Changed the names of some of the variables.

kcantrel · kcantrel · commit 36d81b12a99e · 2024-07-03T07:28:21.000-05:00
diff --git a/Terraform/deploy-fsx-ontap/module/main.tf b/Terraform/deploy-fsx-ontap/module/main.tf
@@ -14,21 +14,21 @@
 
 resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
   // REQUIRED PARAMETERS 
-  subnet_ids = (var.fsx_deploy_type == "MULTI_AZ_1" ? [var.fsx_subnets["primarysub"], var.fsx_subnets["secondarysub"]] : [var.fsx_subnets["primarysub"]])
-  preferred_subnet_id = var.fsx_subnets["primarysub"]
+  subnet_ids = (var.deployment_type == "MULTI_AZ_1" ? [var.subnets["primarysub"], var.subnets["secondarysub"]] : [var.subnets["primarysub"]])
+  preferred_subnet_id = var.subnets["primarysub"]
 
   // OPTIONAL PARAMETERS
-  storage_capacity                  = var.fsx_capacity_size_gb
+  storage_capacity                  = var.capacity_size_gb
   security_group_ids                = var.create_sg ? [element(aws_security_group.fsx_sg.*.id, 0)] : [var.security_group_id]
-  deployment_type                   = var.fsx_deploy_type
-  throughput_capacity               = var.fsx_tput_in_MBps
-  weekly_maintenance_start_time     = var.fsx_maintenance_start_time
+  deployment_type                   = var.deployment_type
+  throughput_capacity               = var.throughput_in_MBps
+  weekly_maintenance_start_time     = var.maintenance_start_time
   kms_key_id                        = var.kms_key_id
   automatic_backup_retention_days   = var.backup_retention_days
   daily_automatic_backup_start_time = var.daily_backup_start_time
   fsx_admin_password                = data.aws_secretsmanager_secret_version.fsx_password.secret_string
-  route_table_ids                   = (var.fsx_deploy_type == "MULTI_AZ_1" ? var.route_table_ids : null)
-  tags                              = merge(var.tags, {Name = var.fsx_name })
+  route_table_ids                   = (var.deployment_type == "MULTI_AZ_1" ? var.route_table_ids : null)
+  tags                              = merge(var.tags, {Name = var.name })
   dynamic "disk_iops_configuration" {
     for_each = length(var.disk_iops_configuration) > 0 ? [var.disk_iops_configuration] : []
 
@@ -40,8 +40,8 @@ resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
 
   lifecycle {
     precondition {
-      condition = !var.create_sg || (var.cidr_for_sg != "" && var.source_security_group_id == "" || var.cidr_for_sg == "" && var.source_security_group_id != "")
-      error_message = "You must specify EITHER cidr_block OR source_security_group_id when creating a security group, not both."
+      condition = !var.create_sg || (var.cidr_for_sg != "" && var.source_sg_id == "" || var.cidr_for_sg == "" && var.source_sg_id != "")
+      error_message = "You must specify EITHER cidr_block OR source_sg_id when creating a security group, not both."
     }
     precondition {
       condition = var.create_sg || var.security_group_id != ""
@@ -81,7 +81,7 @@ resource "aws_fsx_ontap_volume" "myvol" {
 #
 # The next two data blocks retrieve the secret from Secrets Manager.
 data "aws_secretsmanager_secret" "fsx_secret" {
-  name = var.fsx_secret_name
+  name = var.secret_name
 }
 data "aws_secretsmanager_secret_version" "fsx_password" {
   secret_id = data.aws_secretsmanager_secret.fsx_secret.id
diff --git a/Terraform/deploy-fsx-ontap/module/security_groups.tf b/Terraform/deploy-fsx-ontap/module/security_groups.tf
@@ -11,18 +11,20 @@
  *   can be found in the variables.tf file.
  *
  * - If you wish to use the created Security Group, just be sure to set the cidr_for_sg OR
- *   source_security_group_id varaibles in the variables.tf file. Do not set both or the
+ *   source_sg_id varaibles in the variables.tf file. Do not set both or the
  *   creation of the security group will fail.
  */
 
 resource "aws_security_group" "fsx_sg" {
+  count       = var.create_sg ? 1 : 0
   name        = "fsx_sg"
   description = "Allow FSx ONTAP required ports"
   vpc_id      = var.vpc_id
 }
 
 resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Allow all ICMP traffic"
   cidr_ipv4         = "0.0.0.0/0"   // Allowing all ICMP traffic from all sources
   from_port         = -1
@@ -31,217 +33,239 @@ resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Remote procedure call for NFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 111
   to_port           = 111
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Remote procedure call for NFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 111
   to_port           = 111
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "cifs" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NetBIOS service session for CIFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 139
   to_port           = 139
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Simple network management protocol for log collection"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 161
   to_port           = 162
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Simple network management protocol for log collection"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 161
   to_port           = 162
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Microsoft SMB/CIFS over TCP with NetBIOS framing"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 445
   to_port           = 445
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS mount"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 635
   to_port           = 635
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "kerberos" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Kerberos authentication"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 749
   to_port           = 749
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS server daemon"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 2049
   to_port           = 2049
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS server daemon"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 2049
   to_port           = 2049
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS lock daemon"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 4045
   to_port           = 4045
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS lock daemon"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 4045
   to_port           = 4045
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Status monitor for NFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 4046
   to_port           = 4046
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Status monitor for NFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 4046
   to_port           = 4046
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_rquotad" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Remote quota server for NFS"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 4049
   to_port           = 4049
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "iscsi_tcp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "iSCSI"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 3260
   to_port           = 3260
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "Snapmirror_Intercluster_communication" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Snapmirror Intercluster communication"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 11104
   to_port           = 11104
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "Snapmirror_data_transfer" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Snapmirror data transfer"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 11105
   to_port           = 11105
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "NFS mount"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 635
   to_port           = 635
   ip_protocol       = "udp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "ssh" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "ssh"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 22
   to_port           = 22
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_ingress_rule" "s3_and_api" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   description       = "Provice acccess to S3 and the ONTAP REST API"
   cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
-  referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
+  referenced_security_group_id = (var.source_sg_id != "" ? var.source_sg_id : null)
   from_port         = 443
   to_port           = 443
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" {
-  security_group_id = aws_security_group.fsx_sg.id
+  count             = var.create_sg ? 1 : 0
+  security_group_id = aws_security_group.fsx_sg[count.index].id
   cidr_ipv4         = "0.0.0.0/0"  // Allow all output traffic.
   ip_protocol       = "-1"
 }
diff --git a/Terraform/deploy-fsx-ontap/module/variables.tf b/Terraform/deploy-fsx-ontap/module/variables.tf
