From 811c4a08af38e95f8b95e3aedacd39e5c42b2476 Mon Sep 17 00:00:00 2001 From: PhilHenning Date: Tue, 19 Aug 2025 13:07:40 -0600 Subject: [PATCH 01/20] Upgrading eks default version from 1.28 -> 1.33 (Not tested) --- README.md | 2 +- operations/deployment/terraform/aws/aws_variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2c3cb49fb..679c0dd1f 100644 --- a/README.md +++ b/README.md @@ -479,7 +479,7 @@ The following inputs can be used as `step.with` keys | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `api,audit,authenticator`. | | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. | -| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.28` | +| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.33` | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | | `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. | | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. | diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index cba19a2eb..bd2dc89f2 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1610,7 +1610,7 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" type = number - default = "1.28" + default = "1.33" } variable "aws_eks_instance_type" { From 827929f6cd0f40f1eabf7381880701cd00f273c8 Mon Sep 17 00:00:00 2001 From: PhilHenning Date: Tue, 19 Aug 2025 13:20:14 -0600 Subject: [PATCH 02/20] Removing default from TF values and moving to github action + adding type: choice --- action.yaml | 10 +++++++++- operations/deployment/terraform/aws/aws_variables.tf | 1 - 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/action.yaml b/action.yaml index 0d0cf2bde..7776ba60a 100644 --- a/action.yaml +++ b/action.yaml @@ -940,8 +940,16 @@ inputs: description: "Skip deletion of cluster logs if set to true" required: false aws_eks_cluster_version: + type: choice description: 'Specify the k8s cluster version' - required: false + option: + - 1.29 + - 1.30 + - 1.31 + - 1.32 + - 1.33 + required: false + default: 1.33 aws_eks_instance_type: description: 'enter the aws instance type' required: false diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index bd2dc89f2..293767bfb 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1610,7 +1610,6 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" type = number - default = "1.33" } variable "aws_eks_instance_type" { From 1b27c1e84d7f920e2140b79d83bfb9255ea8677a Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 18 Dec 2025 10:00:32 -0300 Subject: [PATCH 03/20] Fixes for defaults --- README.md | 3 ++- action.yaml | 16 ++++++---------- .../_scripts/generate/generate_vars_terraform.sh | 2 ++ .../deployment/terraform/aws/aws_variables.tf | 9 ++++++++- .../deployment/terraform/aws/bitovi_main.tf | 1 + .../terraform/modules/aws/eks/aws_eks_cluster.tf | 2 +- .../terraform/modules/aws/eks/aws_eks_vars.tf | 1 + 7 files changed, 21 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 9015d6ddc..9a5f27872 100644 --- a/README.md +++ b/README.md @@ -521,9 +521,10 @@ The following inputs can be used as `step.with` keys | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `api,audit,authenticator`. | | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. | -| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.33` | +| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.32` | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | | `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. | +| `aws_eks_instance_ami_type` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. See [here](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for options. Defaults to `AL2_x86_64.` (Legacy reasons)| | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. | | `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. | | `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. | diff --git a/action.yaml b/action.yaml index 8f4933a37..a3645ecb7 100644 --- a/action.yaml +++ b/action.yaml @@ -1047,22 +1047,17 @@ inputs: description: "Skip deletion of cluster logs if set to true" required: false aws_eks_cluster_version: - type: choice description: 'Specify the k8s cluster version' - option: - - 1.29 - - 1.30 - - 1.31 - - 1.32 - - 1.33 - required: false - default: 1.33 + required: false aws_eks_instance_type: description: 'enter the aws instance type' required: false aws_eks_instance_ami_id: description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.' required: false + aws_eks_instance_ami_type: + description: 'Type of AMI to use. Defaults to AL2_x86_64' + required: false aws_eks_instance_user_data_file: description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.' required: false @@ -1569,7 +1564,7 @@ runs: AWS_ECR_REGISTRY_POLICY_INPUT: ${{ inputs.aws_ecr_registry_policy_input }} AWS_ECR_ADDITIONAL_TAGS: ${{ inputs.aws_ecr_additional_tags }} - # AWS EKS + # EKS AWS_EKS_CREATE: ${{ inputs.aws_eks_create }} AWS_EKS_SECURITY_GROUP_NAME_CLUSTER: ${{ inputs.aws_eks_security_group_name_cluster }} AWS_EKS_SECURITY_GROUP_NAME_NODE: ${{ inputs.aws_eks_security_group_name_node }} @@ -1585,6 +1580,7 @@ runs: AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }} AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }} AWS_EKS_INSTANCE_AMI_ID: ${{ inputs.aws_eks_instance_ami_id }} + AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }} AWS_EKS_INSTANCE_USER_DATA_FILE: ${{ inputs.aws_eks_instance_user_data_file }} AWS_EKS_EC2_KEY_PAIR: ${{ inputs.aws_eks_ec2_key_pair }} AWS_EKS_STORE_KEYPAIR_SM: ${{ inputs.aws_eks_store_keypair_sm }} diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh index f36fd40e2..f5f540356 100644 --- a/operations/_scripts/generate/generate_vars_terraform.sh +++ b/operations/_scripts/generate/generate_vars_terraform.sh @@ -407,6 +407,7 @@ if [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then aws_eks_cluster_version=$(generate_var aws_eks_cluster_version $AWS_EKS_CLUSTER_VERSION) aws_eks_instance_type=$(generate_var aws_eks_instance_type $AWS_EKS_INSTANCE_TYPE) aws_eks_instance_ami_id=$(generate_var aws_eks_instance_ami_id $AWS_EKS_INSTANCE_AMI_ID) + aws_eks_instance_ami_type=$(generate_var aws_eks_instance_ami_type $AWS_EKS_INSTANCE_AMI_TYPE) aws_eks_instance_user_data_file=$(generate_var aws_eks_instance_user_data_file $AWS_EKS_INSTANCE_USER_DATA_FILE) aws_eks_ec2_key_pair=$(generate_var aws_eks_ec2_key_pair $AWS_EKS_EC2_KEY_PAIR) aws_eks_store_keypair_sm=$(generate_var aws_eks_store_keypair_sm $AWS_EKS_STORE_KEYPAIR_SM) @@ -769,6 +770,7 @@ $aws_eks_cluster_log_skip_destroy $aws_eks_cluster_version $aws_eks_instance_type $aws_eks_instance_ami_id +$aws_eks_instance_ami_type $aws_eks_instance_user_data_file $aws_eks_ec2_key_pair $aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index d954a3b78..2fc4268c9 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1809,7 +1809,7 @@ variable "aws_eks_cluster_log_types" { } variable "aws_eks_cluster_log_retention_days" { - description = "enter the kubernetes version" + description = "Log retention days" type = string default = "7" } @@ -1823,6 +1823,7 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" type = number + default = 1.32 } variable "aws_eks_instance_type" { @@ -1837,6 +1838,12 @@ variable "aws_eks_instance_ami_id" { default = "" } +variable "aws_eks_instance_ami_type" { + description = "Type of AMI to use. Defaults to AL2_x86_64" + type = string + default = "AL2_x86_64" +} + variable "aws_eks_instance_user_data_file" { description = "enter the aws instance user data file" type = string diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf index cfaa57986..fee7ea844 100644 --- a/operations/deployment/terraform/aws/bitovi_main.tf +++ b/operations/deployment/terraform/aws/bitovi_main.tf @@ -633,6 +633,7 @@ module "eks" { aws_eks_cluster_version = var.aws_eks_cluster_version aws_eks_instance_type = var.aws_eks_instance_type aws_eks_instance_ami_id = var.aws_eks_instance_ami_id + aws_eks_instance_ami_type = var.aws_eks_instance_ami_type aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index b4bcb6772..5813d4d09 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -72,7 +72,7 @@ resource "aws_eks_node_group" "node_nodes" { max_unavailable = 1 } - ami_type = "AL2_x86_64" + ami_type = var.aws_eks_instance_ami_type instance_types = [var.aws_eks_instance_type] remote_access { diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf index 958cdb7e8..338c81019 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf @@ -12,6 +12,7 @@ variable "aws_eks_cluster_log_skip_destroy" {} variable "aws_eks_cluster_version" {} variable "aws_eks_instance_type" {} variable "aws_eks_instance_ami_id" {} +variable "aws_eks_instance_ami_type" {} variable "aws_eks_instance_user_data_file" {} variable "aws_eks_ec2_key_pair" {} variable "aws_eks_store_keypair_sm" {} From 8a8e1ab6a779f8c0e751ef055bae9b14b9a11830 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 18 Dec 2025 13:09:01 -0300 Subject: [PATCH 04/20] rollback default version - temp remove aws-auth --- .../deployment/terraform/aws/aws_variables.tf | 2 +- .../modules/aws/eks/aws_eks_cluster.tf | 32 +++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 2fc4268c9..8425b3de8 