support for Kubernetes. Terraform leverages Elastic Kubernetes Service to create a Kubernetes cluster onto which all services are deployed. Common configuration settings `are located here `_ - **User Data**. uses `AWS S3 `_ for storage of user data. This installation makes use of a `Tutor plugin to offload object storage `_ from the Ubuntu file system to AWS S3. It creates a public read-only bucket named of the form courses-yourschool-virginia-storage, with write access provided to edxapp so that app-generated static content like user profile images, xblock-generated file content, application badges, e-commerce pdf receipts, instructor grades downloads and so on will be saved to this bucket. This is not only a necessary step for making your application layer ephemeral but it also facilitates the implementation of a CDN (which Terraform implements for you). Terraform additionally implements a completely separate, more secure S3 bucket for archiving your daily data backups of MySQL and MongoDB. Common configuration settings `are located here `_ - **CDN**. uses `AWS Cloudfront `_ as a CDN, publicly acccessible as https://cdn.courses.yourschool.edu. Terraform creates Cloudfront distributions for each of your enviornments. These are linked to the respective public-facing S3 Bucket for each environment, and the requisite SSL/TLS ACM-issued certificate is linked. Terraform also automatically creates all Route53 DNS records of form cdn.courses.yourschool.edu. Common configuration settings `are located here `_ - **Password & Secrets Management** uses `Kubernetes Secrets `_ in the EKS cluster. Open edX software relies on many passwords and keys, collectively referred to in this documentation simply as, "*secrets*". For all back services, including all Open edX applications, system account and root passwords are randomly and strongluy generated during automated deployment and then archived in EKS' secrets repository. This methodology facilitates routine updates to all of your passwords and other secrets, which is good practice these days. Common configuration settings `are located here `_ @@ -365,7 +368,7 @@ Why Use Docker? In a word, `Docker `_ is about "Packaging" your software in a way that simplifies how it is installed and managed so that you benefit from fast, consistent delivery of your applications. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Meanwhile, Docker is an open platform for developing, shipping, and running applications. -For context, any software which you traditionally relied on Linux package managers like apt, snap or yum can alternativley be installed and run as a Docker container. +For context, any software which you traditionally relied on Linux package managers like apt, snap or yum can alternativley be installed and run as a Docker container. Some examples of stuff which an Open edX platform depends: Nginx, MySQL, MongoDB, Redis, and the Open edX application software itself which Tutor bundles into a container using `Docker Compose `_. Why Use Kubernetes? @@ -373,9 +376,9 @@ Why Use Kubernetes? `Kubernetes `_ manages Docker containers in a deployment enviornment. It provides an easy way to scale your application, and is a superior, cost-effective alternative to you manually creating and maintaing individual virtual servers for each of your backend services. It keeps code operational and speeds up the delivery process. Kubernetes enables automating a lot of resource management and provisioning tasks. -Your Open edX platform runs via multiple Docker containers: the LMS Django application , CMS Django application, one or more Celery-based worker nodes for each of these applications, nginx, Caddy, and any backend services that tutor manages like Nginx and SMTP for example. -Kubernetes creates EC2 instances and then decides where to place each of these containers based on various real-time resource-based factors. -This leads to your EC2 instances carrying optimal workloads, all the time. +Your Open edX platform runs via multiple Docker containers: the LMS Django application , CMS Django application, one or more Celery-based worker nodes for each of these applications, nginx, Caddy, and any backend services that tutor manages like Nginx and SMTP for example. +Kubernetes creates EC2 instances and then decides where to place each of these containers based on various real-time resource-based factors. +This leads to your EC2 instances carrying optimal workloads, all the time. Behind the scenes Kubernetes (EKS in our case) uses an EC2 Elastic Load Balancer (ELB) with an auto-scaling policy, both of which you can see from the AWS EC2 dashboard. @@ -400,18 +403,39 @@ Why Use Terragrunt? Get Involved! ------------- -Contributors are welcome. Contact me here: `lawrencemcdaniel.com `_ if you're interested in becomming a core-committer to this project. +Contributors are welcome. Contact me here: `lawrencemcdaniel.com `_ if you're interested in becomming a contributor to this project. + +Local Development Quick Start +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: shell + + # clone this repository + git clone https://github.com/lpm0073/cookiecutter-openedx-devops + + # install the pre-commit command-line tools + pip install pre-commit + pre-commit install + npm install -g markdown-link-check + + # Lint your Terraform code + terraform fmt -recursive + pre-commit run --all-files + + # make some improvements and then create a pull request!!!! Special Thanks ~~~~~~~~~~~~~~ -Special thanks go out to several folks in the open source community who've already made signficant contributions to this project. +Special thanks go out to several folks in the open source community who've already made signficant contributions to this project, even if they're not actually aware. - to `RĂ©gis Behmo `_ for creating Tutor, where the real magic happens. Without Tutor you wouldn't be reading this right now. - to `Miguel Afonso `_, who architected the Kubernetes-based deployment of Open edX and wrote nearly all of the early versions of the CI and Terraform code. +- to `Harshet Jain `_ for publishing a `great article `_ on how to implement an AWS Elastic Kubernetes Fargate Cluster. - to the guys at `hastexo/tutor-contrib-s3 `_, who lead the effort to create a version of their AWS S3 plugin that works with this code base. +- to the guys at `Cookiecutter Django `_ on which I relied heavily for coding examples for this project. - to `Querium Corp `_, who generously allowed me to open-source this repository. - to **UK Cabinet Office**, who created and still use the original version of this code base to manage their production Open edX environment. -- to `Turn The Bus `_, for helping me with the requisite code refactoring that preceded publication of this CookieCutter template. +- to `Turn The Bus `_, for helping me with the requisite code refactoring that preceded publication of this Cookiecutter template. Early Adopters ~~~~~~~~~~~~~~ @@ -420,4 +444,3 @@ Several large-scale Open edX installations already use this code base to manage - `Stepwise Math `_ - `UK Government `_ - `Turn The Bus `_ - diff --git a/cookiecutter.json b/cookiecutter.json index a8551126..e95a72a8 100644 --- a/cookiecutter.json +++ b/cookiecutter.json @@ -1,16 +1,18 @@ { "github_account_name": "lpm0073", - "repo_name": "openedx_devops", + "github_repo_name": "openedx_devops", + "environment_name": "prod", + "environment_subdomain": "courses", "global_platform_name": "yourschool", "global_platform_description": "Your School", - "global_platform_region": "virginia", + "global_platform_region": "usa_east", "global_root_domain": "{{ cookiecutter.global_platform_name|lower|replace(' ', '-') }}.edu", - "global_aws_route53_hosted_zone_id": "Z0232691KVI7Y7U23HBD", + "global_aws_route53_hosted_zone_id": "Z1234567ABCDE1U23DEF", "global_aws_region": "us-east-1", "global_account_id": "123456789012", "global_ec2_ssh_key_name": "any-valid-pem-key-file-name", - "prod_environment": "courses", - "ci_build_TUTOR_VERSION": "v13.1.5", + "ci_build_open_edx_version": "maple.2", + "ci_build_tutor_version": "v13.1.5", "ci_build_theme_repository": "lpm0073/edx-theme-example", "ci_build_theme_ref": "main", "ci_build_plugin_repository": "lpm0073/openedx-plugin-example", @@ -18,7 +20,13 @@ "ci_build_xblock_org": "openedx", "ci_build_xblock_repository": "edx-ora2", "ci_build_xblock_ref": "master", - "ci_deploy_OPENEDX_COMMON_VERSION": "open-release/maple.2", + "ci_deploy_OPENEDX_COMMON_VERSION": "open-release/{{ cookiecutter.ci_build_open_edx_version }}", + "ci_deploy_EMAIL_HOST": "email-smtp.{{ cookiecutter.global_aws_region|lower|replace(' ', '-') }}.amazonaws.com", + "ci_deploy_EMAIL_PORT": 587, + "ci_deploy_EMAIL_USE_TLS": true, + "eks_cluster_version": "1.21", + "eks_cluster_compute_type": ["CLB_EC2"], + "eks_cluster_alb_ingress_controller_version": "v2.4.1", "mongodb_master_username": "root", "mongodb_db_port": 27017, "mongodb_deletion_protection": false, @@ -46,7 +54,10 @@ "redis_number_cache_clusters": 1, "redis_port": 6379, "redis_family": "redis6.x", - "ci_deploy_EMAIL_HOST": "email-smtp.{{ cookiecutter.global_aws_region|lower|replace(' ', '-') }}.amazonaws.com", - "ci_deploy_EMAIL_PORT": 587, - "ci_deploy_EMAIL_USE_TLS": true -} \ No newline at end of file + "terraform_required_version": "~> 1.1", + "terraform_provider_kubernetes_version": "~> 2.8", + "terraform_provider_hashicorp_aws_version": "~> 4.6", + "terraform_provider_hashicorp_helm_version": "~> 2.4", + "terraform_provider_hashicorp_local_version": "~> 2.2", + "terraform_provider_hashicorp_random_version": "~> 3.1" +} diff --git a/hooks/post_gen_project.py b/hooks/post_gen_project.py new file mode 100644 index 00000000..1ae9e832 --- /dev/null +++ b/hooks/post_gen_project.py @@ -0,0 +1,86 @@ +""" +""" + +import os +import shutil + + +TERMINATOR = "\x1b[0m" +WARNING = "\x1b[1;33m [WARNING]: " +INFO = "\x1b[1;33m [INFO]: " +HINT = "\x1b[3;33m" +SUCCESS = "\x1b[1;32m [SUCCESS]: " + + +def remove_eks_clb_ec2_files(): + component_dir_path = os.path.join("terraform", "components", "eks_clb_ec2") + if os.path.exists(component_dir_path): + shutil.rmtree(component_dir_path) + + terragrunt_dir_path = os.path.join("terraform", "environments", "{{ cookiecutter.environment_name }}", "eks_clb_ec2") + if os.path.exists(terragrunt_dir_path): + shutil.rmtree(terragrunt_dir_path) + + ci_dir_path = os.path.join("ci", "tutor-deploy", "environments", "{{ cookiecutter.environment_name }}", "k8s", "eks_clb_ec2") + if os.path.exists(ci_dir_path): + shutil.rmtree(ci_dir_path) + +def remove_eks_alb_ec2_files(): + component_dir_path = os.path.join("terraform", "components", "eks_alb_ec2") + if os.path.exists(component_dir_path): + shutil.rmtree(component_dir_path) + + terragrunt_dir_path = os.path.join("terraform", "environments", "{{ cookiecutter.environment_name }}", "eks_alb_ec2") + if os.path.exists(terragrunt_dir_path): + shutil.rmtree(terragrunt_dir_path) + + ci_dir_path = os.path.join("ci", "tutor-deploy", "environments", "{{ cookiecutter.environment_name }}", "k8s", "eks_alb_ec2") + if os.path.exists(ci_dir_path): + shutil.rmtree(ci_dir_path) + +def remove_eks_abl_fargate_files(): + component_dir_path = os.path.join("terraform", "components", "eks_alb_fargate") + if os.path.exists(component_dir_path): + shutil.rmtree(component_dir_path) + + terragrunt_dir_path = os.path.join("terraform", "environments", "{{ cookiecutter.environment_name }}", "eks_alb_fargate") + if os.path.exists(terragrunt_dir_path): + shutil.rmtree(terragrunt_dir_path) + + ci_dir_path = os.path.join("ci", "tutor-deploy", "environments", "{{ cookiecutter.environment_name }}", "k8s", "eks_alb_fargate") + if os.path.exists(ci_dir_path): + shutil.rmtree(ci_dir_path) + +# move kubernetes manifests into the k8s folder and remove the original source folder. +def move_manifests(folder = ""): + source = os.path.join("ci", "tutor-deploy", "environments", "{{ cookiecutter.environment_name }}", "k8s", folder) + destination = os.path.join("ci", "tutor-deploy", "environments", "{{ cookiecutter.environment_name }}", "k8s") + src_files = os.listdir(source) + for file_name in src_files: + full_file_name = os.path.join(source, file_name) + if os.path.isfile(full_file_name): + shutil.copy(full_file_name, destination) + shutil.rmtree(source) + +def main(): + + if "{{ cookiecutter.eks_cluster_compute_type }}" == "CLB_EC2": + remove_eks_abl_fargate_files() + remove_eks_alb_ec2_files() + move_manifests("eks_clb_ec2") + + if "{{ cookiecutter.eks_cluster_compute_type }}" == "ALB_EC2": + remove_eks_abl_fargate_files() + remove_eks_clb_ec2_files() + move_manifests("eks_alb_ec2") + + if "{{ cookiecutter.eks_cluster_compute_type }}" == "ALB_Fargate": + remove_eks_clb_ec2_files() + remove_eks_alb_ec2_files() + move_manifests("eks_alb_fargate") + + print(SUCCESS + "Your Open edX devops repo has been initialized." + TERMINATOR) + + +if __name__ == "__main__": + main() diff --git a/hooks/pre_gen_project.py b/hooks/pre_gen_project.py new file mode 100644 index 00000000..9828c52d --- /dev/null +++ b/hooks/pre_gen_project.py @@ -0,0 +1,18 @@ +""" +""" + +TERMINATOR = "\x1b[0m" +WARNING = "\x1b[1;33m [WARNING]: " +INFO = "\x1b[1;33m [INFO]: " +HINT = "\x1b[3;33m" +SUCCESS = "\x1b[1;32m [SUCCESS]: " + +github_repo_name = "{{ cookiecutter.github_repo_name }}" +if hasattr(github_repo_name, "isidentifier"): + assert ( + github_repo_name.isidentifier() + ), "'{}' project slug is not a valid Python identifier.".format(github_repo_name) + +assert ( + github_repo_name == github_repo_name.lower() +), "'{}' project slug should be all lowercase".format(github_repo_name) diff --git a/linter.sh b/linter.sh new file mode 100755 index 00000000..5fe77b0c --- /dev/null +++ b/linter.sh @@ -0,0 +1,12 @@ +#!/bin/sh +#------------------------------------------------------------------------------ +# written by: mcdaniel +# https://lawrencemcdaniel.com +# +# date: mar-2022 +# +# usage: Runs terraform fmt -recursive +#------------------------------------------------------------------------------ + +terraform fmt -recursive +#pre-commit run --all-files diff --git a/tests/README.md b/tests/README.md new file mode 100644 index 00000000..3c8bf3ac --- /dev/null +++ b/tests/README.md @@ -0,0 +1,4 @@ + +FIX NOTE: what is the correct way to test terraform from Cookiecutter? + +mcdaniel: i'm currently "testing" by generating a Cookiecutter and then running this against the Stepwise Math AWS account, using a sandbox environment to place the VPC and all resources. diff --git a/tests/test.sh b/tests/test.sh new file mode 100755 index 00000000..8660c902 --- /dev/null +++ b/tests/test.sh @@ -0,0 +1,28 @@ +#!/bin/sh +#------------------------------------------------------------------------------ +# written by: mcdaniel +# https://lawrencemcdaniel.com +# +# date: mar-2022 +# +# usage: Runs the Cookiecutter. +# Inject your own parameters to override cookiecutter.json defaults +#------------------------------------------------------------------------------ + +GITHUB_REPO="gh:lpm0073/cookiecutter-openedx-devops" +GITHUB_BRANCH="eks-fargate" +OUTPUT_FOLDER="/Users/mcdaniel/cookiecutter/" + +cookiecutter --checkout $GITHUB_BRANCH \ + --output-dir $OUTPUT_FOLDER \ + --overwrite-if-exists \ + --no-input \ + $GITHUB_REPO \ + global_platform_name=sandbox \ + global_platform_region=ohio \ + global_aws_region=us-east-2 \ + global_account_id=320713933456 \ + global_root_domain=stepwisemath.ai \ + global_aws_route53_hosted_zone_id=Z049210026A5G6XHV84CF \ + environment_name=fargate \ + environment_subdomain=fargate diff --git a/{{cookiecutter.repo_name}}/.github/workflows/tutor_build_image.yml b/{{cookiecutter.github_repo_name}}/.github/workflows/tutor_build_image.yml similarity index 97% rename from {{cookiecutter.repo_name}}/.github/workflows/tutor_build_image.yml rename to {{cookiecutter.github_repo_name}}/.github/workflows/tutor_build_image.yml index e2904afe..b14a5d57 100644 --- a/{{cookiecutter.repo_name}}/.github/workflows/tutor_build_image.yml +++ b/{{cookiecutter.github_repo_name}}/.github/workflows/tutor_build_image.yml @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -10,7 +10,7 @@ # - plugin # - various Xblocks # Registers the new container in AWS ECR. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ name: Tutor Build Image on: workflow_dispatch @@ -21,7 +21,7 @@ jobs: env: ECR_REPOSITORY: openedx ECR_REGISTRY: {{ cookiecutter.global_account_id }}.dkr.ecr.{{ cookiecutter.global_aws_region }}.amazonaws.com - TUTOR_VERSION: {{ cookiecutter.ci_build_TUTOR_VERSION }} + TUTOR_VERSION: {{ cookiecutter.ci_build_tutor_version }} steps: - uses: actions/checkout@v1 @@ -117,4 +117,3 @@ jobs: - name: Docker image:tag run: | echo "Docker image: ${ECR_REGISTRY}/${ECR_REPOSITORY}:${REPOSITORY_TAG}" - diff --git a/{{cookiecutter.repo_name}}/.github/workflows/tutor_deploy_prod.yml b/{{cookiecutter.github_repo_name}}/.github/workflows/tutor_deploy_prod.yml similarity index 95% rename from {{cookiecutter.repo_name}}/.github/workflows/tutor_deploy_prod.yml rename to {{cookiecutter.github_repo_name}}/.github/workflows/tutor_deploy_prod.yml index f9874eda..476fca4d 100644 --- a/{{cookiecutter.repo_name}}/.github/workflows/tutor_deploy_prod.yml +++ b/{{cookiecutter.github_repo_name}}/.github/workflows/tutor_deploy_prod.yml @@ -26,8 +26,8 @@ jobs: env: KUBECONFIG: /home/runner/.kube/config ENVIRONMENT_ID: prod - NAMESPACE: {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} - TUTOR_VERSION: {{ cookiecutter.ci_build_TUTOR_VERSION }} + NAMESPACE: {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} + TUTOR_VERSION: {{ cookiecutter.ci_build_tutor_version }} OPENEDX_COMMON_VERSION: {{ cookiecutter.ci_deploy_OPENEDX_COMMON_VERSION }} steps: @@ -44,7 +44,7 @@ jobs: aws-region: {{ cookiecutter.global_aws_region }} - name: Get Kube config - run: aws eks --region {{ cookiecutter.global_aws_region }} update-kubeconfig --name {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} --alias eks-prod + run: aws eks --region {{ cookiecutter.global_aws_region }} update-kubeconfig --name {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} --alias eks-prod - name: Install kubectl uses: azure/setup-kubectl@v1 @@ -128,7 +128,7 @@ jobs: echo "TUTOR_RUN_CADDY=false" >> $GITHUB_ENV echo "TUTOR_RUN_NGINX=false" >> $GITHUB_ENV - # note that the Kubernetes additional config data is locally + # note that the Kubernetes additional config data is locally # stored in ci/tutor-deploy/environments/prod/k8s/ - name: Create Kubernetes add-on resources run: |- @@ -136,14 +136,14 @@ jobs: kubectl apply -f "ci/tutor-deploy/environments/$ENVIRONMENT_ID/k8s" # Notes: OPENEDX_AWS_ACCESS_KEY, OPENEDX_AWS_SECRET_ACCESS_KEY and S3_STORAGE_BUCKET - # are stored in EKS kubernetes secrets, viewable from k9s. + # are stored in EKS kubernetes secrets, viewable from k9s. # example values: # OPENEDX_AWS_ACCESS_KEY: ABDCE123456789OHBBGQ # OPENEDX_AWS_SECRET_ACCESS_KEY: A123456789srJ8lgel+ABCDEFGHIJKabcdefghijk - # S3_STORAGE_BUCKET: {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage - # S3_CUSTOM_DOMAIN: cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} + # S3_STORAGE_BUCKET: {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage + # S3_CUSTOM_DOMAIN: cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} # S3_REGION: {{ cookiecutter.global_aws_region }} - # + # # this config depends on a public read-only AWS S3 bucket policy like this: # https://github.com/{{ cookiecutter.github_account_name }}/terraform-openedx/blob/main/components/s3/main.tf#L19 # @@ -158,7 +158,7 @@ jobs: # "s3:GetObject*", # "s3:List*" # ], - # "Resource": "arn:aws:s3:::{{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage/*" + # "Resource": "arn:aws:s3:::{{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage/*" # } # ] # } @@ -191,8 +191,8 @@ jobs: tutor config save cat $TUTOR_ROOT/config.yml - # in this step we're combining our custom configuration data - # from ci/tutor-deploy/environments/prod/settings_merge.json with the default + # in this step we're combining our custom configuration data + # from ci/tutor-deploy/environments/prod/settings_merge.json with the default # config that was created when we built the openedx docker image with tutor - name: Patch Generated Configuration (Static) run: |- @@ -200,7 +200,7 @@ jobs: cat "$(tutor config printroot)/config.yml" echo "" echo "" - + cd $TUTOR_ROOT/env/apps/openedx/config/ @@ -236,4 +236,4 @@ jobs: - name: Create admin user run: |- $(kubectl get secret admin-edx -n $NAMESPACE -o json | jq '.data | map_values(@base64d)' | jq -r 'keys[] as $k | "export \($k|ascii_upcase)=\(.[$k])"') - tutor k8s createuser --password "$ADMIN_PASSWORD" --staff --superuser "$ADMIN_USER" admin@{{ cookiecutter.global_root_domain }} \ No newline at end of file + tutor k8s createuser --password "$ADMIN_PASSWORD" --staff --superuser "$ADMIN_USER" admin@{{ cookiecutter.global_root_domain }} diff --git a/{{cookiecutter.repo_name}}/.gitignore b/{{cookiecutter.github_repo_name}}/.gitignore similarity index 100% rename from {{cookiecutter.repo_name}}/.gitignore rename to {{cookiecutter.github_repo_name}}/.gitignore diff --git a/{{cookiecutter.github_repo_name}}/.pre-commit-config.yaml b/{{cookiecutter.github_repo_name}}/.pre-commit-config.yaml new file mode 100644 index 00000000..a8fe7e15 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/.pre-commit-config.yaml @@ -0,0 +1,37 @@ +default_language_version: + # default language version for each language + python: python3.9 +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + # See https://pre-commit.com/hooks.html for more hooks + - id: check-added-large-files + - id: check-byte-order-marker + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-json + - id: check-shebang-scripts-are-executable + - id: check-merge-conflict + - id: check-symlinks + - id: check-toml + - id: check-xml + - id: destroyed-symlinks + - id: detect-aws-credentials + - id: detect-private-key + - id: end-of-file-fixer + - id: forbid-new-submodules + - id: trailing-whitespace + - id: pretty-format-json + - id: check-yaml + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.17 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases + hooks: + - id: terraform-fmt + - id: helmlint + - id: terraform-validate + - id: terragrunt-hclfmt + - id: tflint + # - id: shellcheck + # - id: yapf + # - id: markdown-link-check diff --git a/{{cookiecutter.github_repo_name}}/.tflint.hcl b/{{cookiecutter.github_repo_name}}/.tflint.hcl new file mode 100644 index 00000000..085b7641 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/.tflint.hcl @@ -0,0 +1,38 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com +# +# date: mar-2022 +# +# usage: config file for pre-commit hook tflint. +# see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md +#------------------------------------------------------------------------------ + +config { + plugin_dir = "~/.tflint.d/plugins" + + module = true + force = false + disabled_by_default = false + + # un-comment to remove modules from tflint pre-commit hook. + #ignore_module = { + # "terraform-aws-modules/security-group/aws" = true + #} + + # un-comment to set variables + #varfile = ["example1.tfvars", "example2.tfvars"] + #variables = ["foo=bar", "bar=[\"baz\"]"] +} + +plugin "aws" { + enabled = true + deep_check = false + version = "0.12.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +# example pattern to disable a tflint validation rule +#rule "aws_instance_invalid_type" { +# enabled = false +#} diff --git a/{{cookiecutter.repo_name}}/README.rst b/{{cookiecutter.github_repo_name}}/README.rst similarity index 67% rename from {{cookiecutter.repo_name}}/README.rst rename to {{cookiecutter.github_repo_name}}/README.rst index 2746dfed..5e59a2e2 100644 --- a/{{cookiecutter.repo_name}}/README.rst +++ b/{{cookiecutter.github_repo_name}}/README.rst @@ -50,20 +50,56 @@ production installation of Open edX that will automatically scale up, reliably s The Terraform scripts in this repo provide a 1-click means of creating / updating / destroying the following for each environment: -- LMS at https://{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -- CMS at https://studio.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -- CDN at https://cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} linked to a public read-only S3 bucket named {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage -- public ssh access via a t2.micro Ubuntu 20.04 LTS bastion EC2 instance at bastion.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -- daily data backups archived into a private S3 bucket named {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-mongodb-backup +- LMS at https://{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +- CMS at https://studio.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +- CDN at https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} linked to a public read-only S3 bucket named {{ cookiecutter.environment_subdomain }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage +- public ssh access via a t2.micro Ubuntu 20.04 LTS bastion EC2 instance at bastion.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +- daily data backups archived into a private S3 bucket named {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-mongodb-backup -You can also optionally automatically create additional environments for say, dev and test and QA and so forth. +You can also optionally automatically create additional environments for say, dev and test and QA and so forth. These would result in environments like the following: -- LMS at https://dev.