Update vpc and eks/cluster components (#677)

aknysh · web-flow · commit 6ded875dbe7d · 2023-05-18T15:43:48.000-04:00
diff --git a/modules/eks/cluster/README.md b/modules/eks/cluster/README.md
@@ -1,6 +1,6 @@
 # Component: `eks/cluster`
 
-This component is responsible for provisioning an end-to-end EKS Cluster, including managed node groups.
+This component is responsible for provisioning an end-to-end EKS Cluster, including managed node groups and Fargate profiles.
 
 
 :::warning
@@ -195,16 +195,16 @@ For example:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks"></a> [eks](#module\_eks) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
-| <a name="module_eks_cluster"></a> [eks\_cluster](#module\_eks\_cluster) | cloudposse/eks-cluster/aws | 2.6.0 |
-| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | cloudposse/eks-fargate-profile/aws | 1.1.0 |
+| <a name="module_eks"></a> [eks](#module\_eks) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.2 |
+| <a name="module_eks_cluster"></a> [eks\_cluster](#module\_eks\_cluster) | cloudposse/eks-cluster/aws | 2.7.0 |
+| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | cloudposse/eks-fargate-profile/aws | 1.2.0 |
 | <a name="module_iam_arns"></a> [iam\_arns](#module\_iam\_arns) | ../../account-map/modules/roles-to-principals | n/a |
 | <a name="module_iam_roles"></a> [iam\_roles](#module\_iam\_roles) | ../../account-map/modules/iam-roles | n/a |
 | <a name="module_karpenter_label"></a> [karpenter\_label](#module\_karpenter\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_region_node_group"></a> [region\_node\_group](#module\_region\_node\_group) | ./modules/node_group_by_region | n/a |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
-| <a name="module_vpc_ingress"></a> [vpc\_ingress](#module\_vpc\_ingress) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.2 |
+| <a name="module_vpc_ingress"></a> [vpc\_ingress](#module\_vpc\_ingress) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.2 |
 
 ## Resources
 
diff --git a/modules/eks/cluster/aws_sso.tf b/modules/eks/cluster/aws_sso.tf
@@ -1,7 +1,6 @@
 # This is split off into a separate file in the hopes we can drop it altogether in the future,
 # or else move it into `roles-to-principals`.
 
-
 locals {
 
   # EKS does not accept the actual role ARN of the permission set,
@@ -20,7 +19,6 @@ locals {
     username = format("%s-%s", local.this_account_name, role.aws_sso_permission_set)
     groups   = role.groups
   }]
-
 }
 
 data "aws_iam_roles" "sso_roles" {
diff --git a/modules/eks/cluster/fargate-profiles.tf b/modules/eks/cluster/fargate-profiles.tf
@@ -4,7 +4,7 @@ locals {
 
 module "fargate_profile" {
   source  = "cloudposse/eks-fargate-profile/aws"
-  version = "1.1.0"
+  version = "1.2.0"
 
   for_each = local.fargate_profiles
 
diff --git a/modules/eks/cluster/main.tf b/modules/eks/cluster/main.tf
@@ -3,10 +3,7 @@ locals {
   eks_outputs = module.eks.outputs
   vpc_outputs = module.vpc.outputs
 
-  attributes         = flatten(concat(module.this.attributes, [var.color]))
-  public_subnet_ids  = local.vpc_outputs.public_subnet_ids
-  private_subnet_ids = local.vpc_outputs.private_subnet_ids
-  vpc_id             = local.vpc_outputs.vpc_id
+  attributes = flatten(concat(module.this.attributes, [var.color]))
 
   this_account_name     = module.iam_roles.current_account_account_name
   identity_account_name = module.iam_roles.identity_account_account_name
@@ -78,11 +75,21 @@ locals {
       module.vpc_ingress[k].outputs.vpc_cidr
     ]
   )
+
+  vpc_id = local.vpc_outputs.vpc_id
+
+  # Get only the public subnets that correspond to the AZs provided in `var.availability_zones`
+  # `az_public_subnets_map` is a map of AZ names to list of public subnet IDs in the AZs
+  public_subnet_ids = flatten([for k, v in local.vpc_outputs.az_public_subnets_map : v if contains(var.availability_zones, k)])
+
+  # Get only the private subnets that correspond to the AZs provided in `var.availability_zones`
+  # `az_private_subnets_map` is a map of AZ names to list of private subnet IDs in the AZs
+  private_subnet_ids = flatten([for k, v in local.vpc_outputs.az_private_subnets_map : v if contains(var.availability_zones, k)])
 }
 
