adding module changes to use latest atc tools and added ebs options

F5Networks · Aug 28, 2023 · 28167d0 · 28167d0
1 parent d302822
commit 28167d0
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -215,8 +215,11 @@ These variables have default values and don't have to be set to use this module.
 | f5\_password | Password of the F5  BIG-IP that will be deployed | `string` | "" |
 | f5\_hostname | Custom management hostname. Defaults to managemet public dns | `string` | "" |
 | ec2_instance_type  | AWS EC2 instance type  | `string`  | m5.large  |
+| ebs_volume_encryption  | Whether to enable encryption on the EBS volume  | `bool`  | false  |
+| ebs_volume_kms_key_arn  | The ARN of the KMS key for volume encryption when using a customer managed key  | `string`  |      |
+| ebs_volume_type  | The EBS volume type to use for the root volume  | `string`  | gp2   |
 | f5_ami_search_name  | BIG-IP AMI name to search for  | `string`  | F5 BIGIP-*PAYG-Best 200Mbps*  |
-| aws_secretmanager_auth  | Whether to use key vault to pass authentication  | `bool`  | FALSE  |
+| aws_secretmanager_auth  | Whether to use key vault to pass authentication  | `bool`  | false  |
 | aws_secretmanager_secret_id  | AWS Secret Manager Secret ID that stores the BIG-IP password  | `string`  |   |
 | aws_iam_instance_profile  | AWS IAM instance profile that can be associate for BIGIP with required permissions  | `string`  |   |
 | DO_URL | URL to download the BIG-IP Declarative Onboarding module | `string` | `latest` Note: don't change name of ATC tools rpm file |
@@ -235,7 +238,7 @@ These variables have default values and don't have to be set to use this module.
 | tags | `key:value` tags to apply to resources built by the module | `map`  |   {}   |
 | externalnic_failover_tags | `key:value` tags to apply to external nic resources built by the module | `map`  |   {}   |
 | internalnic_failover_tags | `key:value` tags to apply to external nic resources built by the module | `map`  |   {}   |
-| cfe_secondary_vip_disable  | Disable Externnal Public IP Association to instance based on this flag (Usecase CFE Scenario) | `bool`  | FALSE  |
+| cfe_secondary_vip_disable  | Disable Externnal Public IP Association to instance based on this flag (Usecase CFE Scenario) | `bool`  | false  |
 | sleep_time | The number of seconds/minutes of delay to build into creation of BIG-IP VMs | `string` | 300s |
 
 ~> **NOTE:** For each external interface there will be one primary,secondary private ip will be assigned.
@@ -309,4 +312,4 @@ If you are signing as an individual, we recommend that you talk to your employer
 
 If your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.
 
-If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein. You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.
+If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein. You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.
diff --git a/main.tf b/main.tf
@@ -50,8 +50,7 @@ resource "aws_network_interface" "mgmt1" {
 resource "aws_eip" "mgmt" {
   count             = length(local.mgmt_public_subnet_id) > 0 ? (length(local.bigip_map["mgmt_subnet_ids"])) : 0
   network_interface = length(compact(local.mgmt_public_private_ip_primary)) > 0 ? aws_network_interface.mgmt[count.index].id : aws_network_interface.mgmt1[count.index].id
-  # vpc               = true
-  domain = "vpc"
+  domain            = "vpc"
   tags = merge(local.tags, {
     Name = format("%s-%d", "BIGIP-Managemt-PublicIp", count.index)
     }
@@ -62,9 +61,8 @@ resource "aws_eip" "mgmt" {
 # add an elastic IP to the BIG-IP External Public interface
 #
 resource "aws_eip" "ext-pub" {
-  count             = length(local.external_public_subnet_id)
-  network_interface = length(compact(local.external_public_private_ip_primary)) > 0 ? aws_network_interface.public[count.index].id : aws_network_interface.public1[count.index].id
-  # vpc                       = true
+  count                     = length(local.external_public_subnet_id)
+  network_interface         = length(compact(local.external_public_private_ip_primary)) > 0 ? aws_network_interface.public[count.index].id : aws_network_interface.public1[count.index].id
   domain                    = "vpc"
   associate_with_private_ip = length(compact(local.external_public_private_ip_primary)) > 0 ? aws_network_interface.public[count.index].private_ip : aws_network_interface.public1[count.index].private_ip
   tags = merge(local.tags, var.externalnic_failover_tags, {
@@ -80,8 +78,7 @@ resource "aws_eip" "ext-pub" {
 resource "aws_eip" "vip" {
   count = var.cfe_secondary_vip_disable ? 0 : (length(local.external_public_subnet_id) > 0 ? 1 : 0)
   # count                     = var.cfe_secondary_vip_disable ? 0 : (length(local.external_public_subnet_id) > 0 ? (length(compact(local.external_public_private_ip_secondary)) > 0 ? 1 : 0) : 0)
-  network_interface = length(compact(local.external_public_private_ip_primary)) > 0 ? aws_network_interface.public[0].id : aws_network_interface.public1[0].id
-  # vpc                       = true
+  network_interface         = length(compact(local.external_public_private_ip_primary)) > 0 ? aws_network_interface.public[0].id : aws_network_interface.public1[0].id
   domain                    = "vpc"
   associate_with_private_ip = length(compact(local.external_public_private_ip_primary)) > 0 ? element(compact([for x in tolist(aws_network_interface.public[0].private_ip_list) : x == aws_network_interface.public[0].private_ip ? "" : x]), 0) : element(compact([for x in tolist(aws_network_interface.public1[0].private_ip_list) : x == aws_network_interface.public1[0].private_ip ? "" : x]), 0)
   tags = merge(local.tags, var.externalnic_failover_tags, {
@@ -195,10 +192,12 @@ resource "aws_instance" "f5_bigip" {
   instance_type = var.ec2_instance_type
   ami           = data.aws_ami.f5_ami.id
   key_name      = var.ec2_key_name
-  # availability_zone = 
 
