NetApp
diff --git a/‎Terraform/deploy-fsx-ontap/module/README.md‎
Lines changed: 20 additions & 17 deletions b/‎Terraform/deploy-fsx-ontap/module/README.md‎
Lines changed: 20 additions & 17 deletions
diff --git a/‎Terraform/deploy-fsx-ontap/module/main.tf‎
Lines changed: 24 additions & 27 deletions b/‎Terraform/deploy-fsx-ontap/module/main.tf‎
Lines changed: 24 additions & 27 deletions
@@ -259,29 +259,32 @@ terraform apply
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| aws_account_id | The AWS account ID. Used to create very specific permissions. | `string` | n/a | yes |
+| aws_account_id | The AWS account ID. Used to create account specific permissions on the secrets that are created. Use the default for less specific permissions. | `string` | `"*"` | no |
 | backup_retention_days | The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. | `number` | `0` | no |
-| capacity_size_gb | The storage capacity (GiB) of the FSxN file system. Valid values between 1024 and 196608 | `number` | `1024` | no |
-| cidr_for_sg | cidr block to be used for the created security ingress rules. Set to an empty string if you want to use the source_sg_id as the source. | `string` | `""` | no |
-| create_sg | Determines whether the SG should be deployed as part of this deployment or not. | `bool` | `true` | no |
+| capacity_size_gb | The storage capacity in GiBs of the FSxN file system. Valid values between 1024 (1 TiB) and 1048576 (1 PiB). Gen 1 deployment types are limited to 192 TiB. Gen 2 Multi AZ is limited to 512 TiB. Gen 2 Single AZ is limited to 1 PiB. | `number` | `1024` | no |
+| cidr_for_sg | The cidr block to be used for the created security ingress rules. Set to an empty string if you want to use the source_sg_id as the source. | `string` | `""` | no |
+| create_sg | Determines whether the Security Group should be created as part of this deployment or not. | `bool` | `true` | no |
 | daily_backup_start_time | A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. Requires automatic_backup_retention_days to be set. | `string` | `"00:00"` | no |
-| deployment_type | The filesystem deployment type. Supports MULTI_AZ_1 and SINGLE_AZ_1 | `string` | `"MULTI_AZ_1"` | no |
-| disk_iops_configuration | The SSD IOPS configuration for the file system. Valid modes are 'AUTOMATIC' (3 iops per GB provided) or 'USER_PROVISIONED'. NOTE: Due to a bug in the AWS FSx provider, if you want AUTOMATIC, then leave this variable empty. If you want USER_PROVIDEDED, then add a 'mode=USER_PROVISIONED' (with USER_PROVISIONED enclosed in doube quotes) and 'iops=number' where number is between 1 and 160000. | `map(any)` | `{}` | no |
-| kms_key_id | ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key. | `string` | `null` | no |
-| maintenance_start_time | The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone. | `string` | `"1:00:00"` | no |
-| name | The name to assigne to the FSxN file system. | `string` | `"fsx1"` | no |
+| deployment_type | The file system deployment type. Supported values are 'MULTI_AZ_1', 'SINGLE_AZ_1', 'MULTI_AZ_2', and 'SINGLE_AZ_2'. MULTI_AZ_1 and SINGLE_AZ_1 are Gen 1. MULTI_AZ_2 and SINGLE_AZ_2 are Gen 2. | `string` | `"MULTI_AZ_1"` | no |
+| disk_iops_configuration | The SSD IOPS configuration for the file system. Valid modes are 'AUTOMATIC' (3 iops per GB provisioned) or 'USER_PROVISIONED'. NOTE: Due to a bug in the AWS FSx Terraform provider, if you want AUTOMATIC, then leave this variable empty. If you want USER_PROVISIONED, then add a 'mode=USER_PROVISIONED' (with USER_PROVISIONED enclosed in double quotes) and 'iops=number' where number is between 1 and 160000. | `map(any)` | `{}` | no |
+| endpoint_ip_address_range | The IP address range that the FSxN file system will be accessible from. This is only used for Mutli AZ deployment types and must be left a null for Single AZ deployment types. | `string` | `null` | no |
+| ha_pairs | The number of HA pairs in the file system. Valid values are from 1 through 12. Only single AZ Gen 2 deployment type supports more than 1 HA pair. | `number` | `1` | no |
+| kms_key_id | ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key. | `string` | `null` | no |
+| maintenance_start_time | The preferred start time to perform weekly maintenance, in UTC time zone. The format is 'D:HH:MM' format. D is the day of the week, where 1=Monday and 7=Sunday. | `string` | `"7:00:00"` | no |
