Merge pull request #3 from comet-ml/existing-vpc

Enable provisioning Comet resources into existing VPC

Author: burmek

comet-infrastructure/.terraform.lock.hcl

@@ -1,60 +1,34 @@
-data "aws_availability_zones" "available" {}
-
 data "aws_eks_cluster_auth" "this" {
   count = var.enable_eks ? 1 : 0
   name  = module.comet_eks[0].cluster_name
 }
 
 locals {
   resource_name = "comet-${var.environment}"
-  vpc_cidr      = "10.0.0.0/16"
-  azs           = slice(data.aws_availability_zones.available.names, 0, 3)
 
   #set environment here, and use local.environment for the environment variables in all of the module calls
-
   tags = {
     Terraform   = "true"
     Environment = var.environment
   }
 }
 
-module "vpc" {
-  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0.0"
-
-  name = local.resource_name
-  cidr = local.vpc_cidr
-
-  azs             = local.azs
-  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
-  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)]
-
-  enable_nat_gateway   = true
-  single_nat_gateway   = true
-  enable_dns_hostnames = true
-
-  # Manage so we can name
-  manage_default_network_acl    = true
-  default_network_acl_tags      = { Name = "${local.resource_name}-default" }
-  manage_default_route_table    = true
-  default_route_table_tags      = { Name = "${local.resource_name}-default" }
-  manage_default_security_group = true
-  default_security_group_tags   = { Name = "${local.resource_name}-default" }
-
-  # if EKS deployment, set subnet tags for AWS Load Balancer Controller auto-discovery
-  public_subnet_tags  = var.enable_eks ? {"kubernetes.io/role/elb" = 1} : null
-  private_subnet_tags = var.enable_eks ? {"kubernetes.io/role/internal-elb" = 1} : null
-
-  tags = local.tags
+module "comet_vpc" {
+  source      = "./modules/comet_vpc"
+  count       = var.enable_vpc ? 1 : 0
+  environment = var.environment
+  
+  eks_enabled        = var.enable_eks
+  single_nat_gateway = var.single_nat_gateway
 }
 
 module "comet_ec2" {
   source      = "./modules/comet_ec2"
   count       = var.enable_ec2 ? 1 : 0
   environment = var.environment
 
-  vpc_id                   = module.vpc.vpc_id
-  comet_ec2_subnet         = module.vpc.public_subnets[count.index % length(module.vpc.public_subnets)]
+  vpc_id                   = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  comet_ec2_subnet         = var.enable_vpc ? module.comet_vpc[0].public_subnets[0] : var.comet_public_subnets[0]
   comet_ec2_ami_type       = var.comet_ec2_ami_type
   comet_ec2_instance_type  = var.comet_ec2_instance_type
   comet_ec2_instance_count = var.comet_ec2_instance_count
@@ -74,8 +48,8 @@ module "comet_ec2_alb" {
   count       = var.enable_ec2_alb ? 1 : 0
   environment = var.environment
 
-  vpc_id              = module.vpc.vpc_id
-  public_subnets      = module.vpc.public_subnets
+  vpc_id              = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  public_subnets      = var.enable_vpc ? module.comet_vpc[0].public_subnets : var.comet_public_subnets
   ssl_certificate_arn = var.enable_ec2_alb ? var.ssl_certificate_arn : null
 }
 
@@ -84,8 +58,8 @@ module "comet_eks" {
   count       = var.enable_eks ? 1 : 0
   environment = var.environment
 
-  vpc_id                           = module.vpc.vpc_id
-  eks_private_subnets              = module.vpc.private_subnets
+  vpc_id                           = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  eks_private_subnets              = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
   eks_cluster_name                 = var.eks_cluster_name
   eks_cluster_version              = var.eks_cluster_version
   eks_mng_name                     = var.eks_mng_name
@@ -107,13 +81,11 @@ module "comet_elasticache" {
   count       = var.enable_elasticache ? 1 : 0
   environment = var.environment
 
-  ec2_enabled = var.enable_ec2
-  eks_enabled = var.enable_eks
-
-  vpc_id                       = module.vpc.vpc_id
-  elasticache_private_subnets  = module.vpc.private_subnets
-  elasticache_allow_ec2_sg     = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : null
-  elasticache_allow_eks_sg     = var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : null
+  vpc_id                       = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  elasticache_private_subnets  = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
+  elasticache_allow_from_sg    = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
+                                 var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
+                                 var.elasticache_allow_from_sg))
   elasticache_engine           = var.elasticache_engine
   elasticache_engine_version   = var.elasticache_engine_version
   elasticache_instance_type    = var.elasticache_instance_type
@@ -126,14 +98,12 @@ module "comet_rds" {
   count       = var.enable_rds ? 1 : 0
   environment = var.environment
 
-  ec2_enabled = var.enable_ec2
-  eks_enabled = var.enable_eks
-
-  availability_zones          = local.azs
-  vpc_id                      = module.vpc.vpc_id
-  rds_private_subnets         = module.vpc.private_subnets
-  rds_allow_ec2_sg            = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : null
-  rds_allow_eks_sg            = var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : null
+  availability_zones          = var.enable_vpc ? module.comet_vpc[0].azs : var.availability_zones
+  vpc_id                      = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  rds_private_subnets         = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
+  rds_allow_from_sg           = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
+                                var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
+                                var.rds_allow_from_sg))
   rds_engine                  = var.rds_engine
   rds_engine_version          = var.rds_engine_version
   rds_instance_type           = var.rds_instance_type

comet-infrastructure/main.tf

@@ -30,22 +30,11 @@ resource "aws_security_group" "redis_inbound_sg" {
   vpc_id = var.vpc_id
 }
 