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1823,7 +1823,7 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" type = number - default = 1.32 + default = 1.28 } variable "aws_eks_instance_type" { diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 5813d4d09..fc0515321 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -124,22 +124,22 @@ resource "terraform_data" "replacement" { input = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) } -resource "kubernetes_config_map" "aws_auth" { - metadata { - name = "aws-auth" - namespace = "kube-system" - } - - data = { - mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) - #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) - mapAccounts = "${data.aws_caller_identity.current.account_id}" - } - - lifecycle { - replace_triggered_by = [terraform_data.replacement] - } -} +#resource "kubernetes_config_map" "aws_auth" { +# metadata { +# name = "aws-auth" +# namespace = "kube-system" +# } +# +# data = { +# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) +# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) +# mapAccounts = "${data.aws_caller_identity.current.account_id}" +# } +# +# lifecycle { +# replace_triggered_by = [terraform_data.replacement] +# } +#} output "eks_kubernetes_provider_config" { value = { From 2e532bdb50a27b1ce245e57eca987cbc54b54d73 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 18 Dec 2025 17:00:43 -0300 Subject: [PATCH 05/20] rollback --- .../modules/aws/eks/aws_eks_cluster.tf | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index fc0515321..5813d4d09 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -124,22 +124,22 @@ resource "terraform_data" "replacement" { input = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) } -#resource "kubernetes_config_map" "aws_auth" { -# metadata { -# name = "aws-auth" -# namespace = "kube-system" -# } -# -# data = { -# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) -# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) -# mapAccounts = "${data.aws_caller_identity.current.account_id}" -# } -# -# lifecycle { -# replace_triggered_by = [terraform_data.replacement] -# } -#} +resource "kubernetes_config_map" "aws_auth" { + metadata { + name = "aws-auth" + namespace = "kube-system" + } + + data = { + mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles,local.map_worker_roles))) + #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) + mapAccounts = "${data.aws_caller_identity.current.account_id}" + } + + lifecycle { + replace_triggered_by = [terraform_data.replacement] + } +} output "eks_kubernetes_provider_config" { value = { From c774aa8bb793fe933a9bd33a1ebb70c832acec58 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 19 Dec 2025 11:25:46 -0300 Subject: [PATCH 06/20] Adding bk-node-group handling --- README.md | 4 +- action.yaml | 15 +- .../generate/generate_vars_terraform.sh | 8 +- .../deployment/terraform/aws/aws_variables.tf | 36 +- .../deployment/terraform/aws/bitovi_main.tf | 594 +++++++++--------- .../modules/aws/eks/aws_eks_cluster.tf | 42 ++ .../terraform/modules/aws/eks/aws_eks_vars.tf | 4 +- 7 files changed, 387 insertions(+), 316 deletions(-) diff --git a/README.md b/README.md index 9a5f27872..0142e99de 100644 --- a/README.md +++ b/README.md @@ -522,9 +522,11 @@ The following inputs can be used as `step.with` keys | `aws_eks_cluster_log_retention_days` | String | Days to store logs. Defaults to `7`. | | `aws_eks_cluster_logs_skip_destroy` | Boolean | Skip deletion of cluster logs if set to true. Defaults to `false`. | | `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.32` | +| `aws_eks_create_bk_node_group` | Boolean | Creates a backup node group in order to migrate the main one. Any changes after creation of it will be ignored. (For safety reasons) | | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. | -| `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. | | `aws_eks_instance_ami_type` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. See [here](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for options. Defaults to `AL2_x86_64.` (Legacy reasons)| +| `aws_eks_instance_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | +| `aws_eks_instance_ami_type_bk` | String | Same as above, but for backup node-group. Will use the same as the main node-group if not defined. If set, should be defined at the same time the node-group get's created. | | `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. | | `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. | | `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. | diff --git a/action.yaml b/action.yaml index a3645ecb7..06103aa28 100644 --- a/action.yaml +++ b/action.yaml @@ -1049,15 +1049,21 @@ inputs: aws_eks_cluster_version: description: 'Specify the k8s cluster version' required: false + aws_eks_create_bk_node_group: + description: 'Create a backup node group' + required: false aws_eks_instance_type: description: 'enter the aws instance type' required: false - aws_eks_instance_ami_id: - description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.' - required: false aws_eks_instance_ami_type: description: 'Type of AMI to use. Defaults to AL2_x86_64' required: false + aws_eks_instance_type_bk: + description: 'enter the aws instance type' + required: false + aws_eks_instance_ami_type_bk: + description: 'Type of AMI to use. Defaults to AL2_x86_64' + required: false aws_eks_instance_user_data_file: description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.' required: false @@ -1579,8 +1585,9 @@ runs: AWS_EKS_CLUSTER_LOG_SKIP_DESTROY: ${{ inputs.aws_eks_cluster_log_skip_destroy }} AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }} AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }} - AWS_EKS_INSTANCE_AMI_ID: ${{ inputs.aws_eks_instance_ami_id }} AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }} + AWS_EKS_INSTANCE_TYPE_BK: ${{ inputs.aws_eks_instance_type_bk }} + AWS_EKS_INSTANCE_AMI_TYPE_BK: ${{ inputs.aws_eks_instance_ami_type_bk }} AWS_EKS_INSTANCE_USER_DATA_FILE: ${{ inputs.aws_eks_instance_user_data_file }} AWS_EKS_EC2_KEY_PAIR: ${{ inputs.aws_eks_ec2_key_pair }} AWS_EKS_STORE_KEYPAIR_SM: ${{ inputs.aws_eks_store_keypair_sm }} diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh index f5f540356..38fa90667 100644 --- a/operations/_scripts/generate/generate_vars_terraform.sh +++ b/operations/_scripts/generate/generate_vars_terraform.sh @@ -405,9 +405,11 @@ if [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then aws_eks_cluster_log_retention_days=$(generate_var aws_eks_cluster_log_retention_days $AWS_EKS_CLUSTER_LOG_RETENTION_DAYS) aws_eks_cluster_log_skip_destroy=$(generate_var aws_eks_cluster_log_skip_destroy $AWS_EKS_CLUSTER_LOG_SKIP_DESTROY) aws_eks_cluster_version=$(generate_var aws_eks_cluster_version $AWS_EKS_CLUSTER_VERSION) + aws_eks_create_bk_node_group=$(generate_var aws_eks_create_bk_node_group $AWS_EKS_CREATE_BK_NODE_GROUP) aws_eks_instance_type=$(generate_var aws_eks_instance_type $AWS_EKS_INSTANCE_TYPE) - aws_eks_instance_ami_id=$(generate_var aws_eks_instance_ami_id $AWS_EKS_INSTANCE_AMI_ID) aws_eks_instance_ami_type=$(generate_var aws_eks_instance_ami_type $AWS_EKS_INSTANCE_AMI_TYPE) + aws_eks_instance_type_bk=$(generate_var aws_eks_instance_type_bk $AWS_EKS_INSTANCE_TYPE_BK) + aws_eks_instance_ami_type_bk=$(generate_var aws_eks_instance_ami_type_bk $AWS_EKS_INSTANCE_AMI_TYPE_BK) aws_eks_instance_user_data_file=$(generate_var aws_eks_instance_user_data_file $AWS_EKS_INSTANCE_USER_DATA_FILE) aws_eks_ec2_key_pair=$(generate_var aws_eks_ec2_key_pair $AWS_EKS_EC2_KEY_PAIR) aws_eks_store_keypair_sm=$(generate_var aws_eks_store_keypair_sm $AWS_EKS_STORE_KEYPAIR_SM) @@ -768,9 +770,11 @@ $aws_eks_cluster_log_types $aws_eks_cluster_log_retention_days $aws_eks_cluster_log_skip_destroy $aws_eks_cluster_version +$aws_eks_create_bk_node_group $aws_eks_instance_type -$aws_eks_instance_ami_id $aws_eks_instance_ami_type +$aws_eks_instance_type_bk +$aws_eks_instance_ami_type_bk $aws_eks_instance_user_data_file $aws_eks_ec2_key_pair $aws_eks_store_keypair_sm diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 8425b3de8..0759a4441 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -125,7 +125,7 @@ variable "aws_ec2_port_list" { default = "" } -variable "aws_ec2_user_data_replace_on_change" { +variable "aws_ec2_user_data_replace_on_change" { type = bool description = "Forces destruction of EC2 instance" default = true @@ -145,21 +145,21 @@ variable "aws_vpc_create" { } variable "aws_vpc_name" { - type = string + type = string description = "Name for the aws vpc" - default = "" + default = "" } variable "aws_vpc_id" { - type = string + type = string description = "aws vpc id" - default = "" + default = "" } variable "aws_vpc_subnet_id" { - type = string + type = string description = "aws vpc subnet id" - default = "" + default = "" } variable "aws_vpc_cidr_block" { @@ -1602,13 +1602,13 @@ variable "aws_ecs_additional_tags" { } # ECR -variable "aws_ecr_repo_create" { +variable "aws_ecr_repo_create" { description = "Determines whether a repository will be created" type = bool default = false } -variable "aws_ecr_repo_type" { +variable "aws_ecr_repo_type" { description = "The type of repository to create. Either `public` or `private`" type = string default = "private" @@ -1736,7 +1736,7 @@ variable "aws_ecr_public_repo_catalog" { default = {} } -variable "aws_ecr_registry_policy_input" { +variable "aws_ecr_registry_policy_input" { description = "The policy document. This is a JSON formatted string" type = string default = "" @@ -1826,14 +1826,20 @@ variable "aws_eks_cluster_version" { default = 1.28 } +variable "aws_eks_create_bk_node_group" { + description = "create a backup node group" + type = bool + default = false +} + variable "aws_eks_instance_type" { description = "enter the aws instance type" type = string default = "t3a.medium" } -variable "aws_eks_instance_ami_id" { - description = "AWS AMI ID" +variable "aws_eks_instance_type_bk" { + description = "enter the aws instance type" type = string default = "" } @@ -1844,6 +1850,12 @@ variable "aws_eks_instance_ami_type" { default = "AL2_x86_64" } +variable "aws_eks_instance_ami_type_bk" { + description = "Type of AMI to use. Defaults to AL2_x86_64" + type = string + default = "" +} + variable "aws_eks_instance_user_data_file" { description = "enter the aws instance user data file" type = string diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf index fee7ea844..354cfed4a 100644 --- a/operations/deployment/terraform/aws/bitovi_main.tf +++ b/operations/deployment/terraform/aws/bitovi_main.tf @@ -1,6 +1,6 @@ module "ec2" { source = "../modules/aws/ec2" - count = var.aws_ec2_instance_create ? 1 : 0 + count = var.aws_ec2_instance_create ? 1 : 0 # EC2 aws_ec2_ami_filter = var.aws_ec2_ami_filter aws_ec2_ami_owner = var.aws_ec2_ami_owner @@ -11,20 +11,20 @@ module "ec2" { aws_ec2_user_data_replace_on_change = var.aws_ec2_user_data_replace_on_change aws_ec2_instance_root_vol_size = var.aws_ec2_instance_root_vol_size aws_ec2_instance_root_vol_preserve = var.aws_ec2_instance_root_vol_preserve - aws_ec2_create_keypair_sm = var.aws_ec2_create_keypair_sm + aws_ec2_create_keypair_sm = var.aws_ec2_create_keypair_sm aws_ec2_security_group_name = var.aws_ec2_security_group_name aws_ec2_iam_instance_profile = var.aws_ec2_iam_instance_profile aws_ec2_port_list = var.aws_ec2_port_list # Data inputs - aws_ec2_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_vpc_dns_enabled = module.vpc.aws_vpc_dns_enabled - aws_subnet_selected_id = module.vpc.aws_vpc_subnet_selected - preferred_az = module.vpc.preferred_az + aws_ec2_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_vpc_dns_enabled = module.vpc.aws_vpc_dns_enabled + aws_subnet_selected_id = module.vpc.aws_vpc_subnet_selected + preferred_az = module.vpc.preferred_az # Others - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - ec2_tags = local.ec2_tags - depends_on = [module.vpc] + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + ec2_tags = local.ec2_tags + depends_on = [module.vpc] providers = { aws = aws.ec2 @@ -37,13 +37,13 @@ module "ec2_sg_to_rds" { # Inputs sg_type = "ingress" sg_rule_description = "${var.aws_resource_identifier} - EC2 Incoming" - sg_rule_from_port = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port) - sg_rule_to_port = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port) + sg_rule_from_port = try(module.db_proxy_rds[0].db_proxy_port, module.rds[0].db_port) + sg_rule_to_port = try(module.db_proxy_rds[0].db_proxy_port, module.rds[0].db_port) sg_rule_protocol = "tcp" source_security_group_id = module.ec2[0].aws_security_group_ec2_sg_id - target_security_group_id = try(module.db_proxy_rds[0].db_proxy_sg_id,module.rds[0].rds_sg_id) - - depends_on = [ module.ec2,module.rds ] + target_security_group_id = try(module.db_proxy_rds[0].db_proxy_sg_id, module.rds[0].rds_sg_id) + + depends_on = [module.ec2, module.rds] } module "efs_to_ec2_sg" { @@ -57,22 +57,22 @@ module "efs_to_ec2_sg" { sg_rule_protocol = "tcp" source_security_group_id = try(module.efs[0].aws_efs_sg_id) target_security_group_id = module.ec2[0].aws_security_group_ec2_sg_id - depends_on = [ module.ec2,module.efs ] + depends_on = [module.ec2, module.efs] } module "aws_certificates" { source = "../modules/aws/certificates" - count = ( var.aws_ec2_instance_create || var.aws_ecs_enable ) && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 + count = (var.aws_ec2_instance_create || var.aws_ecs_enable) && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 # Cert aws_r53_cert_arn = var.aws_r53_cert_arn aws_r53_create_root_cert = var.aws_r53_create_root_cert aws_r53_create_sub_cert = var.aws_r53_create_sub_cert # R53 - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name # Others - fqdn_provided = local.fqdn_provided - + fqdn_provided = local.fqdn_provided + providers = { aws = aws.r53 } @@ -82,17 +82,17 @@ module "aws_route53" { source = "../modules/aws/route53" count = var.aws_ec2_instance_create && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0 # R53 values - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name - aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy - aws_r53_enable_cert = var.aws_r53_enable_cert + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy + aws_r53_enable_cert = var.aws_r53_enable_cert # ELB - aws_elb_dns_name = try(module.aws_elb[0].aws_elb_dns_name,"") - aws_elb_zone_id = try(module.aws_elb[0].aws_elb_zone_id,"") + aws_elb_dns_name = try(module.aws_elb[0].aws_elb_dns_name, "") + aws_elb_zone_id = try(module.aws_elb[0].aws_elb_zone_id, "") # Certs aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others - fqdn_provided = local.fqdn_provided + fqdn_provided = local.fqdn_provided providers = { aws = aws.r53 @@ -103,28 +103,28 @@ module "aws_elb" { source = "../modules/aws/elb" count = var.aws_ec2_instance_create && var.aws_elb_create ? 1 : 0 # ELB Values - aws_elb_security_group_name = var.aws_elb_security_group_name - aws_elb_app_port = var.aws_elb_app_port - aws_elb_app_protocol = var.aws_elb_app_protocol - aws_elb_listen_port = var.aws_elb_listen_port - aws_elb_listen_protocol = var.aws_elb_listen_protocol - aws_elb_healthcheck = var.aws_elb_healthcheck - aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name - aws_elb_access_log_expire = var.aws_elb_access_log_expire + aws_elb_security_group_name = var.aws_elb_security_group_name + aws_elb_app_port = var.aws_elb_app_port + aws_elb_app_protocol = var.aws_elb_app_protocol + aws_elb_listen_port = var.aws_elb_listen_port + aws_elb_listen_protocol = var.aws_elb_listen_protocol + aws_elb_healthcheck = var.aws_elb_healthcheck + aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name + aws_elb_access_log_expire = var.aws_elb_access_log_expire # EC2 - aws_instance_server_az = [module.vpc.preferred_az] - aws_vpc_selected_id = module.vpc.aws_selected_vpc_id - aws_vpc_subnet_selected = module.vpc.aws_vpc_subnet_selected - aws_instance_server_id = module.ec2[0].aws_instance_server_id - aws_elb_target_sg_id = module.ec2[0].aws_security_group_ec2_sg_id + aws_instance_server_az = [module.vpc.preferred_az] + aws_vpc_selected_id = module.vpc.aws_selected_vpc_id + aws_vpc_subnet_selected = module.vpc.aws_vpc_subnet_selected + aws_instance_server_id = module.ec2[0].aws_instance_server_id + aws_elb_target_sg_id = module.ec2[0].aws_security_group_ec2_sg_id # Certs - aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" + aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others aws_resource_identifier = var.aws_resource_identifier aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Module dependencies - depends_on = [module.vpc,module.ec2] - + depends_on = [module.vpc, module.ec2] + providers = { aws = aws.elb } @@ -134,10 +134,10 @@ module "efs" { source = "../modules/aws/efs" count = var.aws_efs_enable ? 1 : 0 # EFS - aws_efs_create = var.aws_efs_create - aws_efs_fs_id = var.aws_efs_fs_id - aws_efs_create_mount_target = var.aws_efs_create_mount_target - aws_efs_create_ha = var.aws_efs_create_ha + aws_efs_create = var.aws_efs_create + aws_efs_fs_id = var.aws_efs_fs_id + aws_efs_create_mount_target = var.aws_efs_create_mount_target + aws_efs_create_ha = var.aws_efs_create_ha aws_efs_vol_encrypted = var.aws_efs_vol_encrypted aws_efs_kms_key_id = var.aws_efs_kms_key_id @@ -151,12 +151,12 @@ module "efs" { aws_efs_replication_destination = var.aws_efs_replication_destination aws_efs_enable_backup_policy = var.aws_efs_enable_backup_policy aws_efs_transition_to_inactive = var.aws_efs_transition_to_inactive - + # VPC Inputs - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnet_id = module.vpc.aws_vpc_subnet_selected - aws_resource_identifier = var.aws_resource_identifier - depends_on = [module.vpc] + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnet_id = module.vpc.aws_vpc_subnet_selected + aws_resource_identifier = var.aws_resource_identifier + depends_on = [module.vpc] providers = { aws = aws.efs @@ -204,10 +204,10 @@ module "rds" { aws_rds_db_copy_tags_to_snapshot = var.aws_rds_db_copy_tags_to_snapshot # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies depends_on = [module.vpc] @@ -220,29 +220,29 @@ module "db_proxy_rds" { source = "../modules/aws/db_proxy" count = var.aws_rds_db_proxy ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = module.rds[0].db_id - aws_db_proxy_cluster = false - aws_db_proxy_secret_name = module.rds[0].db_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = module.rds[0].db_id + aws_db_proxy_cluster = false + aws_db_proxy_secret_name = module.rds[0].db_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = module.rds[0].random_string + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = module.rds[0].random_string # Dependencies - depends_on = [module.vpc,module.rds] + depends_on = [module.vpc, module.rds] providers = { aws = aws.db_proxy @@ -260,17 +260,17 @@ module "aurora_rds" { aws_aurora_availability_zones = var.aws_aurora_availability_zones aws_aurora_cluster_apply_immediately = var.aws_aurora_cluster_apply_immediately # Storage - aws_aurora_allocated_storage = var.aws_aurora_allocated_storage - aws_aurora_storage_encrypted = var.aws_aurora_storage_encrypted - aws_aurora_kms_key_id = var.aws_aurora_kms_key_id - aws_aurora_storage_type = var.aws_aurora_storage_type - aws_aurora_storage_iops = var.aws_aurora_storage_iops + aws_aurora_allocated_storage = var.aws_aurora_allocated_storage + aws_aurora_storage_encrypted = var.aws_aurora_storage_encrypted + aws_aurora_kms_key_id = var.aws_aurora_kms_key_id + aws_aurora_storage_type = var.aws_aurora_storage_type + aws_aurora_storage_iops = var.aws_aurora_storage_iops # DB Details - aws_aurora_database_name = var.aws_aurora_database_name - aws_aurora_master_username = var.aws_aurora_master_username - aws_aurora_database_group_family = var.aws_aurora_database_group_family - aws_aurora_iam_auth_enabled = var.aws_aurora_iam_auth_enabled - aws_aurora_iam_roles = var.aws_aurora_iam_roles + aws_aurora_database_name = var.aws_aurora_database_name + aws_aurora_master_username = var.aws_aurora_master_username + aws_aurora_database_group_family = var.aws_aurora_database_group_family + aws_aurora_iam_auth_enabled = var.aws_aurora_iam_auth_enabled + aws_aurora_iam_roles = var.aws_aurora_iam_roles # Net aws_aurora_cluster_db_instance_class = var.aws_aurora_cluster_db_instance_class aws_aurora_security_group_name = var.aws_aurora_security_group_name @@ -295,11 +295,11 @@ module "aurora_rds" { aws_aurora_snapshot_name = var.aws_aurora_snapshot_name aws_aurora_snapshot_overwrite = var.aws_aurora_snapshot_overwrite # DB Parameters - aws_aurora_db_instances_count = var.aws_aurora_db_instances_count - aws_aurora_db_instance_class = var.aws_aurora_db_instance_class - aws_aurora_db_apply_immediately = var.aws_aurora_db_apply_immediately - aws_aurora_db_ca_cert_identifier = var.aws_aurora_db_ca_cert_identifier - aws_aurora_db_maintenance_window = var.aws_aurora_db_maintenance_window + aws_aurora_db_instances_count = var.aws_aurora_db_instances_count + aws_aurora_db_instance_class = var.aws_aurora_db_instance_class + aws_aurora_db_apply_immediately = var.aws_aurora_db_apply_immediately + aws_aurora_db_ca_cert_identifier = var.aws_aurora_db_ca_cert_identifier + aws_aurora_db_maintenance_window = var.aws_aurora_db_maintenance_window # Extras aws_aurora_performance_insights_enable = var.aws_aurora_performance_insights_enable aws_aurora_performance_insights_kms_key_id = var.aws_aurora_performance_insights_kms_key_id @@ -307,12 +307,12 @@ module "aurora_rds" { # Others # Incoming #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_subnets_vpc_subnets_ids = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.aurora @@ -323,29 +323,29 @@ module "db_proxy_aurora" { source = "../modules/aws/db_proxy" count = var.aws_aurora_proxy ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = module.aurora_rds[0].aurora_db_id - aws_db_proxy_cluster = true - aws_db_proxy_secret_name = module.aurora_rds[0].aurora_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = module.aurora_rds[0].aurora_db_id + aws_db_proxy_cluster = true + aws_db_proxy_secret_name = module.aurora_rds[0].aurora_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = module.aurora_rds[0].random_string + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = module.aurora_rds[0].random_string # Dependencies - depends_on = [module.vpc,module.aurora_rds] + depends_on = [module.vpc, module.aurora_rds] providers = { aws = aws.db_proxy @@ -357,29 +357,29 @@ module "db_proxy" { source = "../modules/aws/db_proxy" count = var.aws_db_proxy_enable ? 1 : 0 # PROXY - aws_aurora_proxy = var.aws_aurora_proxy - aws_rds_db_proxy = var.aws_rds_db_proxy - aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) - aws_db_proxy_database_id = var.aws_db_proxy_database_id - aws_db_proxy_cluster = var.aws_db_proxy_cluster - aws_db_proxy_secret_name = var.aws_db_proxy_secret_name - aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type - aws_db_proxy_tls = var.aws_db_proxy_tls - aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name - aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow - aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group - aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming - aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable - aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days + aws_aurora_proxy = var.aws_aurora_proxy + aws_rds_db_proxy = var.aws_rds_db_proxy + aws_db_proxy_name = var.aws_db_proxy_name != "" ? var.aws_db_proxy_name : lower(var.aws_resource_identifier) + aws_db_proxy_database_id = var.aws_db_proxy_database_id + aws_db_proxy_cluster = var.aws_db_proxy_cluster + aws_db_proxy_secret_name = var.aws_db_proxy_secret_name + aws_db_proxy_client_password_auth_type = var.aws_db_proxy_client_password_auth_type + aws_db_proxy_tls = var.aws_db_proxy_tls + aws_db_proxy_security_group_name = var.aws_db_proxy_security_group_name + aws_db_proxy_database_security_group_allow = var.aws_db_proxy_database_security_group_allow + aws_db_proxy_allowed_security_group = var.aws_db_proxy_allowed_security_group + aws_db_proxy_allow_all_incoming = var.aws_db_proxy_allow_all_incoming + aws_db_proxy_cloudwatch_enable = var.aws_db_proxy_cloudwatch_enable + aws_db_proxy_cloudwatch_retention_days = var.aws_db_proxy_cloudwatch_retention_days # Others #aws_ec2_security_group = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : "" - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort - incoming_random_string = null + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + incoming_random_string = null # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.db_proxy @@ -387,11 +387,11 @@ module "db_proxy" { } module "proxy_dot_env" { - source = "../modules/commons/dot_env" - count = var.aws_aurora_proxy ? 1 : var.aws_db_proxy_enable ? 1 : var.aws_rds_db_proxy ? 1 : 0 - filename = "proxy.env" - content = join("\n",[try(module.db_proxy_aurora[0].proxy_dot_env,""),try(module.db_proxy_rds[0].proxy_dot_env,""),try(module.db_proxy[0].proxy_dot_env,"")]) - depends_on = [ module.db_proxy_aurora,module.db_proxy_rds,module.db_proxy_rds ] + source = "../modules/commons/dot_env" + count = var.aws_aurora_proxy ? 1 : var.aws_db_proxy_enable ? 1 : var.aws_rds_db_proxy ? 1 : 0 + filename = "proxy.env" + content = join("\n", [try(module.db_proxy_aurora[0].proxy_dot_env, ""), try(module.db_proxy_rds[0].proxy_dot_env, ""), try(module.db_proxy[0].proxy_dot_env, "")]) + depends_on = [module.db_proxy_aurora, module.db_proxy_rds, module.db_proxy_rds] } module "redis" { @@ -429,13 +429,13 @@ module "redis" { aws_redis_cloudwatch_retention_days = var.aws_redis_cloudwatch_retention_days aws_redis_single_line_url_secret = var.aws_redis_single_line_url_secret # Others - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets - aws_resource_identifier = var.aws_resource_identifier - aws_resource_identifier_supershort = var.aws_resource_identifier_supershort + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier_supershort = var.aws_resource_identifier_supershort # Dependencies - depends_on = [module.vpc,module.ec2] + depends_on = [module.vpc, module.ec2] providers = { aws = aws.redis } @@ -445,25 +445,25 @@ module "vpc" { source = "../modules/aws/vpc" #count = var.aws_ec2_instance_create || var.aws_efs_enable || var.aws_aurora_enable ? 1 : 0 # VPC - aws_vpc_create = var.aws_vpc_create - aws_vpc_id = var.aws_vpc_id - aws_vpc_subnet_id = var.aws_vpc_subnet_id - aws_vpc_cidr_block = var.aws_vpc_cidr_block - aws_vpc_name = var.aws_vpc_name - aws_vpc_public_subnets = var.aws_vpc_public_subnets - aws_vpc_private_subnets = var.aws_vpc_private_subnets - aws_vpc_availability_zones = var.aws_vpc_availability_zones + aws_vpc_create = var.aws_vpc_create + aws_vpc_id = var.aws_vpc_id + aws_vpc_subnet_id = var.aws_vpc_subnet_id + aws_vpc_cidr_block = var.aws_vpc_cidr_block + aws_vpc_name = var.aws_vpc_name + aws_vpc_public_subnets = var.aws_vpc_public_subnets + aws_vpc_private_subnets = var.aws_vpc_private_subnets + aws_vpc_availability_zones = var.aws_vpc_availability_zones # Data inputs aws_ec2_instance_type = var.aws_ec2_instance_type aws_ec2_security_group_name = var.aws_ec2_security_group_name # Others - aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier = var.aws_resource_identifier # NEW aws_vpc_enable_nat_gateway = var.aws_vpc_enable_nat_gateway aws_vpc_single_nat_gateway = var.aws_vpc_single_nat_gateway aws_vpc_external_nat_ip_ids = var.aws_vpc_external_nat_ip_ids # Toggle EKS flag to add tags to subnets - aws_eks_create = var.aws_eks_create + aws_eks_create = var.aws_eks_create providers = { aws = aws.vpc } @@ -479,41 +479,41 @@ module "aws_ecs" { source = "../modules/aws/ecs" count = var.aws_ecs_enable ? 