   root_block_device {
     delete_on_termination = true
+    encrypted             = var.ebs_volume_encryption
+    kms_key_id            = var.ebs_volume_kms_key_arn
+    volume_type           = var.ebs_volume_type
   }
 
   # set the mgmt interface

diff --git a/variables.tf b/variables.tf
@@ -37,6 +37,24 @@ variable "ec2_key_name" {
   type        = string
 }
 
+variable "ebs_volume_encryption" {
+  description = "Whether to enable encryption on the EBS volume"
+  type        = bool
+  default     = false
+}
+
+variable "ebs_volume_kms_key_arn" {
+  description = "The ARN of the KMS key for volume encryption when using a customer managed key"
+  type        = string
+  default     = null
+}
+
+variable "ebs_volume_type" {
+  description = "The EBS volume type to use for the root volume"
+  type        = string
+  default     = "gp2"
+}
+
 variable "aws_secretmanager_auth" {
   description = "Whether to use secret manager to pass authentication"
   type        = bool
@@ -117,14 +135,14 @@ variable "internal_securitygroup_ids" {
 variable "DO_URL" {
   description = "URL to download the BIG-IP Declarative Onboarding module"
   type        = string
-  default     = "https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.38.0/f5-declarative-onboarding-1.38.0-7.noarch.rpm"
+  default     = "https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.39.0/f5-declarative-onboarding-1.39.0-4.noarch.rpm"
 }
 ## Please check and update the latest AS3 URL from https://github.com/F5Networks/f5-appsvcs-extension/releases/latest 
 # always point to a specific version in order to avoid inadvertent configuration inconsistency
 variable "AS3_URL" {
   description = "URL to download the BIG-IP Application Service Extension 3 (AS3) module"
   type        = string
-  default     = "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.45.0/f5-appsvcs-3.45.0-5.noarch.rpm"
+  default     = "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.46.0/f5-appsvcs-3.46.0-5.noarch.rpm"
 }
 
 ## Please check and update the latest TS URL from https://github.com/F5Networks/f5-telemetry-streaming/releases/latest 
@@ -140,22 +158,22 @@ variable "TS_URL" {
 variable "CFE_URL" {
   description = "URL to download the BIG-IP Cloud Failover Extension module"
   type        = string
-  default     = "https://github.com/F5Networks/f5-cloud-failover-extension/releases/download/v1.14.0/f5-cloud-failover-1.14.0-0.noarch.rpm"
+  default     = "https://github.com/F5Networks/f5-cloud-failover-extension/releases/download/v1.15.0/f5-cloud-failover-1.15.0-0.noarch.rpm"
 }
 
 ## Please check and update the latest FAST URL from https://github.com/F5Networks/f5-appsvcs-templates/releases/latest 
 # always point to a specific version in order to avoid inadvertent configuration inconsistency
 variable "FAST_URL" {
   description = "URL to download the BIG-IP FAST module"
   type        = string
-  default     = "https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.24.0/f5-appsvcs-templates-1.24.0-1.noarch.rpm"
+  default     = "https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.25.0/f5-appsvcs-templates-1.25.0-1.noarch.rpm"
 }
 ## Please check and update the latest runtime init URL from https://github.com/F5Networks/f5-bigip-runtime-init/releases/latest
 # always point to a specific version in order to avoid inadvertent configuration inconsistency
 variable "INIT_URL" {
   description = "URL to download the BIG-IP runtime init"
   type        = string
-  default     = "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.6.1/dist/f5-bigip-runtime-init-1.6.1-1.gz.run"
+  default     = "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.6.2/dist/f5-bigip-runtime-init-1.6.2-1.gz.run"
 }
 variable "libs_dir" {
   description = "Directory on the BIG-IP to download the A&O Toolchain into"
@@ -202,4 +220,4 @@ variable "sleep_time" {
   type        = string
   default     = "600s"
   description = "The number of seconds/minutes of delay to build into creation of BIG-IP VMs; default is 250. BIG-IP requires a few minutes to complete the onboarding process and this value can be used to delay the processing of dependent Terraform resources."
-}
+}