-resource "aws_vpc_security_group_ingress_rule" "redis_port_inbound_ec2" {
-  count = var.ec2_enabled ? 1 : 0
+resource "aws_vpc_security_group_ingress_rule" "redis_port_inbound_rule" {
   security_group_id = aws_security_group.redis_inbound_sg.id
 
   from_port   = local.redis_port
   to_port     = local.redis_port
   ip_protocol    = "tcp"
-  referenced_security_group_id = var.elasticache_allow_ec2_sg
-}
-
-resource "aws_vpc_security_group_ingress_rule" "redis_port_inbound_eks" {
-  count = var.eks_enabled ? 1 : 0
-  security_group_id = aws_security_group.redis_inbound_sg.id
-
-  from_port   = local.redis_port
-  to_port     = local.redis_port
-  ip_protocol    = "tcp"
-  referenced_security_group_id = var.elasticache_allow_eks_sg
+  referenced_security_group_id = var.elasticache_allow_from_sg
 }

comet-infrastructure/modules/comet_elasticache/main.tf

@@ -14,13 +14,8 @@ variable "elasticache_private_subnets" {
   type        = list(string)
 }
 
-variable "elasticache_allow_ec2_sg" {
-  description = "Security group associated with EC2 compute, if provisioned"
-  type        = string
-}
-
-variable "elasticache_allow_eks_sg" {
-  description = "Security group associated with EKS compute, if provisioned"
+variable "elasticache_allow_from_sg" {
+  description = "Security group from which connections to ElastiCache will be allowed"
   type        = string
 }
 
@@ -47,16 +42,4 @@ variable "elasticache_param_group_name" {
 variable "elasticache_num_cache_nodes" {
   description = "Number of nodes in the Elasticache cluster"
   type        = number
-}
-
-variable "ec2_enabled" {
-  description = "Indicates if EC2 compute has been provisioned for Comet"
-  type        = bool
-  default     = null
-}
-
-variable "eks_enabled" {
-  description = "Indicates if EKS compute has been provisioned for Comet"
-  type        = bool
-  default     = null
 }

comet-infrastructure/modules/comet_elasticache/variables.tf

@@ -107,19 +107,9 @@ resource "aws_security_group" "mysql_sg" {
 }
 
 resource "aws_vpc_security_group_ingress_rule" "mysql_port_inbound_ec2" {
-  count                        = var.ec2_enabled ? 1 : 0
   security_group_id            = aws_security_group.mysql_sg.id
   from_port                    = local.mysql_port
   to_port                      = local.mysql_port
   ip_protocol                  = "tcp"
-  referenced_security_group_id = var.rds_allow_ec2_sg
-}
-
-resource "aws_vpc_security_group_ingress_rule" "mysql_port_inbound_eks" {
-  count                        = var.eks_enabled ? 1 : 0
-  security_group_id            = aws_security_group.mysql_sg.id
-  from_port                    = local.mysql_port
-  to_port                      = local.mysql_port
-  ip_protocol                  = "tcp"
-  referenced_security_group_id = var.rds_allow_eks_sg
+  referenced_security_group_id = var.rds_allow_from_sg
 }

comet-infrastructure/modules/comet_rds/main.tf

@@ -1,7 +1,6 @@
 variable "environment" {
   description = "Deployment environment, i.e. dev/stage/prod, etc"
   type        = string
-  default     = "dev"
 }
 
 variable "availability_zones" {
@@ -19,13 +18,8 @@ variable "rds_private_subnets" {
   type        = list(string)
 }
 
-variable "rds_allow_ec2_sg" {
-  description = "Security group associated with EC2 compute, if provisioned"
-  type        = string
-}
-
-variable "rds_allow_eks_sg" {
-  description = "Security group associated with EKS compute, if provisioned"
+variable "rds_allow_from_sg" {
+  description = "Security group from which to allow connections to RDS"
   type        = string
 }
 
@@ -78,15 +72,3 @@ variable "rds_root_password" {
   description = "Root password for RDS database"
   type        = string
 }
-
-variable "ec2_enabled" {
-  description = "Indicates if EC2 compute has been provisioned for Comet"
-  type        = bool
-  default     = null
-}
-
-variable "eks_enabled" {
-  description = "Indicates if EKS compute has been provisioned for Comet"
-  type        = bool
-  default     = null
-}

comet-infrastructure/modules/comet_rds/variables.tf

@@ -0,0 +1,42 @@
+data "aws_availability_zones" "available" {}
+
+locals {
+  resource_name = "comet-${var.environment}"
+  vpc_cidr      = "10.0.0.0/16"
+  azs           = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    Terraform   = "true"
+    Environment = var.environment
+  }
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0.0"
+
+  name = "${local.resource_name}-vpc"
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 10)]
+
+  enable_nat_gateway   = true
+  enable_dns_hostnames = true
+  single_nat_gateway   = var.single_nat_gateway
+
+  # Manage so we can name
+  manage_default_network_acl    = true
+  default_network_acl_tags      = { Name = "${local.resource_name}-default" }
+  manage_default_route_table    = true
+  default_route_table_tags      = { Name = "${local.resource_name}-default" }
+  manage_default_security_group = true
+  default_security_group_tags   = { Name = "${local.resource_name}-default" }
+
+  # if EKS deployment, set subnet tags for AWS Load Balancer Controller auto-discovery
+  public_subnet_tags  = var.eks_enabled ? {"kubernetes.io/role/elb" = 1} : null
+  private_subnet_tags = var.eks_enabled ? {"kubernetes.io/role/internal-elb" = 1} : null
+
+  tags = local.tags
+}