1 : 0 # ECS - aws_ecs_service_name = var.aws_ecs_service_name - aws_ecs_cluster_name = var.aws_ecs_cluster_name - aws_ecs_service_launch_type = var.aws_ecs_service_launch_type - aws_ecs_task_type = var.aws_ecs_task_type - aws_ecs_task_name = var.aws_ecs_task_name - aws_ecs_task_ignore_definition = var.aws_ecs_task_ignore_definition - aws_ecs_task_execution_role = var.aws_ecs_task_execution_role - aws_ecs_task_json_definition_file = var.aws_ecs_task_json_definition_file - aws_ecs_task_network_mode = var.aws_ecs_task_network_mode - aws_ecs_task_cpu = var.aws_ecs_task_cpu - aws_ecs_task_mem = var.aws_ecs_task_mem - aws_ecs_container_cpu = var.aws_ecs_container_cpu - aws_ecs_container_mem = var.aws_ecs_container_mem - aws_ecs_node_count = var.aws_ecs_node_count - aws_ecs_app_image = var.aws_ecs_app_image - aws_ecs_security_group_name = var.aws_ecs_security_group_name - aws_ecs_assign_public_ip = var.aws_ecs_assign_public_ip - aws_ecs_container_port = var.aws_ecs_container_port - aws_ecs_lb_port = var.aws_ecs_lb_port - aws_ecs_lb_redirect_enable = var.aws_ecs_lb_redirect_enable - aws_ecs_lb_container_path = var.aws_ecs_lb_container_path - aws_ecs_lb_ssl_policy = var.aws_ecs_lb_ssl_policy - aws_ecs_lb_www_to_apex_redirect = var.aws_r53_root_domain_deploy ? var.aws_ecs_lb_www_to_apex_redirect : false - aws_ecs_autoscaling_enable = var.aws_ecs_autoscaling_enable - aws_ecs_autoscaling_max_nodes = var.aws_ecs_autoscaling_max_nodes - aws_ecs_autoscaling_min_nodes = var.aws_ecs_autoscaling_min_nodes - aws_ecs_autoscaling_max_mem = var.aws_ecs_autoscaling_max_mem - aws_ecs_autoscaling_max_cpu = var.aws_ecs_autoscaling_max_cpu - aws_ecs_cloudwatch_enable = var.aws_ecs_cloudwatch_enable - aws_ecs_cloudwatch_lg_name = var.aws_ecs_cloudwatch_enable ? ( var.aws_ecs_cloudwatch_lg_name != null ? var.aws_ecs_cloudwatch_lg_name : "${var.aws_resource_identifier}-ecs-logs" ) : null - aws_ecs_cloudwatch_skip_destroy = var.aws_ecs_cloudwatch_skip_destroy - aws_ecs_cloudwatch_retention_days = var.aws_ecs_cloudwatch_retention_days - aws_region_current_name = module.vpc.aws_region_current_name - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_selected_subnets = module.vpc.aws_selected_vpc_subnets + aws_ecs_service_name = var.aws_ecs_service_name + aws_ecs_cluster_name = var.aws_ecs_cluster_name + aws_ecs_service_launch_type = var.aws_ecs_service_launch_type + aws_ecs_task_type = var.aws_ecs_task_type + aws_ecs_task_name = var.aws_ecs_task_name + aws_ecs_task_ignore_definition = var.aws_ecs_task_ignore_definition + aws_ecs_task_execution_role = var.aws_ecs_task_execution_role + aws_ecs_task_json_definition_file = var.aws_ecs_task_json_definition_file + aws_ecs_task_network_mode = var.aws_ecs_task_network_mode + aws_ecs_task_cpu = var.aws_ecs_task_cpu + aws_ecs_task_mem = var.aws_ecs_task_mem + aws_ecs_container_cpu = var.aws_ecs_container_cpu + aws_ecs_container_mem = var.aws_ecs_container_mem + aws_ecs_node_count = var.aws_ecs_node_count + aws_ecs_app_image = var.aws_ecs_app_image + aws_ecs_security_group_name = var.aws_ecs_security_group_name + aws_ecs_assign_public_ip = var.aws_ecs_assign_public_ip + aws_ecs_container_port = var.aws_ecs_container_port + aws_ecs_lb_port = var.aws_ecs_lb_port + aws_ecs_lb_redirect_enable = var.aws_ecs_lb_redirect_enable + aws_ecs_lb_container_path = var.aws_ecs_lb_container_path + aws_ecs_lb_ssl_policy = var.aws_ecs_lb_ssl_policy + aws_ecs_lb_www_to_apex_redirect = var.aws_r53_root_domain_deploy ? var.aws_ecs_lb_www_to_apex_redirect : false + aws_ecs_autoscaling_enable = var.aws_ecs_autoscaling_enable + aws_ecs_autoscaling_max_nodes = var.aws_ecs_autoscaling_max_nodes + aws_ecs_autoscaling_min_nodes = var.aws_ecs_autoscaling_min_nodes + aws_ecs_autoscaling_max_mem = var.aws_ecs_autoscaling_max_mem + aws_ecs_autoscaling_max_cpu = var.aws_ecs_autoscaling_max_cpu + aws_ecs_cloudwatch_enable = var.aws_ecs_cloudwatch_enable + aws_ecs_cloudwatch_lg_name = var.aws_ecs_cloudwatch_enable ? (var.aws_ecs_cloudwatch_lg_name != null ? var.aws_ecs_cloudwatch_lg_name : "${var.aws_resource_identifier}-ecs-logs") : null + aws_ecs_cloudwatch_skip_destroy = var.aws_ecs_cloudwatch_skip_destroy + aws_ecs_cloudwatch_retention_days = var.aws_ecs_cloudwatch_retention_days + aws_region_current_name = module.vpc.aws_region_current_name + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_selected_subnets = module.vpc.aws_selected_vpc_subnets # Others aws_r53_domain_name = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : "" aws_certificate_enabled = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false @@ -522,7 +522,7 @@ module "aws_ecs" { aws_resource_identifier_supershort = var.aws_resource_identifier_supershort app_repo_name = var.app_repo_name # Dependencies - depends_on = [ module.aws_certificates ] + depends_on = [module.aws_certificates] providers = { aws = aws.ecs } @@ -530,28 +530,28 @@ module "aws_ecs" { module "aws_route53_ecs" { source = "../modules/aws/route53" - count = var.aws_ecs_enable && var.aws_r53_enable && var.aws_r53_domain_name != "" && ( var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition ) ? 1 : 0 + count = var.aws_ecs_enable && var.aws_r53_enable && var.aws_r53_domain_name != "" && (var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition) ? 1 : 0 # R53 values - aws_r53_domain_name = var.aws_r53_domain_name - aws_r53_sub_domain_name = var.aws_r53_sub_domain_name - aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy - aws_r53_enable_cert = var.aws_r53_enable_cert + aws_r53_domain_name = var.aws_r53_domain_name + aws_r53_sub_domain_name = var.aws_r53_sub_domain_name + aws_r53_root_domain_deploy = var.aws_r53_root_domain_deploy + aws_r53_enable_cert = var.aws_r53_enable_cert # ELB - aws_elb_dns_name = module.aws_ecs[0].load_balancer_dns - aws_elb_zone_id = module.aws_ecs[0].load_balancer_zone_id + aws_elb_dns_name = module.aws_ecs[0].load_balancer_dns + aws_elb_zone_id = module.aws_ecs[0].load_balancer_zone_id # Certs aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" # Others - fqdn_provided = local.fqdn_provided - depends_on = [ module.aws_certificates ] + fqdn_provided = local.fqdn_provided + depends_on = [module.aws_certificates] providers = { aws = aws.r53 } } module "aws_waf_ecs" { - source = "../modules/aws/waf" - count = var.aws_waf_enable && var.aws_ecs_enable && ( var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition ) ? 1 : 0 + source = "../modules/aws/waf" + count = var.aws_waf_enable && var.aws_ecs_enable && (var.aws_ecs_container_port != "" || var.aws_ecs_task_ignore_definition) ? 1 : 0 aws_waf_enable = var.aws_waf_enable aws_waf_logging_enable = var.aws_waf_logging_enable aws_waf_log_retention_days = var.aws_waf_log_retention_days @@ -573,7 +573,7 @@ module "aws_waf_ecs" { # Incoming aws_lb_resource_arn = module.aws_ecs[0].load_balancer_arn # Others - depends_on = [ module.aws_ecs ] + depends_on = [module.aws_ecs] providers = { aws = aws.waf } @@ -607,7 +607,7 @@ module "aws_ecr" { aws_ecr_public_repo_catalog = var.aws_ecr_public_repo_catalog aws_ecr_registry_policy_input = var.aws_ecr_registry_policy_input # Others - aws_resource_identifier = var.aws_resource_identifier + aws_resource_identifier = var.aws_resource_identifier providers = { aws = aws.ecr @@ -620,46 +620,48 @@ module "eks" { # EKS #aws_eks_create = var.aws_eks_create aws_eks_security_group_name_cluster = var.aws_eks_security_group_name_cluster - aws_eks_security_group_name_node = var.aws_eks_security_group_name_node - aws_eks_environment = var.aws_eks_environment - aws_eks_management_cidr = var.aws_eks_management_cidr - aws_eks_allowed_ports = var.aws_eks_allowed_ports - aws_eks_allowed_ports_cidr = var.aws_eks_allowed_ports_cidr - aws_eks_cluster_name = var.aws_eks_cluster_name - aws_eks_cluster_admin_role_arn = var.aws_eks_cluster_admin_role_arn - aws_eks_cluster_log_types = var.aws_eks_cluster_log_types - aws_eks_cluster_log_retention_days = var.aws_eks_cluster_log_retention_days - aws_eks_cluster_log_skip_destroy = var.aws_eks_cluster_log_skip_destroy - aws_eks_cluster_version = var.aws_eks_cluster_version - aws_eks_instance_type = var.aws_eks_instance_type - aws_eks_instance_ami_id = var.aws_eks_instance_ami_id - aws_eks_instance_ami_type = var.aws_eks_instance_ami_type - aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file - aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair - aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm - aws_eks_desired_capacity = var.aws_eks_desired_capacity - aws_eks_max_size = var.aws_eks_max_size - aws_eks_min_size = var.aws_eks_min_size + aws_eks_security_group_name_node = var.aws_eks_security_group_name_node + aws_eks_environment = var.aws_eks_environment + aws_eks_management_cidr = var.aws_eks_management_cidr + aws_eks_allowed_ports = var.aws_eks_allowed_ports + aws_eks_allowed_ports_cidr = var.aws_eks_allowed_ports_cidr + aws_eks_cluster_name = var.aws_eks_cluster_name + aws_eks_cluster_admin_role_arn = var.aws_eks_cluster_admin_role_arn + aws_eks_cluster_log_types = var.aws_eks_cluster_log_types + aws_eks_cluster_log_retention_days = var.aws_eks_cluster_log_retention_days + aws_eks_cluster_log_skip_destroy = var.aws_eks_cluster_log_skip_destroy + aws_eks_cluster_version = var.aws_eks_cluster_version + aws_eks_create_bk_node_group = var.aws_eks_create_bk_node_group + aws_eks_instance_type = var.aws_eks_instance_type + aws_eks_instance_ami_type = var.aws_eks_instance_ami_type + aws_eks_instance_type_bk = var.aws_eks_instance_type_bk != "" ? var.aws_eks_instance_type_bk : var.aws_eks_instance_type + aws_eks_instance_ami_type_bk = var.aws_eks_instance_ami_type_bk != "" ? var.aws_eks_instance_ami_type_bk : var.aws_eks_instance_ami_type + aws_eks_instance_user_data_file = var.aws_eks_instance_user_data_file + aws_eks_ec2_key_pair = var.aws_eks_ec2_key_pair + aws_eks_store_keypair_sm = var.aws_eks_store_keypair_sm + aws_eks_desired_capacity = var.aws_eks_desired_capacity + aws_eks_max_size = var.aws_eks_max_size + aws_eks_min_size = var.aws_eks_min_size # Others - aws_selected_vpc_id = module.vpc.aws_selected_vpc_id - aws_resource_identifier = var.aws_resource_identifier + aws_selected_vpc_id = module.vpc.aws_selected_vpc_id + aws_resource_identifier = var.aws_resource_identifier providers = { - aws = aws.eks + aws = aws.eks kubernetes = kubernetes.eks } - depends_on = [ module.vpc ] + depends_on = [module.vpc] } module "ansible" { - source = "../modules/aws/ansible" - count = var.ansible_skip ? 0 : var.aws_ec2_instance_create ? 1 : 0 - aws_ec2_instance_ip = var.ansible_ssh_to_private_ip ? module.ec2[0].instance_private_ip : ( module.ec2[0].instance_public_ip != "" ? module.ec2[0].instance_public_ip : module.ec2[0].instance_private_ip ) - ansible_start_docker_timeout = var.ansible_start_docker_timeout - aws_efs_enable = var.aws_efs_enable - app_repo_name = var.app_repo_name - app_install_root = var.app_install_root - aws_resource_identifier = var.aws_resource_identifier - docker_remove_orphans = var.docker_remove_orphans + source = "../modules/aws/ansible" + count = var.ansible_skip ? 0 : var.aws_ec2_instance_create ? 1 : 0 + aws_ec2_instance_ip = var.ansible_ssh_to_private_ip ? module.ec2[0].instance_private_ip : (module.ec2[0].instance_public_ip != "" ? module.ec2[0].instance_public_ip : module.ec2[0].instance_private_ip) + ansible_start_docker_timeout = var.ansible_start_docker_timeout + aws_efs_enable = var.aws_efs_enable + app_repo_name = var.app_repo_name + app_install_root = var.app_install_root + aws_resource_identifier = var.aws_resource_identifier + docker_remove_orphans = var.docker_remove_orphans # Cloudwatch docker_cloudwatch_enable = var.docker_cloudwatch_enable docker_cloudwatch_lg_name = var.docker_cloudwatch_lg_name != "" ? var.docker_cloudwatch_lg_name : "${var.aws_resource_identifier}-docker-logs" @@ -671,7 +673,7 @@ module "ansible" { docker_efs_mount_target = var.docker_efs_mount_target aws_efs_fs_id = var.aws_efs_enable ? local.create_efs ? module.efs[0].aws_efs_fs_id : var.aws_efs_fs_id : null # Data inputs - private_key_filename = module.ec2[0].private_key_filename + private_key_filename = module.ec2[0].private_key_filename # Dependencies depends_on = [module.ec2] } @@ -689,20 +691,20 @@ locals { } default_tags = merge(local.aws_tags, jsondecode(var.aws_additional_tags)) # Module tagging - ec2_tags = merge(local.default_tags,jsondecode(var.aws_ec2_additional_tags)) - r53_tags = merge(local.default_tags,jsondecode(var.aws_r53_additional_tags)) - elb_tags = merge(local.default_tags,jsondecode(var.aws_elb_additional_tags)) - efs_tags = merge(local.default_tags,jsondecode(var.aws_efs_additional_tags)) - vpc_tags = var.aws_eks_create ? local.vpc_eks_tags : merge(local.default_tags,jsondecode(var.aws_vpc_additional_tags)) - vpc_eks_tags = merge(local.default_tags,jsondecode(var.aws_vpc_additional_tags),local.eks_vpc_tags) - eks_tags = merge(local.default_tags,jsondecode(var.aws_eks_additional_tags)) - rds_tags = merge(local.default_tags,jsondecode(var.aws_rds_db_additional_tags)) - ecs_tags = merge(local.default_tags,jsondecode(var.aws_ecs_additional_tags)) - aurora_tags = merge(local.default_tags,jsondecode(var.aws_aurora_additional_tags)) - ecr_tags = merge(local.default_tags,jsondecode(var.aws_ecr_additional_tags)) - db_proxy_tags = merge(local.default_tags,jsondecode(var.aws_db_proxy_additional_tags)) - redis_tags = merge(local.default_tags,jsondecode(var.aws_redis_additional_tags)) - waf_tags = merge(local.default_tags,jsondecode(var.aws_waf_additional_tags)) + ec2_tags = merge(local.default_tags, jsondecode(var.aws_ec2_additional_tags)) + r53_tags = merge(local.default_tags, jsondecode(var.aws_r53_additional_tags)) + elb_tags = merge(local.default_tags, jsondecode(var.aws_elb_additional_tags)) + efs_tags = merge(local.default_tags, jsondecode(var.aws_efs_additional_tags)) + vpc_tags = var.aws_eks_create ? local.vpc_eks_tags : merge(local.default_tags, jsondecode(var.aws_vpc_additional_tags)) + vpc_eks_tags = merge(local.default_tags, jsondecode(var.aws_vpc_additional_tags), local.eks_vpc_tags) + eks_tags = merge(local.default_tags, jsondecode(var.aws_eks_additional_tags)) + rds_tags = merge(local.default_tags, jsondecode(var.aws_rds_db_additional_tags)) + ecs_tags = merge(local.default_tags, jsondecode(var.aws_ecs_additional_tags)) + aurora_tags = merge(local.default_tags, jsondecode(var.aws_aurora_additional_tags)) + ecr_tags = merge(local.default_tags, jsondecode(var.aws_ecr_additional_tags)) + db_proxy_tags = merge(local.default_tags, jsondecode(var.aws_db_proxy_additional_tags)) + redis_tags = merge(local.default_tags, jsondecode(var.aws_redis_additional_tags)) + waf_tags = merge(local.default_tags, jsondecode(var.aws_waf_additional_tags)) eks_vpc_tags = { // This is needed for k8s to use VPC resources @@ -719,10 +721,10 @@ locals { false ) create_efs = var.aws_efs_create == true ? true : (var.aws_efs_create_ha == true ? true : false) - ec2_public_endpoint = var.aws_ec2_instance_create ? ( module.ec2[0].instance_public_dns != null ? module.ec2[0].instance_public_dns : module.ec2[0].instance_public_ip ) : null - ec2_private_endpoint = var.aws_ec2_instance_create ? ( module.ec2[0].instance_private_dns != null ? module.ec2[0].instance_private_dns : module.ec2[0].instance_private_ip ) : null - ec2_endpoint = var.aws_ec2_instance_create ? ( local.ec2_public_endpoint != null ? "http://${local.ec2_public_endpoint}" : "http://${local.ec2_private_endpoint}" ) : null - elb_url = try(module.aws_elb[0].aws_elb_dns_name,null ) != null ? "http://${module.aws_elb[0].aws_elb_dns_name}" : null + ec2_public_endpoint = var.aws_ec2_instance_create ? (module.ec2[0].instance_public_dns != null ? module.ec2[0].instance_public_dns : module.ec2[0].instance_public_ip) : null + ec2_private_endpoint = var.aws_ec2_instance_create ? (module.ec2[0].instance_private_dns != null ? module.ec2[0].instance_private_dns : module.ec2[0].instance_private_ip) : null + ec2_endpoint = var.aws_ec2_instance_create ? (local.ec2_public_endpoint != null ? "http://${local.ec2_public_endpoint}" : "http://${local.ec2_private_endpoint}") : null + elb_url = try(module.aws_elb[0].aws_elb_dns_name, null) != null ? "http://${module.aws_elb[0].aws_elb_dns_name}" : null } # VPC @@ -737,22 +739,22 @@ output "aws_vpc_prefered_az" { # EC2 output "instance_public_dns" { description = "Public DNS address of the EC2 instance" - value = try(module.ec2[0].instance_public_dns,null) + value = try(module.ec2[0].instance_public_dns, null) } output "instance_public_ip" { description = "Public IP address of the EC2 instance" - value = try(module.ec2[0].instance_public_ip,null) + value = try(module.ec2[0].instance_public_ip, null) } output "instance_private_dns" { description = "Public DNS address of the EC2 instance" - value = try(module.ec2[0].instance_private_dns,null) + value = try(module.ec2[0].instance_private_dns, null) } output "instance_private_ip" { description = "Private IP address of the EC2 instance" - value = try(module.ec2[0].instance_private_ip,null) + value = try(module.ec2[0].instance_private_ip, null) } output "instance_endpoint" { @@ -762,138 +764,138 @@ output "instance_endpoint" { output "ec2_sg_id" { description = "SG ID for the EC2 instance" - value = try(module.ec2[0].aws_security_group_ec2_sg_id,null) + value = try(module.ec2[0].aws_security_group_ec2_sg_id, null) } output "aws_elb_dns_name" { description = "Public DNS address of the LB" - value = try(module.aws_elb[0].aws_elb_dns_name,null) + value = try(module.aws_elb[0].aws_elb_dns_name, null) } output "application_public_dns" { description = "Public DNS address for the application or load balancer public DNS" - value = try(module.aws_route53[0].vm_url,null) + value = try(module.aws_route53[0].vm_url, null) } output "vm_url" { - value = try(module.aws_route53[0].vm_url,local.elb_url) + value = try(module.aws_route53[0].vm_url, local.elb_url) } # EFS output "aws_efs_fs_id" { - value = try(module.efs[0].aws_efs_fs_id,null) + value = try(module.efs[0].aws_efs_fs_id, null) } output "aws_efs_replica_fs_id" { - value = try(module.efs[0].aws_efs_replica_fs_id,null) + value = try(module.efs[0].aws_efs_replica_fs_id, null) } output "aws_efs_sg_id" { - value = try(module.efs[0].aws_efs_sg_id,null) + value = try(module.efs[0].aws_efs_sg_id, null) } # Aurora output "aurora_db_endpoint" { - value = try(module.aurora_rds[0].aurora_db_endpoint,null) + value = try(module.aurora_rds[0].aurora_db_endpoint, null) } output "aurora_db_secret_details_name" { - value = try(module.aurora_rds[0].aurora_secret_name,null) + value = try(module.aurora_rds[0].aurora_secret_name, null) } output "aurora_db_sg_id" { - value = try(module.aurora_rds[0].aurora_sg_id,null) + value = try(module.aurora_rds[0].aurora_sg_id, null) } # Aurora Proxy output "aurora_proxy_endpoint" { - value = try(module.db_proxy_aurora[0].db_proxy_endpoint,null) + value = try(module.db_proxy_aurora[0].db_proxy_endpoint, null) } output "aurora_proxy_secret_name" { - value = try(module.db_proxy_aurora[0].db_proxy_secret_name,null) + value = try(module.db_proxy_aurora[0].db_proxy_secret_name, null) } output "aurora_proxy_sg_id" { - value = try(module.db_proxy_aurora[0].db_proxy_sg_id,null) + value = try(module.db_proxy_aurora[0].db_proxy_sg_id, null) } # RDS output "db_endpoint" { - value = try(module.rds[0].db_endpoint,null) + value = try(module.rds[0].db_endpoint, null) } output "db_secret_details_name" { - value = try(module.rds[0].db_secret_name,null) + value = try(module.rds[0].db_secret_name, null) } output "db_sg_id" { - value = try(module.rds[0].db_sg_id,null) + value = try(module.rds[0].db_sg_id, null) } # RDS Proxy output "db_proxy_rds_endpoint" { - value = try(module.db_proxy_rds[0].db_proxy_endpoint,null) + value = try(module.db_proxy_rds[0].db_proxy_endpoint, null) } output "db_proxy_secret_name_rds" { - value = try(module.db_proxy_rds[0].db_proxy_secret_name,null) + value = try(module.db_proxy_rds[0].db_proxy_secret_name, null) } output "db_proxy_sg_id_rds" { - value = try(module.db_proxy_rds[0].db_proxy_sg_id,null) + value = try(module.db_proxy_rds[0].db_proxy_sg_id, null) } # Proxy output "db_proxy_endpoint" { - value = try(module.db_proxy[0].db_proxy_endpoint,null) + value = try(module.db_proxy[0].db_proxy_endpoint, null) } output "db_proxy_secret_name" { - value = try(module.db_proxy[0].db_proxy_secret_name,null) + value = try(module.db_proxy[0].db_proxy_secret_name, null) } output "db_proxy_sg_id" { - value = try(module.db_proxy[0].db_proxy_sg_id,null) + value = try(module.db_proxy[0].db_proxy_sg_id, null) } # ECS output "ecs_dns_record" { - value = try(module.aws_route53_ecs[0].vm_url,null) + value = try(module.aws_route53_ecs[0].vm_url, null) } output "ecs_load_balancer_dns" { - value = try(module.aws_ecs[0].load_balancer_dns,null) + value = try(module.aws_ecs[0].load_balancer_dns, null) } output "ecs_sg_id" { - value = try(module.aws_ecs[0].ecs_sg.id,null) + value = try(module.aws_ecs[0].ecs_sg.id, null) } output "ecs_lb_sg_id" { - value = try(module.aws_ecs[0].ecs_lb_sg.id,null) + value = try(module.aws_ecs[0].ecs_lb_sg.id, null) } # Redis output "redis_secret_name" { - value = try(module.redis[0].redis_secret_name,null) + value = try(module.redis[0].redis_secret_name, null) } output "redis_endpoint" { - value = try(module.redis[0].redis_endpoint,null) + value = try(module.redis[0].redis_endpoint, null) } output "redis_connection_string_secret" { - value = try(module.redis[0].redis_connection_string_secret,null) + value = try(module.redis[0].redis_connection_string_secret, null) } output "redis_sg_id" { - value = try(module.redis[0].redis_sg_id,null) + value = try(module.redis[0].redis_sg_id, null) } # ECR output "ecr_repository_arn" { - value = try(module.aws_ecr[0].repository_arn,null) + value = try(module.aws_ecr[0].repository_arn, null) } output "ecr_repository_url" { - value = try(module.aws_ecr[0].repository_url,null) + value = try(module.aws_ecr[0].repository_url, null) } # EKS output "eks_cluster_name" { - value = try(module.eks[0].aws_eks_cluster_name,null) + value = try(module.eks[0].aws_eks_cluster_name, null) } output "eks_cluster_role_arn" { - value = try(module.eks[0].aws_eks_cluster_role_arn,null) + value = try(module.eks[0].aws_eks_cluster_role_arn, null) } \ No newline at end of file diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 5813d4d09..1e7f10c46 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -94,6 +94,48 @@ resource "aws_eks_node_group" "node_nodes" { } } +resource "aws_eks_node_group" "bk_node_nodes" { + count = var.aws_eks_create_bk_node_group ? 1 : 0 + cluster_name = aws_eks_cluster.main.name + node_group_name = "${var.aws_resource_identifier}-bk" + node_role_arn = aws_iam_role.iam_role_node.arn + subnet_ids = data.aws_subnets.private.ids + + scaling_config { + desired_size = var.aws_eks_desired_capacity + max_size = var.aws_eks_max_size + min_size = var.aws_eks_min_size + } + + update_config { + max_unavailable = 1 + } + + ami_type = var.aws_eks_instance_ami_type_bk + instance_types = [var.aws_eks_instance_type_bk] + + remote_access { + ec2_ssh_key = var.aws_eks_ec2_key_pair != "" ? var.aws_eks_ec2_key_pair : aws_key_pair.aws_key[0].id + } + + depends_on = [ + aws_iam_role.iam_role_node, + aws_iam_role.iam_role_cluster, + aws_eks_cluster.main, + aws_security_group.eks_security_group_cluster, + aws_security_group.eks_security_group_node + ] + tags = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + tags_all = { + "Name" = "${aws_eks_cluster.main.name}-node-bk" + } + lifecycle { + ignore_changes = all + } +} + data "aws_caller_identity" "current" {} locals { diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf index 338c81019..0c4ae5832 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_vars.tf @@ -10,9 +10,11 @@ variable "aws_eks_cluster_log_types" {} variable "aws_eks_cluster_log_retention_days" {} variable "aws_eks_cluster_log_skip_destroy" {} variable "aws_eks_cluster_version" {} +variable "aws_eks_create_bk_node_group" {} variable "aws_eks_instance_type" {} -variable "aws_eks_instance_ami_id" {} variable "aws_eks_instance_ami_type" {} +variable "aws_eks_instance_type_bk" {} +variable "aws_eks_instance_ami_type_bk" {} variable "aws_eks_instance_user_data_file" {} variable "aws_eks_ec2_key_pair" {} variable "aws_eks_store_keypair_sm" {} From ee48955ac08d07c227d05fccfd4e9dd4fad3f926 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 19 Dec 2025 11:41:34 -0300 Subject: [PATCH 07/20] Missing var declaration in action --- action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yaml b/action.yaml index 06103aa28..3f00cde26 100644 --- a/action.yaml +++ b/action.yaml @@ -1584,6 +1584,7 @@ runs: AWS_EKS_CLUSTER_LOG_RETENTION_DAYS: ${{ inputs.aws_eks_cluster_log_retention_days }} AWS_EKS_CLUSTER_LOG_SKIP_DESTROY: ${{ inputs.aws_eks_cluster_log_skip_destroy }} AWS_EKS_CLUSTER_VERSION: ${{ inputs.aws_eks_cluster_version }} + AWS_EKS_CREATE_BK_NODE_GROUP: ${{ inputs.aws_eks_create_bk_node_group }} AWS_EKS_INSTANCE_TYPE: ${{ inputs.aws_eks_instance_type }} AWS_EKS_INSTANCE_AMI_TYPE: ${{ inputs.aws_eks_instance_ami_type }} AWS_EKS_INSTANCE_TYPE_BK: ${{ inputs.aws_eks_instance_type_bk }} From 596a809e23fb51063f68857c9027cc5f0ff2c6f6 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Mon, 22 Dec 2025 12:15:18 -0300 Subject: [PATCH 08/20] Adding node-group aws_auth dependency --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 1e7f10c46..53e01b561 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -179,7 +179,7 @@ resource "kubernetes_config_map" "aws_auth" { } lifecycle { - replace_triggered_by = [terraform_data.replacement] + replace_triggered_by = [terraform_data.replacement,aws_eks_node_group.node_nodes] } } From 2750c09bc2c1140b3d7b13540c21bafbc874b7ef Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Mon, 22 Dec 2025 14:47:03 -0300 Subject: [PATCH 09/20] Bump version string --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 53e01b561..6b7e70b61 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -11,7 +11,7 @@ resource "aws_cloudwatch_log_group" "eks" { resource "aws_eks_cluster" "main" { name = var.aws_eks_cluster_name # Cluster name is defined during the code-generation phase - version = var.aws_eks_cluster_version + version = "${var.aws_eks_cluster_version}" role_arn = aws_iam_role.iam_role_cluster.arn vpc_config { security_group_ids = [aws_security_group.eks_security_group_cluster.id] From ea34559b8572ba3ec361046ff3e5371849442e6a Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Mon, 22 Dec 2025 15:04:14 -0300 Subject: [PATCH 10/20] string version --- operations/deployment/terraform/aws/aws_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 0759a4441..1b467746e 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1822,7 +1822,7 @@ variable "aws_eks_cluster_log_skip_destroy" { variable "aws_eks_cluster_version" { description = "enter the kubernetes version" - type = number + type = string default = 1.28 } From 696f924b0e868c63843c8155fd69ed8eee1a6d45 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Tue, 23 Dec 2025 10:22:00 -0300 Subject: [PATCH 11/20] Create before destoy node-group --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 6b7e70b61..aa8b99d56 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -92,6 +92,9 @@ resource "aws_eks_node_group" "node_nodes" { tags_all = { "Name" = "${aws_eks_cluster.main.name}-node" } + lifecycle { + create_before_destroy = true + } } resource "aws_eks_node_group" "bk_node_nodes" { @@ -179,7 +182,7 @@ resource "kubernetes_config_map" "aws_auth" { } lifecycle { - replace_triggered_by = [terraform_data.replacement,aws_eks_node_group.node_nodes] + replace_triggered_by = [terraform_data.replacement] } } From e151a45feeade68d379b01a7164d1e2a3bab85e7 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 15 Jan 2026 10:27:29 -0300 Subject: [PATCH 12/20] Add API_AND_CONFIG_MAP --- .../terraform/modules/aws/eks/aws_eks_cluster.