 module "eks_cluster" {
   source  = "cloudposse/eks-cluster/aws"
-  version = "2.6.0"
+  version = "2.7.0"
 
   region     = var.region
   attributes = local.attributes
diff --git a/modules/eks/cluster/modules/node_group_by_az/main.tf b/modules/eks/cluster/modules/node_group_by_az/main.tf
@@ -18,7 +18,7 @@ data "aws_subnets" "private" {
 
 module "az_abbreviation" {
   source  = "cloudposse/utils/aws"
-  version = "1.1.0"
+  version = "1.3.0"
 }
 
 locals {
@@ -32,7 +32,7 @@ locals {
 
 module "eks_node_group" {
   source  = "cloudposse/eks-node-group/aws"
-  version = "2.6.0"
+  version = "2.10.0"
 
   enabled = local.enabled
 
diff --git a/modules/eks/cluster/modules/node_group_by_region/main.tf b/modules/eks/cluster/modules/node_group_by_region/main.tf
@@ -3,7 +3,6 @@ locals {
   az_list = tolist(local.az_set)
 }
 
-
 module "node_group" {
   for_each = module.this.enabled ? local.az_set : []
 
diff --git a/modules/eks/cluster/remote-state.tf b/modules/eks/cluster/remote-state.tf
@@ -12,7 +12,7 @@ module "iam_arns" {
 
 module "vpc" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.4.1"
+  version = "1.4.2"
 
   component = "vpc"
 
@@ -21,7 +21,7 @@ module "vpc" {
 
 module "vpc_ingress" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.4.1"
+  version = "1.4.2"
 
   for_each = local.accounts_with_vpc
 
@@ -33,13 +33,12 @@ module "vpc_ingress" {
   context = module.this.context
 }
 
-
 # Yes, this is self-referential.
 # It obtains the previous state of the cluster so that we can add
 # to it rather than overwrite it (specifically the aws-auth configMap)
 module "eks" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.4.1"
+  version = "1.4.2"
 
   component = var.eks_component_name
 
diff --git a/modules/vpc/README.md b/modules/vpc/README.md
@@ -70,14 +70,14 @@ components:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_endpoint_security_groups"></a> [endpoint\_security\_groups](#module\_endpoint\_security\_groups) | cloudposse/security-group/aws | 2.0.0-rc1 |
+| <a name="module_endpoint_security_groups"></a> [endpoint\_security\_groups](#module\_endpoint\_security\_groups) | cloudposse/security-group/aws | 2.1.0 |
 | <a name="module_iam_roles"></a> [iam\_roles](#module\_iam\_roles) | ../account-map/modules/iam-roles | n/a |
-| <a name="module_subnets"></a> [subnets](#module\_subnets) | cloudposse/dynamic-subnets/aws | 2.0.4 |
+| <a name="module_subnets"></a> [subnets](#module\_subnets) | cloudposse/dynamic-subnets/aws | 2.3.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
-| <a name="module_utils"></a> [utils](#module\_utils) | cloudposse/utils/aws | 1.1.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | cloudposse/vpc/aws | 2.0.0 |
-| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | cloudposse/vpc/aws//modules/vpc-endpoints | 2.0.0 |
-| <a name="module_vpc_flow_logs_bucket"></a> [vpc\_flow\_logs\_bucket](#module\_vpc\_flow\_logs\_bucket) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
+| <a name="module_utils"></a> [utils](#module\_utils) | cloudposse/utils/aws | 1.3.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | cloudposse/vpc/aws | 2.1.0 |
+| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | cloudposse/vpc/aws//modules/vpc-endpoints | 2.1.0 |
+| <a name="module_vpc_flow_logs_bucket"></a> [vpc\_flow\_logs\_bucket](#module\_vpc\_flow\_logs\_bucket) | cloudposse/stack-config/yaml//modules/remote-state | 1.4.2 |
 
