From c279fe44f56e1b3400edb9ae7c890c3401933dd8 Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Wed, 14 Aug 2024 19:25:06 +0300 Subject: [PATCH 1/6] pexip infinity setup mvp --- aws/pexip/cloudflare.tf | 15 ++++ aws/pexip/ec2.tf | 72 +++++++++++++++++ aws/pexip/sg.tf | 169 ++++++++++++++++++++++++++++++++++++++++ aws/pexip/variables.tf | 96 +++++++++++++++++++++++ 4 files changed, 352 insertions(+) create mode 100644 aws/pexip/cloudflare.tf create mode 100644 aws/pexip/ec2.tf create mode 100644 aws/pexip/sg.tf create mode 100644 aws/pexip/variables.tf diff --git a/aws/pexip/cloudflare.tf b/aws/pexip/cloudflare.tf new file mode 100644 index 00000000..321cd3f6 --- /dev/null +++ b/aws/pexip/cloudflare.tf @@ -0,0 +1,15 @@ +resource "cloudflare_record" "pexip_conference" { + zone_id = var.cloudflare_zone_id + name = var.conference_cloudflare_record_name + value = aws_eip.pexip_conference_eip.public_ip + type = "A" + proxied = true +} + +resource "cloudflare_record" "pexip_management" { + zone_id = var.cloudflare_zone_id + name = var.management_cloudflare_record_name + value = aws_eip.pexip_management_eip.public_ip + type = "A" + proxied = true +} diff --git a/aws/pexip/ec2.tf b/aws/pexip/ec2.tf new file mode 100644 index 00000000..b664bed5 --- /dev/null +++ b/aws/pexip/ec2.tf @@ -0,0 +1,72 @@ +resource "aws_network_interface" "pexip_management" { + subnet_id = var.public_subnet_id + private_ips = var.management_private_ips + security_groups = [aws_security_group.pexip_management_sg.id] +} + +resource "aws_instance" "pexip_management" { + ami = var.initial_configuration ? var.official_pexip_management_ec2_ami : var.custom_management_ec2_ami + instance_type = var.management_ec2_type + key_name = var.initial_configuration ? var.ec2_key_pair : "" + + + network_interface { + network_interface_id = aws_network_interface.pexip_management.id + device_index = 0 + } + + tags = { + "Name" = "${var.name}-management" + } +} + +resource "aws_eip_association" "pexip_management" { + instance_id = aws_instance.pexip_management.id + allocation_id = aws_eip.pexip_management_eip.id +} + + +resource "aws_network_interface" "pexip_conference" { + subnet_id = var.public_subnet_id + private_ips = var.conference_private_ips + security_groups = [aws_security_group.pexip_conference_sg.id] +} + +resource "aws_instance" "pexip_conference" { + ami = var.initial_configuration ? var.official_pexip_conference_ec2_ami : var.custom_conference_ec2_ami + instance_type = var.conference_ec2_type + key_name = var.ec2_key_pair + + network_interface { + network_interface_id = aws_network_interface.pexip_conference.id + device_index = 0 + } + + tags = { + "Name" = "${var.name}-conference" + } +} + +resource "aws_eip_association" "pexip_conference" { + instance_id = aws_instance.pexip_conference.id + allocation_id = aws_eip.pexip_conference_eip.id +} + + + + +resource "aws_eip" "pexip_management_eip" { + tags = merge( + { + "Name" = "${var.name}-management-eip" + } + ) +} + +resource "aws_eip" "pexip_conference_eip" { + tags = merge( + { + "Name" = "${var.name}-conference-eip" + } + ) +} diff --git a/aws/pexip/sg.tf b/aws/pexip/sg.tf new file mode 100644 index 00000000..e2fcd90f --- /dev/null +++ b/aws/pexip/sg.tf @@ -0,0 +1,169 @@ +resource "aws_security_group" "pexip_conference_sg" { + name = "${var.name}-conference-sg" + description = "Security group for Pexip conferencing nodes" + vpc_id = var.vpc_id + + tags = merge( + { + "Name" = "${var.name}-conference-sg" + }, + ) + + ingress { + from_port = 1719 + to_port = 1719 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + description = "H.323 (RAS signaling)" + } + + ingress { + from_port = 5060 + to_port = 5060 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "SIP" + } + + ingress { + from_port = 40000 + to_port = 49999 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + description = "Endpoint / call control system / Skype for Business / Lync system / Connect app" + } + + ingress { + from_port = 33000 + to_port = 39999 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "H.323 (H.245 signaling)" + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "UI access" + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "UI access" + } + + ingress { + from_port = 1720 + to_port = 1720 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "H.323 (H.225/Q.931 signaling)" + } + + ingress { + from_port = 40000 + to_port = 49999 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Endpoint / call control system / Skype for Business / Lync system / Connect app" + } + + ingress { + from_port = 5061 + to_port = 5061 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "SIP/TLS" + } + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = var.vpn_ips + description = "VPN access" + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [for ip in var.management_private_ips : "${ip}/32"] + description = "Allow all access from management private IP" + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + description = "-" + } + + dynamic "ingress" { + for_each = var.initial_configuration ? [1] : [] + content { + from_port = 8443 + to_port = 8443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "upload configuration/bootstrap port" + } + } +} + +resource "aws_security_group" "pexip_management_sg" { + name = "${var.name}-management-sg" + description = "Security group for Pexip management nodes" + vpc_id = var.vpc_id + + tags = merge( + { + "Name" = "${var.name}-management-sg" + }, + ) + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "UI access" + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "UI access" + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = var.vpn_ips + description = "VPN access" + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [for ip in var.conference_private_ips : "${ip}/32"] + description = "Allow all access from conference private IP" + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + description = "-" + } +} diff --git a/aws/pexip/variables.tf b/aws/pexip/variables.tf new file mode 100644 index 00000000..063c2abc --- /dev/null +++ b/aws/pexip/variables.tf @@ -0,0 +1,96 @@ +variable "name" { + type = string + default = "pexip" +} + +variable "region" { + type = string + description = "The AWS region which will be used." +} + +variable "public_subnet_id" { + type = string + description = "A public subnet ID" +} + +variable "vpc_id" { + type = string + description = "The ID of the vpc for the security group of Pexip" +} + +variable "cloudflare_zone_id" { + type = string + description = "The Cloudflare zone ID provided" +} + +variable "conference_cloudflare_record_name" { + type = string + description = "The DNS name for the Pexip conference node" +} + +variable "management_cloudflare_record_name" { + type = string + description = "The DNS name for the Pexip management node" +} + +variable "cloudflare_api_token" { + type = string +} + +variable "management_private_ips" { + type = list(string) + description = "List of the private IPs of the Pexip management node" +} + +variable "conference_private_ips" { + type = list(string) + description = "List of the private IPs of the Pexip Conference node" +} + +variable "vpn_ips" { + type = list(string) + description = "List of the IPs for the VPN" +} + +variable "official_pexip_management_ec2_ami" { + default = "ami-0dd1e9ce5c9029446" + type = string + description = "The official Pexip AMI for management node" +} + +variable "official_pexip_conference_ec2_ami" { + default = "ami-0ddd16b36dc9f4229" + type = string + description = "The official Pexip AMI for conference node" +} + +variable "custom_management_ec2_ami" { + type = string + description = "Customized with MM configuration Pexip AMI for management node" +} + +variable "custom_conference_ec2_ami" { + type = string + description = "Customized with MM configuration Pexip AMI for conference node" +} + +variable "management_ec2_type" { + type = string + description = "The EC2 instance type for Pexip management node" +} + +variable "conference_ec2_type" { + type = string + description = "The EC2 instance type for Pexip conference node" +} + +variable "ec2_key_pair" { + type = string + description = "The key pair that will be used for ssh to EC2 instances of Pexip nodes" +} + +variable "initial_configuration" { + description = "A boolean variable to control the initial configuration of Pexip setup, when true official AMI will be deployed and key-pairs will be added to EC2 nodes" + type = bool + default = true +} From c633ccc8809474ca55f2e00d88b72c1fdb2e22fe Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Fri, 16 Aug 2024 11:01:45 +0300 Subject: [PATCH 2/6] fix linting issues --- aws/pexip/ec2.tf | 8 ++++---- aws/pexip/providers.tf | 18 ++++++++++++++++++ aws/pexip/variables.tf | 11 +---------- 3 files changed, 23 insertions(+), 14 deletions(-) create mode 100644 aws/pexip/providers.tf diff --git a/aws/pexip/ec2.tf b/aws/pexip/ec2.tf index b664bed5..5faada9b 100644 --- a/aws/pexip/ec2.tf +++ b/aws/pexip/ec2.tf @@ -5,9 +5,9 @@ resource "aws_network_interface" "pexip_management" { } resource "aws_instance" "pexip_management" { - ami = var.initial_configuration ? var.official_pexip_management_ec2_ami : var.custom_management_ec2_ami + ami = var.initial_configuration ? var.official_pexip_management_ec2_ami : var.custom_management_ec2_ami instance_type = var.management_ec2_type - key_name = var.initial_configuration ? var.ec2_key_pair : "" + key_name = var.initial_configuration ? var.ec2_key_pair : "" network_interface { @@ -33,9 +33,9 @@ resource "aws_network_interface" "pexip_conference" { } resource "aws_instance" "pexip_conference" { - ami = var.initial_configuration ? var.official_pexip_conference_ec2_ami : var.custom_conference_ec2_ami + ami = var.initial_configuration ? var.official_pexip_conference_ec2_ami : var.custom_conference_ec2_ami instance_type = var.conference_ec2_type - key_name = var.ec2_key_pair + key_name = var.ec2_key_pair network_interface { network_interface_id = aws_network_interface.pexip_conference.id diff --git a/aws/pexip/providers.tf b/aws/pexip/providers.tf new file mode 100644 index 00000000..9f0991c0 --- /dev/null +++ b/aws/pexip/providers.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">= 1.6.3" + backend "s3" { + bucket = "terraform-cloud-monitoring-state-bucket-test" + key = "us-east-1/mattermost-pexip" + region = "us-east-1" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.41.0" + } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.25.0" + } + } +} diff --git a/aws/pexip/variables.tf b/aws/pexip/variables.tf index 063c2abc..e4394edd 100644 --- a/aws/pexip/variables.tf +++ b/aws/pexip/variables.tf @@ -1,13 +1,8 @@ variable "name" { - type = string + type = string default = "pexip" } -variable "region" { - type = string - description = "The AWS region which will be used." -} - variable "public_subnet_id" { type = string description = "A public subnet ID" @@ -33,10 +28,6 @@ variable "management_cloudflare_record_name" { description = "The DNS name for the Pexip management node" } -variable "cloudflare_api_token" { - type = string -} - variable "management_private_ips" { type = list(string) description = "List of the private IPs of the Pexip management node" From 150e4a34a71f66aed65340de0079321c3bc6e6e3 Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Wed, 21 Aug 2024 18:49:47 +0300 Subject: [PATCH 3/6] make conditional key-pair addition for conference node --- aws/pexip/ec2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/pexip/ec2.tf b/aws/pexip/ec2.tf index 5faada9b..4ede2a63 100644 --- a/aws/pexip/ec2.tf +++ b/aws/pexip/ec2.tf @@ -35,7 +35,7 @@ resource "aws_network_interface" "pexip_conference" { resource "aws_instance" "pexip_conference" { ami = var.initial_configuration ? var.official_pexip_conference_ec2_ami : var.custom_conference_ec2_ami instance_type = var.conference_ec2_type - key_name = var.ec2_key_pair + key_name = var.initial_configuration ? var.ec2_key_pair : "" network_interface { network_interface_id = aws_network_interface.pexip_conference.id From c1faf58f992527dc584f962a09b8a9d85d1522f7 Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Thu, 22 Aug 2024 13:40:28 +0300 Subject: [PATCH 4/6] remove s3 backend from providers --- aws/pexip/providers.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/aws/pexip/providers.tf b/aws/pexip/providers.tf index 9f0991c0..5474fb73 100644 --- a/aws/pexip/providers.tf +++ b/aws/pexip/providers.tf @@ -1,10 +1,5 @@ terraform { required_version = ">= 1.6.3" - backend "s3" { - bucket = "terraform-cloud-monitoring-state-bucket-test" - key = "us-east-1/mattermost-pexip" - region = "us-east-1" - } required_providers { aws = { source = "hashicorp/aws" From a9bdf4ce2b0e43a36899671b3278926d22e1343b Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Mon, 9 Sep 2024 15:02:16 +0300 Subject: [PATCH 5/6] change subnet group for management node to private and add docs for multiple modules --- aws/aurora-cluster/README.md | 92 ---------------------- aws/awat/README.md | 91 +-------------------- aws/bind-server/README.md | 2 - aws/cluster-post-installation/README.md | 1 + aws/cluster/README.md | 2 - aws/customer-web-server/README.md | 2 - aws/debug-caller-identity/README.md | 36 +++++++++ aws/eks-cluster/README.md | 2 +- aws/elrond/README.md | 76 +----------------- aws/external-secrets/README.md | 2 - aws/generic-webhook-notification/README.md | 2 +- aws/iam-custom-resources/README.md | 2 - aws/loki/README.md | 10 +++ aws/pexip/README.md | 62 +++++++++++++++ aws/pexip/cloudflare.tf | 15 ---- aws/pexip/dns_records.tf | 20 +++++ aws/pexip/ec2.tf | 20 +---- aws/pexip/variables.tf | 12 ++- aws/provisioner-users/README.md | 2 - aws/provisioner/README.md | 2 - aws/rds-customer-cluster/README.md | 1 - aws/route53-registration/README.md | 8 +- aws/tempo/README.md | 1 + 23 files changed, 152 insertions(+), 311 deletions(-) create mode 100644 aws/debug-caller-identity/README.md create mode 100644 aws/pexip/README.md delete mode 100644 aws/pexip/cloudflare.tf create mode 100644 aws/pexip/dns_records.tf diff --git a/aws/aurora-cluster/README.md b/aws/aurora-cluster/README.md index d32d4b3b..de1bdf7a 100644 --- a/aws/aurora-cluster/README.md +++ b/aws/aurora-cluster/README.md @@ -38,97 +38,6 @@ No modules. ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | `bool` | n/a | yes | -| [aurora\_family](#input\_aurora\_family) | The family of the DB parameter group. | `string` | `"aurora-postgresql12"` | no | -| [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for | `string` | `"7"` | no | -| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance. | `string` | `"rds-ca-rsa4096-g1"` | no | -| [cluster\_identifier](#input\_cluster\_identifier) | The cluster identifier. If omitted, Terraform will assign a random, unique identifier. | `string` | n/a | yes | -| [cluster\_instance\_identifier](#input\_cluster\_instance\_identifier) | The cluster instance identifier. If omitted, Terraform will assign a random, unique identifier. | `string` | n/a | yes | -| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy all Cluster tags to snapshots | `bool` | n/a | yes | -| [creation\_snapshot\_arn](#input\_creation\_snapshot\_arn) | The ARN of the snapshot to create from | `string` | `""` | no | -| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Required if publicly\_accessible = false, Optional otherwise, Forces new resource) A DB subnet group to associate with this DB instance. | `string` | n/a | yes | -| [deletion\_protection](#input\_deletion\_protection) | Specifies if the DB instance should have deletion protection enabled | `bool` | n/a | yes | -| [enable\_rds\_alerting](#input\_enable\_rds\_alerting) | n/a | `bool` | `false` | no | -| [enable\_rds\_reader](#input\_enable\_rds\_reader) | n/a | `bool` | `true` | no | -| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to enable for exporting to CloudWatch logs | `list(string)` | n/a | yes | -| [engine](#input\_engine) | The database engine to use | `string` | `"aurora-postgresql"` | no | -| [engine\_mode](#input\_engine\_mode) | The engine mode to use | `string` | `"provisioned"` | no | -| [engine\_version](#input\_engine\_version) | The engine version to use | `string` | n/a | yes | -| [environment](#input\_environment) | The name of the environment which will deploy to and will be added as a tag | `string` | n/a | yes | -| [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The prefix name of your final DB snapshot when this DB instance is deleted | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | The instance type of the RDS instance | `string` | `""` | no | -| [kms\_key](#input\_kms\_key) | Key to keep your storage data encrypted at rest in all underlying storage for DB clusters. | `string` | n/a | yes | -| [log\_min\_duration\_statement](#input\_log\_min\_duration\_statement) | n/a | `number` | `2000` | no | -| [max\_capacity](#input\_max\_capacity) | The maximum capacity for an Aurora DB cluster in provisioned DB engine mode. | `number` | n/a | yes | -| [memory\_alarm\_limit](#input\_memory\_alarm\_limit) | Limit to trigger memory alarm. Number in Bytes (100MB) | `string` | `"100000000"` | no | -| [memory\_cache\_proportion](#input\_memory\_cache\_proportion) | Proportion of memory that is used for cache. By default it is 75%. | `number` | `0.75` | no | -| [min\_capacity](#input\_min\_capacity) | The minimum capacity for an Aurora DB cluster in provisioned DB engine mode. | `number` | n/a | yes | -| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | `number` | n/a | yes | -| [password](#input\_password) | If empty a random password will be created for each RDS Cluster and stored in AWS Secret Management. | `string` | n/a | yes | -| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | n/a | yes | -| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | Amount of time in days to retain Performance Insights data | `number` | n/a | yes | -| [port](#input\_port) | The port on which the DB accepts connections | `string` | `"5432"` | no | -| [preferred\_backup\_window](#input\_preferred\_backup\_window) | The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter | `string` | n/a | yes | -| [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | The window to perform maintenance in | `string` | n/a | yes | -| [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible | `bool` | `false` | no | -| [ram\_memory\_bytes](#input\_ram\_memory\_bytes) | The RAM memory of each instance type in Bytes. | `map(any)` | 
{
  "db.r5.12xlarge": "412316860416",
  "db.r5.16xlarge": "549755813888",
  "db.r5.24xlarge": "824633720832",
  "db.r5.2xlarge": "68719476736",
  "db.r5.4xlarge": "137438953472",
  "db.r5.8xlarge": "274877906944",
  "db.r5.large": "17179869184",
  "db.r5.xlarge": "34359738368",
  "db.r6g.12xlarge": "412316860416",
  "db.r6g.16xlarge": "549755813888",
  "db.r6g.24xlarge": "824633720832",
  "db.r6g.2xlarge": "68719476736",
  "db.r6g.4xlarge": "137438953472",
  "db.r6g.8xlarge": "274877906944",
  "db.r6g.large": "17179869184",
  "db.r6g.xlarge": "34359738368",
  "db.t3.large": "8589934592",
  "db.t3.medium": "4294967296",
  "db.t3.small": "2147483648",
  "db.t4g.large": "8589934592",
  "db.t4g.medium": "4294967296",
  "db.t4g.small": "2147483648"
}
| no | -| [rds\_sns\_topic](#input\_rds\_sns\_topic) | RDS events sns topic | `string` | `"rds-cluster-events"` | no | -| [replica\_min](#input\_replica\_min) | Number of replicas to deploy initially with the RDS Cluster. | `number` | n/a | yes | -| [service\_name](#input\_service\_name) | THe name of the service | `string` | n/a | yes | -| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted | `bool` | n/a | yes | -| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB cluster is encrypted | `bool` | n/a | yes | -| [tags](#input\_tags) | A map of tags to assign to the resource | `map(string)` | `{}` | no | -| [username](#input\_username) | Username for the master DB user | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The VPC ID of the database cluster | `string` | n/a | yes | -| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | The IDs of the security groups that will be assigned to the cluster nodes | `list(string)` | n/a | yes | - -## Outputs - -No outputs. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.6.3 | -| [aws](#requirement\_aws) | >= 5.41.0 | -| [random](#requirement\_random) | 3.6.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.41.0 | -| [random](#provider\_random) | 3.6.