Add documentation and formatting to tfvars and cleanup s3 bucket name usage

Author: burmek

comet-infrastructure/main.tf

@@ -5,8 +5,6 @@ data "aws_eks_cluster_auth" "this" {
 
 locals {
   resource_name = "comet-${var.environment}"
-
-  #set environment here, and use local.environment for the environment variables in all of the module calls
   tags = {
     Terraform   = "true"
     Environment = var.environment
@@ -40,7 +38,6 @@ module "comet_ec2" {
   comet_ec2_alb_sg = var.enable_ec2_alb ? module.comet_ec2_alb[0].comet_alb_sg : null
 
   s3_enabled              = var.enable_s3
-  comet_ml_s3_bucket      = var.s3_bucket_name
   comet_ec2_s3_iam_policy = var.enable_s3 ? module.comet_s3[0].comet_s3_iam_policy_arn : null
 }
 

comet-infrastructure/modules/comet_ec2/main.tf

@@ -173,7 +173,7 @@ resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_ssh" {
   from_port   = local.ssh_port
   to_port     = local.ssh_port
   ip_protocol = "tcp"
-  cidr_ipv4 = local.cidr_anywhere
+  cidr_ipv4   = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_http" {
@@ -182,7 +182,7 @@ resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_http" {
   from_port   = local.http_port
   to_port     = local.http_port
   ip_protocol = "tcp"
-  cidr_ipv4 = local.cidr_anywhere
+  cidr_ipv4   = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_https" {
@@ -191,13 +191,13 @@ resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_https" {
   from_port   = local.https_port
   to_port     = local.https_port
   ip_protocol = "tcp"
-  cidr_ipv4 = local.cidr_anywhere
+  cidr_ipv4   = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_alb_http" {
   count             = var.alb_enabled ? 1 : 0
   security_group_id = aws_security_group.comet_ec2_sg.id
-  
+
   from_port                    = local.http_port
   to_port                      = local.http_port
   ip_protocol                  = "tcp"

comet-infrastructure/modules/comet_ec2/variables.tf

@@ -56,12 +56,6 @@ variable "comet_ec2_key" {
   type        = string
 }
 
-variable "comet_ml_s3_bucket" {
-  description = "Name of the S3 bucket provisioned for Comet"
-  type        = string
-  default     = null
-}
-
 variable "comet_ec2_s3_iam_policy" {
   description = "Policy granting access to Comet S3 bucket"
   type        = string

comet-infrastructure/modules/comet_s3/variables.tf

@@ -1,7 +1,6 @@
 variable "environment" {
   description = "Deployment environment, i.e. dev/stage/prod, etc"
   type        = string
-  default     = "dev"
 }
 
 variable "comet_s3_bucket" {

comet-infrastructure/terraform.tfvars

@@ -1,28 +1,70 @@
-enable_vpc         = false
-enable_ec2         = false
-enable_ec2_alb     = false
-enable_eks         = false
+########################
+#### Module toggles ####
+########################
+# Create a VPC to launch other resources in
+enable_vpc = false
+
+# Create an EC2 instance for running Comet
+enable_ec2 = false
+
+# Create an ALB for the Comet EC2 instance
+enable_ec2_alb = false
+
+# Create an EKS cluster for running Comet
+enable_eks = false
+
+# Create ElastiCache resources for running Comet Redis
 enable_elasticache = false
-enable_rds         = false
-enable_s3          = false
 
-region      = "us-east-1"
+# Create RDS resources for running Comet MySQL
+enable_rds = false
+
+# Create S3 resources for storing Comet objects
+enable_s3 = false
+
+################
+#### Global ####
+################
+# Region to launch resources in
+region = "us-east-1"
+
+# Name for Comet environment, for use in resource naming
 environment = "prod"
 
-# if not using comet_vpc to provision a VPC for the Comet resources, set the variables below to specify the existing VPC
+# If not setting enable_vpc to provision a VPC for the Comet resources, set the variables below to specify the existing VPC in which resources will be launched
 comet_vpc_id          = "vpc-012345abcdefghijkl"
 availability_zones    = ["us-east-1a", "us-east-1b", "us-east-1c"]
 comet_public_subnets  = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"]
 comet_private_subnets = ["subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl", "subnet-012345abcdefghijkl"]
 
-# if provisioning comet_ec2_alb, specify the following for the HTTPS listener
-#ssl_certificate_arn = ""
+#######################
+#### Module inputs ####
+#######################
+## Required module inputs listed below. Any desired overrides from the defaults in variables.tf can also be added here
+
+#### comet_ec2 ####
+#
+
+#### comet_ec2_alb ####
+# If setting enable_ec2_alb, specify the ARN of an SSL certificate for the HTTPS listener
+ssl_certificate_arn = null
 
