INTMDB-424: Add AWS and Azure serverless private link examples (#1043)

* Add AWS and Azure serverless private link examples

* Remove unused variable

Author: martinstibbe

examples/aws-atlas-privatelink-serverless/Readme.md

@@ -0,0 +1,97 @@
+# Example - AWS and Atlas PrivateLink with Terraform
+
+This project aims to provide a very straight-forward example of setting up PrivateLink connection between AWS and MongoDB Atlas Serverless.
+
+
+## Dependencies
+
+* Terraform v0.13
+* An AWS account - provider.aws: version = "~> 3.3"
+* A MongoDB Atlas account - provider.mongodbatlas: version = "~> 0.6"
+
+## Usage
+
+**1\. Ensure your AWS and MongoDB Atlas credentials are set up.**
+
+This can be done using environment variables:
+
+``` bash
+$ export AWS_SECRET_ACCESS_KEY='your secret key'
+$ export AWS_ACCESS_KEY_ID='your key id'
+```
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="xxxx"
+export MONGODB_ATLAS_PRIVATE_KEY="xxxx"
+```
+
+... or the `~/.aws/credentials` file.
+
+```
+$ cat ~/.aws/credentials
+[default]
+aws_access_key_id = your key id
+aws_secret_access_key = your secret key
+
+```
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.
+
+**2\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently does the below deployments:
+
+- MongoDB cluster - M10
+- AWS Custom VPC, Internet Gateway, Route Tables, Subnets with Public and Private access
+- PrivateLink Connection at MongoDB Atlas
+- Create VPC Endpoint in AWS
+
+**3\. Configure the security group as required.**
+
+The security group in this configuration allows All Traffic access in Inbound and Outbound Rules.
+
+**4\. Execute the Terraform apply.**
+
+Now execute the plan to provision the AWS and Atlas resources.
+
+``` bash
+$ terraform apply
+```
+
+**5\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary charges.
+
+``` bash
+$ terraform destroy
+```
+
+**Important Point**
+
+To fetch the connection string follow the below steps:
+```
+output "atlasclusterstring" {
+    value = data.mongodbatlas_serverless_instance.cluster_atlas.connection_strings_standard_srv
+}
+```
+**Outputs:**
+```
+atlasclusterstring =  "mongodb+srv://cluster-atlas.za3fb.mongodb.net"
+ 
+```
+
+To fetch a private connection string, use the output of terraform as below after second apply:
+
+```
+output "plstring" {
+ value = mongodbatlas_serverless_instance.cluster_atlas.connection_strings_private_endpoint_srv[0]
+}
+```
+**Output:**
+```
+plstring = mongodb+srv://cluster-atlas-pe-0.za3fb.mongodb.net
+```

examples/aws-atlas-privatelink-serverless/atlas-cluster.tf

@@ -0,0 +1,26 @@
+resource "mongodbatlas_serverless_instance" "cluster_atlas" {
+  project_id                              = var.atlasprojectid
+  name                                    = "cluster-atlas"
+  provider_settings_backing_provider_name = "AWS"
+  provider_settings_provider_name         = "SERVERLESS"
+  provider_settings_region_name           = "US_EAST_1"
+  continuous_backup_enabled               = true
+}
+
+data "mongodbatlas_serverless_instance" "cluster_atlas" {
+  project_id = var.atlasprojectid
+  name       = mongodbatlas_serverless_instance.cluster_atlas.name
+  depends_on = [mongodbatlas_privatelink_endpoint_service_serverless.atlaseplink]
+}
+
+
+output "atlasclusterstring" {
+  value = data.mongodbatlas_serverless_instance.cluster_atlas.connection_strings_standard_srv
+}
+
+/* Note Value not available until second apply*/
+/*
+output "plstring" {
+ value = mongodbatlas_serverless_instance.cluster_atlas.connection_strings_private_endpoint_srv[0]
+}
+*/