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_cloudwatch_log_group.rds-cluster-log-group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_cloudwatch_metric_alarm.db_instances_alarm_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_cloudwatch_metric_alarm.db_instances_alarm_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_db_parameter_group.db_parameter_group_postgresql](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource | -| [aws_rds_cluster.provisioning_rds_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster) | resource | -| [aws_rds_cluster_instance.provisioning_rds_db_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource | -| [aws_rds_cluster_instance.provisioning_rds_db_instance_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource | -| [aws_rds_cluster_parameter_group.cluster_parameter_group_postgresql](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource | -| [aws_secretsmanager_secret.master_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | -| [aws_secretsmanager_secret_version.master_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | -| [random_password.master_password](https://registry.terraform.io/providers/hashicorp/random/3.6.0/docs/resources/password) | resource | -| [random_string.db_cluster_identifier](https://registry.terraform.io/providers/hashicorp/random/3.6.0/docs/resources/string) | resource | -| [aws_iam_role.enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -| [aws_sns_topic.aurora_cluster_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/sns_topic) | data source | - -## Inputs - | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Enable to allow major engine version upgrades when changing engine versions | `bool` | n/a | yes | @@ -179,4 +88,3 @@ No modules. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/awat/README.md b/aws/awat/README.md index eef6c69d..7b04c1a2 100644 --- a/aws/awat/README.md +++ b/aws/awat/README.md @@ -14,93 +14,6 @@ ## Modules -| Name | Source | Version | -|------|--------|---------| -| [aurora-cluster](#module\_aurora-cluster) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/aurora-cluster | v1.7.5 | - -## Resources - -| Name | Type | -|------|------| -| [aws_db_subnet_group.subnets_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | -| [aws_iam_policy.awat-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.awat-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.awat-policy-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_s3_bucket.awat_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_acl.awat_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | -| [aws_s3_bucket_policy.awat_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [aws_s3_bucket_server_side_encryption_configuration.awat_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | -| [aws_s3_bucket_versioning.awat_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | -| [aws_security_group.cnc_to_awat_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_iam_policy_document.awat_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_kms_key.master_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [terraform_remote_state.cnc_cluster](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [awat\_apply\_immediately](#input\_awat\_apply\_immediately) | n/a | `bool` | `false` | no | -| [awat\_aurora\_family](#input\_awat\_aurora\_family) | n/a | `string` | `"aurora-postgresql13"` | no | -| [awat\_ca\_cert\_identifier](#input\_awat\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance. | `string` | `"rds-ca-rsa4096-g1"` | no | -| [awat\_cluster\_storage\_encrypted](#input\_awat\_cluster\_storage\_encrypted) | n/a | `bool` | `true` | no | -| [awat\_copy\_tags\_to\_snapshot](#input\_awat\_copy\_tags\_to\_snapshot) | n/a | `bool` | `true` | no | -| [awat\_db\_backup\_retention\_period](#input\_awat\_db\_backup\_retention\_period) | n/a | `number` | n/a | yes | -| [awat\_db\_backup\_window](#input\_awat\_db\_backup\_window) | n/a | `string` | n/a | yes | -| [awat\_db\_cluster\_engine](#input\_awat\_db\_cluster\_engine) | n/a | `string` | `"aurora-postgresql"` | no | -| [awat\_db\_cluster\_engine\_mode](#input\_awat\_db\_cluster\_engine\_mode) | n/a | `string` | `"provisioned"` | no | -| [awat\_db\_cluster\_engine\_version](#input\_awat\_db\_cluster\_engine\_version) | n/a | `string` | `"13.7"` | no | -| [awat\_db\_cluster\_identifier](#input\_awat\_db\_cluster\_identifier) | n/a | `string` | n/a | yes | -| [awat\_db\_cluster\_instance\_identifier](#input\_awat\_db\_cluster\_instance\_identifier) | n/a | `string` | n/a | yes | -| [awat\_db\_cluster\_instance\_type](#input\_awat\_db\_cluster\_instance\_type) | n/a | `string` | `"db.serverless"` | no | -| [awat\_db\_deletion\_protection](#input\_awat\_db\_deletion\_protection) | n/a | `bool` | `true` | no | -| [awat\_db\_maintenance\_window](#input\_awat\_db\_maintenance\_window) | n/a | `string` | n/a | yes | -| [awat\_db\_password](#input\_awat\_db\_password) | n/a | `string` | n/a | yes | -| [awat\_db\_username](#input\_awat\_db\_username) | n/a | `string` | n/a | yes | -| [awat\_enable\_rds\_alerting](#input\_awat\_enable\_rds\_alerting) | n/a | `bool` | `false` | no | -| [awat\_enabled\_cloudwatch\_logs\_exports](#input\_awat\_enabled\_cloudwatch\_logs\_exports) | n/a | `list(string)` | 
[
  "postgresql"
]
| no | -| [awat\_kms\_key](#input\_awat\_kms\_key) | n/a | `string` | n/a | yes | -| [awat\_max\_capacity](#input\_awat\_max\_capacity) | n/a | `number` | `4` | no | -| [awat\_min\_capacity](#input\_awat\_min\_capacity) | n/a | `number` | `0.5` | no | -| [awat\_monitoring\_interval](#input\_awat\_monitoring\_interval) | n/a | `number` | n/a | yes | -| [awat\_performance\_insights\_enabled](#input\_awat\_performance\_insights\_enabled) | n/a | `bool` | n/a | yes | -| [awat\_performance\_insights\_retention\_period](#input\_awat\_performance\_insights\_retention\_period) | n/a | `number` | n/a | yes | -| [awat\_replica\_min](#input\_awat\_replica\_min) | n/a | `number` | n/a | yes | -| [awat\_service\_name](#input\_awat\_service\_name) | n/a | `string` | `"awat"` | no | -| [cloud\_import\_account\_number](#input\_cloud\_import\_account\_number) | value of the account number of the import account | `string` | n/a | yes | -| [cloud\_vpn\_cidr](#input\_cloud\_vpn\_cidr) | n/a | `list(string)` | n/a | yes | -| [enable\_awat\_bucket\_restriction](#input\_enable\_awat\_bucket\_restriction) | n/a | `bool` | n/a | yes | -| [enable\_awat\_read\_replica](#input\_enable\_awat\_read\_replica) | n/a | `bool` | `true` | no | -| [environment](#input\_environment) | n/a | `string` | n/a | yes | -| [namespace](#input\_namespace) | The namespace, which host the service account & target application | `string` | n/a | yes | -| [open\_oidc\_provider\_arn](#input\_open\_oidc\_provider\_arn) | The Open OIDC Provider ARN for a specific cluster | `string` | n/a | yes | -| [open\_oidc\_provider\_url](#input\_open\_oidc\_provider\_url) | The Open OIDC Provider URL for a specific cluster | `string` | n/a | yes | -| [private\_subnets](#input\_private\_subnets) | n/a | `list(string)` | n/a | yes | -| [serviceaccount](#input\_serviceaccount) | Service Account, with which we want to associate IAM permission | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes | - -## Outputs - -No outputs. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.6.3 | -| [aws](#requirement\_aws) | >= 5.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.41.