Update RDS parameter group assignment and variables and fix formatting across all modules

Author: burmek

comet-infrastructure/.terraform.lock.hcl

@@ -17,7 +17,7 @@ module "comet_vpc" {
   source      = "./modules/comet_vpc"
   count       = var.enable_vpc ? 1 : 0
   environment = var.environment
-  
+
   eks_enabled        = var.enable_eks
   single_nat_gateway = var.single_nat_gateway
 }
@@ -26,7 +26,7 @@ module "comet_ec2" {
   source      = "./modules/comet_ec2"
   count       = var.enable_ec2 ? 1 : 0
   environment = var.environment
-  
+
   vpc_id                   = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
   comet_ec2_subnet         = var.enable_vpc ? module.comet_vpc[0].public_subnets[0] : var.comet_public_subnets[0]
   comet_ec2_ami_type       = var.comet_ec2_ami_type
@@ -81,11 +81,11 @@ module "comet_elasticache" {
   count       = var.enable_elasticache ? 1 : 0
   environment = var.environment
 
-  vpc_id                       = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
-  elasticache_private_subnets  = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
-  elasticache_allow_from_sg    = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
-                                 var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
-                                 var.elasticache_allow_from_sg))
+  vpc_id                      = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  elasticache_private_subnets = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
+  elasticache_allow_from_sg = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
+    var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
+  var.elasticache_allow_from_sg))
   elasticache_engine           = var.elasticache_engine
   elasticache_engine_version   = var.elasticache_engine_version
   elasticache_instance_type    = var.elasticache_instance_type
@@ -98,12 +98,12 @@ module "comet_rds" {
   count       = var.enable_rds ? 1 : 0
   environment = var.environment
 
-  availability_zones          = var.enable_vpc ? module.comet_vpc[0].azs : var.availability_zones
-  vpc_id                      = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
-  rds_private_subnets         = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
-  rds_allow_from_sg           = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
-                                var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
-                                var.rds_allow_from_sg))
+  availability_zones  = var.enable_vpc ? module.comet_vpc[0].azs : var.availability_zones
+  vpc_id              = var.enable_vpc ? module.comet_vpc[0].vpc_id : var.comet_vpc_id
+  rds_private_subnets = var.enable_vpc ? module.comet_vpc[0].private_subnets : var.comet_private_subnets
+  rds_allow_from_sg = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_sg_id : (
+    var.enable_eks ? module.comet_eks[0].nodegroup_sg_id : (
+  var.rds_allow_from_sg))
   rds_engine                  = var.rds_engine
   rds_engine_version          = var.rds_engine_version
   rds_instance_type           = var.rds_instance_type
@@ -121,5 +121,5 @@ module "comet_s3" {
   count       = var.enable_s3 ? 1 : 0
   environment = var.environment
 
-  comet_s3_bucket  = var.s3_bucket_name
+  comet_s3_bucket = var.s3_bucket_name
 }

comet-infrastructure/main.tf

@@ -124,28 +124,28 @@ data "aws_ami" "ubuntu22" {
 }
 
 resource "aws_instance" "comet_ec2" {
-  ami                    = var.comet_ec2_ami_type == "al2" ? data.aws_ami.al2.id : (
-                           var.comet_ec2_ami_type == "rhel7" ? data.aws_ami.rhel7.id : (
-                           var.comet_ec2_ami_type == "rhel8" ? data.aws_ami.rhel8.id : (
-                           var.comet_ec2_ami_type == "rhel9" ? data.aws_ami.rhel9.id : (
-                           var.comet_ec2_ami_type == "ubuntu18" ? data.aws_ami.ubuntu18.id : (
-                           var.comet_ec2_ami_type == "ubuntu20" ? data.aws_ami.ubuntu20.id : (
-                           var.comet_ec2_ami_type == "ubuntu22" ? data.aws_ami.ubuntu22.id : (
-                           null)))))))
+  ami = var.comet_ec2_ami_type == "al2" ? data.aws_ami.al2.id : (
+    var.comet_ec2_ami_type == "rhel7" ? data.aws_ami.rhel7.id : (
+      var.comet_ec2_ami_type == "rhel8" ? data.aws_ami.rhel8.id : (
+        var.comet_ec2_ami_type == "rhel9" ? data.aws_ami.rhel9.id : (
+          var.comet_ec2_ami_type == "ubuntu18" ? data.aws_ami.ubuntu18.id : (
+            var.comet_ec2_ami_type == "ubuntu20" ? data.aws_ami.ubuntu20.id : (
+              var.comet_ec2_ami_type == "ubuntu22" ? data.aws_ami.ubuntu22.id : (
+  null)))))))
   instance_type          = var.comet_ec2_instance_type
   key_name               = var.comet_ec2_key
   count                  = var.comet_ec2_instance_count
   iam_instance_profile   = aws_iam_instance_profile.comet-ec2-instance-profile.name
   subnet_id              = var.comet_ec2_subnet
   vpc_security_group_ids = [aws_security_group.comet_ec2_sg.id]
-  
+
   #associate_public_ip_address = true
 