 ## Resources
 
@@ -143,6 +143,8 @@ components:
 | Name | Description |
 |------|-------------|
 | <a name="output_availability_zones"></a> [availability\_zones](#output\_availability\_zones) | List of Availability Zones where subnets were created |
+| <a name="output_az_private_subnets_map"></a> [az\_private\_subnets\_map](#output\_az\_private\_subnets\_map) | Map of AZ names to list of private subnet IDs in the AZs |
+| <a name="output_az_public_subnets_map"></a> [az\_public\_subnets\_map](#output\_az\_public\_subnets\_map) | Map of AZ names to list of public subnet IDs in the AZs |
 | <a name="output_interface_vpc_endpoints"></a> [interface\_vpc\_endpoints](#output\_interface\_vpc\_endpoints) | List of Interface VPC Endpoints in this VPC. |
 | <a name="output_max_subnet_count"></a> [max\_subnet\_count](#output\_max\_subnet\_count) | Maximum allowed number of subnets before all subnet CIDRs need to be recomputed |
 | <a name="output_nat_eip_protections"></a> [nat\_eip\_protections](#output\_nat\_eip\_protections) | List of AWS Shield Advanced Protections for NAT Elastic IPs. |
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -67,12 +67,12 @@ locals {
 
 module "utils" {
   source  = "cloudposse/utils/aws"
-  version = "1.1.0"
+  version = "1.3.0"
 }
 
 module "vpc" {
   source  = "cloudposse/vpc/aws"
-  version = "2.0.0"
+  version = "2.1.0"
 
   ipv4_primary_cidr_block          = var.ipv4_primary_cidr_block
   internet_gateway_enabled         = var.public_subnets_enabled
@@ -99,7 +99,7 @@ module "endpoint_security_groups" {
   for_each = local.enabled && try(length(var.interface_vpc_endpoints), 0) > 0 ? toset([local.interface_endpoint_security_group_key]) : []
 
   source  = "cloudposse/security-group/aws"
-  version = "2.0.0-rc1"
+  version = "2.1.0"
 
   create_before_destroy      = true
   preserve_security_group_id = false
@@ -124,10 +124,9 @@ module "endpoint_security_groups" {
   context = module.this.context
 }
 
-
 module "vpc_endpoints" {
   source  = "cloudposse/vpc/aws//modules/vpc-endpoints"
-  version = "2.0.0"
+  version = "2.1.0"
 
   enabled = (length(var.interface_vpc_endpoints) + length(var.gateway_vpc_endpoints)) > 0
 
@@ -140,7 +139,7 @@ module "vpc_endpoints" {
 
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "2.0.4"
+  version = "2.3.0"
 
   availability_zones              = local.availability_zones
   availability_zone_ids           = local.availability_zone_ids
diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf
@@ -118,3 +118,13 @@ output "availability_zones" {
   description = "List of Availability Zones where subnets were created"
   value       = module.subnets.availability_zones
 }
+
+output "az_private_subnets_map" {
+  description = "Map of AZ names to list of private subnet IDs in the AZs"
+  value       = module.subnets.az_private_subnets_map
+}
+
+output "az_public_subnets_map" {
+  description = "Map of AZ names to list of public subnet IDs in the AZs"
+  value       = module.subnets.az_public_subnets_map
+}
diff --git a/modules/vpc/remote-state.tf b/modules/vpc/remote-state.tf
@@ -2,7 +2,7 @@ module "vpc_flow_logs_bucket" {
   count = var.vpc_flow_logs_enabled ? 1 : 0
 
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
-  version = "1.4.1"
+  version = "1.4.2"
 
   component   = "vpc-flow-logs-bucket"
   environment = var.vpc_flow_logs_bucket_environment_name

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,6 @@ locals {`
`3`	`3`	`az_list = tolist(local.az_set)`
`4`	`4`	`}`
`5`	`5`
`6`		`-`
`7`	`6`	`module "node_group" {`
`8`	`7`	`for_each = module.this.enabled ? local.az_set : []`
`9`	`8`