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -- CMS at https://studio.dev.{{ cookiecutter.prod_environment }}-{{ cookiecutter.global_root_domain }} -- CDN at https://cdn.dev.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} linked to an S3 bucket named dev-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage +- LMS at https://dev.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +- CMS at https://studio.dev.{{ cookiecutter.environment_subdomain }}-{{ cookiecutter.global_root_domain }} +- CDN at https://cdn.dev.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} linked to an S3 bucket named dev-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage - daily data backups archived into an S3 bucket named dev-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-mongodb-backup +Cookiecutter Manifest +------------------------ + +This repository was generated using `Cookiecutter `_. Keep your repository up to date with the latest Terraform code and configuration versions of the Open edX application stack, AWS infrastructure services and api code libraries by occasionally re-generating the Cookiecutter template using this `make file <./make.sh>`_. + +.. list-table:: Cookiecutter Version Control + :widths: 75 20 + :header-rows: 1 + + * - Software + - Version + * - `Open edX Named Release `_ + - {{ cookiecutter.ci_build_open_edx_version }} + * - `MySQL Server `_ + - {{ cookiecutter.mysql_engine_version }} + * - `MongoDB Server `_ + - {{ cookiecutter.mongodb_engine_version }} + * - `Redis Cache `_ + - {{ cookiecutter.redis_engine_version }} + * - `Tutor Docker-based Open edX Installer `_ + - {{ cookiecutter.ci_build_tutor_version }} + * - `Kubernetes Cluster `_ + - {{ cookiecutter.eks_cluster_version }} + * - Kubernetes `amazon/aws-alb-ingress-controller `_ + - {{ cookiecutter.eks_cluster_alb_ingress_controller_version }} + * - `Terraform `_ + - {{ cookiecutter.terraform_required_version }} + * - Terraform `Kubernetes Provider `_ + - {{ cookiecutter.terraform_provider_kubernetes_version }} + * - Terraform `AWS Provider `_ + - {{ cookiecutter.terraform_provider_hashicorp_aws_version }} + * - Terraform `Local Provider `_ + - {{ cookiecutter.terraform_provider_hashicorp_local_version }} + * - Terraform `Random Provider `_ + - {{ cookiecutter.terraform_provider_hashicorp_random_version }} + Important Considerations ------------------------ @@ -82,7 +118,7 @@ Quick Start I. Add Your Secret Credentials To This Repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The Github Actions workflows in this repository depend on several `workflow secrets `_ including two sets of AWS IAM keypairs, one for CI workflows and another for the AWS Simple Email Service. +The Github Actions workflows in this repository depend on several `workflow secrets `_ including two sets of AWS IAM keypairs, one for CI workflows and another for the AWS Simple Email Service. Additionally, they require a Github Personal Access Token (PAT) for a Github user account with all requisite privileges in this repository as well as any other repositories that are cloned during any of the build / installation pipelines. .. image:: doc/repository-secrets.png @@ -112,7 +148,7 @@ Set your `production environment parameters `_ for `Terraform `_. -Installation instructions are avilable at both of these web sites. +The backend build procedure is automated using `Terragrunt `_ for `Terraform `_. +Installation instructions are avilable at both of these web sites. -Terraform scripts rely on the `AWS CLI (Command Line Interface) Tools `_. Installation instructions for Windows, macOS and Linux are available on this site. +Terraform scripts rely on the `AWS CLI (Command Line Interface) Tools `_. Installation instructions for Windows, macOS and Linux are available on this site. We also recommend that you install `k9s `_, a popular tool for adminstering a Kubernetes cluster. .. code-block:: shell @@ -181,14 +217,14 @@ Passwords for the root/admin accounts are accessible from Kubernetes Secrets. No .. code-block:: shell - ssh bastion.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -i path/to/{{ cookiecutter.global_ec2_ssh_key_name }}.pem + ssh bastion.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} -i path/to/{{ cookiecutter.global_ec2_ssh_key_name }}.pem - mysql -h mysql.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -u root -p + mysql -h mysql.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} -u root -p - mongo --port 27017 --host mongo.master.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -u root -p - mongo --port 27017 --host mongo.reader.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -u root -p + mongo --port 27017 --host mongo.master.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} -u root -p + mongo --port 27017 --host mongo.reader.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} -u root -p - redis-cli -h redis.primary.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -p 6379 + redis-cli -h redis.primary.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} -p 6379 Specifically with regard to MySQL, several 3rd party analytics tools provide out-of-the-box connectivity to MySQL via a bastion server. Following is an example of how to connect to your MySQL environment using MySQL Workbench. @@ -200,45 +236,47 @@ Specifically with regard to MySQL, several 3rd party analytics tools provide out Continuous Integration (CI) --------------------------- -Both the Build as well as the Deploy workflows were pre-configured based on your responses to the CookieCutter questionnaire. Look for these two files in `.github/workflows <.github/workflows>`_. You'll find additional Open edX deployment and configuration files in `ci/tutor-build `_ and `ci/tutor-deploy `_ +Both the Build as well as the Deploy workflows were pre-configured based on your responses to the Cookiecutter questionnaire. Look for these two files in `.github/workflows <.github/workflows>`_. You'll find additional Open edX deployment and configuration files in `ci/tutor-build `_ and `ci/tutor-deploy `_ I. Build your Tutor Docker Image ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Use `this automated Github Actions workflow `_ to build a customized Open edX Docker container based on the latest stable version of Open edX (current maple.2) and +Use `this automated Github Actions workflow `_ to build a customized Open edX Docker container based on the latest stable version of Open edX (current {{ cookiecutter.ci_build_open_edx_version }}) and your Open edX custom theme repository and Open edX plugin repository. Your new Docker image will be automatically uploaded to `AWS Amazon Elastic Container Registry `_ - + II. Deploy your Docker Image to a Kubernetes Cluster ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Use `this automated Github Actions workflow `_ to deploy your customized Docker container to a Kubernetes Cluster. +Use `this automated Github Actions workflow `_ to deploy your customized Docker container to a Kubernetes Cluster. Open edX LMS and Studio configuration parameters are located `here `_. About The Open edX Platform Back End ------------------------------------ -The scripts in the `terraform `_ folder provide 1-click functionality to create and manage all resources in your AWS account. +The scripts in the `terraform `_ folder provide 1-click functionality to create and manage all resources in your AWS account. These scripts generally follow current best practices for implementing a large Python Django web platform like Open edX in a secure, cloud-hosted environment. -Besides reducing human error, there are other tangible improvements to managing your cloud infrastructure with Terraform as opposed to creating and managing your cloud infrastructure resources manually from the AWS console. +Besides reducing human error, there are other tangible improvements to managing your cloud infrastructure with Terraform as opposed to creating and managing your cloud infrastructure resources manually from the AWS console. For example, all AWS resources are systematically tagged which in turn facilitates use of CloudWatch and improved consolidated logging and AWS billing expense reporting. These scripts will create the following resources in your AWS account: -- **MySQL**. uses `AWS RDS `_ for all MySQL data, accessible inside the vpc as mysql.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}:3306. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. -- **MongoDB**. uses `AWS DocumentDB `_ for all MongoDB data, accessible insid the vpc as mongodb.master.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}:27017 and mongodb.reader.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. -- **Redis**. uses `AWS ElastiCache `_ for all Django application caches, accessible inside the vpc as cache.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}. Instance size settings are located in the `environment configuration file `_. This is necessary in order to make the Open edX application layer completely ephemeral. Most importantly, user's login session tokens are persisted in Redis and so these need to be accessible to all app containers from a single Redis cache. Common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. -- **Container Management**. uses this `automated Github Actions workflow <.github/workflows/tutor_build_image.yml>`_ to build your `tutor Open edX container `_ and then register it in `Amazon Elastic Container Registry (Amazon ECR) `_. Uses this `automated Github Actions workflow <.github/workflows/tutor_deploy_prod.yml>`_ to deploy your container to `AWS Amazon Elastic Kubernetes Service (EKS) `_. EKS worker instance size settings are located in the `environment configuration file `_. Note that tutor provides out-of-the-box support for Kubernetes. Terraform leverages Elastic Kubernetes Service to create a Kubernetes cluster onto which all services are deployed. Common configuration settings `are located here `_ -- **User Data**. uses `AWS S3 `_ for storage of user data. This installation makes use of a `Tutor plugin to offload object storage `_ from the Ubuntu file system to AWS S3. It creates a public read-only bucket named of the form {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage, with write access provided to edxapp so that app-generated static content like user profile images, xblock-generated file content, application badges, e-commerce pdf receipts, instructor grades downloads and so on will be saved to this bucket. This is not only a necessary step for making your application layer ephemeral but it also facilitates the implementation of a CDN (which Terraform implements for you). Terraform additionally implements a completely separate, more secure S3 bucket for archiving your daily data backups of MySQL and MongoDB. Common configuration settings `are located here `_ -- **CDN**. uses `AWS Cloudfront `_ as a CDN, publicly acccessible as https://cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}. Terraform creates Cloudfront distributions for each of your enviornments. These are linked to the respective public-facing S3 Bucket for each environment, and the requisite SSL/TLS ACM-issued certificate is linked. Terraform also automatically creates all Route53 DNS records of form cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}. Common configuration settings `are located here `_ +- **Compute Cluster**. uses either `AWS EC2 `_ behind a Classic Load Balancer (the default) or AWS' serverless compute cluster, `Fargate `_ behind an Application Load Balancer. +- **Kubernetes**. Uses `AWS Elastic Kubernetes Service `_ to implement a Kubernetes cluster onto which all applications and scheduled jobs are deployed as pods. +- **MySQL**. uses `AWS RDS `_ for all MySQL data, accessible inside the vpc as mysql.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}:3306. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. +- **MongoDB**. uses `AWS DocumentDB `_ for all MongoDB data, accessible insid the vpc as mongodb.master.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}:27017 and mongodb.reader.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}. Instance size settings are located in the `environment configuration file `_, and other common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. +- **Redis**. uses `AWS ElastiCache `_ for all Django application caches, accessible inside the vpc as cache.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}. Instance size settings are located in the `environment configuration file `_. This is necessary in order to make the Open edX application layer completely ephemeral. Most importantly, user's login session tokens are persisted in Redis and so these need to be accessible to all app containers from a single Redis cache. Common configuration settings `are located here `_. Passwords are stored in `Kubernetes Secrets `_ accessible from the EKS cluster. +- **Container Registry**. uses this `automated Github Actions workflow <.github/workflows/tutor_build_image.yml>`_ to build your `tutor Open edX container `_ and then register it in `Amazon Elastic Container Registry (Amazon ECR) `_. Uses this `automated Github Actions workflow <.github/workflows/tutor_deploy_prod.yml>`_ to deploy your container to `AWS Amazon Elastic Kubernetes Service (EKS) `_. EKS worker instance size settings are located in the `environment configuration file `_. Note that tutor provides out-of-the-box support for Kubernetes. Terraform leverages Elastic Kubernetes Service to create a Kubernetes cluster onto which all services are deployed. Common configuration settings `are located here `_ +- **User Data**. uses `AWS S3 `_ for storage of user data. This installation makes use of a `Tutor plugin to offload object storage `_ from the Ubuntu file system to AWS S3. It creates a public read-only bucket named of the form {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-storage, with write access provided to edxapp so that app-generated static content like user profile images, xblock-generated file content, application badges, e-commerce pdf receipts, instructor grades downloads and so on will be saved to this bucket. This is not only a necessary step for making your application layer ephemeral but it also facilitates the implementation of a CDN (which Terraform implements for you). Terraform additionally implements a completely separate, more secure S3 bucket for archiving your daily data backups of MySQL and MongoDB. Common configuration settings `are located here `_ +- **CDN**. uses `AWS Cloudfront `_ as a CDN, publicly acccessible as https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}. Terraform creates Cloudfront distributions for each of your enviornments. These are linked to the respective public-facing S3 Bucket for each environment, and the requisite SSL/TLS ACM-issued certificate is linked. Terraform also automatically creates all Route53 DNS records of form cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}. Common configuration settings `are located here `_ - **Password & Secrets Management** uses `Kubernetes Secrets `_ in the EKS cluster. Open edX software relies on many passwords and keys, collectively referred to in this documentation simply as, "*secrets*". For all back services, including all Open edX applications, system account and root passwords are randomly and strongluy generated during automated deployment and then archived in EKS' secrets repository. This methodology facilitates routine updates to all of your passwords and other secrets, which is good practice these days. Common configuration settings `are located here `_ - **SSL Certs**. Uses `AWS Certificate Manager `_ and LetsEncrypt. Terraform creates all SSL/TLS certificates. It uses a combination of AWS Certificate Manager (ACM) as well as LetsEncrypt. Additionally, the ACM certificates are stored in two locations: your aws-region as well as in us-east-1 (as is required by AWS CloudFront). Common configuration settings `are located here `_ - **DNS Management** uses `AWS Route53 `_ hosted zones for DNS management. Terraform expects to find your root domain already present in Route53 as a hosted zone. It will automatically create additional hosted zones, one per environment for production, dev, test and so on. It automatically adds NS records to your root domain hosted zone as necessary to link the zones together. Configuration data exists within several components but the highest-level settings `are located here `_ - **System Access** uses `AWS Identity and Access Management (IAM) `_ to manage all system users and roles. Terraform will create several user accounts with custom roles, one or more per service. - **Network Design**. uses `Amazon Virtual Private Cloud (Amazon VPC) `_ based on the AWS account number provided in the `global configuration file `_ to take a top-down approach to compartmentalize all cloud resources and to customize the operating enviroment for your Open edX resources. Terraform will create a new virtual private cloud into which all resource will be provisioned. It creates a sensible arrangment of private and public subnets, network security settings and security groups. See additional VPC documentation `here `_ -- **Proxy Access to Backend Services**. uses an `Amazon EC2 `_ t2.micro Ubuntu instance publicly accessible via ssh as bastion.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}:22 using the ssh key specified in the `global configuration file `_. For security as well as performance reasons all backend services like MySQL, Mongo, Redis and the Kubernetes cluster are deployed into their own private subnets, meaning that none of these are publicly accessible. See additional Bastion documentation `here `_. Terraform creates a t2.micro EC2 instance to which you can connect via ssh. In turn you can connect to services like MySQL via the bastion. Common configuration settings `are located here `_. Note that if you are cost conscious then you could alternatively use `AWS Cloud9 `_ to gain access to all backend services. +- **Proxy Access to Backend Services**. uses an `Amazon EC2 `_ t2.micro Ubuntu instance publicly accessible via ssh as bastion.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}:22 using the ssh key specified in the `global configuration file `_. For security as well as performance reasons all backend services like MySQL, Mongo, Redis and the Kubernetes cluster are deployed into their own private subnets, meaning that none of these are publicly accessible. See additional Bastion documentation `here `_. Terraform creates a t2.micro EC2 instance to which you can connect via ssh. In turn you can connect to services like MySQL via the bastion. Common configuration settings `are located here `_. Note that if you are cost conscious then you could alternatively use `AWS Cloud9 `_ to gain access to all backend services. FAQ --- @@ -260,7 +298,7 @@ Why Use Docker? In a word, `Docker `_ is about "Packaging" your software in a way that simplifies how it is installed and managed so that you benefit from fast, consistent delivery of your applications. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Meanwhile, Docker is an open platform for developing, shipping, and running applications. -For context, any software which you traditionally relied on Linux package managers like apt, snap or yum can alternativley be installed and run as a Docker container. +For context, any software which you traditionally relied on Linux package managers like apt, snap or yum can alternativley be installed and run as a Docker container. Some examples of stuff which an Open edX platform depends: Nginx, MySQL, MongoDB, Redis, and the Open edX application software itself which Tutor bundles into a container using `Docker Compose `_. Why Use Kubernetes? @@ -268,9 +306,9 @@ Why Use Kubernetes? `Kubernetes `_ manages Docker containers in a deployment enviornment. It provides an easy way to scale your application, and is a superior, cost-effective alternative to you manually creating and maintaing individual virtual servers for each of your backend services. It keeps code operational and speeds up the delivery process. Kubernetes enables automating a lot of resource management and provisioning tasks. -Your Open edX platform runs via multiple Docker containers: the LMS Django application , CMS Django application, one or more Celery-based worker nodes for each of these applications, nginx, Caddy, and any backend services that tutor manages like Nginx and SMTP for example. -Kubernetes creates EC2 instances and then decides where to place each of these containers based on various real-time resource-based factors. -This leads to your EC2 instances carrying optimal workloads, all the time. +Your Open edX platform runs via multiple Docker containers: the LMS Django application , CMS Django application, one or more Celery-based worker nodes for each of these applications, nginx, Caddy, and any backend services that tutor manages like Nginx and SMTP for example. +Kubernetes creates EC2 instances and then decides where to place each of these containers based on various real-time resource-based factors. +This leads to your EC2 instances carrying optimal workloads, all the time. Behind the scenes Kubernetes (EKS in our case) uses an EC2 Elastic Load Balancer (ELB) with an auto-scaling policy, both of which you can see from the AWS EC2 dashboard. @@ -290,4 +328,4 @@ Why Use Terraform? Why Use Terragrunt? ~~~~~~~~~~~~~~~~~~~ -`Terragrunt `_ is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state. DRY means don't repeat yourself. That helped a lot with self-repeating modules we had to use in this architecture. \ No newline at end of file +`Terragrunt `_ is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state. DRY means don't repeat yourself. That helped a lot with self-repeating modules we had to use in this architecture. diff --git a/{{cookiecutter.repo_name}}/ci/README.md b/{{cookiecutter.github_repo_name}}/ci/README.md similarity index 60% rename from {{cookiecutter.repo_name}}/ci/README.md rename to {{cookiecutter.github_repo_name}}/ci/README.md index dc74543d..de11744f 100644 --- a/{{cookiecutter.repo_name}}/ci/README.md +++ b/{{cookiecutter.github_repo_name}}/ci/README.md @@ -1,3 +1,3 @@ ## Github Actions Workflow -These folders contain additional resources that are needed by Github Actions workflows created for you by CookieCutter for Tutor Build and Deployments. The actual workflows are located in [.github/workflows](.github/workflows). \ No newline at end of file +These folders contain additional resources that are needed by Github Actions workflows created for you by Cookiecutter for Tutor Build and Deployments. The actual workflows are located in [.github/workflows](.github/workflows). diff --git a/{{cookiecutter.repo_name}}/ci/tutor-build/README.md b/{{cookiecutter.github_repo_name}}/ci/tutor-build/README.md similarity index 99% rename from {{cookiecutter.repo_name}}/ci/tutor-build/README.md rename to {{cookiecutter.github_repo_name}}/ci/tutor-build/README.md index d2dcb9b0..4f2a19a3 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-build/README.md +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-build/README.md @@ -26,4 +26,3 @@ The docker image tag will be automatically suffixed with a timestamp. The full l unique docker tag can be visualised in the last user defined step of the workflow. This value then needs to be updated on the target environment's configuration on the [deployment repository](https://github.com/{{ cookiecutter.github_account_name }}/tutor-deploy). - diff --git a/{{cookiecutter.repo_name}}/ci/tutor-build/requirements/private.txt b/{{cookiecutter.github_repo_name}}/ci/tutor-build/requirements/private.txt similarity index 100% rename from {{cookiecutter.repo_name}}/ci/tutor-build/requirements/private.txt rename to {{cookiecutter.github_repo_name}}/ci/tutor-build/requirements/private.txt diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/.gitignore b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/.gitignore similarity index 94% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/.gitignore rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/.gitignore index 1f9f59da..6f6812bc 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/.gitignore +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/.gitignore @@ -10,4 +10,4 @@ override.tf.json .test-data modules/**/.test-data .terragrunt-cache -.DS_Store \ No newline at end of file +.DS_Store diff --git a/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/config.yml b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/config.yml new file mode 100644 index 00000000..e40ce970 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/config.yml @@ -0,0 +1,3 @@ +LMS_HOSTNAME={{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +CMS_HOSTNAME=studio.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +DOCKER_IMAGE_OPENEDX={{ cookiecutter.global_account_id }}.dkr.ecr.