[DEV-14468] Update modules to handle customer IAM restrictions (#551)

Author: ashmuck

main.tf

@@ -197,7 +197,7 @@ module "security-group" {
 module "s3-storage" {
   count                              = var.load_environment == "" ? 1 : 0
   source                             = "app.terraform.io/indico/indico-aws-buckets/mod"
-  version                            = "4.6.0"
+  version                            = "4.6.3"
   force_destroy                      = true # allows terraform to destroy non-empty buckets.
   label                              = var.label
   kms_key_arn                        = local.environment_kms_key_arn
@@ -216,6 +216,8 @@ module "s3-storage" {
   enable_loki_logging                = var.enable_loki_logging
   cleanup_noncurrent_days            = var.s3_cleanup_noncurrent_days
   retain_backup_days                 = var.s3_retain_backup_days
+  include_pgbackup                   = var.include_pgbackup
+  enable_public_access_block         = var.s3_enable_public_access_block
 }
 
 
@@ -286,7 +288,7 @@ module "efs-storage" {
 module "fsx-storage" {
   count                       = var.include_fsx == true && var.load_environment == "" ? 1 : 0
   source                      = "app.terraform.io/indico/indico-aws-fsx/mod"
-  version                     = "2.0.0"
+  version                     = "2.0.4"
   label                       = var.label
   additional_tags             = var.additional_tags
   region                      = var.region
@@ -308,6 +310,7 @@ module "fsx-storage" {
   fsx_rwx_arn                 = var.fsx_rwx_arn
   fsx_rox_id                  = var.fsx_rox_id
   fsx_rox_arn                 = var.fsx_rox_arn
+  enable_backup_lambda        = var.enable_backup_lambda
 }
 
 module "iam" {
@@ -352,7 +355,7 @@ module "iam" {
 module "cluster" {
   count                = var.multitenant_enabled == false ? 1 : 0
   source               = "app.terraform.io/indico/indico-aws-eks-cluster/mod"
-  version              = "10.0.2"
+  version              = "10.0.6"
   label                = var.multitenant_enabled ? var.tenant_cluster_name : var.label
   region               = var.region
   cluster_version      = var.k8s_version
@@ -372,13 +375,16 @@ module "cluster" {
   instance_volume_size = var.instance_volume_size
   instance_volume_type = var.instance_volume_type
 
-  additional_users = var.additional_users
+  enable_additional_access_entries = var.enable_additional_access_entries
 
   public_endpoint_enabled  = var.cluster_api_endpoint_public == true ? true : false
   private_endpoint_enabled = var.network_allow_public == true ? false : true
 
+  create_cluster_security_group         = var.create_cluster_security_group
   cluster_security_group_id             = local.environment_all_subnets_sg_id
   cluster_additional_security_group_ids = [local.environment_all_subnets_sg_id]
+  create_node_security_group            = var.create_node_security_group
+  node_security_group_id                = local.environment_all_subnets_sg_id
   http_tokens                           = var.http_tokens
 }
 

variables.tf

@@ -553,7 +553,7 @@ variable "include_fsx" {
 variable "include_pgbackup" {
   type        = bool
   default     = true
-  description = "Create a read only FSx file system"
+  description = "Create a s3 backup for postgres"
 }
 
 variable "include_efs" {
@@ -1127,13 +1127,12 @@ variable "indico_sqs_sns_policy_name" {
   default     = null
 }
 
-variable "additional_users" {
-  type        = list(string)
-  default     = []
-  description = "The names of additional AWS users to provide admin access to the cluster"
+variable "enable_additional_access_entries" {
+  type        = bool
+  default     = true
+  description = "If true this will create additional access entries for the cluster"
 }
 
-
 ## Unused variables
 
 variable "aws_account_name" {
@@ -1228,6 +1227,12 @@ variable "create_s3_backup_role" {
   description = "Flag to create or load s3 backup role"
 }
 
+variable "s3_enable_public_access_block" {
+  type        = bool
+  default     = true
+  description = "If true this will enable public access block on the s3 buckets"
+}
+
 variable "create_vpc_flow_logs_role" {
   type        = bool
   default     = true
@@ -1270,6 +1275,18 @@ variable "pgbackup_s3_bucket_name_override" {
   description = "The name of the existing S3 bucket to be created/loaded and used as the postgres backup bucket"
 }
 
+variable "create_cluster_security_group" {
+  type        = bool
+  default     = true
+  description = "Flag to create or load cluster security group"
+}
+
+variable "create_node_security_group" {
+  type        = bool
+  default     = true
+  description = "Flag to create or load node security group"
+}
+
 # Additional variables
 variable "enable_s3_replication" {
   type        = bool
@@ -1326,6 +1343,12 @@ variable "fsx_deployment_type" {
   description = "The deployment type to launch"
 }
 
+variable "enable_backup_lambda" {
+  type        = bool
+  default     = true
+  description = "If true this will enable the backup lambda for fsx"
+}
+
 variable "fsx_type" {
   type    = string
   default = "create"