[backing-services] set defaults to support disablement (#83)

* set defaults to support disablement

* Generate sane values

* Write to ssm

* support more enabled flags. usernames cannot being with number

* Usernames cannot contain leading numbers.

Author: osterman

aws/backing-services/README.md

@@ -0,0 +1,12 @@
+
+## Troubleshooting
+
+### Problem
+
+```
+aws_security_group.default: Error authorizing security group ingress rules: InvalidGroup.NotFound: You have specified two resources that belong to different networks.
+```
+
+### Answer 
+
+Ensure that the VPC peering with the Kops cluster has been setup.

aws/backing-services/aurora-mysql.tf

@@ -6,19 +6,22 @@ variable "mysql_name" {
   default     = "mysql"
 }
 
-variable "mysql_admin_name" {
+variable "mysql_admin_user" {
   type        = "string"
   description = "MySQL admin user name"
+  default     = ""
 }
 
 variable "mysql_admin_password" {
   type        = "string"
   description = "MySQL password for the admin user"
+  default     = ""
 }
 
 variable "mysql_db_name" {
   type        = "string"
   description = "MySQL database name"
+  default     = ""
 }
 
 # https://aws.amazon.com/rds/aurora/pricing
@@ -51,48 +54,129 @@ variable "mysql_cluster_allowed_cidr_blocks" {
   description = "List of CIDR blocks allowed to access the cluster"
 }
 
+resource "random_pet" "mysql_db_name" {
+  count     = "${local.mysql_cluster_enabled ? 1 : 0}"
+  separator = "_"
+}
+
+resource "random_string" "mysql_admin_user" {
+  count   = "${local.mysql_cluster_enabled ? 1 : 0}"
+  length  = 8
+  number  = false
+  special = false
+}
+
+resource "random_string" "mysql_admin_password" {
+  count   = "${local.mysql_cluster_enabled ? 1 : 0}"
+  length  = 16
+  special = true
+}
+
+locals {
+  mysql_cluster_enabled = "${var.mysql_cluster_enabled == "true"}"
+  mysql_admin_user      = "${length(var.mysql_admin_user) > 0 ? var.mysql_admin_user : join("", random_string.mysql_admin_user.*.result)}"
+  mysql_admin_password  = "${length(var.mysql_admin_password) > 0 ? var.mysql_admin_password : join("", random_string.mysql_admin_password.*.result)}"
+  mysql_db_name         = "${join("", random_pet.mysql_db_name.*.id)}"
+}
+
 module "aurora_mysql" {
-  source              = "git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=tags/0.7.0"
-  namespace           = "${var.namespace}"
-  stage               = "${var.stage}"
-  name                = "${var.mysql_name}"
-  engine              = "aurora-mysql"
-  cluster_family      = "aurora-mysql5.7"
-  instance_type       = "${var.mysql_instance_type}"
-  cluster_size        = "${var.mysql_cluster_size}"
-  admin_user          = "${var.mysql_admin_name}"
-  admin_password      = "${var.mysql_admin_password}"
-  db_name             = "${var.mysql_db_name}"
-  db_port             = "3306"
-  vpc_id              = "${module.vpc.vpc_id}"
-  subnets             = ["${module.subnets.public_subnet_ids}"]                                           # Use module.subnets.private_subnet_ids if the cluster does not need to be publicly accessible
-  zone_id             = "${var.zone_id}"
+  source         = "git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=tags/0.7.1"
+  namespace      = "${var.namespace}"
+  stage          = "${var.stage}"
+  name           = "${var.mysql_name}"
+  engine         = "aurora-mysql"
+  cluster_family = "aurora-mysql5.7"
+  instance_type  = "${var.mysql_instance_type}"
+  cluster_size   = "${var.mysql_cluster_size}"
+  admin_user     = "${local.mysql_admin_user}"
+  admin_password = "${local.mysql_admin_password}"
+  db_name        = "${local.mysql_db_name}"
+  db_port        = "3306"
+  vpc_id         = "${module.vpc.vpc_id}"
+
+  # Use module.subnets.private_subnet_ids if the cluster does not need to be publicly accessible
+  subnets             = ["${module.subnets.public_subnet_ids}"]
+  zone_id             = "${local.zone_id}"
   enabled             = "${var.mysql_cluster_enabled}"
   publicly_accessible = "${var.mysql_cluster_publicly_accessible}"
   allowed_cidr_blocks = "${var.mysql_cluster_allowed_cidr_blocks}"
 }
 