+| name | The name to assign to the FSxN file system. | `string` | `"fsxn"` | no |
 | root_vol_sec_style | Specifies the root volume security style, Valid values are UNIX, NTFS, and MIXED (although MIXED is not recommended). All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. | `string` | `"UNIX"` | no |
-| route_table_ids | Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table. Note, this variable is only used for MULTI_AZ_1 type deployments. | `list(any)` | `null` | no |
+| route_table_ids | An array of routing table IDs that will be modified to allow access to the FSxN file system. This is only used for Multi AZ deployment types and must be left as null for Single AZ deployment types. | `list(string)` | `null` | no |
 | secret_name_prefix | The prefix to the secret name that will be created that will contain the FSxN passwords (system, and SVM). | `string` | `"fsxn-secret"` | no |
-| secrets_region | The AWS region where the secets for the FSxN file system and SVM will be deployed. | `string` | `""` | no |
+| secrets_region | The AWS region where the secrets for the FSxN file system and SVM will be deployed. | `string` | `""` | no |
 | security_group_id | If you are not creating the security group, provide the ID of the security group to be used. | `string` | `""` | no |
+| security_group_name_prefix | The prefix to the security group name that will be created. | `string` | `"fsxn-sg"` | no |
 | source_sg_id | The ID of the security group to allow access to the FSxN file system. Set to an empty string if you want to use the cidr_for_sg as the source. | `string` | `""` | no |
-| subnets | The subnets from where the file system will be accessible from. For MULTI_AZ_1 deployment type, provide both primvary and secondary subnets. For SINGLE_AZ_1 deployment type, only the primary subnet is used. | `map(string)` | <pre>{<br>  "primarysub": "subnet-111111111",<br>  "secondarysub": "subnet-222222222"<br>}</pre> | no |
-| svm_name | The name of the Storage Virtual Machine, (a.k.a. vserver). | `string` | `"first_svm"` | no |
-| tags | Tags to be applied to the FSxN file system. | `map(any)` | `{}` | no |
-| throughput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096. | `number` | `128` | no |
-| vol_info | Details for the volume creation | `map(any)` | <pre>{<br>  "cooling_period": 31,<br>  "copy_tags_to_backups": false,<br>  "efficiency": true,<br>  "junction_path": "/vol1",<br>  "sec_style": "UNIX",<br>  "size_mg": 1024,<br>  "skip_final_backup": false,<br>  "snapshot_policy": "default",<br>  "tier_policy_name": "AUTO",<br>  "vol_name": "vol1",<br>  "vol_type": "RW"<br>}</pre> | no |
-| vpc_id | The ID of the VPC in where the security group will be created. | `string` | `""` | no |
+| subnets | The primary subnet ID, and secondary subnet ID if you are deploying in a Multi AZ environment, the file system will be accessible from. For MULTI_AZ deployment types both subnets are required. For SINGLE_AZ deployment type, only the primary subnet is used. | `map(string)` | <pre>{<br>  "primarysub": "subnet-111111111",<br>  "secondarysub": "subnet-222222222"<br>}</pre> | no |
+| svm_name | name of the Storage Virtual Machine, (a.k.a. vserver). | `string` | `"fsx"` | no |
+| tags | Tags to be applied to the FSxN file system. The format is '{Name1 = value, Name2 = value}'. | `map(any)` | `{}` | no |
+| throughput_in_MBps | The throughput capacity (in MBps) for the file system. Valid values are 128, 256, 512, 1024, 2048, and 4096 for Gen 1, and 384, 768, 1536, 3072 and 6144 for Gen 2. | `string` | `"128"` | no |
+| vol_info | Details for the volume creation | <pre>object({<br>    vol_name              = optional(string, "vol1")<br>    junction_path         = optional(string, "/vol1")<br>    size_mg               = optional(number,  1024)<br>    efficiency            = optional(bool,    true)<br>    tier_policy_name      = optional(string, "AUTO")<br>    cooling_period        = optional(string,  31)<br>    vol_type              = optional(string, "RW")<br>    copy_tags_to_backups  = optional(bool,    false)<br>    sec_style             = optional(string, "UNIX")<br>    skip_final_backup     = optional(bool,    false)<br>    snapshot_policy       = optional(string, "default")<br>  })</pre> | `{}` | no |
+| vpc_id | The VPC ID where the security group will be created. | `string` | `""` | no |
 
