Skip to content

Commit

Permalink
Provide a knob to optionally skip creating the VPC related resources (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
yegle authored Jun 10, 2024
1 parent 9f3c34c commit e8e281b
Show file tree
Hide file tree
Showing 5 changed files with 69 additions and 9 deletions.
6 changes: 3 additions & 3 deletions cloud/aws/templates/aws_oidc/app.tf
Original file line number Diff line number Diff line change
Expand Up @@ -317,13 +317,13 @@ module "ecs_fargate_service" {
desired_count = var.fargate_desired_task_count
default_certificate_arn = var.ssl_certificate_arn
ssl_policy = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
vpc_id = module.vpc.vpc_id
vpc_id = local.vpc_id
task_definition_arn = var.monitoring_stack_enabled ? aws_ecs_task_definition.civiform_with_monitoring.arn : aws_ecs_task_definition.civiform_only.arn
container_name = "${var.app_prefix}-civiform"
ecs_cluster_name = module.ecs_cluster.aws_ecs_cluster_cluster_name
ecs_cluster_arn = module.ecs_cluster.aws_ecs_cluster_cluster_arn
private_subnets = module.vpc.private_subnets
public_subnets = module.vpc.public_subnets
private_subnets = local.vpc_private_subnets
public_subnets = local.vpc_public_subnets
max_cpu_threshold = var.ecs_max_cpu_threshold
min_cpu_threshold = var.ecs_min_cpu_threshold
max_cpu_evaluation_period = var.ecs_max_cpu_evaluation_period
Expand Down
24 changes: 24 additions & 0 deletions cloud/aws/templates/aws_oidc/external_vpc.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
// File containing the necessary data sources if local.enable_managed_vpc=false.
//
// The "local.enable_managed_vpc" variable will be set to false if all of
// "var.external_vpc" fields are set.

data "aws_vpc" "external" {
count = local.enable_managed_vpc ? 0 : 1
id = var.external_vpc.id
}

data "aws_db_subnet_group" "external" {
count = local.enable_managed_vpc ? 0 : 1
name = var.external_vpc.database_subnet_group_name
}

data "aws_subnet" "external_private" {
count = local.enable_managed_vpc ? 0 : 1
id = var.external_vpc.private_subnet_id
}

data "aws_subnet" "external_public" {
count = local.enable_managed_vpc ? 0 : 1
id = var.external_vpc.public_subnet_id
}
12 changes: 6 additions & 6 deletions cloud/aws/templates/aws_oidc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ resource "aws_db_instance" "civiform" {
username = aws_secretsmanager_secret_version.postgres_username_secret_version.secret_string
password = aws_secretsmanager_secret_version.postgres_password_secret_version.secret_string
vpc_security_group_ids = [aws_security_group.rds.id]
db_subnet_group_name = module.vpc.database_subnet_group_name
db_subnet_group_name = local.vpc_database_subnet_group_name
parameter_group_name = aws_db_parameter_group.civiform.name
publicly_accessible = false
skip_final_snapshot = local.skip_final_snapshot
Expand Down Expand Up @@ -116,7 +116,7 @@ resource "aws_security_group" "rds" {
Type = "Civiform DB Security Group"
}
name = "${var.app_prefix}-civiform_rds"
vpc_id = module.vpc.vpc_id
vpc_id = local.vpc_id

ingress {
from_port = 5432
Expand Down Expand Up @@ -148,14 +148,14 @@ module "pgadmin" {
app_prefix = var.app_prefix
aws_region = var.aws_region

vpc_id = module.vpc.vpc_id
vpc_id = local.vpc_id
lb_arn = module.ecs_fargate_service.aws_lb_civiform_lb_arn
lb_ssl_cert_arn = var.ssl_certificate_arn
lb_access_sg_id = module.ecs_fargate_service.aws_security_group_lb_access_sg_id
cidr_allowlist = var.pgadmin_cidr_allowlist

ecs_cluster_arn = module.ecs_cluster.aws_ecs_cluster_cluster_arn
subnet_ids = module.vpc.private_subnets
subnet_ids = local.vpc_private_subnets

db_sg_id = aws_security_group.rds.id
db_address = data.aws_db_instance.civiform.address
Expand All @@ -173,9 +173,9 @@ module "dbaccess" {
app_prefix = var.app_prefix
aws_region = var.aws_region

vpc_id = module.vpc.vpc_id
vpc_id = local.vpc_id
cidr_allowlist = var.dbaccess_cidr_allowlist
db_sg_id = aws_security_group.rds.id
public_key = var.dbaccess_public_key
public_subnet = module.vpc.public_subnets[0]
public_subnet = local.vpc_public_subnets[0]
}
11 changes: 11 additions & 0 deletions cloud/aws/templates/aws_oidc/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -507,3 +507,14 @@ variable "postgresql_version" {
description = "Version of PostgreSQL to use. When set to only the major version, picks the latest minor version. Otherwise, deploys exactly the version specified."
default = "16"
}

variable "external_vpc" {
type = map(string)
description = "A map with external VPC settings. All values need to set to use an external VPC (VPC resources not managed by this Terraform config)"
default = {
database_subnet_group_name = ""
id = ""
private_subnet_id = ""
public_subnet_id = ""
}
}
25 changes: 25 additions & 0 deletions cloud/aws/templates/aws_oidc/vpc.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,30 @@

data "aws_availability_zones" "available" {}

locals {
// If any field of var.external_vpc is not set, we will switch to use the
// managed VPC (use this Terraform config to create the VPC network).
enable_managed_vpc = anytrue([
var.external_vpc.database_subnet_group_name == "",
var.external_vpc.id == "",
var.external_vpc.private_subnet_id == "",
var.external_vpc.public_subnet_id == "",
])
}

locals {
vpc_id = local.enable_managed_vpc ? module.vpc[0].vpc_id : data.aws_vpc.external[0].id
vpc_private_subnets = local.enable_managed_vpc ? module.vpc[0].private_subnets : data.aws_subnet.external_private[*].id
vpc_public_subnets = local.enable_managed_vpc ? module.vpc[0].public_subnets : data.aws_subnet.external_public[*].id
vpc_database_subnet_group_name = local.enable_managed_vpc ? module.vpc[0].database_subnet_group_name : data.aws_db_subnet_group.external[0].name
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.1.1"

count = local.enable_managed_vpc ? 1 : 0

name = "${var.app_prefix}-${var.vpc_name}"
cidr = var.vpc_cidr
azs = data.aws_availability_zones.available.names
Expand Down Expand Up @@ -71,3 +91,8 @@ module "vpc" {
}

}

moved {
from = module.vpc
to = module.vpc[0]
}

0 comments on commit e8e281b

Please sign in to comment.