+resource "aws_ssm_parameter" "aurora_mysql_database_name" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_database_name")}"
+  value       = "${module.aurora_mysql.name}"
+  description = "Aurora MySQL Database Name"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_mysql_master_username" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_master_username")}"
+  value       = "${module.aurora_mysql.user}"
+  description = "Aurora MySQL Username for the master DB user"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_mysql_master_password" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_master_password")}"
+  value       = "${module.aurora_mysql.password}"
+  description = "Aurora MySQL Password for the master DB user"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_mysql_master_hostname" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_master_hostname")}"
+  value       = "${module.aurora_mysql.master_host}"
+  description = "Aurora MySQL DB Master hostname"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_mysql_replicas_hostname" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_replicas_hostname")}"
+  value       = "${module.aurora_mysql.replicas_host}"
+  description = "Aurora MySQL DB Replicas hostname"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_mysql_cluster_name" {
+  count       = "${local.mysql_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_mysql_cluster_name")}"
+  value       = "${module.aurora_mysql.cluster_name}"
+  description = "Aurora MySQL DB Cluster Identifier"
+  type        = "String"
+  overwrite   = "true"
+}
+
 output "aurora_mysql_database_name" {
   value       = "${module.aurora_mysql.name}"
-  description = "Database name"
+  description = "Aurora MySQL Database name"
 }
 
 output "aurora_mysql_master_username" {
   value       = "${module.aurora_mysql.user}"
-  description = "Username for the master DB user"
+  description = "Aurora MySQL Username for the master DB user"
 }
 
 output "aurora_mysql_master_hostname" {
   value       = "${module.aurora_mysql.master_host}"
-  description = "DB Master hostname"
+  description = "Aurora MySQL DB Master hostname"
 }
 
 output "aurora_mysql_replicas_hostname" {
   value       = "${module.aurora_mysql.replicas_host}"
-  description = "Replicas hostname"
+  description = "Aurora MySQL Replicas hostname"
 }
 
 output "aurora_mysql_cluster_name" {
   value       = "${module.aurora_mysql.cluster_name}"
-  description = "Cluster Identifier"
+  description = "Aurora MySQL Cluster Identifier"
 }

aws/backing-services/aurora-postgres.tf

@@ -4,23 +4,28 @@ variable "postgres_name" {
   default     = "postgres"
 }
 
-# Don't use `admin`
+# Don't use `admin` 
+# Read more: <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html>
 # ("MasterUsername admin cannot be used as it is a reserved word used by the engine")
-variable "postgres_admin_name" {
+variable "postgres_admin_user" {
   type        = "string"
   description = "Postgres admin user name"
+  default     = ""
 }
 
 # Must be longer than 8 chars
+# Read more: <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html>
 # ("The parameter MasterUserPassword is not a valid password because it is shorter than 8 characters")
 variable "postgres_admin_password" {
   type        = "string"
   description = "Postgres password for the admin user"
+  default     = ""
 }
 
 variable "postgres_db_name" {
   type        = "string"
   description = "Postgres database name"
+  default     = ""
 }
 
 # db.r4.large is the smallest instance type supported by Aurora Postgres
@@ -43,47 +48,126 @@ variable "postgres_cluster_enabled" {
   description = "Set to false to prevent the module from creating any resources"
 }
 
+resource "random_pet" "postgres_db_name" {
+  count     = "${local.postgres_cluster_enabled ? 1 : 0}"
+  separator = "_"
+}
+
+resource "random_string" "postgres_admin_user" {
+  count   = "${local.postgres_cluster_enabled ? 1 : 0}"
+  length  = 8
+  special = false
+  number  = false
+}
+
+resource "random_string" "postgres_admin_password" {
+  count   = "${local.postgres_cluster_enabled ? 1 : 0}"
+  length  = 16
+  special = true
+}
+
+locals {
+  postgres_cluster_enabled = "${var.postgres_cluster_enabled == "true"}"
+  postgres_admin_user      = "${length(var.postgres_admin_user) > 0 ? var.postgres_admin_user : join("", random_string.postgres_admin_user.*.result)}"
+  postgres_admin_password  = "${length(var.postgres_admin_password) > 0 ? var.postgres_admin_password : join("", random_string.postgres_admin_password.*.result)}"
+  postgres_db_name         = "${join("", random_pet.postgres_db_name.*.id)}"
+}
+
 module "aurora_postgres" {
-  source          = "git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=tags/0.7.0"
+  source          = "git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=tags/0.7.1"
   namespace       = "${var.namespace}"
   stage           = "${var.stage}"
   name            = "${var.postgres_name}"
   engine          = "aurora-postgresql"
   cluster_family  = "aurora-postgresql9.6"
   instance_type   = "${var.postgres_instance_type}"
   cluster_size    = "${var.postgres_cluster_size}"
-  admin_user      = "${var.postgres_admin_name}"
-  admin_password  = "${var.postgres_admin_password}"
-  db_name         = "${var.postgres_db_name}"
+  admin_user      = "${local.postgres_admin_user}"
+  admin_password  = "${local.postgres_admin_password}"
+  db_name         = "${local.postgres_db_name}"
   db_port         = "5432"
   vpc_id          = "${module.vpc.vpc_id}"
   subnets         = ["${module.subnets.private_subnet_ids}"]
-  zone_id         = "${var.zone_id}"
+  zone_id         = "${local.zone_id}"
   security_groups = ["${module.kops_metadata.nodes_security_group_id}"]
   enabled         = "${var.postgres_cluster_enabled}"
 }
 