   root_block_device {
     volume_type = var.comet_ec2_volume_type
     volume_size = var.comet_ec2_volume_size
   }
-  
+
   tags = merge(local.tags, {
     Name = "${var.environment}-comet-ml-${count.index}"
   })
@@ -169,32 +169,32 @@ resource "aws_security_group" "comet_ec2_sg" {
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_ssh" {
   security_group_id = aws_security_group.comet_ec2_sg.id
-  
-  from_port      = local.ssh_port
-  to_port        = local.ssh_port
-  ip_protocol    = "tcp"
+
+  from_port   = local.ssh_port
+  to_port     = local.ssh_port
+  ip_protocol = "tcp"
   # make more restrictive
-  cidr_ipv4      = local.cidr_anywhere
+  cidr_ipv4 = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_http" {
   security_group_id = aws_security_group.comet_ec2_sg.id
-  
-  from_port      = local.http_port
-  to_port        = local.http_port
-  ip_protocol    = "tcp"
+
+  from_port   = local.http_port
+  to_port     = local.http_port
+  ip_protocol = "tcp"
   # make more restrictive
-  cidr_ipv4      = local.cidr_anywhere
+  cidr_ipv4 = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_https" {
   security_group_id = aws_security_group.comet_ec2_sg.id
-  
-  from_port      = local.https_port
-  to_port        = local.https_port
-  ip_protocol    = "tcp"
+
+  from_port   = local.https_port
+  to_port     = local.https_port
+  ip_protocol = "tcp"
   # make more restrictive
-  cidr_ipv4      = local.cidr_anywhere
+  cidr_ipv4 = local.cidr_anywhere
 }
 
 /*
@@ -215,25 +215,25 @@ resource "aws_vpc_security_group_egress_rule" "comet_ec2_egress_any" {
 }
 
 resource "aws_iam_role" "comet-ec2-s3-access-role" {
-  name               = "comet-ml-s3-role"
+  name = "comet-ml-s3-role"
   assume_role_policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
+    "Version" : "2012-10-17",
+    "Statement" : [
       {
-        "Action": "sts:AssumeRole",
-        "Principal": {
-          "Service": "ec2.amazonaws.com"
+        "Action" : "sts:AssumeRole",
+        "Principal" : {
+          "Service" : "ec2.amazonaws.com"
         },
-        "Effect": "Allow",
-        "Sid": ""
+        "Effect" : "Allow",
+        "Sid" : ""
       }
     ]
   })
 }
 
 resource "aws_iam_instance_profile" "comet-ec2-instance-profile" {
-  name  = "${var.environment}-comet-ec2-instance-profile"
-  role  = aws_iam_role.comet-ec2-s3-access-role.name
+  name = "${var.environment}-comet-ec2-instance-profile"
+  role = aws_iam_role.comet-ec2-s3-access-role.name
 }
 
 resource "aws_iam_role_policy_attachment" "comet-ml-s3-access-attachment" {

comet-infrastructure/modules/comet_ec2/main.tf

@@ -5,8 +5,8 @@ locals {
   cidr_anywhere = "0.0.0.0/0"
 
   tags = {
-    Terraform = "true"
-    Environment       = var.environment
+    Terraform   = "true"
+    Environment = var.environment
   }
 }
 
@@ -18,26 +18,26 @@ resource "aws_security_group" "comet_alb_sg" {
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_alb_http" {
   security_group_id = aws_security_group.comet_alb_sg.id
-  
+
   from_port   = local.http_port
   to_port     = local.http_port
-  ip_protocol    = "tcp"
-  cidr_ipv4 = local.cidr_anywhere
+  ip_protocol = "tcp"
+  cidr_ipv4   = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_alb_https" {
   security_group_id = aws_security_group.comet_alb_sg.id
-  
+
   from_port   = local.https_port
   to_port     = local.https_port
-  ip_protocol    = "tcp"
-  cidr_ipv4 = local.cidr_anywhere
+  ip_protocol = "tcp"
+  cidr_ipv4   = local.cidr_anywhere
 }
 
 resource "aws_vpc_security_group_egress_rule" "comet_ec2_alb_egress" {
   security_group_id = aws_security_group.comet_alb_sg.id
-  ip_protocol    = "-1"
-  cidr_ipv4 = local.cidr_anywhere
+  ip_protocol       = "-1"
+  cidr_ipv4         = local.cidr_anywhere
 }
 
 module "alb" {
@@ -48,9 +48,9 @@ module "alb" {
 
   load_balancer_type = "application"
 