 ### Outputs
 
 
@@ -2,32 +2,24 @@
 # SPDX-License-Identifier: Apache-2.0
 
 /*
-   The following resources are for deploying a complete FSx ONTAP file system. 
-   The code below deploys the following resources in this order:
-   1. A file system 
-   2. A storage virtual machine
-   3. A volume within the storage virtual machine
-  
-   Every resource include both optional and required parameters, separated by a comment line.
-   Feel free to add or remove optional parameters as needed.
+ * The following resources are for deploying a complete FSx ONTAP file system.
+ * The code below deploys the following resources in this order:
+ * 1. A file system
+ * 2. A storage virtual machine
+ * 3. A volume within the storage virtual machine
  */
 
 resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
-  // REQUIRED PARAMETERS 
-  subnet_ids = (var.deployment_type == "MULTI_AZ_1" ? [var.subnets["primarysub"], var.subnets["secondarysub"]] : [var.subnets["primarysub"]])
+  subnet_ids = var.deployment_type == "MULTI_AZ_1" || var.deployment_type == "MULTI_AZ_2" ? [var.subnets["primarysub"], var.subnets["secondarysub"]] : [var.subnets["primarysub"]]
   preferred_subnet_id = var.subnets["primarysub"]
 
-  // OPTIONAL PARAMETERS
   storage_capacity                  = var.capacity_size_gb
   security_group_ids                = var.create_sg ? [element(aws_security_group.fsx_sg[*].id, 0)] : [var.security_group_id]
   deployment_type                   = var.deployment_type
-  throughput_capacity               = var.throughput_in_MBps
-  weekly_maintenance_start_time     = var.maintenance_start_time
-  kms_key_id                        = var.kms_key_id
-  automatic_backup_retention_days   = var.backup_retention_days
-  daily_automatic_backup_start_time = var.daily_backup_start_time
-  route_table_ids                   = (var.deployment_type == "MULTI_AZ_1" ? var.route_table_ids : null)
-  tags                              = merge(var.tags, {Name = var.name })
+  throughput_capacity_per_ha_pair   = var.throughput_in_MBps
+  ha_pairs                          = var.ha_pairs
+  endpoint_ip_address_range         = var.endpoint_ip_address_range
+  route_table_ids                   = (var.deployment_type == "MULTI_AZ_1" || var.deployment_type == "MULTI_AZ_2" ? var.route_table_ids : null)
   dynamic "disk_iops_configuration" {
     for_each = length(var.disk_iops_configuration) > 0 ? [var.disk_iops_configuration] : []
 
@@ -37,6 +29,12 @@ resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
     }
   }
 
+  tags                              = merge(var.tags, {Name = var.name })
+  weekly_maintenance_start_time     = var.maintenance_start_time
+  kms_key_id                        = var.kms_key_id
+  automatic_backup_retention_days   = var.backup_retention_days
+  daily_automatic_backup_start_time = var.backup_retention_days > 0 ? var.daily_backup_start_time : null
+
   lifecycle {
     precondition {
       condition = !var.create_sg || (var.cidr_for_sg != "" && var.source_sg_id == "" || var.cidr_for_sg == "" && var.source_sg_id != "")
@@ -52,7 +50,8 @@ resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
 data "aws_region" "current" {}
 
 #
-# Instantiate a secret for the FSx ONTAP file system. It will set the initial password for the file system.
+# Instantiate a secret for the FSx ONTAP file system. It should have a rotating password Lambda function
+# associated with it that will set the initial password.
 module "fsxn_rotate_secret" {
     source = "github.com/Netapp/FSx-ONTAP-samples-scripts/Management-Utilities/fsxn-rotate-secret/terraform"
     fsx_region = data.aws_region.current.name
@@ -61,17 +60,16 @@ module "fsxn_rotate_secret" {
     secret_name_prefix = var.secret_name_prefix
     fsx_id = aws_fsx_ontap_file_system.terraform-fsxn.id
 }
-
+#
+# Define the SVM.
 resource "aws_fsx_ontap_storage_virtual_machine" "mysvm" {
-  // REQUIRED PARAMETERS
   file_system_id = aws_fsx_ontap_file_system.terraform-fsxn.id
   name           = var.svm_name
-
-  // OPTIONAL PARAMETERS
   root_volume_security_style = var.root_vol_sec_style
 }
 #
-# Instantiate a secret for the FSx ONTAP file system. It will set the initial password for the SVM.
+# Instantiate a secret for the SVM. It should have a rotating password Lambda function
+# associated with it that will set the initial password.
 module "svm_rotate_secret" {
     source = "github.com/Netapp/FSx-ONTAP-samples-scripts/Management-Utilities/fsxn-rotate-secret/terraform"
     fsx_region = data.aws_region.current.name
@@ -80,14 +78,13 @@ module "svm_rotate_secret" {
     secret_name_prefix = var.secret_name_prefix
     svm_id = aws_fsx_ontap_storage_virtual_machine.mysvm.id
 }
-
+#
+# Define the volume.
 resource "aws_fsx_ontap_volume" "myvol" {
-  // REQUIRED PARAMETERS
   name                       = var.vol_info["vol_name"]
   size_in_megabytes          = var.vol_info["size_mg"]
   storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.mysvm.id
 
-  // OPTIONAL PARAMETERS
   junction_path              = var.vol_info["junction_path"]
   ontap_volume_type          = var.vol_info["vol_type"]
   storage_efficiency_enabled = var.vol_info["efficiency"]