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - | Name | Source | Version | |------|--------|---------| | [aurora-cluster](#module\_aurora-cluster) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/aurora-cluster | v1.7.11 | @@ -131,6 +44,7 @@ No outputs. | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Enable to allow major engine version upgrades when changing engine versions | `bool` | n/a | yes | | [awat\_apply\_immediately](#input\_awat\_apply\_immediately) | n/a | `bool` | `false` | no | | [awat\_aurora\_family](#input\_awat\_aurora\_family) | n/a | `string` | n/a | yes | +| [awat\_bucket\_tags](#input\_awat\_bucket\_tags) | Tags for AWAT s3 bucket | `map(string)` | n/a | yes | | [awat\_ca\_cert\_identifier](#input\_awat\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance. | `string` | `"rds-ca-rsa4096-g1"` | no | | [awat\_cluster\_storage\_encrypted](#input\_awat\_cluster\_storage\_encrypted) | n/a | `bool` | `true` | no | | [awat\_copy\_tags\_to\_snapshot](#input\_awat\_copy\_tags\_to\_snapshot) | n/a | `bool` | `true` | no | @@ -138,7 +52,7 @@ No outputs. | [awat\_db\_backup\_window](#input\_awat\_db\_backup\_window) | n/a | `string` | n/a | yes | | [awat\_db\_cluster\_engine](#input\_awat\_db\_cluster\_engine) | n/a | `string` | `"aurora-postgresql"` | no | | [awat\_db\_cluster\_engine\_mode](#input\_awat\_db\_cluster\_engine\_mode) | n/a | `string` | `"provisioned"` | no | -| [awat\_db\_cluster\_engine\_version](#input\_awat\_db\_cluster\_engine\_version) | n/a | `string` | `"13.7"` | no | +| [awat\_db\_cluster\_engine\_version](#input\_awat\_db\_cluster\_engine\_version) | n/a | `string` | `"14.10"` | no | | [awat\_db\_cluster\_identifier](#input\_awat\_db\_cluster\_identifier) | n/a | `string` | n/a | yes | | [awat\_db\_cluster\_instance\_identifier](#input\_awat\_db\_cluster\_instance\_identifier) | n/a | `string` | n/a | yes | | [awat\_db\_cluster\_instance\_type](#input\_awat\_db\_cluster\_instance\_type) | n/a | `string` | `"db.serverless"` | no | @@ -171,4 +85,3 @@ No outputs. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/bind-server/README.md b/aws/bind-server/README.md index 6ae90446..845404b3 100644 --- a/aws/bind-server/README.md +++ b/aws/bind-server/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -80,4 +79,3 @@ No modules. |------|-------------| | [bind\_sg](#output\_bind\_sg) | The Bind server SG | | [private\_ips](#output\_private\_ips) | Private IP address(es) of the DNS server(s) | - \ No newline at end of file diff --git a/aws/cluster-post-installation/README.md b/aws/cluster-post-installation/README.md index 3f09dba1..62be25c3 100644 --- a/aws/cluster-post-installation/README.md +++ b/aws/cluster-post-installation/README.md @@ -27,6 +27,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [environment](#input\_environment) | The environment will be created | `string` | n/a | yes | +| [tags\_metrics\_bucket](#input\_tags\_metrics\_bucket) | Tags for prometheus metrics s3 bucket | `map(string)` | n/a | yes | ## Outputs diff --git a/aws/cluster/README.md b/aws/cluster/README.md index 0c6a4ab7..42761127 100644 --- a/aws/cluster/README.md +++ b/aws/cluster/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -138,4 +137,3 @@ | [lambda\_role\_name](#output\_lambda\_role\_name) | n/a | | [worker-role](#output\_worker-role) | n/a | | [worker\_security\_group](#output\_worker\_security\_group) | n/a | - \ No newline at end of file diff --git a/aws/customer-web-server/README.md b/aws/customer-web-server/README.md index b68b495c..c5ee33f9 100644 --- a/aws/customer-web-server/README.md +++ b/aws/customer-web-server/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -71,4 +70,3 @@ ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/debug-caller-identity/README.md b/aws/debug-caller-identity/README.md new file mode 100644 index 00000000..40be6b19 --- /dev/null +++ b/aws/debug-caller-identity/README.md @@ -0,0 +1,36 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.6.3 | +| [aws](#requirement\_aws) | >= 5.41.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.41.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [region](#input\_region) | AWS Region | `string` | `"us-east-1"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [account\_id](#output\_account\_id) | n/a | +| [caller\_arn](#output\_caller\_arn) | n/a | +| [caller\_user\_id](#output\_caller\_user\_id) | n/a | diff --git a/aws/eks-cluster/README.md b/aws/eks-cluster/README.md index 28a361fa..d4639b52 100644 --- a/aws/eks-cluster/README.md +++ b/aws/eks-cluster/README.md @@ -20,7 +20,7 @@ | Name | Source | Version | |------|--------|---------| -| [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.6.95 | +| [managed\_node\_group](#module\_managed\_node\_group) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/eks-managed-node-groups | v1.7.5 | ## Resources diff --git a/aws/elrond/README.md b/aws/elrond/README.md index f9a16efd..7e9928ad 100644 --- a/aws/elrond/README.md +++ b/aws/elrond/README.md @@ -14,77 +14,6 @@ ## Modules -| Name | Source | Version | -|------|--------|---------| -| [aurora-cluster](#module\_aurora-cluster) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/aurora-cluster | v1.7.5 | - -## Resources - -| Name | Type | -|------|------| -| [aws_db_subnet_group.subnets_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | -| [aws_security_group.cnc_to_elrond_postgress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [terraform_remote_state.cluster](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cloud\_vpn\_cidr](#input\_cloud\_vpn\_cidr) | The cidr of the Cloud VPN to allow access from | `list(string)` | n/a | yes | -| [db\_backup\_retention\_period](#input\_db\_backup\_retention\_period) | The Elrond DB backup retention period | `string` | n/a | yes | -| [db\_backup\_window](#input\_db\_backup\_window) | The Elrond DB backup window | `string` | n/a | yes | -| [db\_deletion\_protection](#input\_db\_deletion\_protection) | Whether to enable DB deletion protection or not | `bool` | `true` | no | -| [db\_maintenance\_window](#input\_db\_maintenance\_window) | The Elrond DB maintenance window | `string` | n/a | yes | -| [db\_password](#input\_db\_password) | The Elrond DB password | `string` | n/a | yes | -| [db\_username](#input\_db\_username) | The Elrond DB username | `string` | n/a | yes | -| [elrond\_apply\_immediately](#input\_elrond\_apply\_immediately) | n/a | `bool` | `false` | no | -| [elrond\_aurora\_family](#input\_elrond\_aurora\_family) | n/a | `string` | `"aurora-postgresql13"` | no | -| [elrond\_ca\_cert\_identifier](#input\_elrond\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance. | `string` | `"rds-ca-rsa4096-g1"` | no | -| [elrond\_cluster\_storage\_encrypted](#input\_elrond\_cluster\_storage\_encrypted) | n/a | `bool` | `true` | no | -| [elrond\_copy\_tags\_to\_snapshot](#input\_elrond\_copy\_tags\_to\_snapshot) | n/a | `bool` | `true` | no | -| [elrond\_db\_cluster\_engine](#input\_elrond\_db\_cluster\_engine) | n/a | `string` | `"aurora-postgresql"` | no | -| [elrond\_db\_cluster\_engine\_mode](#input\_elrond\_db\_cluster\_engine\_mode) | n/a | `string` | `"provisioned"` | no | -| [elrond\_db\_cluster\_engine\_version](#input\_elrond\_db\_cluster\_engine\_version) | n/a | `string` | `"13.8"` | no | -| [elrond\_db\_cluster\_identifier](#input\_elrond\_db\_cluster\_identifier) | n/a | `string` | n/a | yes | -| [elrond\_db\_cluster\_instance\_identifier](#input\_elrond\_db\_cluster\_instance\_identifier) | n/a | `string` | n/a | yes | -| [elrond\_db\_cluster\_instance\_type](#input\_elrond\_db\_cluster\_instance\_type) | n/a | `string` | `"db.serverless"` | no | -| [elrond\_enable\_rds\_alerting](#input\_elrond\_enable\_rds\_alerting) | n/a | `bool` | `false` | no | -| [elrond\_enabled\_cloudwatch\_logs\_exports](#input\_elrond\_enabled\_cloudwatch\_logs\_exports) | n/a | `list(string)` | 
