Add outputs that are required or helpful post-provisioning

Author: burmek

comet-infrastructure/main.tf

@@ -61,6 +61,8 @@ module "comet_ec2" {
   s3_enabled = var.enable_s3
   comet_ml_s3_bucket  = var.s3_bucket_name
   comet_ec2_s3_iam_policy = var.enable_s3 ? module.comet_s3[0].comet_s3_iam_policy_arn : null
+
+  alb_enabled = var.enable_ec2_alb
 }
 
 module "comet_ec2_alb" {

comet-infrastructure/modules/comet_ec2/main.tf

@@ -1,6 +1,7 @@
 locals {
   ssh_port      = 22
   http_port     = 80
+  https_port    = 443
   any_port      = 0
   cidr_anywhere = "0.0.0.0/0"
 
@@ -18,7 +19,8 @@ resource "aws_instance" "comet_ec2" {
   iam_instance_profile = aws_iam_instance_profile.comet-ec2-instance-profile.name
   subnet_id     = var.comet_ec2_subnet
   vpc_security_group_ids = [aws_security_group.comet_ec2_sg.id]
-  associate_public_ip_address = true
+  
+  #associate_public_ip_address = true
 
   root_block_device {
     volume_type = var.comet_ec2_volume_type
@@ -34,6 +36,13 @@ resource "aws_instance" "comet_ec2" {
   }
 }
 
+# need to make this conditional based on ALB usage
+resource "aws_eip" "comet_ec2_eip" {
+  count = var.alb_enabled ? 0 : 1
+  instance = aws_instance.comet_ec2[0].id
+  domain   = "vpc"
+}
+
 resource "aws_security_group" "comet_ec2_sg" {
   name        = "comet_${var.environment}_ec2_sg"
   description = "Comet EC2 instance security group"
@@ -60,6 +69,16 @@ resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_http" {
   cidr_ipv4 = local.cidr_anywhere
 }
 
+resource "aws_vpc_security_group_ingress_rule" "comet_ec2_ingress_https" {
+  security_group_id = aws_security_group.comet_ec2_sg.id
+  
+  from_port   = local.https_port
+  to_port     = local.https_port
+  ip_protocol    = "tcp"
+  # make more restrictive
+  cidr_ipv4 = local.cidr_anywhere
+}
+
 /*
 resource "aws_vpc_security_group_ingress_rule" "comet_ec2_alb_http" {
   security_group_id = aws_security_group.comet_ec2_sg.id

comet-infrastructure/modules/comet_ec2/outputs.tf

@@ -1,4 +1,14 @@
 output "comet_ec2_sg_id" {
+  description = "ID of the security group associated with the EC2 instance"
   value       = aws_security_group.comet_ec2_sg.id
-  description = "ID of the security group associated with the comet_ec2 instance"
+}
+
+output "comet_ec2_instance_id" {
+  description = "ID of the EC2 instance"
+  value       = aws_instance.comet_ec2[0].id
+}
+
+output "comet_ec2_public_ip" {
+  description = "Public IP of the EIP associated with the EC2 instance"
+  value       = var.alb_enabled ? null : aws_eip.comet_ec2_eip[0].public_ip
 }

comet-infrastructure/modules/comet_ec2/variables.tf

@@ -58,6 +58,12 @@ variable "s3_enabled" {
   default     = null
 }
 
+variable "alb_enabled" {
+  description = "Indicates if ALB is being provisioned for Comet EC2 instance"
+  type        = bool
+  default     = null
+}
+
 variable "comet_ml_s3_bucket" {
   description = "Name of the S3 bucket provisioned for Comet"
   type        = string

comet-infrastructure/modules/comet_ec2_alb/outputs.tf

@@ -0,0 +1,4 @@
+output "alb_dns_name" {
+  description = "DNS name of the ALB"
+  value       = module.alb.lb_dns_name
+}

comet-infrastructure/modules/comet_elasticache/outputs.tf

@@ -0,0 +1,6 @@
+/* only available for Memcached cluster
+output "redis_host" {
+  description = "Endpoint for the ElastiCache Redis cluster"
+  value       = 
+}
+*/

comet-infrastructure/modules/comet_rds/outputs.tf

@@ -0,0 +1,4 @@
+output "mysql_host" {
+  description = "MySQL endpoint"
+  value       = aws_rds_cluster.comet-ml-cluster.endpoint
+}

comet-infrastructure/outputs.tf

@@ -1,3 +1,28 @@
+output "region" {
+  description = "Region resources are provisioned in"
+  value       = var.region
+}
+
+output "comet_ec2_instance" {
+  description = "ID of the Comet EC2 instance"
+  value       = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_instance_id : null
+}
+
+output "comet_ec2_public_ip" {
+  description = "EIP associated with the Comet EC2 instance"
+  value       = var.enable_ec2 ? module.comet_ec2[0].comet_ec2_public_ip : null
+}
+
+output "comet_alb_dns_name" {
+  description = "DNS name of the ALB fronting the Comet EC2 instance"
+  value       = var.enable_ec2_alb ? module.comet_ec2_alb[0].alb_dns_name : null
+}
+
+output "mysql_host" {
+  description = "Endpoint for the RDS instance"
+  value       = var.enable_rds ? module.comet_rds[0].mysql_host : null
+}
+
 output "configure_kubectl" {
   description = "Configure kubectl: run the following command to update your kubeconfig with the newly provisioned cluster."
   value       = var.enable_eks ? "aws eks update-kubeconfig --region ${var.region} --name ${module.comet_eks[0].cluster_name}" : null

comet-infrastructure/terraform.tfstate

@@ -0,0 +1,9 @@
+{
+  "version": 4,
+  "terraform_version": "1.4.6",
+  "serial": 71,
+  "lineage": "0aeaf72f-38d5-19e3-b471-755a981a6d48",
+  "outputs": {},
+  "resources": [],
+  "check_results": null
+}