-# if provisioning comet_elasticache for use with existing compute, set the variable below to specify an SG that connections will be allowed from
+#### comet_eks ####
+#
+
+#### comet_elasticache ####
+# If setting enable_elasticache with existing compute, set the variable below to specify an SG that connections will be allowed from
 elasticache_allow_from_sg = "sg-012345abcdefghijkl"
 
-# if provisioning comet_rds for use with existing compute, set the variable below to specify an SG that connections will be allowed from
+#### comet_rds ####
+# If setting enable_rds, specify the root password for RDS below, or leave null and enter at the prompt during apply
+rds_root_password = null
+# If setting enable_rds with existing compute, set the variable below to specify an SG that connections will be allowed from
 rds_allow_from_sg = "sg-012345abcdefghijkl"
 
-s3_bucket_name      = "comet-use2-bucket"
-rds_root_password   = "CHANGE-ME"
+#### comet_s3 ####
+# If setting enable_s3, specify the bucket name below
+s3_bucket_name = null
+
+#### comet_vpc ####
+#

comet-infrastructure/variables.tf

@@ -1,40 +1,6 @@
-#global
-variable "environment" {
-  description = "Deployment environment, i.e. dev/stage/prod, etc"
-  type        = string
-  default     = "dev"
-}
-
-variable "region" {
-  description = "AWS region to provision resources in"
-  type        = string
-}
-
-variable "availability_zones" {
-  description = "List of availability zones from region"
-  type        = list(string)
-  default     = null
-}
-
-variable "comet_vpc_id" {
-  description = "ID of an existing VPC to provision resources in"
-  type        = string
-  default     = null
-}
-
-variable "comet_private_subnets" {
-  description = "List of private subnets IDs from existing VPC to provision resources in"
-  type        = list(string)
-  default     = null
-}
-
-variable "comet_public_subnets" {
-  description = "List of public subnets IDs from existing VPC to provision resources in"
-  type        = list(string)
-  default     = null
-}
-
-#child module toggles
+########################
+#### Module toggles ####
+########################
 variable "enable_vpc" {
   description = "Toggles the comet_vpc module, to provision a new VPC for hosting the Comet resources"
   type        = bool
@@ -70,14 +36,49 @@ variable "enable_s3" {
   type        = bool
 }
 
-#comet_vpc
-variable "single_nat_gateway" {
-  description = "Controls whether single NAT gateway used for all public subnets"
-  type        = bool
-  default     = true
+################
+#### Global ####
+################
+variable "environment" {
+  description = "Deployment environment, i.e. dev/stage/prod, etc"
+  type        = string
+  default     = "dev"
+}
+
+variable "region" {
+  description = "AWS region to provision resources in"
+  type        = string
+}
+
+variable "availability_zones" {
+  description = "List of availability zones from region"
+  type        = list(string)
+  default     = null
+}
+
+variable "comet_vpc_id" {
+  description = "ID of an existing VPC to provision resources in"
+  type        = string
+  default     = null
 }
 
-#comet_ec2
+variable "comet_private_subnets" {
+  description = "List of private subnets IDs from existing VPC to provision resources in"
+  type        = list(string)
+  default     = null
+}
+
+variable "comet_public_subnets" {
+  description = "List of public subnets IDs from existing VPC to provision resources in"
+  type        = list(string)
+  default     = null
+}
+
+#######################
+#### Module inputs ####
+#######################
+
+#### comet_ec2 ####
 variable "comet_ec2_ami_type" {
   type        = string
   description = "Operating system type for the EC2 instance AMI"
@@ -118,14 +119,14 @@ variable "comet_ec2_key" {
   default     = null
 }
 
-#comet_ec2_alb
+#### comet_ec2_alb ####
 variable "ssl_certificate_arn" {
   description = "ARN of the ACM certificate to use for the ALB"
   type        = string
   default     = null
 }
 
-#comet_eks
+#### comet_eks ####
 variable "eks_cluster_name" {
   description = "Name for EKS cluster"
   type        = string
@@ -192,7 +193,7 @@ variable "eks_external_dns" {
   default     = true
 }
 
-#comet_elasticache
+#### comet_elasticache ####
 variable "elasticache_allow_from_sg" {
   description = "Security group from which to allow connections to ElastiCache, to use when provisioning with existing compute"
   type        = string
@@ -229,7 +230,7 @@ variable "elasticache_num_cache_nodes" {
   default     = 1
 }
 
-#comet_rds
+#### comet_rds ####
 variable "rds_allow_from_sg" {
   description = "Security group from which to allow connections to RDS, to use when provisioning with existing compute"
   type        = string
@@ -295,9 +296,15 @@ variable "rds_root_password" {
   type        = string
 }
 
-#comet_s3
+#### comet_s3 ####
 variable "s3_bucket_name" {
   description = "Name for S3 bucket"
   type        = string
-  default     = ""
+}
+
+#### comet_vpc ####
+variable "single_nat_gateway" {
+  description = "Controls whether single NAT gateway used for all public subnets"
+  type        = bool
+  default     = true
 }