[
  "postgresql"
]
| no | -| [elrond\_kms\_key](#input\_elrond\_kms\_key) | n/a | `string` | n/a | yes | -| [elrond\_max\_capacity](#input\_elrond\_max\_capacity) | n/a | `number` | `4` | no | -| [elrond\_min\_capacity](#input\_elrond\_min\_capacity) | n/a | `number` | `0.5` | no | -| [elrond\_monitoring\_interval](#input\_elrond\_monitoring\_interval) | n/a | `number` | n/a | yes | -| [elrond\_performance\_insights\_enabled](#input\_elrond\_performance\_insights\_enabled) | n/a | `bool` | n/a | yes | -| [elrond\_performance\_insights\_retention\_period](#input\_elrond\_performance\_insights\_retention\_period) | n/a | `number` | n/a | yes | -| [elrond\_replica\_min](#input\_elrond\_replica\_min) | n/a | `number` | n/a | yes | -| [elrond\_service\_name](#input\_elrond\_service\_name) | n/a | `string` | `"elrond"` | no | -| [enable\_elrond\_read\_replica](#input\_enable\_elrond\_read\_replica) | n/a | `bool` | `true` | no | -| [environment](#input\_environment) | The environment to deploy the Elrond resources, dev, test, etc. | `string` | n/a | yes | -| [private\_subnets](#input\_private\_subnets) | The Elrond DB private subnets | `list(string)` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The VPC to deploy the Elrond resources | `string` | n/a | yes | - -## Outputs - -No outputs. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.6.3 | -| [aws](#requirement\_aws) | >= 5.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.41.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - | Name | Source | Version | |------|--------|---------| | [aurora-cluster](#module\_aurora-cluster) | github.com/mattermost/mattermost-cloud-monitoring.git//aws/aurora-cluster | v1.7.11 | @@ -111,13 +40,13 @@ No outputs. | [db\_password](#input\_db\_password) | The Elrond DB password | `string` | n/a | yes | | [db\_username](#input\_db\_username) | The Elrond DB username | `string` | n/a | yes | | [elrond\_apply\_immediately](#input\_elrond\_apply\_immediately) | n/a | `bool` | `false` | no | -| [elrond\_aurora\_family](#input\_elrond\_aurora\_family) | n/a | `string` | `"aurora-postgresql13"` | no | +| [elrond\_aurora\_family](#input\_elrond\_aurora\_family) | n/a | `string` | `"aurora-postgresql14"` | no | | [elrond\_ca\_cert\_identifier](#input\_elrond\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance. | `string` | `"rds-ca-rsa4096-g1"` | no | | [elrond\_cluster\_storage\_encrypted](#input\_elrond\_cluster\_storage\_encrypted) | n/a | `bool` | `true` | no | | [elrond\_copy\_tags\_to\_snapshot](#input\_elrond\_copy\_tags\_to\_snapshot) | n/a | `bool` | `true` | no | | [elrond\_db\_cluster\_engine](#input\_elrond\_db\_cluster\_engine) | n/a | `string` | `"aurora-postgresql"` | no | | [elrond\_db\_cluster\_engine\_mode](#input\_elrond\_db\_cluster\_engine\_mode) | n/a | `string` | `"provisioned"` | no | -| [elrond\_db\_cluster\_engine\_version](#input\_elrond\_db\_cluster\_engine\_version) | n/a | `string` | `"13.8"` | no | +| [elrond\_db\_cluster\_engine\_version](#input\_elrond\_db\_cluster\_engine\_version) | n/a | `string` | `"14.10"` | no | | [elrond\_db\_cluster\_identifier](#input\_elrond\_db\_cluster\_identifier) | n/a | `string` | n/a | yes | | [elrond\_db\_cluster\_instance\_identifier](#input\_elrond\_db\_cluster\_instance\_identifier) | n/a | `string` | n/a | yes | | [elrond\_db\_cluster\_instance\_type](#input\_elrond\_db\_cluster\_instance\_type) | n/a | `string` | `"db.serverless"` | no | @@ -139,4 +68,3 @@ No outputs. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/external-secrets/README.md b/aws/external-secrets/README.md index f304f43a..c6377bd2 100644 --- a/aws/external-secrets/README.md +++ b/aws/external-secrets/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -40,4 +39,3 @@ No modules. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/generic-webhook-notification/README.md b/aws/generic-webhook-notification/README.md index 587c5efc..200c3148 100644 --- a/aws/generic-webhook-notification/README.md +++ b/aws/generic-webhook-notification/README.md @@ -53,7 +53,7 @@ No modules. | [mattermost\_notification\_hook](#input\_mattermost\_notification\_hook) | n/a | `string` | n/a | yes | | [mattermost\_webhook\_alert\_prod](#input\_mattermost\_webhook\_alert\_prod) | n/a | `string` | n/a | yes | | [mattermost\_webhook\_prod](#input\_mattermost\_webhook\_prod) | n/a | `string` | n/a | yes | -| [pagerduty\_apikey](#input\_pagerduty\_apikey) | n/a | `string` | n/a | yes | +| [pagerduty\_integration\_key](#input\_pagerduty\_integration\_key) | The integration key for the PagerDuty integration | `string` | n/a | yes | | [parent\_id](#input\_parent\_id) | n/a | `string` | n/a | yes | | [private\_subnet\_ids](#input\_private\_subnet\_ids) | The list of the private subnet IDs are used by generic-webhook lambdas | `list(string)` | n/a | yes | | [tags](#input\_tags) | n/a | `map(string)` | n/a | yes | diff --git a/aws/iam-custom-resources/README.md b/aws/iam-custom-resources/README.md index 8acf02e9..13ffe92f 100644 --- a/aws/iam-custom-resources/README.md +++ b/aws/iam-custom-resources/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -48,4 +47,3 @@ No modules. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/loki/README.md b/aws/loki/README.md index 7053b1b2..c2d15077 100644 --- a/aws/loki/README.md +++ b/aws/loki/README.md @@ -20,10 +20,16 @@ No modules. | Name | Type | |------|------| | [aws_s3_bucket.loki_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket.loki_bucket_developers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_acl.loki_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_acl.loki_bucket_developers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | | [aws_s3_bucket_policy.loki_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_policy.loki_bucket_developers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | | [aws_s3_bucket_server_side_encryption_configuration.loki_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.loki_bucket_developers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | | [aws_s3_bucket_versioning.loki_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | +| [aws_s3_bucket_versioning.loki_bucket_developers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | +| [aws_iam_policy_document.loki_bucket_developers_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.loki_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_kms_key.master_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | @@ -31,8 +37,12 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [enable\_loki\_bucket\_developers](#input\_enable\_loki\_bucket\_developers) | Whether to deploy Loki developers bucket or not | `bool` | n/a | yes | +| [enable\_loki\_bucket\_developers\_restriction](#input\_enable\_loki\_bucket\_developers\_restriction) | Whether to enable Loki developers bucket policy or not | `bool` | n/a | yes | | [enable\_loki\_bucket\_restriction](#input\_enable\_loki\_bucket\_restriction) | Whether to enable Loki bucket policy or not | `bool` | n/a | yes | | [environment](#input\_environment) | The cloud environment, dev, test, staging or prod. | `string` | n/a | yes | +| [tags\_bucket\_loki\_developers](#input\_tags\_bucket\_loki\_developers) | Tags for loki developers s3 bucket | `map(string)` | n/a | yes | +| [tags\_loki\_bucket](#input\_tags\_loki\_bucket) | Tags for loki s3 bucket | `map(string)` | n/a | yes | ## Outputs diff --git a/aws/pexip/README.md b/aws/pexip/README.md new file mode 100644 index 00000000..933ad422 --- /dev/null +++ b/aws/pexip/README.md @@ -0,0 +1,62 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.6.3 | +| [aws](#requirement\_aws) | >= 5.41.0 | +| [cloudflare](#requirement\_cloudflare) | ~> 4.25.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.41.0 | +| [cloudflare](#provider\_cloudflare) | ~> 4.25.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_eip.pexip_conference_eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | +| [aws_eip_association.pexip_conference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource | +| [aws_instance.pexip_conference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_instance.pexip_management](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_network_interface.pexip_conference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource | +| [aws_network_interface.pexip_management](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource | +| [aws_route53_record.pexip_management](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_security_group.pexip_conference_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.pexip_management_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [cloudflare_record.pexip_conference](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/record) | resource | +| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cloudflare\_zone\_id](#input\_cloudflare\_zone\_id) | The Cloudflare zone ID provided | `string` | n/a | yes | +| [conference\_cloudflare\_record\_name](#input\_conference\_cloudflare\_record\_name) | The DNS name for the Pexip conference node | `string` | n/a | yes | +| [conference\_ec2\_type](#input\_conference\_ec2\_type) | The EC2 instance type for Pexip conference node | `string` | n/a | yes | +| [conference\_private\_ips](#input\_conference\_private\_ips) | List of the private IPs of the Pexip Conference node | `list(string)` | n/a | yes | +| [custom\_conference\_ec2\_ami](#input\_custom\_conference\_ec2\_ami) | Customized with MM configuration Pexip AMI for conference node | `string` | n/a | yes | +| [custom\_management\_ec2\_ami](#input\_custom\_management\_ec2\_ami) | Customized with MM configuration Pexip AMI for management node | `string` | n/a | yes | +| [ec2\_key\_pair](#input\_ec2\_key\_pair) | The key pair that will be used for ssh to EC2 instances of Pexip nodes | `string` | n/a | yes | +| [environment](#input\_environment) | The environment name that pexip will be deployed | `string` | n/a | yes | +| [initial\_configuration](#input\_initial\_configuration) | A boolean variable to control the initial configuration of Pexip setup, when true official AMI will be deployed and key-pairs will be added to EC2 nodes | `bool` | `true` | no | +| [management\_ec2\_type](#input\_management\_ec2\_type) | The EC2 instance type for Pexip management node | `string` | n/a | yes | +| [management\_private\_ips](#input\_management\_private\_ips) | List of the private IPs of the Pexip management node | `list(string)` | n/a | yes | +| [management\_route53\_record\_name](#input\_management\_route53\_record\_name) | The DNS name for the Pexip management node | `string` | n/a | yes | +| [name](#input\_name) | n/a | `string` | `"pexip"` | no | +| [official\_pexip\_conference\_ec2\_ami](#input\_official\_pexip\_conference\_ec2\_ami) | The official Pexip AMI for conference node | `string` | `"ami-0ddd16b36dc9f4229"` | no | +| [official\_pexip\_management\_ec2\_ami](#input\_official\_pexip\_management\_ec2\_ami) | The official Pexip AMI for management node | `string` | `"ami-0dd1e9ce5c9029446"` | no | +| [private\_subnet\_id](#input\_private\_subnet\_id) | A private subnet ID for Pexip management node | `string` | n/a | yes | +| [public\_subnet\_id](#input\_public\_subnet\_id) | A public subnet ID | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the vpc for the security group of Pexip | `string` | n/a | yes | +| [vpn\_ips](#input\_vpn\_ips) | List of the IPs for the VPN | `list(string)` | n/a | yes | + +## Outputs + +No outputs. diff --git a/aws/pexip/cloudflare.tf b/aws/pexip/cloudflare.tf deleted file mode 100644 index 321cd3f6..00000000 --- a/aws/pexip/cloudflare.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "cloudflare_record" "pexip_conference" { - zone_id = var.cloudflare_zone_id - name = var.conference_cloudflare_record_name - value = aws_eip.pexip_conference_eip.public_ip - type = "A" - proxied = true -} - -resource "cloudflare_record" "pexip_management" { - zone_id = var.cloudflare_zone_id - name = var.management_cloudflare_record_name - value = aws_eip.pexip_management_eip.public_ip - type = "A" - proxied = true -} diff --git a/aws/pexip/dns_records.tf b/aws/pexip/dns_records.tf new file mode 100644 index 00000000..e7357dee --- /dev/null +++ b/aws/pexip/dns_records.tf @@ -0,0 +1,20 @@ +resource "cloudflare_record" "pexip_conference" { + zone_id = var.cloudflare_zone_id + name = var.conference_cloudflare_record_name + value = aws_eip.pexip_conference_eip.public_ip + type = "A" + proxied = true +} + +data "aws_route53_zone" "private_zone" { + name = "internal.${var.environment}.cloud.mattermost.com" + private_zone = true +} + +resource "aws_route53_record" "pexip_management" { + zone_id = data.aws_route53_zone.private_zone.zone_id + name = "${var.management_route53_record_name}.