{{ cookiecutter.global_aws_region }}.amazonaws.com/openedx:latest diff --git a/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_ec2/README.md b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_ec2/README.md new file mode 100644 index 00000000..ecb21132 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_ec2/README.md @@ -0,0 +1,68 @@ +# Tutor Deploy to EKS With ALB + +## Open edX Tutor Deployment +This repository contains a set of GitHub actions workflows to deploy Tutor's Open edX onto our [Kubenetes (EKS) cluster](https://github.com/{{ cookiecutter.github_account_name }}/terraform-aws). + + +## How it works +All the logic is defined in the actual workflow. It mostly follows the steps outlined on Tutor's documentation with some adaptations to run it in a disposable CI environment. + +When running the Tutor CLI on a local machine it can run in an interactive mode and persists the captured config into a local file. In the context of a CI job, such as GitHub Actions, this is not possible. + +Luckily the Tutor CLI allows all of it's params to be passed as a command line argument, or as an environment variable. We leverage this feature to provide all the custom details, from external sources. + + +## Dependencies +This workflow needs to collect some parameters for Tutor from external sources, such as credentials and endpoints from backing services. As a rule of thumb these are fetched from a predefined Kubernetes secret resource on the target namespace for the environment. + +Also, the backing services need to be readily available prior to deploying the Open edX platform, because Tutor and the workflow will need to run several initialisation tasks; Django database migrations for example. + +All the necessary dependencies need to be deployed prior to deploying an environment for the first time using the terraform stack in [this repo](https://github.com/{{ cookiecutter.github_account_name }}/terraform-aws) and [this repo](https://github.com/{{ cookiecutter.github_account_name }}/terraform-openedx). + +The Terraform stack will create all of the resources needed for this deployment workflow to operate and deliver a running edX platform. +- Kubernetes namespace +- Mysql database (RDS) +- ElasticSearch (AWS ElasticSearch) -- MCDANIEL: REMOVED FEB-2022 +- Redis (AWS ElasticCache Redis) +- S3 Bucket +- Kubernetes' secrets containing the locations and credentials for all the above AWS services and others + + +## Deployment process +Once the Terraform stack with the Open edX dependencies has been successfully applied for a particular Open edX environment (one-off) we just need to trigger the desired environment's workflow dispatch. + +### Repository structure +This repository contains a directory `environemnts` with the following structure + +Taking the `dev` environment as an example, the file structure looks like this: + +``` +└── environments +├── dev +│ ├── config.yml +│ ├── k8s +│ │ ├── cluster-issuer.yml +│ │ └── ingress.yml +│ └── settings_merge.json +``` + +#### config.yml +This file contains a few entries that will be fed into early the Tutor configuration stage. +These are the FQDNs of the LMS and CMS components of Open edX and the location of the custom image that we build [here](https://github.com/{{ cookiecutter.github_account_name }}/tutor-build). + +#### k8s + +This is a directory that contains predefined Kubernetes resources to deploy edX + + ├── cluster-issuer.yml + └── ingress.yml + +This is a definition of a ClusterIssuer and a TLS Certificate. +These resources create a Kubernetes ingress with TLS support and generate a TLS certificate to match the associated domain. +They are applied and enforced during the deployment. + +#### settings_merge.json +This file contains custom configuration that is not managed by Tutor, but that we need to add to the running Open edX services so that our plugin can work. + +We cannot tell Tutor to include extra configuration or settings that it does not manage, +so we will merge this JSON block to the final rendered configuration that will be passed on to the edX services ,the LMS and the CMS. diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/README.md b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_fargate/README.md similarity index 95% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/README.md rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_fargate/README.md index 4dc8a83a..e60d0517 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/README.md +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_alb_fargate/README.md @@ -1,4 +1,5 @@ -# tutor-deploy +# Tutor Deploy to EKS Fargate + ## Open edX Tutor Deployment This repository contains a set of GitHub actions workflows to deploy Tutor's Open edX onto our [Kubenetes (EKS) cluster](https://github.com/{{ cookiecutter.github_account_name }}/terraform-aws). @@ -28,7 +29,7 @@ The Terraform stack will create all of the resources needed for this deployment ## Deployment process -Once the Terraform stack with the Open edX dependencies has been successfully applied for a particular Open edX environment (one-off) we just need to trigger the desired environment's workflow dispatch. +Once the Terraform stack with the Open edX dependencies has been successfully applied for a particular Open edX environment (one-off) we just need to trigger the desired environment's workflow dispatch. ### Repository structure This repository contains a directory `environemnts` with the following structure @@ -56,13 +57,12 @@ This is a directory that contains predefined Kubernetes resources to deploy edX ├── cluster-issuer.yml └── ingress.yml -This is a definition of a ClusterIssuer and a TLS Certificate. +This is a definition of a ClusterIssuer and a TLS Certificate. These resources create a Kubernetes ingress with TLS support and generate a TLS certificate to match the associated domain. -They are applied and enforced during the deployment. +They are applied and enforced during the deployment. #### settings_merge.json This file contains custom configuration that is not managed by Tutor, but that we need to add to the running Open edX services so that our plugin can work. -We cannot tell Tutor to include extra configuration or settings that it does not manage, +We cannot tell Tutor to include extra configuration or settings that it does not manage, so we will merge this JSON block to the final rendered configuration that will be passed on to the edX services ,the LMS and the CMS. - diff --git a/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/README.md b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/README.md new file mode 100644 index 00000000..3b3feabd --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/README.md @@ -0,0 +1,68 @@ +# Tutor Deploy to EKS With CLB + +## Open edX Tutor Deployment +This repository contains a set of GitHub actions workflows to deploy Tutor's Open edX onto our [Kubenetes (EKS) cluster](https://github.com/{{ cookiecutter.github_account_name }}/terraform-aws). + + +## How it works +All the logic is defined in the actual workflow. It mostly follows the steps outlined on Tutor's documentation with some adaptations to run it in a disposable CI environment. + +When running the Tutor CLI on a local machine it can run in an interactive mode and persists the captured config into a local file. In the context of a CI job, such as GitHub Actions, this is not possible. + +Luckily the Tutor CLI allows all of it's params to be passed as a command line argument, or as an environment variable. We leverage this feature to provide all the custom details, from external sources. + + +## Dependencies +This workflow needs to collect some parameters for Tutor from external sources, such as credentials and endpoints from backing services. As a rule of thumb these are fetched from a predefined Kubernetes secret resource on the target namespace for the environment. + +Also, the backing services need to be readily available prior to deploying the Open edX platform, because Tutor and the workflow will need to run several initialisation tasks; Django database migrations for example. + +All the necessary dependencies need to be deployed prior to deploying an environment for the first time using the terraform stack in [this repo](https://github.com/{{ cookiecutter.github_account_name }}/terraform-aws) and [this repo](https://github.com/{{ cookiecutter.github_account_name }}/terraform-openedx). + +The Terraform stack will create all of the resources needed for this deployment workflow to operate and deliver a running edX platform. +- Kubernetes namespace +- Mysql database (RDS) +- ElasticSearch (AWS ElasticSearch) -- MCDANIEL: REMOVED FEB-2022 +- Redis (AWS ElasticCache Redis) +- S3 Bucket +- Kubernetes' secrets containing the locations and credentials for all the above AWS services and others + + +## Deployment process +Once the Terraform stack with the Open edX dependencies has been successfully applied for a particular Open edX environment (one-off) we just need to trigger the desired environment's workflow dispatch. + +### Repository structure +This repository contains a directory `environemnts` with the following structure + +Taking the `dev` environment as an example, the file structure looks like this: + +``` +└── environments +├── dev +│ ├── config.yml +│ ├── k8s +│ │ ├── cluster-issuer.yml +│ │ └── ingress.yml +│ └── settings_merge.json +``` + +#### config.yml +This file contains a few entries that will be fed into early the Tutor configuration stage. +These are the FQDNs of the LMS and CMS components of Open edX and the location of the custom image that we build [here](https://github.com/{{ cookiecutter.github_account_name }}/tutor-build). + +#### k8s + +This is a directory that contains predefined Kubernetes resources to deploy edX + + ├── cluster-issuer.yml + └── ingress.yml + +This is a definition of a ClusterIssuer and a TLS Certificate. +These resources create a Kubernetes ingress with TLS support and generate a TLS certificate to match the associated domain. +They are applied and enforced during the deployment. + +#### settings_merge.json +This file contains custom configuration that is not managed by Tutor, but that we need to add to the running Open edX services so that our plugin can work. + +We cannot tell Tutor to include extra configuration or settings that it does not manage, +so we will merge this JSON block to the final rendered configuration that will be passed on to the edX services ,the LMS and the CMS. diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/cluster-issuer.yml b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/cluster-issuer.yml similarity index 81% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/cluster-issuer.yml rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/cluster-issuer.yml index 434866e8..6f06b952 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/cluster-issuer.yml +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/cluster-issuer.yml @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: setup SSL certs for EKS load balancer worker node instances. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer @@ -33,6 +33,6 @@ spec: issuerRef: kind: ClusterIssuer name: letsencrypt - commonName: {{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} + commonName: {{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} dnsNames: - - "*.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}" + - "*.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/data-backup.yml b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/data-backup.yml similarity index 97% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/data-backup.yml rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/data-backup.yml index e18b2aed..2c40e05e 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/data-backup.yml +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/data-backup.yml @@ -1,16 +1,16 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: Dumps mysql and mongo. stores the completed backups in AWS S3 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ apiVersion: batch/v1beta1 kind: CronJob metadata: name: data-backup - namespace: {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} + namespace: {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} spec: schedule: "0 8 * * *" jobTemplate: diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/ingress.yml b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/ingress.yml similarity index 75% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/ingress.yml rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/ingress.yml index 02be4cd0..e80d0f87 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/k8s/ingress.yml +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/k8s/eks_clb_ec2/ingress.yml @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: setup nginx for EKS load balancer. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: openedx - namespace: {{ cookiecutter.prod_environment }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} + namespace: {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }} annotations: - # mcdaniel + # mcdaniel # https://www.cyberciti.biz/faq/nginx-upstream-sent-too-big-header-while-reading-response-header-from-upstream/ # to fix "[error] 199#199: *15739 upstream sent too big header while reading response header from upstream" # --------------------- @@ -26,11 +26,11 @@ metadata: spec: tls: - hosts: - - "{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}" - - "*.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}" + - "{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" + - "*.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" secretName: wild-openedx-prod-tls rules: - - host: {{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} + - host: {{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} http: paths: - path: / @@ -40,7 +40,7 @@ spec: name: lms port: number: 8000 - - host: studio.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} + - host: studio.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} http: paths: - path: / diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/settings_merge.json b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.json similarity index 84% rename from {{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/settings_merge.json rename to {{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.json index b7d7dafc..e44fa184 100644 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/settings_merge.json +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.json @@ -2,10 +2,10 @@ "CORS_ORIGIN_ALLOW_ALL": true, "CORS_ORIGIN_WHITELIST": [ "https://{{ cookiecutter.global_root_domain }}", - "https://{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}", - "https://studio.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}" + "https://{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}", + "https://studio.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" ], - "CROSS_DOMAIN_CSRF_COOKIE_DOMAIN": "{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}", + "CROSS_DOMAIN_CSRF_COOKIE_DOMAIN": "{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}", "CROSS_DOMAIN_CSRF_COOKIE_NAME": "native-csrf-cookie", "CSRF_COOKIE_SECURE": true, "CSRF_TRUSTED_ORIGINS": [], @@ -16,7 +16,7 @@ "AWS_SES_REGION_NAME": "{{ cookiecutter.global_aws_region }}", "CREDIT_HELP_LINK_URL": "https://{{ cookiecutter.global_root_domain }}/support/", "DEFAULT_MOBILE_AVAILABLE": false, - "DEFAULT_EMAIL_LOGO_URL": "https://cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}", + "DEFAULT_EMAIL_LOGO_URL": "https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}", "ENTERPRISE_SUPPORT_URL": "https://{{ cookiecutter.global_root_domain }}/support/", "ENTERPRISE_TAGLINE": "{{ cookiecutter.global_platform_name }}", "FACEBOOK_API_VERSION": "v12.0", @@ -50,14 +50,14 @@ "ENABLE_SYSADMIN_DASHBOARD": false, "ENABLE_THIRD_PARTY_AUTH": false, "ENABLE_VIDEO_UPLOAD_PIPELINE": false, - "PREVIEW_LMS_BASE": "{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}/", + "PREVIEW_LMS_BASE": "{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}/", "SHOW_FOOTER_LANGUAGE_SELECTOR": false, "SHOW_HEADER_LANGUAGE_SELECTOR": false }, "ID_VERIFICATION_SUPPORT_LINK": "https://{{ cookiecutter.global_root_domain }}/support/", "LANGUAGE_CODE": "en", "LANGUAGE_COOKIE": "openedx-language-preference", - "LOGO_URL_PNG": "https://cdn.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}", + "LOGO_URL_PNG": "https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}", "PLATFORM_DESCRIPTION": "{{ cookiecutter.global_platform_description }}", "PLATFORM_FACEBOOK_ACCOUNT": "http://www.facebook.com/", "PLATFORM_NAME": "{{ cookiecutter.global_platform_name }}", @@ -74,12 +74,12 @@ "terms_of_service": "hidden", "year_of_birth": "hidden" }, - "SESSION_COOKIE_DOMAIN": "{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}", + "SESSION_COOKIE_DOMAIN": "{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}", "SESSION_COOKIE_NAME": "sessionid", "SESSION_COOKIE_SECURE": true, "SOCIAL_AUTH_REDIRECT_IS_HTTPS": true, "SOCIAL_AUTH_RAISE_EXCEPTIONS": false, - "SOCIAL_AUTH_BACKEND_ERROR_URL": "https://{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }}/oauth-error", + "SOCIAL_AUTH_BACKEND_ERROR_URL": "https://{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}/oauth-error", "SOCIAL_MEDIA_FOOTER_URLS": { "linkedin": "https://www.linkedin.com/", "twitter": "https://twitter.com/", @@ -109,4 +109,4 @@ "TECH_SUPPORT_EMAIL": "technical@{{ cookiecutter.global_root_domain }}", "UNIVERSITY_EMAIL": "university@{{ cookiecutter.global_root_domain }}" -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/doc/mysql-workbench.png b/{{cookiecutter.github_repo_name}}/doc/mysql-workbench.png similarity index 100% rename from {{cookiecutter.repo_name}}/doc/mysql-workbench.png rename to {{cookiecutter.github_repo_name}}/doc/mysql-workbench.png diff --git a/{{cookiecutter.repo_name}}/doc/repository-secrets.png b/{{cookiecutter.github_repo_name}}/doc/repository-secrets.png similarity index 100% rename from {{cookiecutter.repo_name}}/doc/repository-secrets.png rename to {{cookiecutter.github_repo_name}}/doc/repository-secrets.png diff --git a/{{cookiecutter.github_repo_name}}/make.sh b/{{cookiecutter.github_repo_name}}/make.sh new file mode 100755 index 00000000..c61c8e29 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/make.sh @@ -0,0 +1,27 @@ +#!/bin/sh +#------------------------------------------------------------------------------ +# written by: mcdaniel +# https://lawrencemcdaniel.com +# +# date: mar-2022 +# +# usage: Re-runs the Cookiecutter for this repository. +#------------------------------------------------------------------------------ + +GITHUB_REPO="gh:lpm0073/cookiecutter-openedx-devops" +GITHUB_BRANCH="main" +OUTPUT_FOLDER="../" + +cookiecutter --checkout $GITHUB_BRANCH \ + --output-dir $OUTPUT_FOLDER \ + --overwrite-if-exists \ + --no-input \ + $GITHUB_REPO \ + global_platform_name={{ cookiecutter.global_platform_name }} \ + global_platform_region={{ cookiecutter.global_platform_region }} \ + global_aws_region={{ cookiecutter.global_aws_region }} \ + global_account_id={{ cookiecutter.global_account_id }} \ + global_root_domain={{ cookiecutter.global_root_domain }} \ + global_aws_route53_hosted_zone_id={{ cookiecutter.global_aws_route53_hosted_zone_id }} \ + environment_name={{ cookiecutter.environment_name }} \ + environment_subdomain={{ cookiecutter.environment_subdomain }} diff --git a/{{cookiecutter.repo_name}}/terraform/components/README.md b/{{cookiecutter.github_repo_name}}/terraform/components/README.md similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/README.md rename to {{cookiecutter.github_repo_name}}/terraform/components/README.md index b0abc180..d15762dc 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/README.md +++ b/{{cookiecutter.github_repo_name}}/terraform/components/README.md @@ -4,4 +4,4 @@ These are logical representations of actual AWS resources (ie services) that you Since each of these represent AWS' premium service offering for each respective service (MySQL, MongoDB, Redis, etc), there are more options available to you. For example, each of these services can be independently sized. You can specifiy maintenance windows for automated upgrades, backup time windows and so forth. -Note that **you do not execute any of these Terraform scripts directly**. Quite the contrary, each of these components is wired to its Terragrunt counterpart located in [terraform/environments/prod](terraform/environments/prod) and is called by Terragrunt. \ No newline at end of file +Note that **you do not execute any of these Terraform scripts directly**. Quite the contrary, each of these components is wired to its Terragrunt counterpart located in [terraform/environments/prod](terraform/environments/prod) and is called by Terragrunt. diff --git a/{{cookiecutter.repo_name}}/terraform/components/bastion/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/main.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/bastion/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/bastion/main.tf index 80c44994..f1f4dd2c 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/bastion/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/main.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: create an EC2 instance with ssh access and a DNS record. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ provider "random" {} data "aws_route53_zone" "environment" { diff --git a/{{cookiecutter.repo_name}}/terraform/components/bastion/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/outputs.tf similarity index 89% rename from {{cookiecutter.repo_name}}/terraform/components/bastion/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/bastion/outputs.tf index 5ff0ff7c..cf52a34a 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/bastion/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/outputs.tf @@ -1,8 +1,8 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: create an EC2 instance with ssh access and a DNS record. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ diff --git a/{{cookiecutter.repo_name}}/terraform/components/bastion/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/variables.tf similarity index 86% rename from {{cookiecutter.repo_name}}/terraform/components/bastion/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/bastion/variables.tf index d6b4477e..7f680e7c 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/bastion/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/variables.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: create an EC2 instance with ssh access and a DNS record. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "vpc_id" { description = "VPC where the cluster and workers will be deployed." type = string @@ -35,23 +35,23 @@ variable "tags" { default = {} } variable "environment_domain" { - type = string + type = string } variable "environment_namespace" { - type = string + type = string } variable "platform_name" { - type = string + type = string } variable "platform_region" { - type = string + type = string } variable "environment" { - type = string + type = string } variable "ec2_ssh_key_name" { - type = string -} \ No newline at end of file + type = string +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/bastion/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/versions.tf similarity index 57% rename from {{cookiecutter.repo_name}}/terraform/components/bastion/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/bastion/versions.tf index f463b3a9..1f75e0b0 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/bastion/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/bastion/versions.tf @@ -1,21 +1,22 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: create an EC2 instance with ssh access and a DNS record. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 0.13.1" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.2.0" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } random = { - source = "hashicorp/random" + source = "hashicorp/random" + version = "{{ cookiecutter.terraform_provider_hashicorp_random_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/main.tf similarity index 77% rename from {{cookiecutter.repo_name}}/terraform/components/cloudfront/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/cloudfront/main.tf index 6bbd8a04..7232b2db 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/main.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # @@ -8,15 +8,15 @@ # create one Cloudfront distribution for the environment, plus one more # for each subdomain. # -# the origin of the Cloudfront distribution will be an S3 bucket named +# the origin of the Cloudfront distribution will be an S3 bucket named # of the form [environment]-[platform_name]-[platform_region]-storage # -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { - s3_bucket_name = var.resource_name - s3_bucket_domain = "${local.s3_bucket_name}.s3.${var.aws_region}.amazonaws.com" - cdn_name = "cdn.${var.environment_domain}" + s3_bucket_name = var.resource_name + s3_bucket_domain = "${local.s3_bucket_name}.s3.${var.aws_region}.amazonaws.com" + cdn_name = "cdn.