-  vpc_id             = var.vpc_id
-  subnets            = var.public_subnets
-  security_groups    = [aws_security_group.comet_alb_sg.id]
+  vpc_id          = var.vpc_id
+  subnets         = var.public_subnets
+  security_groups = [aws_security_group.comet_alb_sg.id]
 
   target_groups = [
     {
@@ -63,10 +63,10 @@ module "alb" {
 
   https_listeners = [
     {
-      port                 = 443
-      protocol             = "HTTPS"
-      certificate_arn      = var.ssl_certificate_arn
-      target_group_index   = 0
+      port               = 443
+      protocol           = "HTTPS"
+      certificate_arn    = var.ssl_certificate_arn
+      target_group_index = 0
     }
   ]
 

comet-infrastructure/modules/comet_ec2_alb/main.tf

@@ -12,7 +12,7 @@ variable "vpc_id" {
 
 variable "public_subnets" {
   description = "Subnets specified for ALB"
-  type        = list
+  type        = list(any)
 }
 
 variable "ssl_certificate_arn" {

comet-infrastructure/modules/comet_ec2_alb/variables.tf

@@ -1,6 +1,6 @@
 locals {
   tags = {
-    Terraform   =  "true"
+    Terraform   = "true"
     Environment = var.environment
   }
 }
@@ -16,11 +16,11 @@ module "eks" {
   cluster_name                   = var.eks_cluster_name
   cluster_version                = var.eks_cluster_version
   cluster_endpoint_public_access = true
-  
+
   vpc_id     = var.vpc_id
   subnet_ids = var.eks_private_subnets
 
-  eks_managed_node_group_defaults = {ami_type = var.eks_mng_ami_type}
+  eks_managed_node_group_defaults = { ami_type = var.eks_mng_ami_type }
 
   eks_managed_node_groups = {
     one = {
@@ -30,7 +30,7 @@ module "eks" {
       max_size       = var.eks_mng_max_size
       desired_size   = var.eks_mng_desired_size
 
-      iam_role_additional_policies = var.s3_enabled ? {comet_s3_access = var.comet_ec2_s3_iam_policy} : {}
+      iam_role_additional_policies = var.s3_enabled ? { comet_s3_access = var.comet_ec2_s3_iam_policy } : {}
     }
   }
 
@@ -49,7 +49,7 @@ module "irsa-ebs-csi" {
 }
 
 module "eks_blueprints_addons" {
-  source = "aws-ia/eks-blueprints-addons/aws"
+  source  = "aws-ia/eks-blueprints-addons/aws"
   version = "0.2.0"
 
   cluster_name      = module.eks.cluster_name
@@ -61,9 +61,9 @@ module "eks_blueprints_addons" {
     coredns            = {}
     vpc-cni            = {}
     kube-proxy         = {}
-    aws-ebs-csi-driver = {service_account_role_arn = module.irsa-ebs-csi.iam_role_arn}
+    aws-ebs-csi-driver = { service_account_role_arn = module.irsa-ebs-csi.iam_role_arn }
   }
-  
+
   enable_aws_load_balancer_controller = var.eks_aws_load_balancer_controller
   enable_cert_manager                 = var.eks_cert_manager
   enable_aws_cloudwatch_metrics       = var.eks_aws_cloudwatch_metrics

comet-infrastructure/modules/comet_eks/main.tf

@@ -77,6 +77,6 @@ variable "s3_enabled" {
 
 variable "comet_ec2_s3_iam_policy" {
   description = "Policy with access to S3 to associate with EKS worker nodes"
-  type = string
-  default = null
+  type        = string
+  default     = null
 }

comet-infrastructure/modules/comet_eks/variables.tf

@@ -16,25 +16,25 @@ resource "aws_elasticache_cluster" "comet-ml-ec-redis" {
   engine_version       = var.elasticache_engine_version
   port                 = local.redis_port
   subnet_group_name    = aws_elasticache_subnet_group.comet-ml-ec-subnet-group.name
-  security_group_ids = [aws_security_group.redis_inbound_sg.id]
+  security_group_ids   = [aws_security_group.redis_inbound_sg.id]
 }
 
 resource "aws_elasticache_subnet_group" "comet-ml-ec-subnet-group" {
-  name = "cometml-ec-sng-${var.environment}"
+  name       = "cometml-ec-sng-${var.environment}"
   subnet_ids = var.elasticache_private_subnets
 }
 
 resource "aws_security_group" "redis_inbound_sg" {
   name        = "cometml_redis_in_sg_${var.environment}"
   description = "Redis Security Group"
-  vpc_id = var.vpc_id
+  vpc_id      = var.vpc_id
 }
 
 resource "aws_vpc_security_group_ingress_rule" "redis_port_inbound_rule" {
   security_group_id = aws_security_group.redis_inbound_sg.id
 
-  from_port   = local.redis_port
-  to_port     = local.redis_port
-  ip_protocol    = "tcp"
+  from_port                    = local.redis_port
+  to_port                      = local.redis_port
+  ip_protocol                  = "tcp"
   referenced_security_group_id = var.elasticache_allow_from_sg
 }