fix: Adds public subnet IDs and private subnet IDs (#15)

GiamPy5 · web-flow · commit a3179d0e50b4 · 2024-09-13T20:32:14.000+02:00
* BREAKING CHANGE: Remove subnet_ids, adds public subnet IDs and private subnet IDs

* docs: Updates documentation
diff --git a/README.md b/README.md
@@ -184,6 +184,8 @@ Before using this module, ensure you have the following:
 | <a name="input_load_balancer_allowed_cidr_blocks"></a> [load\_balancer\_allowed\_cidr\_blocks](#input\_load\_balancer\_allowed\_cidr\_blocks) | The CIDR blocks allowed to access the Load Balancer | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_load_balancer_prefix_list_ids"></a> [load\_balancer\_prefix\_list\_ids](#input\_load\_balancer\_prefix\_list\_ids) | The prefix list IDs allowed to access the Load Balancer | `list(string)` | `[]` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | The amount of memory to reserve for the Directus service | `number` | `4096` | no |
+| <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | The IDs of the private subnets used by the ECS service to run tasks | `list(string)` | n/a | yes |
+| <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | The IDs of the public subnets used by the Load Balancer to serve traffic | `list(string)` | n/a | yes |
 | <a name="input_public_url"></a> [public\_url](#input\_public\_url) | The public URL of the Directus service | `string` | `""` | no |
 | <a name="input_rds_database_engine"></a> [rds\_database\_engine](#input\_rds\_database\_engine) | The engine of the RDS database | `string` | n/a | yes |
 | <a name="input_rds_database_host"></a> [rds\_database\_host](#input\_rds\_database\_host) | The host of the RDS database | `string` | n/a | yes |
@@ -197,7 +199,6 @@ Before using this module, ensure you have the following:
 | <a name="input_s3_bucket_name"></a> [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket | `string` | `""` | no |
 | <a name="input_s3_bucket_versioning_configuration"></a> [s3\_bucket\_versioning\_configuration](#input\_s3\_bucket\_versioning\_configuration) | S3 bucket versioning configuration | <pre>object({<br>    mfa_delete = string<br>  })</pre> | <pre>{<br>  "mfa_delete": "Disabled"<br>}</pre> | no |
 | <a name="input_ssl_certificate_arn"></a> [ssl\_certificate\_arn](#input\_ssl\_certificate\_arn) | The ARN of the SSL certificate | `string` | `""` | no |
-| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The IDs of the subnets | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | The tags to apply to the resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |
 
diff --git a/examples/main.tf b/examples/main.tf
@@ -36,10 +36,11 @@ locals {
 module "directus" {
   source = "./.."
 
-  application_name = local.name                # Change this to your application name
-  admin_email      = "fake-email@email.com"    # Change this to your email address
-  vpc_id           = module.vpc.vpc_id         # Change this to your VPC ID
-  subnet_ids       = module.vpc.public_subnets # Change this to your subnet IDs
+  application_name   = local.name                 # Change this to your application name
+  admin_email        = "fake-email@email.com"     # Change this to your email address
+  vpc_id             = module.vpc.vpc_id          # Change this to your VPC ID
+  public_subnet_ids  = module.vpc.public_subnets  # Change this to your subnet IDs
+  private_subnet_ids = module.vpc.private_subnets # Change this to your subnet IDs
 
   public_url = "https://${local.application_domain_name}"
 
diff --git a/main.tf b/main.tf
@@ -381,7 +381,7 @@ resource "aws_lb" "directus" {
   name               = "${local.truncated_application_name}-${local.service_name}-lb"
   internal           = false
   load_balancer_type = "application"
-  subnets            = var.subnet_ids
+  subnets            = var.public_subnet_ids
   security_groups    = [aws_security_group.lb_sg.id]
 
   enable_deletion_protection = false
@@ -470,8 +470,8 @@ resource "aws_ecs_service" "directus" {
   }
 
   network_configuration {
-    assign_public_ip = true
-    subnets          = var.subnet_ids
+    assign_public_ip = false
+    subnets          = var.private_subnet_ids
     security_groups  = [aws_security_group.ecs_sg.id]
   }
 
diff --git a/variables.tf b/variables.tf
@@ -251,8 +251,13 @@ variable "vpc_id" {
   type        = string
 }
 
-variable "subnet_ids" {
-  description = "The IDs of the subnets"
+variable "public_subnet_ids" {
+  description = "The IDs of the public subnets used by the Load Balancer to serve traffic"
+  type        = list(string)
+}
+
+variable "private_subnet_ids" {
+  description = "The IDs of the private subnets used by the ECS service to run tasks"
   type        = list(string)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -251,8 +251,13 @@ variable "vpc_id" {`
`251`	`251`	`type = string`
`252`	`252`	`}`
`253`	`253`
`254`		`-variable "subnet_ids" {`
`255`		`- description = "The IDs of the subnets"`
	`254`	`+variable "public_subnet_ids" {`
	`255`	`+ description = "The IDs of the public subnets used by the Load Balancer to serve traffic"`
	`256`	`+ type = list(string)`
	`257`	`+}`
	`258`	`+`
	`259`	`+variable "private_subnet_ids" {`
	`260`	`+ description = "The IDs of the private subnets used by the ECS service to run tasks"`
`256`	`261`	`type = list(string)`
`257`	`262`	`}`
`258`	`263`