${var.environment_domain}" } provider "aws" { @@ -30,8 +30,8 @@ data "aws_route53_zone" "environment_domain" { } -# see ./acm.tf for creation of this certificate as well as -# the definition for the provider "aws.us-east-1" +# see eks_ec2/acm.tf or eks_fargate/acm.tf for creation of this certificate +# as well as the definition for the provider "aws.us-east-1" data "aws_acm_certificate" "environment_domain" { domain = var.environment_domain statuses = ["ISSUED"] @@ -49,8 +49,8 @@ resource "aws_route53_record" "cdn_environment_domain" { type = "A" alias { - name = "${module.cdn_environment_domain.cloudfront_distribution_domain_name}" - zone_id = "${module.cdn_environment_domain.cloudfront_distribution_hosted_zone_id}" + name = module.cdn_environment_domain.cloudfront_distribution_domain_name + zone_id = module.cdn_environment_domain.cloudfront_distribution_hosted_zone_id evaluate_target_health = false } @@ -59,7 +59,7 @@ resource "aws_route53_record" "cdn_environment_domain" { module "cdn_environment_domain" { source = "terraform-aws-modules/cloudfront/aws" - version = "2.9.2" + version = "~> 2" aliases = [local.cdn_name] @@ -69,7 +69,7 @@ module "cdn_environment_domain" { price_class = "PriceClass_All" retain_on_delete = false wait_for_deployment = false - + origin = { s3_bucket = { domain_name = "${local.s3_bucket_domain}" @@ -77,8 +77,8 @@ module "cdn_environment_domain" { } default_cache_behavior = { - target_origin_id = "s3_bucket" - viewer_protocol_policy = "allow-all" + target_origin_id = "s3_bucket" + viewer_protocol_policy = "allow-all" allowed_methods = ["GET", "HEAD", "OPTIONS"] cached_methods = ["GET", "HEAD"] @@ -104,4 +104,3 @@ module "cdn_environment_domain" { ssl_support_method = "sni-only" } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/outputs.tf similarity index 87% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/cloudfront/outputs.tf index a2ec9eb6..e539e323 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/outputs.tf @@ -1,6 +1,6 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 -#------------------------------------------------------------------------------ \ No newline at end of file +#------------------------------------------------------------------------------ diff --git a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/variables.tf similarity index 89% rename from {{cookiecutter.repo_name}}/terraform/components/cloudfront/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/cloudfront/variables.tf index 11aab113..889ec7a4 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/variables.tf @@ -1,19 +1,19 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_domain" { - type = string + type = string } variable "environment_namespace" { - type = string + type = string } variable "resource_name" { - type = string + type = string } variable "tags" { @@ -24,5 +24,5 @@ variable "tags" { variable "aws_region" { description = "The region in which the origin S3 bucket was created." - type = string -} \ No newline at end of file + type = string +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/versions.tf similarity index 63% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/cloudfront/versions.tf index 164c55aa..2fa47171 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/cloudfront/versions.tf @@ -1,20 +1,16 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 0.13.0" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.2" - } - local = { - source = "hashicorp/local" - version = ">= 1.3" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/kubernetes.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/data_backup_s3/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/kubernetes.tf index 1fd8ea3e..5a7e725c 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/kubernetes.tf @@ -1,14 +1,14 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. # # store S3 credentials (key/secret pair) in EKS Kubernetes Secrets. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/main.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/data_backup_s3/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/main.tf index 6d5b4098..afe08f37 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/main.tf @@ -1,15 +1,15 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ module "data_backup_s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 2.14" + version = "~> 2" bucket = var.resource_name acl = "private" diff --git a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/outputs.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/data_backup_s3/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/outputs.tf index f171e720..30875f76 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/outputs.tf @@ -1,12 +1,12 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ output "s3_bucket_id" { description = "The name of the bucket." value = module.data_backup_s3_bucket.s3_bucket_id diff --git a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/variables.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/data_backup_s3/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/variables.tf index 96a0d3dd..9e728b44 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/variables.tf @@ -1,12 +1,12 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "bucket_name" { description = "Name of the Open edX S3 bucket" type = string diff --git a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/versions.tf similarity index 67% rename from {{cookiecutter.repo_name}}/terraform/components/data_backup_s3/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/versions.tf index 6677eb75..ad91a051 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/data_backup_s3/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/data_backup_s3/versions.tf @@ -1,19 +1,19 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.69" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/README.md b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/README.md new file mode 100644 index 00000000..ec020e9c --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/README.md @@ -0,0 +1 @@ +## Elastic Kubernetes with EC2 Worker Nodes + Classic Load Balancer diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/acm.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/acm.tf new file mode 100644 index 00000000..88021d04 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/acm.tf @@ -0,0 +1,83 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: Feb-2022 +# +# usage: Add tls certs to us-east-1 for Cloudfront distributions. +# +# we have to add these here, inside of eks because we +# need to iterate the subdomains, and this is only possible +# within the terragrunt module in which the subdomain +# resources are created. +# +# that is, the following line only works from +# inside eks: +# aws_route53_zone.subdomain[count.index].name +# +# where aws_route53_zone was declared as a resource rather +# than as data +#------------------------------------------------------------------------------ + +provider "aws" { + alias = "us-east-1" + region = "us-east-1" +} + +module "acm_root_domain" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + domain_name = var.root_domain + zone_id = data.aws_route53_zone.root_domain.id + + subject_alternative_names = [ + "*.${var.root_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_environment_domain" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + domain_name = var.environment_domain + zone_id = data.aws_route53_zone.environment_domain.id + + subject_alternative_names = [ + "*.${var.environment_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_subdomains" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + count = length(var.subdomains) + domain_name = aws_route53_zone.subdomain[count.index].name + zone_id = aws_route53_zone.subdomain[count.index].id + + subject_alternative_names = [ + "*.${aws_route53_zone.subdomain[count.index].name}", + ] + + wait_for_validation = true + tags = var.tags +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/cert-manager-values.yaml.tpl b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/cert-manager-values.yaml.tpl similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/eks/cert-manager-values.yaml.tpl rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/cert-manager-values.yaml.tpl diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/cert-manager.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/cert-manager.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/eks/cert-manager.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/cert-manager.tf index de2ad591..607a3ecd 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/cert-manager.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/cert-manager.tf @@ -1,14 +1,14 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: Add tls certs for EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ module "cert_manager_irsa" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "4.1.0" + version = "~> 4.1" create_role = true role_name = "${local.name}-cert_manager-irsa" provider_url = replace(module.eks.cluster_oidc_issuer_url, "https://", "") diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/ingress.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/ingress.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/eks/ingress.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/ingress.tf index 1d2bd660..eb95f6f3 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/ingress.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/ingress.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: Add nginx proxy for EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { external_dns_annotation = "*.${var.environment_domain}" } @@ -25,7 +25,7 @@ resource "helm_release" "nginx" { chart = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" - version = "3.34.0" + version = "~> 3" set { name = "service.type" @@ -68,5 +68,3 @@ resource "aws_route53_record" "ingress_domains_naked" { evaluate_target_health = true } } - - diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/main.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/eks/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/main.tf index 9890087c..92eab56e 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/main.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: build an EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { name = var.cluster_name tags = var.tags diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/outputs.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/eks/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/outputs.tf index 2f97951f..05d87e62 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/outputs.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: build an EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ output "cluster_id" { description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready." value = module.eks.cluster_id diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/route53.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/eks/route53.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/route53.tf index ecc51c4b..92298d0f 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/route53.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create DNS records for EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_route53_zone" "root_domain" { name = var.root_domain } @@ -51,4 +51,3 @@ resource "aws_route53_record" "wildcard" { evaluate_target_health = true } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/variables.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/eks/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/variables.tf index aa7f0084..76802bbf 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/variables.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: build an EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "cluster_name" { description = "Name of the EKS cluster. Also used as a prefix in names of related resources." type = string @@ -24,7 +24,7 @@ variable "enable_irsa" { variable "environment_domain" { - type = string + type = string } variable "map_users" { @@ -40,7 +40,7 @@ variable "map_users" { variable "environment_namespace" { - type = string + type = string } variable "map_roles" { diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/versions.tf new file mode 100644 index 00000000..26b943d2 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/eks_clb_ec2/versions.tf @@ -0,0 +1,18 @@ +#------------------------------------------------------------------------------ +# written by: Miguel Afonso +# https://www.linkedin.com/in/mmafonso/ +# +# date: Aug-2021 +# +# usage: build an EKS cluster load balancer +#------------------------------------------------------------------------------ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + local = "{{ cookiecutter.terraform_provider_hashicorp_local_version }}" + random = "{{ cookiecutter.terraform_provider_hashicorp_random_version }}" + kubernetes = "{{ cookiecutter.terraform_provider_kubernetes_version }}" + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/jwt/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/main.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/jwt/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/jwt/main.tf index 089bbbd8..d9d94210 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/jwt/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/main.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create a Javascript Web Token (JWT) to be added # to the Open edX build configuration. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/jwt/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/variables.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/jwt/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/jwt/variables.tf index 15cd4ca9..4294326b 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/jwt/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/variables.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create a Javascript Web Token (JWT) to be added # to the Open edX build configuration. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_namespace" { description = "kubernetes namespace where to place resources" type = string diff --git a/{{cookiecutter.repo_name}}/terraform/components/jwt/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/versions.tf similarity index 69% rename from {{cookiecutter.repo_name}}/terraform/components/jwt/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/jwt/versions.tf index 1ac5ae5d..d3d16812 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/jwt/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/jwt/versions.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,14 +6,14 @@ # # usage: create a Javascript Web Token (JWT) to be added # to the Open edX build configuration. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.2" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/main.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/kubernetes/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/kubernetes/main.tf index c66c15d9..be880f0f 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/main.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an EKS cluster. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/variables.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/kubernetes/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/kubernetes/variables.tf index 5ccbc5d0..470b28e6 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/variables.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an EKS cluster. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_namespace" { description = "kubernetes namespace where to place resources" type = string diff --git a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/versions.tf similarity index 65% rename from {{cookiecutter.repo_name}}/terraform/components/kubernetes/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/kubernetes/versions.tf index 5ea70abb..25421b09 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/kubernetes/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/kubernetes/versions.tf @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an EKS cluster. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.2" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/kubernetes.tf similarity index 75% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mongodb/kubernetes.tf index 0ff035bc..c1b5f2f0 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/kubernetes.tf @@ -1,14 +1,14 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: store MongoDB credentials in EKS Cluster Kubernetes Secrets -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { - mongo_host = "${aws_route53_record.master.name}.${var.environment_domain}" + mongo_host = "${aws_route53_record.master.name}.${var.environment_domain}" } @@ -43,10 +43,9 @@ resource "kubernetes_secret" "mongodb_admin" { } data = { - MONGODB_HOST = local.mongo_host - MONGODB_PORT = var.db_port - MONGODB_USERNAME = aws_docdb_cluster.default.master_username - MONGODB_PASSWORD = random_password.mongodb_admin.result + MONGODB_HOST = local.mongo_host + MONGODB_PORT = var.db_port + MONGODB_USERNAME = aws_docdb_cluster.default.master_username + MONGODB_PASSWORD = random_password.mongodb_admin.result } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/main.tf similarity index 88% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mongodb/main.tf index cb9ecf10..b896fbeb 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/main.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # @@ -6,7 +6,7 @@ # # usage: setup a DocumentDB MongoDB cluster with connectivity # to anything inside the VPN. create DNS records for master and reader. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { } @@ -30,13 +30,13 @@ resource "aws_security_group" "mongo_cluster" { #} resource "aws_security_group_rule" "ingress_security_groups" { - type = "ingress" - description = "Allow inbound traffic from the VPC" - from_port = var.db_port - to_port = var.db_port - protocol = "tcp" - cidr_blocks = [var.vpc_cidr_block] - security_group_id = aws_security_group.mongo_cluster.id + type = "ingress" + description = "Allow inbound traffic from the VPC" + from_port = var.db_port + to_port = var.db_port + protocol = "tcp" + cidr_blocks = [var.vpc_cidr_block] + security_group_id = aws_security_group.mongo_cluster.id } @@ -91,9 +91,8 @@ resource "aws_docdb_cluster_parameter_group" "no_tls" { parameter { apply_method = "pending-reboot" - name="tls" - value="disabled" - } + name = "tls" + value = "disabled" + } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/outputs.tf similarity index 86% rename from {{cookiecutter.repo_name}}/terraform/components/cloudfront/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mongodb/outputs.tf index dcd41a43..e539e323 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/outputs.tf @@ -1,6 +1,6 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/route53.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/route53.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mongodb/route53.tf index c4221c05..f7328afd 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/route53.tf @@ -12,7 +12,7 @@ resource "aws_route53_record" "master" { ttl = "300" records = ["${aws_docdb_cluster.default.endpoint}"] - } +} resource "aws_route53_record" "replica" { diff --git a/{{cookiecutter.repo_name}}/terraform/components/mongodb/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/variables.tf similarity index 94% rename from {{cookiecutter.repo_name}}/terraform/components/mongodb/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mongodb/variables.tf index c535f5e4..6f8841fd 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mongodb/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/variables.tf @@ -1,43 +1,43 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "storage_encrypted" { - type = bool - default = false + type = bool + default = false description = "Specifies whether the DB cluster is encrypted. " } variable "apply_immediately" { - type = bool - default = false + type = bool + default = false description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. " } variable "skip_final_snapshot" { - type = bool - default = true + type = bool + default = true description = "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier." } variable "preferred_maintenance_window" { - type = string - default = "" + type = string + default = "" description = "The weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30" } variable "preferred_backup_window" { - type = string + type = string default = "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC Default: A 30-minute window selected at random from an 8-hour block of time per regionE.g., 04:00-09:00" } variable "auto_minor_version_upgrade" { - type = bool + type = bool default = true } variable "vpc_cidr_block" { - type = string + type = string default = "CIDR for the VPC. example: 192.168.0.0/20" } @@ -211,12 +211,12 @@ variable "environment_namespace" { description = "" type = string } -variable "environment_domain"{ +variable "environment_domain" { description = "" type = string } variable "resource_name" { - type = string + type = string default = "" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/versions.tf new file mode 100644 index 00000000..358081a2 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mongodb/versions.tf @@ -0,0 +1,20 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: Feb-2022 +#------------------------------------------------------------------------------ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + local = { + source = "hashicorp/local" + version = "{{ cookiecutter.terraform_provider_hashicorp_local_version }}" + } + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/kubernetes.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/kubernetes.tf index c5e9729d..bc16b5aa 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/kubernetes.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create an RDS MySQL instance. # store the MySQL credentials in Kubernetes Secrets -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/main.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/main.tf index 3688797b..46ad69ca 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/main.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an RDS MySQL instance. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { name = var.identifier diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/outputs.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/outputs.tf index 18fe0865..fa55fa37 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/outputs.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an RDS MySQL instance. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ output "db_instance_address" { description = "The address of the RDS instance" value = module.db.db_instance_address @@ -92,4 +92,3 @@ output "db_enhanced_monitoring_iam_role_arn" { description = "The Amazon Resource Name (ARN) specifying the monitoring role" value = module.db.enhanced_monitoring_iam_role_arn } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/route53.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/route53.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/route53.tf index 09ac7c13..c0742de8 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/route53.tf @@ -11,4 +11,4 @@ resource "aws_route53_record" "mysql" { ttl = "300" records = ["${module.db.db_instance_address}"] - } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/variables.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/variables.tf index 682c4ba4..7c7a19a1 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/variables.tf @@ -1,13 +1,13 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an RDS MySQL instance. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_domain" { - type = string + type = string default = "" } diff --git a/{{cookiecutter.repo_name}}/terraform/components/mysql/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/versions.tf similarity index 66% rename from {{cookiecutter.repo_name}}/terraform/components/mysql/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/mysql/versions.tf index 36f524b2..eca81742 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/mysql/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/mysql/versions.tf @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an RDS MySQL instance. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.2" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/kubernetes.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/redis/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/kubernetes.tf index 0696b108..90fb2424 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/kubernetes.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create an ElastiCache Redis cache # stored cache credentials in Kubernetes Secrets. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/main.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/redis/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/main.tf index e6028288..9c80eaed 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/main.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -7,7 +7,7 @@ # usage: create an ElastiCache Redis cache # # FIX NOTE: get rid of module dependency -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { name = var.replication_group_description } @@ -59,4 +59,3 @@ module "redis" { family = var.family node_type = var.node_type } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/main.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/main.tf diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/main.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/main.tf diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/outputs.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/outputs.tf diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/variables.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/variables.tf diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf new file mode 100644 index 00000000..11b68f53 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/main.