examples/aws-atlas-privatelink-serverless/atlas-pl.tf

@@ -0,0 +1,23 @@
+resource "mongodbatlas_privatelink_endpoint_serverless" "atlaspl" {
+  project_id    = var.atlasprojectid
+  provider_name = "AWS"
+  instance_name = mongodbatlas_serverless_instance.cluster_atlas.name
+}
+
+resource "aws_vpc_endpoint" "ptfe_service" {
+  vpc_id             = aws_vpc.primary.id
+  service_name       = mongodbatlas_privatelink_endpoint_serverless.atlaspl.endpoint_service_name
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = [aws_subnet.primary-az1.id, aws_subnet.primary-az2.id]
+  security_group_ids = [aws_security_group.primary_default.id]
+}
+
+resource "mongodbatlas_privatelink_endpoint_service_serverless" "atlaseplink" {
+  project_id                 = mongodbatlas_privatelink_endpoint_serverless.atlaspl.project_id
+  instance_name              = mongodbatlas_serverless_instance.cluster_atlas.name
+  endpoint_id                = mongodbatlas_privatelink_endpoint_serverless.atlaspl.endpoint_id
+  cloud_provider_endpoint_id = aws_vpc_endpoint.ptfe_service.id
+  provider_name              = "AWS"
+  comment                    = "test"
+
+}

examples/aws-atlas-privatelink-serverless/aws-vpc.tf

@@ -0,0 +1,59 @@
+# Create Primary VPC
+resource "aws_vpc" "primary" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+# Create IGW
+resource "aws_internet_gateway" "primary" {
+  vpc_id = aws_vpc.primary.id
+}
+
+# Route Table
+resource "aws_route" "primary-internet_access" {
+  route_table_id         = aws_vpc.primary.main_route_table_id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.primary.id
+}
+
+# Subnet-A
+resource "aws_subnet" "primary-az1" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+  availability_zone       = "${var.aws_region}a"
+}
+
+# Subnet-B
+resource "aws_subnet" "primary-az2" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = false
+  availability_zone       = "${var.aws_region}b"
+}
+
+/*Security-Group
+Ingress - Port 80 -- limited to instance
+          Port 22 -- Open to ssh without limitations
+Egress  - Open to All*/
+
+resource "aws_security_group" "primary_default" {
+  name_prefix = "default-"
+  description = "Default security group for all instances in ${aws_vpc.primary.id}"
+  vpc_id      = aws_vpc.primary.id
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

examples/aws-atlas-privatelink-serverless/provider.tf

@@ -0,0 +1,9 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "aws" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = var.aws_region
+}

examples/aws-atlas-privatelink-serverless/variables.tf

@@ -0,0 +1,19 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+}
+variable "atlasprojectid" {
+  description = "Atlas project ID"
+}
+variable "access_key" {
+  description = "The access key for AWS Account"
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+}
+variable "aws_region" {
+  default     = "us-east-1"
+  description = "AWS Region"
+}

examples/aws-atlas-privatelink-serverless/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+  }
+  required_version = ">= 0.13"
+}

examples/azure-atlas-privatelink-serverless/Readme.md

@@ -0,0 +1,84 @@
+# Example - Microsoft Azure and MongoDB Atlas Private Endpoint Serverless
+
+This project aims to provide an example of using Azure and MongoDB Atlas together.
+
+
+## Dependencies
+
+* Terraform v0.13
+* Microsoft Azure account
+* MongoDB Atlas account
+
+```
+Terraform v0.13.0
++ provider registry.terraform.io/hashicorp/azuread v1.0.0
++ provider registry.terraform.io/hashicorp/azurerm v2.31.1
++ provider registry.terraform.io/terraform-providers/mongodbatlas v0.6.5
+```
+
+## Usage
+
+**1\. Ensure your Azure credentials are set up.**
+
+1. Install the Azure CLI by following the steps from the [official Azure documentation](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+2. Run the command `az login` and this will take you to the default browser and perform the authentication.
+3. Once authenticated, it will print the user details as below:
+
+```
+⇒  az login
+You have logged in. Now let us find all the subscriptions to which you have access...
+The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
+XXXXX
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "XXXXX",
+    "id": "XXXXX",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Pay-As-You-Go",
+    "state": "Enabled",
+    "tenantId": "XXXXX",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+**2\. TFVARS**
+
+Now create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.
+
+An serverless cluster in the project will be linked via the `cluster_name` variable.
+If included, the azure connection string to the cluster will be output.
+
+**3\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently does the below deployments:
+
+- MongoDB Atlas Azure Private Endpoint
+- Azure Resource Group, VNET, Subnet, Private Endpoint
+- Azure-MongoDB Private Link
+
+**4\. Execute the Terraform apply.**
+
+Now execute the plan to provision the Azure resources.
+
+``` bash
+$ terraform apply
+```
+
+**5\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Azure and Atlas charges.
+
+``` bash
+$ terraform destroy
+```