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 9f62436c2..47b8517c7 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -13,6 +13,14 @@ resource "aws_eks_cluster" "main" { name = var.aws_eks_cluster_name # Cluster name is defined during the code-generation phase version = var.aws_eks_cluster_version role_arn = aws_iam_role.iam_role_cluster.arn + + access_config { + #authentication_mode = var.aws_eks_cluster_authentication_mode + #bootstrap_cluster_creator_admin_permissions = var.aws_eks_bootstrap_cluster_creator_admin_permissions + authentication_mode = "API_AND_CONFIG_MAP" + bootstrap_cluster_creator_admin_permissions = true + } + vpc_config { security_group_ids = [aws_security_group.eks_security_group_cluster.id] subnet_ids = data.aws_subnets.public.ids From a5618555e90b1f26c62614a56a387fcfcd82d732 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Thu, 15 Jan 2026 11:09:50 -0300 Subject: [PATCH 13/20] configmap --- .../modules/aws/eks/aws_eks_cluster.tf | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 47b8517c7..c7ee71383 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -177,22 +177,22 @@ resource "terraform_data" "replacement" { input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) } -resource "kubernetes_config_map" "aws_auth" { - metadata { - name = "aws-auth" - namespace = "kube-system" - } - - data = { - mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) - #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) - mapAccounts = "${data.aws_caller_identity.current.account_id}" - } - - lifecycle { - replace_triggered_by = [terraform_data.replacement] - } -} +#resource "kubernetes_config_map" "aws_auth" { +# metadata { +# name = "aws-auth" +# namespace = "kube-system" +# } +# +# data = { +# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) +# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) +# mapAccounts = "${data.aws_caller_identity.current.account_id}" +# } +# +# lifecycle { +# replace_triggered_by = [terraform_data.replacement] +# } +#} output "eks_kubernetes_provider_config" { value = { From b276b2c8a2c459f15cbd8ebbe70215712c78211c Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 08:06:21 -0300 Subject: [PATCH 14/20] configmap restore --- .../modules/aws/eks/aws_eks_cluster.tf | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index c7ee71383..47b8517c7 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -177,22 +177,22 @@ resource "terraform_data" "replacement" { input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) } -#resource "kubernetes_config_map" "aws_auth" { -# metadata { -# name = "aws-auth" -# namespace = "kube-system" -# } -# -# data = { -# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) -# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) -# mapAccounts = "${data.aws_caller_identity.current.account_id}" -# } -# -# lifecycle { -# replace_triggered_by = [terraform_data.replacement] -# } -#} +resource "kubernetes_config_map" "aws_auth" { + metadata { + name = "aws-auth" + namespace = "kube-system" + } + + data = { + mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) + #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) + mapAccounts = "${data.aws_caller_identity.current.account_id}" + } + + lifecycle { + replace_triggered_by = [terraform_data.replacement] + } +} output "eks_kubernetes_provider_config" { value = { From 555a19da507516a72c13ce1fdb012b38be5c90b4 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 09:07:31 -0300 Subject: [PATCH 15/20] remove replace-trigger --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 47b8517c7..628ba9f0b 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -189,9 +189,9 @@ resource "kubernetes_config_map" "aws_auth" { mapAccounts = "${data.aws_caller_identity.current.account_id}" } - lifecycle { - replace_triggered_by = [terraform_data.replacement] - } + #lifecycle { + # replace_triggered_by = [terraform_data.replacement] + #} } output "eks_kubernetes_provider_config" { From 73950be982e2ef328a72775b40dced38359ed703 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 09:26:57 -0300 Subject: [PATCH 16/20] Rollback config_map --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 628ba9f0b..47b8517c7 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -189,9 +189,9 @@ resource "kubernetes_config_map" "aws_auth" { mapAccounts = "${data.aws_caller_identity.current.account_id}" } - #lifecycle { - # replace_triggered_by = [terraform_data.replacement] - #} + lifecycle { + replace_triggered_by = [terraform_data.replacement] + } } output "eks_kubernetes_provider_config" { From 638ee143994a8c8b0554b6dbf8f5aed7a3f8e7e5 Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 10:41:02 -0300 Subject: [PATCH 17/20] ignore-changes --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 47b8517c7..bc44175e5 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -15,8 +15,8 @@ resource "aws_eks_cluster" "main" { role_arn = aws_iam_role.iam_role_cluster.arn access_config { - #authentication_mode = var.aws_eks_cluster_authentication_mode - #bootstrap_cluster_creator_admin_permissions = var.aws_eks_bootstrap_cluster_creator_admin_permissions + #authentication_mode = var.aws_eks_cluster_authentication_mode + #bootstrap_cluster_creator_admin_permissions = var.aws_eks_bootstrap_cluster_creator_admin_permissions authentication_mode = "API_AND_CONFIG_MAP" bootstrap_cluster_creator_admin_permissions = true } @@ -191,6 +191,7 @@ resource "kubernetes_config_map" "aws_auth" { lifecycle { replace_triggered_by = [terraform_data.replacement] + ignore_changes = [all] } } From 0d391736f178b581783eddfd6868ca2d148e1f1d Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 10:44:03 -0300 Subject: [PATCH 18/20] ignore map --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index bc44175e5..1ac5b924f 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -190,8 +190,8 @@ resource "kubernetes_config_map" "aws_auth" { } lifecycle { - replace_triggered_by = [terraform_data.replacement] - ignore_changes = [all] + #replace_triggered_by = [terraform_data.replacement] + ignore_changes = [*] } } From ae9b91435e20e550db6445d9d41b437a34eb498e Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 10:45:35 -0300 Subject: [PATCH 19/20] all --- .../deployment/terraform/modules/aws/eks/aws_eks_cluster.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 1ac5b924f..0d4d6f4a2 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -191,7 +191,7 @@ resource "kubernetes_config_map" "aws_auth" { lifecycle { #replace_triggered_by = [terraform_data.replacement] - ignore_changes = [*] + ignore_changes = [all] } } From fc41589f665679ad117ade0a17a7e5e255651f3b Mon Sep 17 00:00:00 2001 From: LeoDiazL Date: Fri, 16 Jan 2026 11:00:29 -0300 Subject: [PATCH 20/20] Comment out block --- .../modules/aws/eks/aws_eks_cluster.tf | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf index 0d4d6f4a2..4786d6ba4 100644 --- a/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf +++ b/operations/deployment/terraform/modules/aws/eks/aws_eks_cluster.tf @@ -173,27 +173,27 @@ locals { } -resource "terraform_data" "replacement" { - input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) -} - -resource "kubernetes_config_map" "aws_auth" { - metadata { - name = "aws-auth" - namespace = "kube-system" - } - - data = { - mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) - #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) - mapAccounts = "${data.aws_caller_identity.current.account_id}" - } - - lifecycle { - #replace_triggered_by = [terraform_data.replacement] - ignore_changes = [all] - } -} +#resource "terraform_data" "replacement" { +# input = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) +#} +# +#resource "kubernetes_config_map" "aws_auth" { +# metadata { +# name = "aws-auth" +# namespace = "kube-system" +# } +# +# data = { +# mapRoles = yamlencode(distinct(concat(local.cluster_admin_roles, local.map_worker_roles))) +# #mapUsers = replace(yamlencode(var.map_additional_iam_users), "\"", local.yaml_quote) +# mapAccounts = "${data.aws_caller_identity.current.account_id}" +# } +# +# lifecycle { +# #replace_triggered_by = [terraform_data.replacement] +# ignore_changes = [*] +# } +#} output "eks_kubernetes_provider_config" { value = {