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/main.tf diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf index c5619373..ec6ac253 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/outputs.tf @@ -2,4 +2,3 @@ output "db_subnet_group_id" { description = "The elasticache subnet group name" value = element(concat(aws_elasticache_subnet_group.this.*.id, [""]), 0) } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf index 7b309a89..a983a044 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/variables.tf @@ -27,4 +27,3 @@ variable "tags" { type = map(string) default = {} } - diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf new file mode 100644 index 00000000..11b68f53 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf index 5ec38c56..1a94dd54 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/outputs.tf @@ -18,4 +18,3 @@ output "auth_token" { value = aws_elasticache_replication_group.this.auth_token sensitive = true } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/variables.tf similarity index 100% rename from {{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/variables.tf diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/versions.tf new file mode 100644 index 00000000..11b68f53 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/modules/elasticache/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/outputs.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/redis/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/outputs.tf index f48576af..0310460b 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/outputs.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an ElastiCache Redis cache -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ output "configuration_endpoint_address" { description = "The configuration endpoint address to allow host discovery." value = module.redis.configuration_endpoint_address @@ -26,4 +26,3 @@ output "auth_token" { value = module.redis.auth_token sensitive = true } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/route53.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/redis/route53.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/route53.tf index 377d44db..8d747c4e 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/route53.tf @@ -11,5 +11,4 @@ resource "aws_route53_record" "primary" { ttl = "300" records = ["${module.redis.primary_endpoint_address}"] - } - +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/variables.tf similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/components/redis/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/variables.tf index c11443e0..38494a15 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/variables.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an ElastiCache Redis cache -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_domain" { type = string } diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/redis/versions.tf similarity index 66% rename from {{cookiecutter.repo_name}}/terraform/components/redis/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/redis/versions.tf index 8658557c..dd41b8e9 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/redis/versions.tf @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an ElastiCache Redis cache -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.2" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/s3/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/components/s3/kubernetes.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/s3/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/s3/kubernetes.tf index 37236c55..15ac4730 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/s3/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/s3/kubernetes.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create an AWS S3 bucket to offload Open edX file storage. # store S3 credentials in Kubernetes Secrets. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/s3/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/s3/main.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/s3/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/s3/main.tf index 13ee0781..0dc06e9c 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/s3/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/s3/main.tf @@ -1,14 +1,14 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an AWS S3 bucket to offload Open edX file storage. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ module "data_backup_s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" - version = ">= 2.14.1" + version = "~> 2" bucket = var.resource_name acl = "private" diff --git a/{{cookiecutter.repo_name}}/terraform/components/s3/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/s3/outputs.tf similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/components/s3/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/s3/outputs.tf index 89260c52..ca576bfb 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/s3/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/s3/outputs.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an AWS S3 bucket to offload Open edX file storage. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ output "s3_bucket_id" { description = "The name of the bucket." value = module.data_backup_s3_bucket.s3_bucket_id diff --git a/{{cookiecutter.repo_name}}/terraform/components/s3/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/s3/variables.tf similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/components/s3/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/s3/variables.tf index b9cb6225..af958ce5 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/s3/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/s3/variables.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an AWS S3 bucket to offload Open edX file storage. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "secret_name" { description = "name of the kubernetes secret where the value is stored" type = string diff --git a/{{cookiecutter.repo_name}}/terraform/components/s3/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/s3/versions.tf similarity index 68% rename from {{cookiecutter.repo_name}}/terraform/components/s3/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/s3/versions.tf index 2e833b01..dd3e4cca 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/s3/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/s3/versions.tf @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an AWS S3 bucket to offload Open edX file storage. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ terraform { - required_version = ">= 1.1.4" + required_version = "{{ cookiecutter.terraform_required_version }}" required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.69" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } -} \ No newline at end of file +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/admin.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/admin.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/admin.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/admin.tf index 1f86c2d8..87f3af69 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/admin.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/admin.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create an admin password for an Open edX superuser account. # association happens during Github Action deployment workflow. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ resource "random_password" "admin_edx" { length = 16 special = false @@ -26,4 +26,3 @@ resource "kubernetes_secret" "admin_edx" { ADMIN_PASSWORD = random_password.admin_edx.result } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/jwt.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/jwt.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/jwt.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/jwt.tf index f38f22d6..abcd79c9 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/jwt.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/jwt.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create a JWT for Open edX configuration. # association happens during Github Action deployment workflow. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ resource "tls_private_key" "jwt_rsa_private_key" { algorithm = "RSA" rsa_bits = "2048" diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/main.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/main.tf index cad33d0d..6691a614 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/main.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create ca certificate for EKS Kubernetes cluster. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ data "aws_eks_cluster" "eks" { name = var.environment_namespace } diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/oauth.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/oauth.tf similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/oauth.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/oauth.tf index 4849810d..dc67eb4b 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/oauth.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/oauth.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create user credentials for oAuth provider in Open edX # association occurs during Github Actions deployment workflow. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ resource "random_password" "clientid_edx" { length = 40 special = false @@ -35,4 +35,3 @@ resource "kubernetes_secret" "openedx" { CLIENT_SECRET = random_password.clientsecret_edx.result } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/session.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/session.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/session.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/session.tf index fef416a6..a9631ec6 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/session.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/session.tf @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create an Open edX application secret for LMS and Studio. # association occurs during Github Actions deployment workflow. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ resource "random_password" "edx_secret_key" { length = 24 special = false @@ -25,4 +25,3 @@ resource "kubernetes_secret" "edx_secret_key" { OPENEDX_SECRET_KEY = random_password.edx_secret_key.result } } - diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/variables.tf similarity index 95% rename from {{cookiecutter.repo_name}}/terraform/components/secrets/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/secrets/variables.tf index 988ad9c6..cd7e488d 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/variables.tf @@ -1,9 +1,9 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ variable "environment_namespace" { description = "kubernetes namespace where to place resources" type = string diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/secrets/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/versions.tf new file mode 100644 index 00000000..fc0884aa --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/secrets/versions.tf @@ -0,0 +1,16 @@ +#------------------------------------------------------------------------------ +# written by: Miguel Afonso +# https://www.linkedin.com/in/mmafonso/ +# +# date: Aug-2021 +#------------------------------------------------------------------------------ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/vpc/README.md b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/README.md new file mode 100644 index 00000000..40f48250 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/README.md @@ -0,0 +1,3 @@ +# VPC + +This stack creates a VPCs and a configurable set of subnets, with all the routing components. diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/vpc/certificate_manager.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/certificate_manager.tf new file mode 100644 index 00000000..7f1015ce --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/certificate_manager.tf @@ -0,0 +1,153 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: Feb-2022 +# +# usage: Add DNS records and tls certs to environment aws_region for ALB. +# Also add certs to us-east-1 for Cloudfront distributions. +# +# we have to add these here, inside of eks_fargate because we +# need to iterate the subdomains, and this is only possible +# within the terragrunt module in which the subdomain +# resources are created. +# +# that is, the following line only works from +# inside eks: +# aws_route53_zone.subdomain[count.index].name +# +# where aws_route53_zone was declared as a resource rather +# than as data +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# SSL/TLS certs issued in the AWS region for ALB +#------------------------------------------------------------------------------ +provider "aws" { + alias = "environment_region" + region = var.aws_region +} + +module "acm_root_domain_environment_region" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.environment_region + } + + domain_name = var.root_domain + zone_id = data.aws_route53_zone.root_domain.id + + subject_alternative_names = [ + "*.${var.root_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_environment_environment_region" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.environment_region + } + + domain_name = var.environment_domain + zone_id = data.aws_route53_zone.environment_domain.id + + subject_alternative_names = [ + "*.${var.environment_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_subdomains_environment_region" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.environment_region + } + + count = length(var.subdomains) + domain_name = aws_route53_zone.subdomain[count.index].name + zone_id = aws_route53_zone.subdomain[count.index].id + + subject_alternative_names = [ + "*.${aws_route53_zone.subdomain[count.index].name}", + ] + + wait_for_validation = true + tags = var.tags +} + +#------------------------------------------------------------------------------ +# SSL/TLS certs issued in us-east-1 for Cloudfront +#------------------------------------------------------------------------------ +provider "aws" { + alias = "us-east-1" + region = "us-east-1" +} + +module "acm_root_domain" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + domain_name = var.root_domain + zone_id = data.aws_route53_zone.root_domain.id + + subject_alternative_names = [ + "*.${var.root_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_environment_domain" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + domain_name = var.environment_domain + zone_id = data.aws_route53_zone.environment_domain.id + + subject_alternative_names = [ + "*.${var.environment_domain}", + ] + + wait_for_validation = true + tags = var.tags +} + +module "acm_subdomains" { + source = "terraform-aws-modules/acm/aws" + version = "~> 3.0" + + providers = { + aws = aws.us-east-1 + } + + count = length(var.subdomains) + domain_name = aws_route53_zone.subdomain[count.index].name + zone_id = aws_route53_zone.subdomain[count.index].id + + subject_alternative_names = [ + "*.${aws_route53_zone.subdomain[count.index].name}", + ] + + wait_for_validation = true + tags = var.tags +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/vpc/main.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/main.tf new file mode 100644 index 00000000..17baf959 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/main.tf @@ -0,0 +1,55 @@ +#------------------------------------------------------------------------------ +# written by: Miguel Afonso +# https://www.linkedin.com/in/mmafonso/ +# +# date: Aug-2021 +# +# usage: create a VPC to contain all Open edX backend resources. +# this VPC is configured to generally use all AWS defaults. +# Thus, you should get the same configuration here that you'd +# get by creating a new VPC from the AWS Console. +# +# There are a LOT of options in this module. +# see https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest +#------------------------------------------------------------------------------ + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 3" + create_vpc = true + name = var.name + cidr = var.cidr + azs = var.azs + public_subnets = var.public_subnets + private_subnets = var.private_subnets + database_subnets = var.database_subnets + elasticache_subnets = var.elasticache_subnets + enable_ipv6 = var.enable_ipv6 + enable_dns_hostnames = var.enable_dns_hostnames + enable_nat_gateway = var.enable_nat_gateway + single_nat_gateway = var.single_nat_gateway + one_nat_gateway_per_az = var.one_nat_gateway_per_az + public_subnet_tags = var.public_subnet_tags + private_subnet_tags = var.private_subnet_tags + + #---------------------------------------------------------------------------- + # Sometimes it is handy to have public access to RDS instances + # (it is not recommended for production) by specifying these arguments: + #---------------------------------------------------------------------------- + #create_database_subnet_group = true + #create_database_subnet_route_table = true + #create_database_internet_gateway_route = true + #enable_dns_hostnames = true + #enable_dns_support = true + + #---------------------------------------------------------------------------- + # Optional Settings for Network Access Control Lists (ACL or NACL) + # example: https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/examples/network-acls/main.tf + #---------------------------------------------------------------------------- + #manage_default_network_acl = true + #public_dedicated_network_acl = true + #public_inbound_acl_rules = + #public_outbound_acl_rules = + + tags = var.tags +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/vpc/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/outputs.tf new file mode 100644 index 00000000..1bc6ef71 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/outputs.tf @@ -0,0 +1,550 @@ +#------------------------------------------------------------------------------ +# written by: Miguel Afonso +# https://www.linkedin.com/in/mmafonso/ +# +# date: Aug-2021 +# +# usage: create a VPC to contain all Open edX backend resources. +#------------------------------------------------------------------------------ + +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +output "vpc_arn" { + description = "The ARN of the VPC" + value = module.vpc.vpc_arn +} + +output "vpc_cidr_block" { + description = "The CIDR block of the VPC" + value = module.vpc.vpc_cidr_block +} + +output "default_security_group_id" { + description = "The ID of the security group created by default on VPC creation" + value = module.vpc.default_security_group_id +} + +output "default_network_acl_id" { + description = "The ID of the default network ACL" + value = module.vpc.default_network_acl_id +} + +output "default_route_table_id" { + description = "The ID of the default route table" + value = module.vpc.default_route_table_id +} + +output "vpc_instance_tenancy" { + description = "Tenancy of instances spin up within VPC" + value = module.vpc.vpc_instance_tenancy +} + +output "vpc_enable_dns_support" { + description = "Whether or not the VPC has DNS support" + value = module.vpc.vpc_enable_dns_support +} + +output "vpc_enable_dns_hostnames" { + description = "Whether or not the VPC has DNS hostname support" + value = module.vpc.vpc_enable_dns_hostnames +} + +output "vpc_main_route_table_id" { + description = "The ID of the main route table associated with this VPC" + value = module.vpc.vpc_main_route_table_id +} + +output "vpc_ipv6_association_id" { + description = "The association ID for the IPv6 CIDR block" + value = module.vpc.vpc_ipv6_association_id +} + +output "vpc_ipv6_cidr_block" { + description = "The IPv6 CIDR block" + value = module.vpc.vpc_ipv6_cidr_block +} + +output "vpc_secondary_cidr_blocks" { + description = "List of secondary CIDR blocks of the VPC" + value = module.vpc.vpc_secondary_cidr_blocks +} + +output "vpc_owner_id" { + description = "The ID of the AWS account that owns the VPC" + value = module.vpc.vpc_owner_id +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "private_subnet_arns" { + description = "List of ARNs of private subnets" + value = module.vpc.private_subnet_arns +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = module.vpc.private_subnets_cidr_blocks +} + +output "private_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" + value = module.vpc.private_subnets_ipv6_cidr_blocks +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} + +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = module.vpc.public_subnet_arns +} + +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = module.vpc.public_subnets_cidr_blocks +} + +output "public_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" + value = module.vpc.public_subnets_ipv6_cidr_blocks +} + +output "outpost_subnets" { + description = "List of IDs of outpost subnets" + value = module.vpc.outpost_subnets +} + +output "outpost_subnet_arns" { + description = "List of ARNs of outpost subnets" + value = module.vpc.outpost_subnet_arns +} + +output "outpost_subnets_cidr_blocks" { + description = "List of cidr_blocks of outpost subnets" + value = module.vpc.outpost_subnets_cidr_blocks +} + +output "outpost_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" + value = module.vpc.outpost_subnets_ipv6_cidr_blocks +} + +output "database_subnets" { + description = "List of IDs of database subnets" + value = module.vpc.database_subnets +} + +output "database_subnet_arns" { + description = "List of ARNs of database subnets" + value = module.vpc.database_subnet_arns +} + +output "database_subnets_cidr_blocks" { + description = "List of cidr_blocks of database subnets" + value = module.vpc.database_subnets_cidr_blocks +} + +output "database_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" + value = module.vpc.database_subnets_ipv6_cidr_blocks +} + +output "database_subnet_group" { + description = "ID of database subnet group" + value = module.vpc.database_subnet_group +} + +output "database_subnet_group_name" { + description = "Name of database subnet group" + value = module.vpc.database_subnet_group_name +} + +output "redshift_subnets" { + description = "List of IDs of redshift subnets" + value = module.vpc.redshift_subnets +} + +output "redshift_subnet_arns" { + description = "List of ARNs of redshift subnets" + value = module.vpc.redshift_subnet_arns +} + +output "redshift_subnets_cidr_blocks" { + description = "List of cidr_blocks of redshift subnets" + value = module.vpc.redshift_subnets_cidr_blocks +} + +output "redshift_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" + value = module.vpc.redshift_subnets_ipv6_cidr_blocks +} + +output "redshift_subnet_group" { + description = "ID of redshift subnet group" + value = module.vpc.redshift_subnet_group +} + +output "elasticache_subnets" { + description = "List of IDs of elasticache subnets" + value = module.vpc.elasticache_subnets +} + +output "elasticache_subnet_arns" { + description = "List of ARNs of elasticache subnets" + value = module.vpc.elasticache_subnet_arns +} + +output "elasticache_subnets_cidr_blocks" { + description = "List of cidr_blocks of elasticache subnets" + value = module.vpc.elasticache_subnets_cidr_blocks +} + +output "elasticache_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" + value = module.vpc.elasticache_subnets_ipv6_cidr_blocks +} + +output "intra_subnets" { + description = "List of IDs of intra subnets" + value = module.vpc.intra_subnets +} + +output "intra_subnet_arns" { + description = "List of ARNs of intra subnets" + value = module.vpc.intra_subnet_arns +} + +output "intra_subnets_cidr_blocks" { + description = "List of cidr_blocks of intra subnets" + value = module.vpc.intra_subnets_cidr_blocks +} + +output "intra_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" + value = module.vpc.intra_subnets_ipv6_cidr_blocks +} + +output "elasticache_subnet_group" { + description = "ID of elasticache subnet group" + value = module.vpc.elasticache_subnet_group +} + +output "elasticache_subnet_group_name" { + description = "Name of elasticache subnet group" + value = module.vpc.elasticache_subnet_group_name +} + +output "public_route_table_ids" { + description = "List of IDs of public route tables" + value = module.vpc.public_route_table_ids +} + +output "private_route_table_ids" { + description = "List of IDs of private route tables" + value = module.vpc.private_route_table_ids +} + +output "database_route_table_ids" { + description = "List of IDs of database route tables" + value = module.vpc.database_route_table_ids +} + +output "redshift_route_table_ids" { + description = "List of IDs of redshift route tables" + value = module.vpc.redshift_route_table_ids +} + +output "elasticache_route_table_ids" { + description = "List of IDs of elasticache route tables" + value = module.vpc.elasticache_route_table_ids +} + +output "intra_route_table_ids" { + description = "List of IDs of intra route tables" + value = module.vpc.intra_route_table_ids +} + +output "public_internet_gateway_route_id" { + description = "ID of the internet gateway route" + value = module.vpc.public_internet_gateway_route_id +} + +output "public_internet_gateway_ipv6_route_id" { + description = "ID of the IPv6 internet gateway route" + value = module.vpc.public_internet_gateway_ipv6_route_id +} + +output "database_internet_gateway_route_id" { + description = "ID of the database internet gateway route" + value = module.vpc.database_internet_gateway_route_id +} + +output "database_nat_gateway_route_ids" { + description = "List of IDs of the database nat gateway route" + value = module.vpc.database_nat_gateway_route_ids +} + +output "database_ipv6_egress_route_id" { + description = "ID of the database IPv6 egress route" + value = module.vpc.database_ipv6_egress_route_id +} + +output "private_nat_gateway_route_ids" { + description = "List of IDs of the private nat gateway route" + value = module.vpc.private_nat_gateway_route_ids +} + +output "private_ipv6_egress_route_ids" { + description = "List of IDs of the ipv6 egress route" + value = module.vpc.private_ipv6_egress_route_ids +} + +output "private_route_table_association_ids" { + description = "List of IDs of the private route table association" + value = module.vpc.private_route_table_association_ids +} + +output "database_route_table_association_ids" { + description = "List of IDs of the database route table association" + value = module.vpc.database_route_table_association_ids +} + +output "redshift_route_table_association_ids" { + description = "List of IDs of the redshift route table association" + value = module.vpc.redshift_route_table_association_ids +} + +output "redshift_public_route_table_association_ids" { + description = "List of IDs of the public redshidt route table association" + value = module.vpc.redshift_public_route_table_association_ids +} + +output "elasticache_route_table_association_ids" { + description = "List of IDs of the elasticache route table association" + value = module.vpc.elasticache_route_table_association_ids +} + +output "intra_route_table_association_ids" { + description = "List of IDs of the intra route table association" + value = module.vpc.intra_route_table_association_ids +} + +output "public_route_table_association_ids" { + description = "List of IDs of the public route table association" + value = module.vpc.public_route_table_association_ids +} + +output "dhcp_options_id" { + description = "The ID of the DHCP options" + value = module.vpc.dhcp_options_id +} + +output "nat_ids" { + description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_ids +} + +output "nat_public_ips" { + description = "List of public Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_public_ips +} + +output "natgw_ids" { + description = "List of NAT Gateway IDs" + value = module.vpc.natgw_ids +} + +output "igw_id" { + description = "The ID of the Internet Gateway" + value = module.vpc.igw_id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = module.vpc.igw_arn +} + +output "egress_only_internet_gateway_id" { + description = "The ID of the egress only Internet Gateway" + value = module.vpc.egress_only_internet_gateway_id +} + +output "cgw_ids" { + description = "List of IDs of Customer Gateway" + value = module.vpc.cgw_ids +} + +output "cgw_arns" { + description = "List of ARNs of Customer Gateway" + value = module.vpc.cgw_arns +} + +output "this_customer_gateway" { + description = "Map of Customer Gateway attributes" + value = module.vpc.this_customer_gateway +} + +output "vgw_id" { + description = "The ID of the VPN Gateway" + value = module.vpc.vgw_id +} + +output "vgw_arn" { + description = "The ARN of the VPN Gateway" + value = module.vpc.vgw_arn +} + +output "default_vpc_id" { + description = "The ID of the Default VPC" + value = module.vpc.default_vpc_id +} + +output "default_vpc_arn" { + description = "The ARN of the Default VPC" + value = module.vpc.default_vpc_arn +} + +output "default_vpc_cidr_block" { + description = "The CIDR block of the Default VPC" + value = module.vpc.default_vpc_cidr_block +} + +output "default_vpc_default_security_group_id" { + description = "The ID of the security group created by default on Default VPC creation" + value = module.vpc.default_vpc_default_security_group_id +} + +output "default_vpc_default_network_acl_id" { + description = "The ID of the default network ACL of the Default VPC" + value = module.vpc.default_vpc_default_network_acl_id +} + +output "default_vpc_default_route_table_id" { + description = "The ID of the default route table of the Default VPC" + value = module.vpc.default_vpc_default_route_table_id +} + +output "default_vpc_instance_tenancy" { + description = "Tenancy of instances spin up within Default VPC" + value = module.vpc.default_vpc_instance_tenancy +} + +output "default_vpc_enable_dns_support" { + description = "Whether or not the Default VPC has DNS support" + value = module.vpc.default_vpc_enable_dns_support +} + +output "default_vpc_enable_dns_hostnames" { + description = "Whether or not the Default VPC has DNS hostname support" + value = module.vpc.default_vpc_enable_dns_hostnames +} + +output "default_vpc_main_route_table_id" { + description = "The ID of the main route table associated with the Default VPC" + value = module.vpc.default_vpc_main_route_table_id +} + +output "public_network_acl_id" { + description = "ID of the public network ACL" + value = module.vpc.public_network_acl_id +} + +output "public_network_acl_arn" { + description = "ARN of the public network ACL" + value = module.vpc.public_network_acl_arn +} + +output "private_network_acl_id" { + description = "ID of the private network ACL" + value = module.vpc.private_network_acl_id +} + +output "private_network_acl_arn" { + description = "ARN of the private network ACL" + value = module.vpc.private_network_acl_arn +} + +output "outpost_network_acl_id" { + description = "ID of the outpost network ACL" + value = module.vpc.outpost_network_acl_id +} + +output "outpost_network_acl_arn" { + description = "ARN of the outpost network ACL" + value = module.vpc.outpost_network_acl_arn +} + +output "intra_network_acl_id" { + description = "ID of the intra network ACL" + value = module.vpc.intra_network_acl_id +} + +output "intra_network_acl_arn" { + description = "ARN of the intra network ACL" + value = module.vpc.intra_network_acl_arn +} + +output "database_network_acl_id" { + description = "ID of the database network ACL" + value = module.vpc.database_network_acl_id +} + +output "database_network_acl_arn" { + description = "ARN of the database network ACL" + value = module.vpc.database_network_acl_arn +} + +output "redshift_network_acl_id" { + description = "ID of the redshift network ACL" + value = module.vpc.redshift_network_acl_id +} + +output "redshift_network_acl_arn" { + description = "ARN of the redshift network ACL" + value = module.vpc.redshift_network_acl_arn +} + +output "elasticache_network_acl_id" { + description = "ID of the elasticache network ACL" + value = module.vpc.elasticache_network_acl_id +} + +output "elasticache_network_acl_arn" { + description = "ARN of the elasticache network ACL" + value = module.vpc.elasticache_network_acl_arn +} + +# VPC flow log +output "vpc_flow_log_id" { + description = "The ID of the Flow Log resource" + value = module.vpc.vpc_flow_log_id +} + +output "vpc_flow_log_destination_arn" { + description = "The ARN of the destination for VPC Flow Logs" + value = module.vpc.vpc_flow_log_destination_arn +} + +output "vpc_flow_log_destination_type" { + description = "The type of the destination for VPC Flow Logs" + value = module.vpc.vpc_flow_log_destination_type +} + +output "vpc_flow_log_cloudwatch_iam_role_arn" { + description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" + value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn +} + +# VPC endpoints +#output "vpc_endpoints" { +# description = "Array containing the full resource object and attributes for all endpoints created" +# value = module.vpc_endpoints.endpoints +#} diff --git a/{{cookiecutter.repo_name}}/terraform/components/vpc/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/route53.tf similarity index 52% rename from {{cookiecutter.repo_name}}/terraform/components/vpc/route53.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/vpc/route53.tf index c6d119c8..57fbb17c 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/vpc/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/route53.tf @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Aug-2021 # # usage: create a VPC to contain all Open edX backend resources. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # un-comment this if the root_domain is managed in route53 # ----------------------------------------------------------------------------- @@ -13,14 +13,20 @@ data "aws_route53_zone" "root_domain" { name = var.root_domain } - -# ----------------------------------------------------------------------------- -data "aws_route53_zone" "environment" { +data "aws_route53_zone" "environment_domain" { name = var.environment_domain } -# ----------------------------------------------------------------------------- -# Terraform-managed resources begin here. -# ----------------------------------------------------------------------------- +resource "aws_route53_zone" "subdomain" { + count = length(var.subdomains) + name = "${element(var.subdomains, count.index)}.${var.environment_domain}" +} -# mcdaniel: i moved these to their respective stacks. \ No newline at end of file +resource "aws_route53_record" "subdomain-ns" { + count = length(var.subdomains) + zone_id = data.aws_route53_zone.environment_domain.zone_id + name = "${element(var.subdomains, count.index)}.${var.environment_domain}" + type = "NS" + ttl = "30" + records = aws_route53_zone.subdomain[count.index].name_servers +} diff --git a/{{cookiecutter.repo_name}}/terraform/components/vpc/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/variables.tf similarity index 80% rename from {{cookiecutter.repo_name}}/terraform/components/vpc/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/components/vpc/variables.tf index 38c87321..77503393 100644 --- a/{{cookiecutter.repo_name}}/terraform/components/vpc/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/variables.tf @@ -1,11 +1,20 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create a VPC to contain all Open edX backend resources. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ +variable "subdomains" { + description = "Base domain (route53 zone) for the default cluster ingress" + type = list(string) +} + +variable "aws_region" { + description = "The region in which the origin S3 bucket was created." + type = string +} variable "azs" { description = "A list of availability zones names or ids in the region" @@ -43,6 +52,12 @@ variable "enable_nat_gateway" { default = false } +variable "one_nat_gateway_per_az" { + description = "Should be true if you want only one NAT Gateway per availability zone. Requires var.azs to be set, and the number of public_subnets created to be greater than or equal to the number of availability zones specified in var.azs" + type = bool + default = false +} + variable "enable_dns_hostnames" { description = "Should be true to enable DNS hostnames in the VPC" type = bool @@ -50,12 +65,12 @@ variable "enable_dns_hostnames" { } variable "environment_domain" { - type = string + type = string } variable "environment_namespace" { - type = string + type = string } variable "name" { @@ -89,7 +104,7 @@ variable "public_subnet_tags" { } variable "root_domain" { - type = string + type = string } variable "single_nat_gateway" { @@ -103,6 +118,3 @@ variable "tags" { type = map(string) default = {} } - - - diff --git a/{{cookiecutter.github_repo_name}}/terraform/components/vpc/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/versions.tf new file mode 100644 index 00000000..adcc731d --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/components/vpc/versions.tf @@ -0,0 +1,16 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: March-2022 +# +# usage: build an EKS cluster load balancer that uses a Fargate Compute Cluster +#------------------------------------------------------------------------------ +terraform { + required_version = "{{ cookiecutter.terraform_required_version }}" + + required_providers { + aws = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + local = "{{ cookiecutter.terraform_provider_hashicorp_local_version }}" + } +} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/README.md similarity index 84% rename from {{cookiecutter.repo_name}}/terraform/environments/README.md rename to {{cookiecutter.github_repo_name}}/terraform/environments/README.md index c5fb7b37..315bb13a 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/README.md +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/README.md @@ -2,17 +2,17 @@ Terraform environments give you the ability to create multiple, distinct AWS VPC clouds for prod, development, QA and so on. That is, you would be create distinct RDS instances, MongoDB instances, Kubernetes Cluster instances and so on; one for each additional environment. -The general strategy is that a common set of parameters are defined in [terraform/environments/global.hcl](terraform/environments/global.hcl) that each environment uses, plus, each environment maintains its own set of parameters for environment-specific settings like domain names and resource instances sizes for example. +The general strategy is that a common set of parameters are defined in [terraform/environments/global.hcl](./global.hcl) that each environment uses, plus, each environment maintains its own set of parameters for environment-specific settings like domain names and resource instances sizes for example. -On an aside, choosing appropriate names for Terragrunt environments was a struggle. the environment named **prod** in this folder was originally named **live** as a means of differentiating it from alternative environments like say, **sandbox**. This was sensible, but it also complicates managing consistent namespaces in AWS and in Kubernetes. We opted to rename this to **prod** since CookieCutter only creates one single environment for you, and this is where your prod environment resides. Unfortunately, this creates some potential confusion given that the recommended way of creating dev / qa / test environments is to add appropriately named subdomains to prod. +On an aside, choosing appropriate names for Terragrunt environments was a struggle. the environment named **prod** in this folder was originally named **live** as a means of differentiating it from alternative environments like say, **sandbox**. This was sensible, but it also complicates managing consistent namespaces in AWS and in Kubernetes. We opted to rename this to **prod** since Cookiecutter only creates one single environment for you, and this is where your prod environment resides. Unfortunately, this creates some potential confusion given that the recommended way of creating dev / qa / test environments is to add appropriately named subdomains to prod. -So, to be clear, creating additional Terragrunt environments might be more separation than you actually require, and add more costs than your budget can bear. Keep in mind that this is probably more easily accomplished simply by adding subdomains to the one VPC that is created based on the settings in [terraform/environments/prod/env.hcl](terraform/environments/prod/env.hcl), as follows: +So, to be clear, creating additional Terragrunt environments might be more separation than you actually require, and add more costs than your budget can bear. Keep in mind that this is probably more easily accomplished simply by adding subdomains to the one VPC that is created based on the settings in [terraform/environments/prod/env.hcl](./prod/env.hcl), as follows: ``` locals { global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) - environment = "{{ cookiecutter.prod_environment }}" + environment = "{{ cookiecutter.environment_name }}" subdomains = ["dev", "test", "qa", "lawrence-dev", "frank-dev"] }``` @@ -22,9 +22,8 @@ The difference between these two methodologies is that the former creates an ent 1. You would take this approach if, for example, internal policy at your organization dictactates that developers and qa staff **must** be completely isolated from your prod environment. That is precisely what an additional Terragrunt environment provides for you. This affords you absolute separation between environemnts, but at significantly higher AWS cost and more support burden on you. -2. An alternative scenario would be that, for quality-of-service reasons, you want to completely separate a large MOOC from the course content that you offer to regularly-enrolled students. To accomplish this you could use the **prod** environement created by CookieCutter for your enrolled students, and then create a second environment named **mooc**. +2. An alternative scenario would be that, for quality-of-service reasons, you want to completely separate a large MOOC from the course content that you offer to regularly-enrolled students. To accomplish this you could use the **prod** environement created by Cookiecutter for your enrolled students, and then create a second environment named **mooc**. ### Why wouldn't you create an additional Terragrunt environment? Contrastly, if you are budget conscious and you are otherwise indifferent to how and where your development and qa environments are housed -- provided of course that these are reasonably isolated from your prod environment -- then you would simply add subdomains to [terraform/environments/prod/env.hcl](terraform/environments/prod/env.hcl). - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/global.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/global.hcl similarity index 96% rename from {{cookiecutter.repo_name}}/terraform/environments/global.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/global.hcl index 4e043c5d..f6bb9383 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/global.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/global.hcl @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # @@ -6,7 +6,7 @@ # # usage: create global parameters, exposed to all # Terragrunt modules in this repository. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { platform_name = "{{ cookiecutter.global_platform_name }}" platform_region = "{{ cookiecutter.global_platform_region }}" diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/bastion/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/bastion/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/bastion/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/bastion/terragrunt.hcl index 33e10091..110cd667 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/bastion/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/bastion/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # # date: Feb-2022 # # usage: create an EC2 instance with ssh access and a DNS record. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -78,4 +78,3 @@ inputs = { tags = local.tags } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl index 17a2b19c..9a00f5fd 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # @@ -6,7 +6,7 @@ # # usage: create one Cloudfront distribution for the environment, plus one more # for each subdomain. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -51,4 +51,3 @@ inputs = { resource_name = local.resource_name tags = local.tags } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/data-backup-s3/terragrunt.hcl similarity index 97% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/data-backup-s3/terragrunt.hcl index 00988b2f..debe81a1 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/data-backup-s3/terragrunt.hcl @@ -1,12 +1,12 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # -# usage: create a non-public S3 Bucket to store data backups from any backend +# usage: create a non-public S3 Bucket to store data backups from any backend # service. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/README.rst b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/README.rst similarity index 80% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/eks/README.rst rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/README.rst index f3b5e412..2f978414 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/README.rst +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/README.rst @@ -1,2 +1 @@ EKS - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/terragrunt.hcl similarity index 94% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/eks/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/terragrunt.hcl index e240ae4d..d0f50533 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/eks_clb_ec2/terragrunt.hcl @@ -1,23 +1,24 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: build an EKS cluster load balancer -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) # Extract out common variables for reuse - env = local.environment_vars.locals.environment - environment_domain = local.environment_vars.locals.environment_domain platform_name = local.global_vars.locals.platform_name platform_region = local.global_vars.locals.platform_region - cluster_name = local.environment_vars.locals.environment_namespace account_id = local.global_vars.locals.account_id + env = local.environment_vars.locals.environment + environment_domain = local.environment_vars.locals.environment_domain + cluster_name = local.environment_vars.locals.environment_namespace + subdomains = local.environment_vars.locals.subdomains eks_worker_group_instance_type = local.environment_vars.locals.eks_worker_group_instance_type tags = merge( @@ -43,7 +44,7 @@ dependency "vpc" { # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the # working directory, into a temporary folder, and execute your Terraform commands in that folder. terraform { - source = "../../../components//eks" + source = "../../../components//eks_clb_ec2" } # Include all settings from the root terragrunt.hcl file @@ -53,6 +54,7 @@ include { # These are the variables we have to pass in to use the module specified in the terragrunt configuration above inputs = { + subdomains = local.subdomains cluster_name = "${local.cluster_name}" cluster_version = "1.21" enable_irsa = true @@ -91,4 +93,3 @@ inputs = { tags = local.tags } - diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl new file mode 100644 index 00000000..082f9e1a --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl @@ -0,0 +1,62 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: Feb-2022 +# +# usage: create environment-level parameters, exposed to all +# Terragrunt modules in this enironment. +#------------------------------------------------------------------------------ +locals { + global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) + + environment = "{{ cookiecutter.environment_name }}" + environment_subdomain = "{{ cookiecutter.environment_subdomain }}" + subdomains = [] + environment_domain = "${local.environment_subdomain}.${local.global_vars.locals.root_domain}" + environment_namespace = "${local.environment}-${local.global_vars.locals.platform_name}-${local.global_vars.locals.platform_region}" + + + # AWS infrastructure sizing + # 2 vCPU 4gb + mongodb_instance_class = "db.t3.medium" + mongodb_cluster_size = 1 + + # 1 vCPU 2gb + mysql_instance_class = "db.t2.small" + + # 1 vCPU 1.55gb + redis_node_type = "cache.t2.small" + + #---------------------------------------------------------------------------- + # AWS Elastic Kubernetes service + # Scaling options + # + # About AWS EC2 a1 series virtual servers: + # ---------------------------------------- + # Amazon EC2 A1 instances deliver significant cost savings and are ideally + # suited for scale-out and Arm-based workloads that are supported by the + # extensive Arm ecosystem. A1 instances are the first EC2 instances powered + # by AWS Graviton Processors that feature 64-bit Arm Neoverse cores and custom + # silicon designed by AWS. + # + # a1.medium: 1 vCPU 2gb + # a1.large: 2 vCPU 4gb + # a1.xlarge: 4 vCPU 8gb + # a1.2xlarge: 8 vCPU 16gb + # a1.4xlarge: 16 vCPU 32gb + # a1.metal: 16 physical cpus 32gb + # + # see: https://aws.amazon.com/ec2/instance-types/ + #---------------------------------------------------------------------------- + kubernetes_version = {{ cookiecutter.eks_cluster_version }} + eks_worker_group_instance_type = "a1.medium" + eks_worker_group_min_size = 1 + eks_worker_group_max_size = 2 + eks_worker_group_desired_size = 1 + + tags = { + Environment = local.environment + } + +} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/jwt/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/jwt/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/jwt/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/jwt/terragrunt.hcl index 72933d31..0ed7212b 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/jwt/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/jwt/terragrunt.hcl @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # @@ -6,7 +6,7 @@ # # usage: create a Javascript Web Token (JWT) to be added # to the Open edX build configuration. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes/terragrunt.hcl index 3b4a2b03..44d5f30c 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an EKS cluster. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl index 4995d42c..beb05d90 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Lawrence McDaniel # https://lawrencemcdaniel.com/ # @@ -6,7 +6,7 @@ # # usage: setup a DocumentDB MongoDB cluster with connectivity # to anything inside the VPN. create DNS records for master and reader. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -103,7 +103,7 @@ inputs = { vpc_cidr_block = dependency.vpc.outputs.vpc_cidr_block ingress_cidr_blocks = [dependency.vpc.outputs.vpc_cidr_block] subnet_ids = dependency.vpc.outputs.database_subnets - + enabled_cloudwatch_logs_exports = [] storage_encrypted = false apply_immediately = false @@ -115,4 +115,3 @@ inputs = { tags = local.tags } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/mysql/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/mysql/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl index 8c445c57..18f2f80c 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/mysql/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an RDS MySQL instance. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -96,4 +96,3 @@ inputs = { ingress_cidr_blocks = [dependency.vpc.outputs.vpc_cidr_block] } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/redis/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/redis/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/redis/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/redis/terragrunt.hcl index 60785a19..41aa8dc8 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/redis/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/redis/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an ElastiCache Redis cache -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -72,4 +72,3 @@ inputs = { ingress_cidr_blocks = [dependency.vpc.outputs.vpc_cidr_block] } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/s3/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/s3/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl index ad099d0b..8805bf14 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/s3/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create an AWS S3 bucket to offload Open edX file storage. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) @@ -62,4 +62,3 @@ inputs = { tags = local.tags } - diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/secrets/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/secrets/terragrunt.hcl similarity index 98% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/secrets/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/secrets/terragrunt.hcl index 8fc791e5..3f5ccd1b 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/secrets/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/secrets/terragrunt.hcl @@ -1,11 +1,11 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create all the application secrets -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/vpc/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/vpc/terragrunt.hcl similarity index 79% rename from {{cookiecutter.repo_name}}/terraform/environments/prod/vpc/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/vpc/terragrunt.hcl index 8b9b2d3f..d6a365f7 100644 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/vpc/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/vpc/terragrunt.hcl @@ -1,22 +1,23 @@ -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ # written by: Miguel Afonso # https://www.linkedin.com/in/mmafonso/ # # date: Aug-2021 # # usage: create a VPC to contain all Open edX backend resources. -#------------------------------------------------------------------------------ +#------------------------------------------------------------------------------ locals { # Automatically load environment-level variables environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl")) global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) # Extract out common variables for reuse - environment = local.environment_vars.locals.environment platform_name = local.global_vars.locals.platform_name platform_region = local.global_vars.locals.platform_region aws_region = local.global_vars.locals.aws_region + environment = local.environment_vars.locals.environment environment_namespace = local.environment_vars.locals.environment_namespace + subdomains = local.environment_vars.locals.subdomains tags = merge( local.environment_vars.locals.tags, @@ -39,7 +40,9 @@ include { # These are the variables we have to pass in to use the module specified in the terragrunt configuration above inputs = { + aws_region = local.aws_region environment_namespace = local.environment_namespace + subdomains = local.subdomains name = "${local.environment_namespace}" cidr = "192.168.0.0/20" azs = ["${local.aws_region}a", "${local.aws_region}b", "${local.aws_region}c"] @@ -50,10 +53,21 @@ inputs = { elasticache_subnets = ["192.168.10.0/24", "192.168.11.0/24"] enable_ipv6 = false + + # NAT Gateway configuration enable_nat_gateway = true single_nat_gateway = true + one_nat_gateway_per_az = false + enable_dns_hostnames = true + # a bit of foreshadowing: + # AWS EKS uses tags for identifying resources which it interacts. + # here we are tagging the public and private subnets with specially-named tags + # that EKS uses to know where its public and internal load balancers should be placed. + # + # these tags are required, regardless of whether we're using EKS with EC2 worker nodes + # or with a Fargate Compute Cluster. public_subnet_tags = { "kubernetes.io/cluster/${local.environment_namespace}" = "shared" "kubernetes.io/role/elb" = "1" diff --git a/{{cookiecutter.repo_name}}/terraform/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/terragrunt.hcl similarity index 99% rename from {{cookiecutter.repo_name}}/terraform/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/terragrunt.hcl index 7d45a723..478ab221 100644 --- a/{{cookiecutter.repo_name}}/terraform/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/terragrunt.hcl @@ -67,4 +67,3 @@ inputs = merge( local.global_vars.locals, local.environment_vars.locals, ) - diff --git a/{{cookiecutter.repo_name}}/.pre-commit-config.yaml b/{{cookiecutter.repo_name}}/.pre-commit-config.yaml deleted file mode 100644 index b16513a6..00000000 --- a/{{cookiecutter.repo_name}}/.pre-commit-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.43.0 - hooks: - - id: terraform_fmt - - id: terraform_docs - - id: terraform_tflint - - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.12 - hooks: - - id: terragrunt-hclfmt diff --git a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/config.yml b/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/config.yml deleted file mode 100644 index a7b31678..00000000 --- a/{{cookiecutter.repo_name}}/ci/tutor-deploy/environments/prod/config.yml +++ /dev/null @@ -1,3 +0,0 @@ -LMS_HOSTNAME={{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -CMS_HOSTNAME=studio.{{ cookiecutter.prod_environment }}.{{ cookiecutter.global_root_domain }} -DOCKER_IMAGE_OPENEDX={{ cookiecutter.global_account_id }}.dkr.ecr.{{ cookiecutter.global_aws_region }}.amazonaws.com/openedx:latest diff --git a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/cloudfront/versions.tf deleted file mode 100644 index 4778ad49..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/cloudfront/versions.tf +++ /dev/null @@ -1,16 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Lawrence McDaniel -# https://lawrencemcdaniel.com/ -# -# date: Feb-2022 -#------------------------------------------------------------------------------ -terraform { - required_version = ">= 1.1.4" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.69" - } - } -} \ No newline at end of file diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/acm.tf b/{{cookiecutter.repo_name}}/terraform/components/eks/acm.tf deleted file mode 100644 index 2db2db94..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/acm.tf +++ /dev/null @@ -1,85 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Lawrence McDaniel -# https://lawrencemcdaniel.com/ -# -# date: Feb-2022 -# -# usage: Add tls certs to us-east-1 for Cloudfront distributions. -# -# we have to add these here, inside of eks because we -# need to iterate the subdomains, and this is only possible -# within the terragrunt module in which the subdomain -# resources are created. -# -# that is, the following line only works from -# inside eks: -# aws_route53_zone.subdomain[count.index].name -# -# where aws_route53_zone was declared as a resource rather -# than as data -#------------------------------------------------------------------------------ - -provider "aws" { - alias = "us-east-1" - region = "us-east-1" -} - -module "acm_root_domain" { - source = "terraform-aws-modules/acm/aws" - version = "~> 3.0" - - providers = { - aws = aws.us-east-1 - } - - domain_name = var.root_domain - zone_id = data.aws_route53_zone.root_domain.id - - subject_alternative_names = [ - "*.${var.root_domain}", - ] - - wait_for_validation = true - tags = var.tags -} - -module "acm_environment_domain" { - source = "terraform-aws-modules/acm/aws" - version = "~> 3.0" - - providers = { - aws = aws.us-east-1 - } - - domain_name = var.environment_domain - zone_id = data.aws_route53_zone.environment_domain.id - - subject_alternative_names = [ - "*.${var.environment_domain}", - ] - - wait_for_validation = true - tags = var.tags -} - -module "acm_subdomains" { - source = "terraform-aws-modules/acm/aws" - version = "~> 3.0" - - providers = { - aws = aws.us-east-1 - } - - count = length(var.subdomains) - domain_name = aws_route53_zone.subdomain[count.index].name - zone_id = aws_route53_zone.subdomain[count.index].id - - subject_alternative_names = [ - "*.${aws_route53_zone.subdomain[count.index].name}", - ] - - wait_for_validation = true - tags = var.tags -} - - diff --git a/{{cookiecutter.repo_name}}/terraform/components/eks/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/eks/versions.tf deleted file mode 100644 index 2c1203e4..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/eks/versions.tf +++ /dev/null @@ -1,18 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Miguel Afonso -# https://www.linkedin.com/in/mmafonso/ -# -# date: Aug-2021 -# -# usage: build an EKS cluster load balancer -#------------------------------------------------------------------------------ -terraform { - required_version = ">= 0.13.1" - - required_providers { - aws = ">= 3.46.0" - local = ">= 1.4" - random = ">= 2.1" - kubernetes = "~> 1.11" - } -} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf deleted file mode 100644 index 7c8918a4..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.1.4" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.2" - } - } -} \ No newline at end of file diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf deleted file mode 100644 index 8fe14862..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.1.4" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.2" - } - } -} diff --git a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/versions.tf deleted file mode 100644 index 7c8918a4..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/redis/modules/elasticache/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.1.4" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.2" - } - } -} \ No newline at end of file diff --git a/{{cookiecutter.repo_name}}/terraform/components/secrets/versions.tf b/{{cookiecutter.repo_name}}/terraform/components/secrets/versions.tf deleted file mode 100644 index 39d921b7..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/secrets/versions.tf +++ /dev/null @@ -1,16 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Miguel Afonso -# https://www.linkedin.com/in/mmafonso/ -# -# date: Aug-2021 -#------------------------------------------------------------------------------ -terraform { - required_version = ">= 1.1.4" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.2" - } - } -} \ No newline at end of file diff --git a/{{cookiecutter.repo_name}}/terraform/components/vpc/README.md b/{{cookiecutter.repo_name}}/terraform/components/vpc/README.md deleted file mode 100644 index cc644521..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/vpc/README.md +++ /dev/null @@ -1,236 +0,0 @@ -# VPC - -This stack creates a VPCs and a configurable set of subnets, with all the routing components. -Terragrunt inputs example: -``` -inputs = { - name = "${local.platform_name}-${local.environment}-vpc" - cidr = "192.168.0.0/20" - azs = ["{{ cookiecutter.global_aws_region }}a", "{{ cookiecutter.global_aws_region }}b", "{{ cookiecutter.global_aws_region }}c"] - - public_subnets = ["192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24"] - private_subnets = ["192.168.4.0/24", "192.168.5.0/24", "192.168.6.0/24"] - database_subnets = ["192.168.8.0/24", "192.168.9.0/24"] - elasticache_subnets = ["192.168.10.0/24", "192.168.11.0/24"] - - enable_ipv6 = false - enable_nat_gateway = true - single_nat_gateway = true - enable_dns_hostnames = true - - public_subnet_tags = { - "kubernetes.io/cluster/${local.environment_namespace}" = "shared" - "kubernetes.io/role/elb" = "1" - } - - private_subnet_tags = { - "kubernetes.io/cluster/${local.environment_namespace}" = "shared" - "kubernetes.io/role/internal-elb" = "1" - } - - tags = local.tags -} -``` - - -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//?ref=v3.0.0 | | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no | -| [assign\_ipv6\_address\_on\_creation](#input\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no | -| [azs](#input\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no | -| [cidr](#input\_cidr) | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no | -| [create\_database\_internet\_gateway\_route](#input\_create\_database\_internet\_gateway\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no | -| [create\_database\_nat\_gateway\_route](#input\_create\_database\_nat\_gateway\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no | -| [create\_database\_subnet\_group](#input\_create\_database\_subnet\_group) | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no | -| [create\_database\_subnet\_route\_table](#input\_create\_database\_subnet\_route\_table) | Controls if separate route table for database should be created | `bool` | `false` | no | -| [create\_egress\_only\_igw](#input\_create\_egress\_only\_igw) | Controls if an Egress Only Internet Gateway is created and its related routes. | `bool` | `true` | no | -| [create\_elasticache\_subnet\_group](#input\_create\_elasticache\_subnet\_group) | Controls if elasticache subnet group should be created | `bool` | `true` | no | -| [create\_elasticache\_subnet\_route\_table](#input\_create\_elasticache\_subnet\_route\_table) | Controls if separate route table for elasticache should be created | `bool` | `false` | no | -| [create\_flow\_log\_cloudwatch\_iam\_role](#input\_create\_flow\_log\_cloudwatch\_iam\_role) | Whether to create IAM role for VPC Flow Logs | `bool` | `false` | no | -| [create\_flow\_log\_cloudwatch\_log\_group](#input\_create\_flow\_log\_cloudwatch\_log\_group) | Whether to create CloudWatch log group for VPC Flow Logs | `bool` | `false` | no | -| [create\_igw](#input\_create\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them. | `bool` | `true` | no | -| [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | -| [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | -| [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no | -| [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | -| [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | -| [database\_acl\_tags](#input\_database\_acl\_tags) | Additional tags for the database subnets network ACL | `map(string)` | `{}` | no | -| [database\_dedicated\_network\_acl](#input\_database\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no | -| [database\_inbound\_acl\_rules](#input\_database\_inbound\_acl\_rules) | Database subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [database\_outbound\_acl\_rules](#input\_database\_outbound\_acl\_rules) | Database subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [database\_route\_table\_tags](#input\_database\_route\_table\_tags) | Additional tags for the database route tables | `map(string)` | `{}` | no | -| [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [database\_subnet\_group\_tags](#input\_database\_subnet\_group\_tags) | Additional tags for the database subnet group | `map(string)` | `{}` | no | -| [database\_subnet\_ipv6\_prefixes](#input\_database\_subnet\_ipv6\_prefixes) | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no | -| [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no | -| [database\_subnets](#input\_database\_subnets) | A list of database subnets | `list(string)` | `[]` | no | -| [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | -| [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | -| [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | Name to be used on the Default Network ACL | `string` | `""` | no | -| [default\_network\_acl\_tags](#input\_default\_network\_acl\_tags) | Additional tags for the Default Network ACL | `map(string)` | `{}` | no | -| [default\_route\_table\_propagating\_vgws](#input\_default\_route\_table\_propagating\_vgws) | List of virtual gateways for propagation | `list(string)` | `[]` | no | -| [default\_route\_table\_routes](#input\_default\_route\_table\_routes) | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no | -| [default\_route\_table\_tags](#input\_default\_route\_table\_tags) | Additional tags for the default route table | `map(string)` | `{}` | no | -| [default\_security\_group\_egress](#input\_default\_security\_group\_egress) | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no | -| [default\_security\_group\_ingress](#input\_default\_security\_group\_ingress) | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no | -| [default\_security\_group\_name](#input\_default\_security\_group\_name) | Name to be used on the default security group | `string` | `"default"` | no | -| [default\_security\_group\_tags](#input\_default\_security\_group\_tags) | Additional tags for the default security group | `map(string)` | `{}` | no | -| [default\_vpc\_enable\_classiclink](#input\_default\_vpc\_enable\_classiclink) | Should be true to enable ClassicLink in the Default VPC | `bool` | `false` | no | -| [default\_vpc\_enable\_dns\_hostnames](#input\_default\_vpc\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the Default VPC | `bool` | `false` | no | -| [default\_vpc\_enable\_dns\_support](#input\_default\_vpc\_enable\_dns\_support) | Should be true to enable DNS support in the Default VPC | `bool` | `true` | no | -| [default\_vpc\_name](#input\_default\_vpc\_name) | Name to be used on the Default VPC | `string` | `""` | no | -| [default\_vpc\_tags](#input\_default\_vpc\_tags) | Additional tags for the Default VPC | `map(string)` | `{}` | no | -| [dhcp\_options\_domain\_name](#input\_dhcp\_options\_domain\_name) | Specifies DNS name for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | -| [dhcp\_options\_domain\_name\_servers](#input\_dhcp\_options\_domain\_name\_servers) | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\_dhcp\_options set to true) | `list(string)` | 
[
  "AmazonProvidedDNS"
]
| no | -| [dhcp\_options\_netbios\_name\_servers](#input\_dhcp\_options\_netbios\_name\_servers) | Specify a list of netbios servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | -| [dhcp\_options\_netbios\_node\_type](#input\_dhcp\_options\_netbios\_node\_type) | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | -| [dhcp\_options\_ntp\_servers](#input\_dhcp\_options\_ntp\_servers) | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | -| [dhcp\_options\_tags](#input\_dhcp\_options\_tags) | Additional tags for the DHCP option set (requires enable\_dhcp\_options set to true) | `map(string)` | `{}` | no | -| [elasticache\_acl\_tags](#input\_elasticache\_acl\_tags) | Additional tags for the elasticache subnets network ACL | `map(string)` | `{}` | no | -| [elasticache\_dedicated\_network\_acl](#input\_elasticache\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | `bool` | `false` | no | -| [elasticache\_inbound\_acl\_rules](#input\_elasticache\_inbound\_acl\_rules) | Elasticache subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [elasticache\_outbound\_acl\_rules](#input\_elasticache\_outbound\_acl\_rules) | Elasticache subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [elasticache\_route\_table\_tags](#input\_elasticache\_route\_table\_tags) | Additional tags for the elasticache route tables | `map(string)` | `{}` | no | -| [elasticache\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_elasticache\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [elasticache\_subnet\_ipv6\_prefixes](#input\_elasticache\_subnet\_ipv6\_prefixes) | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [elasticache\_subnet\_suffix](#input\_elasticache\_subnet\_suffix) | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no | -| [elasticache\_subnet\_tags](#input\_elasticache\_subnet\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no | -| [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets | `list(string)` | `[]` | no | -| [enable\_classiclink](#input\_enable\_classiclink) | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no | -| [enable\_classiclink\_dns\_support](#input\_enable\_classiclink\_dns\_support) | Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no | -| [enable\_dhcp\_options](#input\_enable\_dhcp\_options) | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no | -| [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `false` | no | -| [enable\_dns\_support](#input\_enable\_dns\_support) | Should be true to enable DNS support in the VPC | `bool` | `true` | no | -| [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no | -| [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no | -| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no | -| [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no | -| [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no | -| [environment](#input\_environment) | Environment name | `string` | n/a | yes | -| [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | -| [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no | -| [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided. | `string` | `""` | no | -| [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs. | `string` | `null` | no | -| [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs. | `string` | `"/aws/vpc-flow-log/"` | no | -| [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no | -| [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no | -| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no | -| [flow\_log\_log\_format](#input\_flow\_log\_log\_format) | The fields to include in the flow log record, in the order in which they should appear. | `string` | `null` | no | -| [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no | -| [flow\_log\_traffic\_type](#input\_flow\_log\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no | -| [igw\_tags](#input\_igw\_tags) | Additional tags for the internet gateway | `map(string)` | `{}` | no | -| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no | -| [intra\_acl\_tags](#input\_intra\_acl\_tags) | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no | -| [intra\_dedicated\_network\_acl](#input\_intra\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for intra subnets | `bool` | `false` | no | -| [intra\_inbound\_acl\_rules](#input\_intra\_inbound\_acl\_rules) | Intra subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [intra\_outbound\_acl\_rules](#input\_intra\_outbound\_acl\_rules) | Intra subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [intra\_route\_table\_tags](#input\_intra\_route\_table\_tags) | Additional tags for the intra route tables | `map(string)` | `{}` | no | -| [intra\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_intra\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [intra\_subnet\_ipv6\_prefixes](#input\_intra\_subnet\_ipv6\_prefixes) | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no | -| [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no | -| [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no | -| [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no | -| [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no | -| [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no | -| [manage\_default\_vpc](#input\_manage\_default\_vpc) | Should be true to adopt and manage Default VPC | `bool` | `false` | no | -| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no | -| [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no | -| [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no | -| [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no | -| [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no | -| [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no | -| [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in. | `string` | `null` | no | -| [outpost\_az](#input\_outpost\_az) | AZ where Outpost is anchored. | `string` | `null` | no | -| [outpost\_dedicated\_network\_acl](#input\_outpost\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for outpost subnets | `bool` | `false` | no | -| [outpost\_inbound\_acl\_rules](#input\_outpost\_inbound\_acl\_rules) | Outpost subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [outpost\_outbound\_acl\_rules](#input\_outpost\_outbound\_acl\_rules) | Outpost subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [outpost\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_outpost\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [outpost\_subnet\_ipv6\_prefixes](#input\_outpost\_subnet\_ipv6\_prefixes) | Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no | -| [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no | -| [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no | -| [private\_acl\_tags](#input\_private\_acl\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no | -| [private\_dedicated\_network\_acl](#input\_private\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no | -| [private\_inbound\_acl\_rules](#input\_private\_inbound\_acl\_rules) | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [private\_outbound\_acl\_rules](#input\_private\_outbound\_acl\_rules) | Private subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [private\_route\_table\_tags](#input\_private\_route\_table\_tags) | Additional tags for the private route tables | `map(string)` | `{}` | no | -| [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [private\_subnet\_ipv6\_prefixes](#input\_private\_subnet\_ipv6\_prefixes) | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no | -| [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no | -| [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no | -| [platform_name](#input\_project) | Project name | `string` | n/a | yes | -| [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [propagate\_public\_route\_tables\_vgw](#input\_propagate\_public\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | -| [public\_acl\_tags](#input\_public\_acl\_tags) | Additional tags for the public subnets network ACL | `map(string)` | `{}` | no | -| [public\_dedicated\_network\_acl](#input\_public\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for public subnets | `bool` | `false` | no | -| [public\_inbound\_acl\_rules](#input\_public\_inbound\_acl\_rules) | Public subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [public\_outbound\_acl\_rules](#input\_public\_outbound\_acl\_rules) | Public subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [public\_route\_table\_tags](#input\_public\_route\_table\_tags) | Additional tags for the public route tables | `map(string)` | `{}` | no | -| [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [public\_subnet\_ipv6\_prefixes](#input\_public\_subnet\_ipv6\_prefixes) | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no | -| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no | -| [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no | -| [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no | -| [redshift\_dedicated\_network\_acl](#input\_redshift\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no | -| [redshift\_inbound\_acl\_rules](#input\_redshift\_inbound\_acl\_rules) | Redshift subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [redshift\_outbound\_acl\_rules](#input\_redshift\_outbound\_acl\_rules) | Redshift subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| [redshift\_route\_table\_tags](#input\_redshift\_route\_table\_tags) | Additional tags for the redshift route tables | `map(string)` | `{}` | no | -| [redshift\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_redshift\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | -| [redshift\_subnet\_group\_tags](#input\_redshift\_subnet\_group\_tags) | Additional tags for the redshift subnet group | `map(string)` | `{}` | no | -| [redshift\_subnet\_ipv6\_prefixes](#input\_redshift\_subnet\_ipv6\_prefixes) | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | -| [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no | -| [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no | -| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets | `list(string)` | `[]` | no | -| [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no | -| [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no | -| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no | -| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | -| [vpc\_flow\_log\_permissions\_boundary](#input\_vpc\_flow\_log\_permissions\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no | -| [vpc\_flow\_log\_tags](#input\_vpc\_flow\_log\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no | -| [vpc\_tags](#input\_vpc\_tags) | Additional tags for the VPC | `map(string)` | `{}` | no | -| [vpn\_gateway\_az](#input\_vpn\_gateway\_az) | The Availability Zone for the VPN Gateway | `string` | `null` | no | -| [vpn\_gateway\_id](#input\_vpn\_gateway\_id) | ID of VPN Gateway to attach to the VPC | `string` | `""` | no | -| [vpn\_gateway\_tags](#input\_vpn\_gateway\_tags) | Additional tags for the VPN gateway | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [azs](#output\_azs) | A list of availability zones spefified as argument to this module | -| [database\_subnets](#output\_database\_subnets) | List of IDs of public subnets | -| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of public subnets | -| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | - diff --git a/{{cookiecutter.repo_name}}/terraform/components/vpc/main.tf b/{{cookiecutter.repo_name}}/terraform/components/vpc/main.tf deleted file mode 100644 index 1d425a9c..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/vpc/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Miguel Afonso -# https://www.linkedin.com/in/mmafonso/ -# -# date: Aug-2021 -# -# usage: create a VPC to contain all Open edX backend resources. -#------------------------------------------------------------------------------ - -module "vpc" { - source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//?ref=v3.0.0" - - name = var.name - cidr = var.cidr - - azs = var.azs - public_subnets = var.public_subnets - private_subnets = var.private_subnets - database_subnets = var.database_subnets - elasticache_subnets = var.elasticache_subnets - - enable_ipv6 = var.enable_ipv6 - enable_dns_hostnames = var.enable_dns_hostnames - enable_nat_gateway = var.enable_nat_gateway - single_nat_gateway = var.single_nat_gateway - - public_subnet_tags = var.public_subnet_tags - private_subnet_tags = var.private_subnet_tags - - tags = var.tags -} - diff --git a/{{cookiecutter.repo_name}}/terraform/components/vpc/outputs.tf b/{{cookiecutter.repo_name}}/terraform/components/vpc/outputs.tf deleted file mode 100644 index bcadbc94..00000000 --- a/{{cookiecutter.repo_name}}/terraform/components/vpc/outputs.tf +++ /dev/null @@ -1,75 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Miguel Afonso -# https://www.linkedin.com/in/mmafonso/ -# -# date: Aug-2021 -# -# usage: create a VPC to contain all Open edX backend resources. -#------------------------------------------------------------------------------ - -# VPC -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -# Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "database_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.database_subnets -} - -output "database_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.database_subnets_cidr_blocks -} - -output "elasticache_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.elasticache_subnets -} - -output "elasticache_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.elasticache_subnets_cidr_blocks -} - - - -# NAT gateways -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/bastion/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/bastion/.terraform.lock.hcl deleted file mode 100644 index b14c4050..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/bastion/.terraform.lock.hcl +++ /dev/null @@ -1,39 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = ">= 4.2.0" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/.terraform.lock.hcl deleted file mode 100644 index df378655..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/cloudfront/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.74.3" - constraints = ">= 3.64.0, ~> 3.69" - hashes = [ - "h1:SpYaB/QoM6MBiAV8k25LRVvdSEHoCoUVanXwECLEWok=", - "zh:25401cd4667d0496caf7e92e74ecef7c98cf74465570705cda2207770c27ff6c", - "zh:2d154527a9b2585f72fc5eceac635257e3f50f68de8a519e71c795d5166a0a22", - "zh:499fa5201804a5a33a90d683147fb2f81da91bfcd8ed20293f88f6f39cedbf97", - "zh:730284250fd949a59afb6935b3a68a33709d5a78b686fa98f351ad32c919cfc3", - "zh:7461ebd6fb35900d620cfa3f42126d988ea1e604ee3828d1c64d5727f908bd26", - "zh:7c85743b31c7459f8e74aaa98471ba82c54517eb908603411808a12982d89b1c", - "zh:8ed977b7fb97de624f5414b08cab36fd973a624072e0e9082c0c822e0864c7b9", - "zh:94ae7313bb0b425d4007a0b70601a337972c4f0f7a323487acf69215e74b4425", - "zh:b5a1589672d709da725a72c46d28bf5b2dea71325f6e0b44a0049f644cd09eba", - "zh:c7e8e7ce59e4578416557fc2f138137af3c8365ac3e34f0ff5166323c7d641a1", - "zh:ccf2e286b207e749fff76bb4075deddb9e7e237936d8654f34828c54e7035455", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/.terraform.lock.hcl deleted file mode 100644 index 6aaeeaaf..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/data-backup-s3/.terraform.lock.hcl +++ /dev/null @@ -1,57 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.74.3" - constraints = "~> 3.69" - hashes = [ - "h1:SpYaB/QoM6MBiAV8k25LRVvdSEHoCoUVanXwECLEWok=", - "zh:25401cd4667d0496caf7e92e74ecef7c98cf74465570705cda2207770c27ff6c", - "zh:2d154527a9b2585f72fc5eceac635257e3f50f68de8a519e71c795d5166a0a22", - "zh:499fa5201804a5a33a90d683147fb2f81da91bfcd8ed20293f88f6f39cedbf97", - "zh:730284250fd949a59afb6935b3a68a33709d5a78b686fa98f351ad32c919cfc3", - "zh:7461ebd6fb35900d620cfa3f42126d988ea1e604ee3828d1c64d5727f908bd26", - "zh:7c85743b31c7459f8e74aaa98471ba82c54517eb908603411808a12982d89b1c", - "zh:8ed977b7fb97de624f5414b08cab36fd973a624072e0e9082c0c822e0864c7b9", - "zh:94ae7313bb0b425d4007a0b70601a337972c4f0f7a323487acf69215e74b4425", - "zh:b5a1589672d709da725a72c46d28bf5b2dea71325f6e0b44a0049f644cd09eba", - "zh:c7e8e7ce59e4578416557fc2f138137af3c8365ac3e34f0ff5166323c7d641a1", - "zh:ccf2e286b207e749fff76bb4075deddb9e7e237936d8654f34828c54e7035455", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/.terraform.lock.hcl deleted file mode 100644 index 266ed3d8..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/eks/.terraform.lock.hcl +++ /dev/null @@ -1,161 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.0.0" - constraints = ">= 2.23.0, >= 3.46.0, >= 3.56.0" - hashes = [ - "h1:XjvC5UMR+bRj8Rt9T2VhJdryCfe6lxDaXUSOKFviV5c=", - "zh:02937cb37860b022e7d996726e7584ca23904baf7852d266f2dd7891ee088ae4", - "zh:259dd5790ec5f4e6814c9584c79834dce3d719e932ce662b21f13434e9441194", - "zh:2d230c8c92c3cb2c07471a4324d802c44365dcf99fe0d562cc737d1f964e9c1d", - "zh:380b04e78934519469e699c537516ae1674d15f77c6778c2738cd69374b661aa", - "zh:3d7121da1fa92166c9ea26f3c9839cef06833420d6c46978b4cbbfd0b5050791", - "zh:6b7f5a3b28ec3a631d689f599a39bfe98ca5b785353b01e374cff655b097a791", - "zh:7882291716d2d03df5ece721429770452db76c712fcff08964c3a7c0b639f703", - "zh:95250c5768610d69a28501f03176b6a05a5d5ac2ae317cb582d94b044b3272b3", - "zh:b16a622a76bee455c8b256d828f8a60515e1e9dad38420a4db1be9b9e16d474a", - "zh:c805822f0ba57e8063b6201e1f351aa4dbd5ad8886dedd25d809e5aeb9aa0259", - "zh:e1c3a0da5576aec4a48f897cd04b739c1f533cdb0005ce4c7f5bc45808b799b1", - ] -} - -provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.2.0" - constraints = ">= 2.0.0" - hashes = [ - "h1:Id6dDkpuSSLbGPTdbw49bVS/7XXHu/+d7CJoGDqtk5g=", - "zh:76825122171f9ea2287fd27e23e80a7eb482f6491a4f41a096d77b666896ee96", - "zh:795a36dee548e30ca9c9d474af9ad6d29290e0a9816154ad38d55381cd0ab12d", - "zh:9200f02cb917fb99e44b40a68936fd60d338e4d30a718b7e2e48024a795a61b9", - "zh:a33cf255dc670c20678063aa84218e2c1b7a67d557f480d8ec0f68bc428ed472", - "zh:ba3c1b2cd0879286c1f531862c027ec04783ece81de67c9a3b97076f1ce7f58f", - "zh:bd575456394428a1a02191d2e46af0c00e41fd4f28cfe117d57b6aeb5154a0fb", - "zh:c68dd1db83d8437c36c92dc3fc11d71ced9def3483dd28c45f8640cfcd59de9a", - "zh:cbfe34a90852ed03cc074601527bb580a648127255c08589bc3ef4bf4f2e7e0c", - "zh:d6ffd7398c6d1f359b96f5b757e77b99b339fbb91df1b96ac974fe71bc87695c", - "zh:d9c15285f847d7a52df59e044184fb3ba1b7679fd0386291ed183782683d9517", - "zh:f7dd02f6d36844da23c9a27bb084503812c29c1aec4aba97237fec16860fdc8c", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.4.1" - hashes = [ - "h1:aFvUq5HOEwFV/3e7DGU45zDf6j2SThDRjaCAeY2Qfss=", - "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14", - "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5", - "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526", - "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772", - "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd", - "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e", - "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0", - "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3", - "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f", - "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67", - "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "1.13.4" - constraints = "~> 1.11, >= 1.11.1" - hashes = [ - "h1:05eflFJUOeaW4Ksk+/peF6U/SlCIuR6q0ZFQcMUb1b4=", - "zh:0658034b1b0e241f6d6fc8dac2073755dcbab8f82645c0a46cec052469c518b2", - "zh:11a08ffa9b86670711cb8f2754ac8034b0cdf3d9bad4f3c22695f749a892c630", - "zh:3e90e15a58f699f22bcbe27d3cf45064f9e1a2f1fb50992afc6ea55a59100d4c", - "zh:5e5a335655e40ceb4576af3790aead62646942972c206f49a3dc52275d925f11", - "zh:6bbf068c35380e75fbd7f5186c37175c6058bd6160d59957a023af3e4c9f43c5", - "zh:6bd839cce4ce786201b3d0d43b6ad80e3bf9642f74b1490b9cf72ca8d8c90575", - "zh:804ba2f1d03f315b071434fd7201eeb1e705fcb82f9a1dc4bec760e4231becfa", - "zh:957963a9f287589836a56be24bb9a172919f5a3f18098adb9f185f2a6699680b", - "zh:b099aea7f5213450f3b0d4e439aeb83aba965920b89474aa94f2bc0d6f698fe7", - "zh:b8d610a387f0df4b4c5c27b9319749d1bf60b01c69ea65d2d129c2a61afa0c7b", - "zh:cbf56221840b360befc00fe2336a9236d1ff0f32456453030ed6f58b49deb8df", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.1.0" - constraints = ">= 1.4.0" - hashes = [ - "h1:PaQTpxHMbZB9XV+c1od1eaUvndQle3ZZHx79hrI6C3k=", - "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2", - "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab", - "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3", - "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a", - "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe", - "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1", - "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c", - "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4", - "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b", - "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3", - "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - constraints = ">= 2.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - hashes = [ - "h1:LLixa6j2MWnirPzYZPMD9/B5CVuN4Alg01SddOIoA5s=", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "3.1.0" - hashes = [ - "h1:U+kgPLboCrcs4eZV87esP7iydF8mjMyHKE/mDsrwfkQ=", - "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6", - "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2", - "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e", - "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca", - "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698", - "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d", - "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841", - "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989", - "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5", - "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d", - "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0", - ] -} - -provider "registry.terraform.io/terraform-aws-modules/http" { - version = "2.4.1" - constraints = ">= 2.4.1" - hashes = [ - "h1:fHqAXle/P/fT2k+HEyTqYVE+/RvpQAaBr6xXZgM66es=", - "zh:0111f54de2a9815ded291f23136d41f3d2731c58ea663a2e8f0fef02d377d697", - "zh:0740152d76f0ccf54f4d0e8e0753739a5233b022acd60b5d2353d248c4c17204", - "zh:569518f46809ec9cdc082b4dfd4e828236eee2b50f87b301d624cfd83b8f5b0d", - "zh:7669f7691de91eec9f381e9a4be81aa4560f050348a86c6ea7804925752a01bb", - "zh:81cd53e796ec806aca2d8e92a2aed9135661e170eeff6cf0418e54f98816cd05", - "zh:82f01abd905090f978b169ac85d7a5952322a5f0f460269dd981b3596652d304", - "zh:9a235610066e0f7e567e69c23a53327271a6fc568b06bf152d8fe6594749ed2b", - "zh:aeabdd8e633d143feb67c52248c85358951321e35b43943aeab577c005abd30a", - "zh:c20d22dba5c79731918e7192bc3d0b364d47e98a74f47d287e6cc66236bc0ed0", - "zh:c4fea2cb18c31ed7723deec5ebaff85d6795bb6b6ed3b954794af064d17a7f9f", - "zh:e21e88b6e7e55b9f29b046730d9928c65a4f181fd5f60a42f1cd41b46a0a938d", - "zh:eddb888a74dea348a0acdfee13a08875bacddde384bd9c28342a534269665568", - "zh:f46d5f1403b8d8dfafab9bdd7129d3080bb62a91ea726f477fd43560887b8c4a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/env.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/env.hcl deleted file mode 100644 index 612f71ad..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/env.hcl +++ /dev/null @@ -1,37 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Lawrence McDaniel -# https://lawrencemcdaniel.com/ -# -# date: Feb-2022 -# -# usage: create environment-level parameters, exposed to all -# Terragrunt modules in this enironment. -#------------------------------------------------------------------------------ -locals { - global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) - - environment = "{{ cookiecutter.prod_environment }}" - subdomains = [] - environment_domain = "${local.environment}.${local.global_vars.locals.root_domain}" - environment_namespace = "${local.environment}-${local.global_vars.locals.platform_name}-${local.global_vars.locals.platform_region}" - - - # AWS infrastructure sizing - # 2 vCPU 4gb - mongodb_instance_class = "db.t3.medium" - mongodb_cluster_size = 1 - - # 1 vCPU 2gb - mysql_instance_class = "db.t2.small" - - # 1 vCPU 1.55gb - redis_node_type = "cache.t2.small" - - # 2 vCPU 8gb - eks_worker_group_instance_type = "t3.large" - - tags = { - Environment = local.environment - } - -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/jwt/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/jwt/.terraform.lock.hcl deleted file mode 100644 index 002f0dba..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/jwt/.terraform.lock.hcl +++ /dev/null @@ -1,39 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = "~> 4.2" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/.terraform.lock.hcl deleted file mode 100644 index 002f0dba..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/kubernetes/.terraform.lock.hcl +++ /dev/null @@ -1,39 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = "~> 4.2" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/.terraform.lock.hcl deleted file mode 100644 index dc322329..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/mongodb/.terraform.lock.hcl +++ /dev/null @@ -1,76 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.3.0" - constraints = ">= 2.0.0, >= 3.0.0, ~> 4.2" - hashes = [ - "h1:+/UcPbNhOmn+DIsiGugJd3B8ruKgXfC2JxIX9PCCFJI=", - "zh:087c67e5429f343a164221c05a83f152322f411e7394f8a39ed81a75982af1f2", - "zh:2e852a1b107e5324524874e1cd98bcf3a69284b4fe04750aa373054177c54214", - "zh:4b9a54b5895f945827832e6ddd16ff107301fedf47acbd83d17d4e18bbf10bb1", - "zh:64dfc02bc85f5df2f51ff942fc78d72fcd0db17b0f53e1fae380e58adbd239b3", - "zh:766f9aef619cfd23e924aee523791acccd30b6d8f1cc0ed1a7b5c953bf8c5392", - "zh:90048d87ff3071a4356cf91916b46a7ec69ba55bcba5765b598d3fe545d4c6ca", - "zh:c51f5b238af37c63e9033a12fd7fedc87c03eb966f5f5c7786eb6246e8bf3071", - "zh:d0df94d3112a25de609dfb55c5e3b0d119dea519a2bdd8099e64a8d63f22b683", - "zh:de166ecfeed70f570cea72ec094f00c2f997496b3226fa08518e7cd4a73884e1", - "zh:e31c31d00f42ea2dbaab1ad4c245da5cfff63e28399b5a5795b5e6a826c6c8af", - "zh:f93725afd8410194ede51d83505327aa1ae6a9b4280cf31db649c62c7dc203ae", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.1.0" - constraints = ">= 1.3.0" - hashes = [ - "h1:PaQTpxHMbZB9XV+c1od1eaUvndQle3ZZHx79hrI6C3k=", - "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2", - "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab", - "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3", - "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a", - "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe", - "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1", - "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c", - "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4", - "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b", - "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3", - "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/mysql/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/mysql/.terraform.lock.hcl deleted file mode 100644 index bf786180..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/mysql/.terraform.lock.hcl +++ /dev/null @@ -1,58 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = ">= 2.49.0, >= 3.0.0, ~> 4.2" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - constraints = ">= 2.2.0, >= 3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/redis/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/redis/.terraform.lock.hcl deleted file mode 100644 index 03567f7b..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/redis/.terraform.lock.hcl +++ /dev/null @@ -1,57 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = ">= 3.0.0, ~> 4.2" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/s3/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/s3/.terraform.lock.hcl deleted file mode 100644 index 6aaeeaaf..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/s3/.terraform.lock.hcl +++ /dev/null @@ -1,57 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.74.3" - constraints = "~> 3.69" - hashes = [ - "h1:SpYaB/QoM6MBiAV8k25LRVvdSEHoCoUVanXwECLEWok=", - "zh:25401cd4667d0496caf7e92e74ecef7c98cf74465570705cda2207770c27ff6c", - "zh:2d154527a9b2585f72fc5eceac635257e3f50f68de8a519e71c795d5166a0a22", - "zh:499fa5201804a5a33a90d683147fb2f81da91bfcd8ed20293f88f6f39cedbf97", - "zh:730284250fd949a59afb6935b3a68a33709d5a78b686fa98f351ad32c919cfc3", - "zh:7461ebd6fb35900d620cfa3f42126d988ea1e604ee3828d1c64d5727f908bd26", - "zh:7c85743b31c7459f8e74aaa98471ba82c54517eb908603411808a12982d89b1c", - "zh:8ed977b7fb97de624f5414b08cab36fd973a624072e0e9082c0c822e0864c7b9", - "zh:94ae7313bb0b425d4007a0b70601a337972c4f0f7a323487acf69215e74b4425", - "zh:b5a1589672d709da725a72c46d28bf5b2dea71325f6e0b44a0049f644cd09eba", - "zh:c7e8e7ce59e4578416557fc2f138137af3c8365ac3e34f0ff5166323c7d641a1", - "zh:ccf2e286b207e749fff76bb4075deddb9e7e237936d8654f34828c54e7035455", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/secrets/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/secrets/.terraform.lock.hcl deleted file mode 100644 index 565c51aa..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/secrets/.terraform.lock.hcl +++ /dev/null @@ -1,75 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = "~> 4.2" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.8.0" - hashes = [ - "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=", - "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be", - "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927", - "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5", - "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405", - "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d", - "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f", - "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b", - "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9", - "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb", - "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4", - "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.1.0" - hashes = [ - "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=", - "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", - "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", - "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", - "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", - "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", - "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", - "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", - "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", - "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", - "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", - "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "3.1.0" - hashes = [ - "h1:U+kgPLboCrcs4eZV87esP7iydF8mjMyHKE/mDsrwfkQ=", - "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6", - "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2", - "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e", - "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca", - "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698", - "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d", - "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841", - "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989", - "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5", - "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d", - "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0", - ] -} diff --git a/{{cookiecutter.repo_name}}/terraform/environments/prod/vpc/.terraform.lock.hcl b/{{cookiecutter.repo_name}}/terraform/environments/prod/vpc/.terraform.lock.hcl deleted file mode 100644 index b86acefe..00000000 --- a/{{cookiecutter.repo_name}}/terraform/environments/prod/vpc/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.2.0" - constraints = ">= 3.15.0" - hashes = [ - "h1:N5oVH/WT+1U3/hfpqs2iQ6wkoK+1qrPbYZJ+6Ptx6a0=", - "zh:297d6462055eac8eb5c6735bd1a0fec23574e27d56c4c14a39efd8f3931ce4ed", - "zh:457319839adca3638fd76f49fd65e15756717f97ac99bd1805a1c9387a62a250", - "zh:57377384fa28abc4211a0916fc0fb590af238d096ad0490434ffeb89f568df9b", - "zh:578e1d21bd6d38bdaef0909b30959b884e84e6c464796a50e516822955db162a", - "zh:5e7ff13cc976f609aee4ada3c1967ba1f0ce5d276f3102a0aeaedc586d25ea80", - "zh:5e94f09fe1874a2365bd566fecab8f676cd720da1c0bf70875392679549ebf20", - "zh:93da14d7ffb8550b161cb79fe2cfc0f66848dd5022974399ae2bf88da7b9e9c5", - "zh:c51e4541f3d29627974dcb7f5919012a762391accb574ade9e28bdb3c92bada5", - "zh:eff58c1680e3f29e514919346d937bbe47278434ae03ed62443c77e878e267b1", - "zh:f2b749e6c6b77b26e643bbecc829977270cfefab106d5ea57e5a83e96d49cbdd", - "zh:fcc17e60e55c278535c332469727cf215eaea9ec81d38e2b5f05be127ee39a5b", - ] -}