+resource "aws_ssm_parameter" "aurora_postgres_database_name" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_database_name")}"
+  value       = "${module.aurora_postgres.name}"
+  description = "Aurora Postgres Database Name"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_postgres_master_username" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_master_username")}"
+  value       = "${module.aurora_postgres.user}"
+  description = "Aurora Postgres Username for the master DB user"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_postgres_master_password" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_master_password")}"
+  value       = "${module.aurora_postgres.password}"
+  description = "Aurora Postgres Password for the master DB user"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_postgres_master_hostname" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_master_hostname")}"
+  value       = "${module.aurora_postgres.master_host}"
+  description = "Aurora Postgres DB Master hostname"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_postgres_replicas_hostname" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_replicas_hostname")}"
+  value       = "${module.aurora_postgres.replicas_host}"
+  description = "Aurora Postgres DB Replicas hostname"
+  type        = "String"
+  overwrite   = "true"
+}
+
+resource "aws_ssm_parameter" "aurora_postgres_cluster_name" {
+  count       = "${local.postgres_cluster_enabled ? 1 : 0}"
+  name        = "${format(var.chamber_parameter_name, local.chamber_service, "aurora_postgres_cluster_name")}"
+  value       = "${module.aurora_postgres.cluster_name}"
+  description = "Aurora Postgres DB Cluster Identifier"
+  type        = "String"
+  overwrite   = "true"
+}
+
 output "aurora_postgres_database_name" {
   value       = "${module.aurora_postgres.name}"
-  description = "Database name"
+  description = "Aurora Postgres Database name"
 }
 
 output "aurora_postgres_master_username" {
   value       = "${module.aurora_postgres.user}"
-  description = "Username for the master DB user"
+  description = "Aurora Postgres Username for the master DB user"
 }
 
 output "aurora_postgres_master_hostname" {
   value       = "${module.aurora_postgres.master_host}"
-  description = "DB Master hostname"
+  description = "Aurora Postgres DB Master hostname"
 }
 
 output "aurora_postgres_replicas_hostname" {
   value       = "${module.aurora_postgres.replicas_host}"
-  description = "Replicas hostname"
+  description = "Aurora Postgres Replicas hostname"
 }
 
 output "aurora_postgres_cluster_name" {
   value       = "${module.aurora_postgres.cluster_name}"
-  description = "Cluster Identifier"
+  description = "Aurora Postgres Cluster Identifier"
 }

aws/backing-services/elasticache-redis.tf

@@ -45,7 +45,7 @@ module "elasticache_redis" {
   namespace                    = "${var.namespace}"
   stage                        = "${var.stage}"
   name                         = "${var.redis_name}"
-  zone_id                      = "${var.zone_id}"
+  zone_id                      = "${local.zone_id}"
   security_groups              = ["${module.kops_metadata.nodes_security_group_id}"]
   vpc_id                       = "${module.vpc.vpc_id}"
   subnets                      = ["${module.subnets.private_subnet_ids}"]

aws/backing-services/elasticsearch.tf

@@ -67,7 +67,7 @@ module "elasticsearch" {
   namespace               = "${var.namespace}"
   stage                   = "${var.stage}"
   name                    = "${var.elasticsearch_name}"
-  dns_zone_id             = "${var.zone_id}"
+  dns_zone_id             = "${local.zone_id}"
   security_groups         = ["${module.kops_metadata.nodes_security_group_id}"]
   vpc_id                  = "${module.vpc.vpc_id}"
   subnet_ids              = ["${slice(module.subnets.private_subnet_ids, 0, min(2, length(module.subnets.private_subnet_ids)))}"]

aws/backing-services/kops-metadata.tf

@@ -1,4 +1,4 @@
-variables "kops_metadata_enabled" {
+variable "kops_metadata_enabled" {
   description = "Set to false to prevent the module from creating any resources"
   type        = "string"
   default     = "false"