${data.aws_route53_zone.private_zone.name}" + type = "A" + ttl = 300 + records = var.management_private_ips +} diff --git a/aws/pexip/ec2.tf b/aws/pexip/ec2.tf index 4ede2a63..0b0ce546 100644 --- a/aws/pexip/ec2.tf +++ b/aws/pexip/ec2.tf @@ -1,5 +1,5 @@ resource "aws_network_interface" "pexip_management" { - subnet_id = var.public_subnet_id + subnet_id = var.private_subnet_id private_ips = var.management_private_ips security_groups = [aws_security_group.pexip_management_sg.id] } @@ -9,7 +9,6 @@ resource "aws_instance" "pexip_management" { instance_type = var.management_ec2_type key_name = var.initial_configuration ? var.ec2_key_pair : "" - network_interface { network_interface_id = aws_network_interface.pexip_management.id device_index = 0 @@ -20,12 +19,6 @@ resource "aws_instance" "pexip_management" { } } -resource "aws_eip_association" "pexip_management" { - instance_id = aws_instance.pexip_management.id - allocation_id = aws_eip.pexip_management_eip.id -} - - resource "aws_network_interface" "pexip_conference" { subnet_id = var.public_subnet_id private_ips = var.conference_private_ips @@ -52,17 +45,6 @@ resource "aws_eip_association" "pexip_conference" { allocation_id = aws_eip.pexip_conference_eip.id } - - - -resource "aws_eip" "pexip_management_eip" { - tags = merge( - { - "Name" = "${var.name}-management-eip" - } - ) -} - resource "aws_eip" "pexip_conference_eip" { tags = merge( { diff --git a/aws/pexip/variables.tf b/aws/pexip/variables.tf index e4394edd..8c6e1e22 100644 --- a/aws/pexip/variables.tf +++ b/aws/pexip/variables.tf @@ -3,11 +3,21 @@ variable "name" { default = "pexip" } +variable "environment" { + type = string + description = "The environment name that pexip will be deployed" +} + variable "public_subnet_id" { type = string description = "A public subnet ID" } +variable "private_subnet_id" { + type = string + description = "A private subnet ID for Pexip management node" +} + variable "vpc_id" { type = string description = "The ID of the vpc for the security group of Pexip" @@ -23,7 +33,7 @@ variable "conference_cloudflare_record_name" { description = "The DNS name for the Pexip conference node" } -variable "management_cloudflare_record_name" { +variable "management_route53_record_name" { type = string description = "The DNS name for the Pexip management node" } diff --git a/aws/provisioner-users/README.md b/aws/provisioner-users/README.md index cefb6641..cddadea8 100644 --- a/aws/provisioner-users/README.md +++ b/aws/provisioner-users/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -80,4 +79,3 @@ No modules. ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/provisioner/README.md b/aws/provisioner/README.md index 96aebbf4..59ef6aa1 100644 --- a/aws/provisioner/README.md +++ b/aws/provisioner/README.md @@ -1,4 +1,3 @@ - ## Requirements | Name | Version | @@ -73,4 +72,3 @@ ## Outputs No outputs. - \ No newline at end of file diff --git a/aws/rds-customer-cluster/README.md b/aws/rds-customer-cluster/README.md index a534ffe1..f614d73c 100644 --- a/aws/rds-customer-cluster/README.md +++ b/aws/rds-customer-cluster/README.md @@ -59,7 +59,6 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [accepted\_password\_auth\_method](#input\_accepted\_password\_auth\_method) | The authentication method to use for the DB instance. Valid values: md5+scram or scram | `string` | n/a | yes | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Enable to allow major engine version upgrades when changing engine versions | `bool` | n/a | yes | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | `bool` | n/a | yes | | [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for | `string` | n/a | yes | diff --git a/aws/route53-registration/README.md b/aws/route53-registration/README.md index cbd4db0b..7888a278 100644 --- a/aws/route53-registration/README.md +++ b/aws/route53-registration/README.md @@ -25,15 +25,14 @@ No modules. |------|------| | [aws_route53_record.argocd](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.awat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_route53_record.blackbox](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.chaos_mesh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.chimera](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.customer_web_server](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.customer_web_server_api_internal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.customer_web_server_internal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_route53_record.database_factory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.elrond](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_route53_record.kubecost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.loki_developers_frontend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.loki_developers_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.loki_frontend](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.loki_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_record.prometheus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | @@ -63,7 +62,8 @@ No modules. | [enable\_chaos\_record](#input\_enable\_chaos\_record) | Enables to create a private route53 record for private ChaosMesh | `bool` | `false` | no | | [enable\_chimera\_record](#input\_enable\_chimera\_record) | Enables to create a public route53 record for private Chimera | `bool` | `false` | no | | [enable\_elrond\_private\_r53\_record](#input\_enable\_elrond\_private\_r53\_record) | Enables to create a private CNAME route53 record for Elrond. | `bool` | `false` | no | -| [enable\_kubecost\_record](#input\_enable\_kubecost\_record) | Enables to create a public route53 record for private Kubecost | `bool` | `false` | no | +| [enable\_loki\_developers\_frontend](#input\_enable\_loki\_developers\_frontend) | Enables to create a private route53 record for Loki Developers Frontend | `bool` | `false` | no | +| [enable\_loki\_developers\_gateway](#input\_enable\_loki\_developers\_gateway) | Enables to create a private route53 record for Loki Developers Gateway | `bool` | `false` | no | | [enable\_loki\_frontend](#input\_enable\_loki\_frontend) | Enables to create a private route53 record for Loki Frontend | `bool` | `false` | no | | [enable\_loki\_gateway](#input\_enable\_loki\_gateway) | Enables to create a private route53 record for Loki Gateway | `bool` | `false` | no | | [enable\_portal\_internal\_r53\_record](#input\_enable\_portal\_internal\_r53\_record) | Enables to create a internal CNAME route53 record for Internal Customer Web Serve API | `bool` | `false` | no | diff --git a/aws/tempo/README.md b/aws/tempo/README.md index 19ee19b8..2c6197da 100644 --- a/aws/tempo/README.md +++ b/aws/tempo/README.md @@ -36,6 +36,7 @@ No modules. |------|-------------|------|---------|:--------:| | [enable\_tempo\_bucket\_restriction](#input\_enable\_tempo\_bucket\_restriction) | n/a | `bool` | n/a | yes | | [environment](#input\_environment) | n/a | `string` | n/a | yes | +| [tempo\_bucket\_tags](#input\_tempo\_bucket\_tags) | Tags for tempo s3 bucket | `map(string)` | n/a | yes | ## Outputs From 6b08083b7d105d4338115c239428d96f1f0a8aec Mon Sep 17 00:00:00 2001 From: Angelos Kyratzakos Date: Wed, 11 Sep 2024 19:09:36 +0300 Subject: [PATCH 6/6] remove UI ports for management --- aws/pexip/sg.tf | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/aws/pexip/sg.tf b/aws/pexip/sg.tf index e2fcd90f..2445c830 100644 --- a/aws/pexip/sg.tf +++ b/aws/pexip/sg.tf @@ -127,22 +127,6 @@ resource "aws_security_group" "pexip_management_sg" { }, ) - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - description = "UI access" - } - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - description = "UI access" - } - ingress { from_port = 0 to_port = 0