Merge pull request #10 from souza-dan/security-group-refactor

DEV-14582 - Security group refactor

Author: souza-dan

.gitignore

@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+.terraform.lock.hcl
 
 # Crash log files
 crash.log

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Tamr Terraform AWS Elasticsearch Repo
 
+## v2.0.0 - October 13th 2020
+* New input variables for the main module:
+    * `security_group_ids`
+* Removed input variables from the main module:
+  * `ingress_cidr_blocks`
+  * `ingress_security_groups`
+  * `egress_cidr_blocks`
+  * `egress_security_groups`
+  * `ports`
+  * `security_group_tags`
+  * `sg_name`
+* Outputs changed in main module
+  * `es_security_group_id` -> `es_security_group_ids`
+* Removes the security groups module
+* Adds a new ports module
+* Updates example with security group creation and new variable `name-prefix`
+
 ## v1.0.1 - April 13th 2021
 * Fixes a deprecation warning about interpolation-only expressions
 

README.md

@@ -2,15 +2,6 @@
 This terraform module creates an Elasticsearch (ES) domain on AWS.
 
 # Examples
-## Basic
-Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
-```
-module "tamr-es-cluster" {
-  source     = "git::https://github.com/Datatamer/terraform-aws-es?ref=1.0.1"
-  vpc_id     = "vpc-id"
-  subnet_ids = ["subnet-id"]
-}
-```
 ## Minimal
 Smallest complete fully working example. This example might require extra resources to run the example.
 - [Minimal](https://github.com/Datatamer/terraform-aws-es/tree/master/examples/minimal)
@@ -19,7 +10,6 @@ Smallest complete fully working example. This example might require extra resour
 This module creates:
 * a new Elasticsearch domain in AWS
 * optionally, a new IAM service linked role for ES on the AWS account
-* a security group to attach to the ES domain, with HTTP and/or HTTPS enabled
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -70,7 +60,7 @@ No provider.
 
 | Name | Description |
 |------|-------------|
-| es\_security\_group\_id | ID of the security group created |
+| es\_security\_group\_ids | List of security group IDs of the security groups used by ES |
 | tamr\_es\_domain\_endpoint | Endpoint of ES domain created |
 | tamr\_es\_domain\_id | ID of the ES domain created |
 

VERSION

@@ -1 +1 @@
-1.0.1
+2.0.0

examples/minimal/README.md

@@ -11,7 +11,9 @@ No requirements.
 
 ## Inputs
 
-No input.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| name-prefix | A string to prepend to names of resources created by this example | `any` | n/a | yes |
 
 ## Outputs
 

examples/minimal/main.tf

@@ -7,11 +7,30 @@ resource "aws_subnet" "es_subnet" {
   cidr_block = "1.2.3.0/24"
 }
 
+module "sg-ports" {
+  #source = "git::https://github.com/Datatamer/terraform-aws-es.git//modules/es-ports?ref=2.0.0"
+  source = "../../modules/es-ports"
+}
+
+module "aws-sg" {
+  source = "git::[email protected]:Datatamer/terraform-aws-security-groups.git?ref=0.1.0"
+  vpc_id = aws_vpc.es_vpc.id
+  ingress_cidr_blocks = [
+    "1.2.3.0/24"
+  ]
+  egress_cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  ingress_ports  = module.sg-ports.ingress_ports
+  sg_name_prefix = var.name-prefix
+}
+
 module "tamr-es-cluster" {
   source      = "../../"
   vpc_id      = aws_vpc.es_vpc.id
-  domain_name = "minimal-example-es-cluster"
+  domain_name = format("%s-elasticsearch", var.name-prefix)
   subnet_ids  = [aws_subnet.es_subnet.id]
   # Only needed once per account, so may need to set this to false
   create_new_service_role = true
+  security_group_ids      = module.aws-sg.security_group_ids
 }

examples/minimal/outputs.tf

@@ -9,7 +9,7 @@ output "tamr_es_domain_endpoint" {
 }
 
 output "es_security_group_id" {
-  value       = module.tamr-es-cluster.es_security_group_id
+  value       = module.tamr-es-cluster.es_security_group_ids
   description = "ID of the ES domain created"
 }
 

examples/minimal/variables.tf

@@ -0,0 +1,3 @@
+variable "name-prefix" {
+  description = "A string to prepend to names of resources created by this example"
+}

main.tf

@@ -5,7 +5,7 @@ module "tamr-es-cluster" {
   instance_count                  = var.instance_count
   instance_type                   = var.instance_type
   subnet_ids                      = var.subnet_ids
-  security_group_ids              = [module.elasticsearch-sg.es_security_group_id]
+  security_group_ids              = var.security_group_ids
   snapshot_start_hour             = var.snapshot_start_hour
   ebs_enabled                     = var.ebs_enabled
   ebs_iops                        = var.ebs_iops
@@ -20,15 +20,3 @@ module "tamr-es-cluster" {
   node_to_node_encryption_enabled = var.node_to_node_encryption_enabled
   arn_partition                   = var.arn_partition
 }
-
-module "elasticsearch-sg" {
-  source                  = "./modules/es-security-group"
-  sg_name                 = var.sg_name
-  vpc_id                  = var.vpc_id
-  revoke_rules_on_delete  = var.revoke_rules_on_delete
-  additional_tags         = var.sg_tags
-  ingress_cidr_blocks     = var.ingress_cidr_blocks
-  ingress_security_groups = var.ingress_security_groups
-  enable_https            = var.enable_https
-  enable_http             = var.enable_http
-}

modules/es-ports/README.md

@@ -0,0 +1,46 @@
+# Tamr AWS ES Ports Module
+This module returns a list of ports used by the Elasticsearch Service on AWS.
+
+# Examples
+## Basic
+Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
+```
+module "tamr-es-cluster" {
+  source = "git::https://github.com/Datatamer/terraform-aws-es//modules/es-ports?ref=2.0.0"
+}
+```
+
+# Resources Created
+This modules creates no resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No provider.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| additional\_ports | Additional ports to add to the output of this module | `list(number)` | `[]` | no |
+| ports | Ports used by the Elasticsearch | `list(number)` | <pre>[<br>  80,<br>  443<br>]</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ingress\_ports | List of ingress ports |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+# References
+This repo is based on:
+* [terraform standard module structure](https://www.terraform.io/docs/modules/index.html#standard-module-structure)
+* [templated terraform module](https://github.com/tmknom/template-terraform-module)
+
+# License
+Apache 2 Licensed. See LICENSE for full details.