Skip to content

Commit f4a6ea2

Browse files
authored
[DEV-14468] Update modules to handle customer IAM restrictions (#551)
1 parent 8d52226 commit f4a6ea2

File tree

2 files changed

+39
-10
lines changed

2 files changed

+39
-10
lines changed

main.tf

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,7 @@ module "security-group" {
197197
module "s3-storage" {
198198
count = var.load_environment == "" ? 1 : 0
199199
source = "app.terraform.io/indico/indico-aws-buckets/mod"
200-
version = "4.6.0"
200+
version = "4.6.3"
201201
force_destroy = true # allows terraform to destroy non-empty buckets.
202202
label = var.label
203203
kms_key_arn = local.environment_kms_key_arn
@@ -216,6 +216,8 @@ module "s3-storage" {
216216
enable_loki_logging = var.enable_loki_logging
217217
cleanup_noncurrent_days = var.s3_cleanup_noncurrent_days
218218
retain_backup_days = var.s3_retain_backup_days
219+
include_pgbackup = var.include_pgbackup
220+
enable_public_access_block = var.s3_enable_public_access_block
219221
}
220222

221223

@@ -286,7 +288,7 @@ module "efs-storage" {
286288
module "fsx-storage" {
287289
count = var.include_fsx == true && var.load_environment == "" ? 1 : 0
288290
source = "app.terraform.io/indico/indico-aws-fsx/mod"
289-
version = "2.0.0"
291+
version = "2.0.4"
290292
label = var.label
291293
additional_tags = var.additional_tags
292294
region = var.region
@@ -308,6 +310,7 @@ module "fsx-storage" {
308310
fsx_rwx_arn = var.fsx_rwx_arn
309311
fsx_rox_id = var.fsx_rox_id
310312
fsx_rox_arn = var.fsx_rox_arn
313+
enable_backup_lambda = var.enable_backup_lambda
311314
}
312315

313316
module "iam" {
@@ -352,7 +355,7 @@ module "iam" {
352355
module "cluster" {
353356
count = var.multitenant_enabled == false ? 1 : 0
354357
source = "app.terraform.io/indico/indico-aws-eks-cluster/mod"
355-
version = "10.0.2"
358+
version = "10.0.6"
356359
label = var.multitenant_enabled ? var.tenant_cluster_name : var.label
357360
region = var.region
358361
cluster_version = var.k8s_version
@@ -372,13 +375,16 @@ module "cluster" {
372375
instance_volume_size = var.instance_volume_size
373376
instance_volume_type = var.instance_volume_type
374377

375-
additional_users = var.additional_users
378+
enable_additional_access_entries = var.enable_additional_access_entries
376379

377380
public_endpoint_enabled = var.cluster_api_endpoint_public == true ? true : false
378381
private_endpoint_enabled = var.network_allow_public == true ? false : true
379382

383+
create_cluster_security_group = var.create_cluster_security_group
380384
cluster_security_group_id = local.environment_all_subnets_sg_id
381385
cluster_additional_security_group_ids = [local.environment_all_subnets_sg_id]
386+
create_node_security_group = var.create_node_security_group
387+
node_security_group_id = local.environment_all_subnets_sg_id
382388
http_tokens = var.http_tokens
383389
}
384390

variables.tf

Lines changed: 29 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -553,7 +553,7 @@ variable "include_fsx" {
553553
variable "include_pgbackup" {
554554
type = bool
555555
default = true
556-
description = "Create a read only FSx file system"
556+
description = "Create a s3 backup for postgres"
557557
}
558558

559559
variable "include_efs" {
@@ -1127,13 +1127,12 @@ variable "indico_sqs_sns_policy_name" {
11271127
default = null
11281128
}
11291129

1130-
variable "additional_users" {
1131-
type = list(string)
1132-
default = []
1133-
description = "The names of additional AWS users to provide admin access to the cluster"
1130+
variable "enable_additional_access_entries" {
1131+
type = bool
1132+
default = true
1133+
description = "If true this will create additional access entries for the cluster"
11341134
}
11351135

1136-
11371136
## Unused variables
11381137

11391138
variable "aws_account_name" {
@@ -1228,6 +1227,12 @@ variable "create_s3_backup_role" {
12281227
description = "Flag to create or load s3 backup role"
12291228
}
12301229

1230+
variable "s3_enable_public_access_block" {
1231+
type = bool
1232+
default = true
1233+
description = "If true this will enable public access block on the s3 buckets"
1234+
}
1235+
12311236
variable "create_vpc_flow_logs_role" {
12321237
type = bool
12331238
default = true
@@ -1270,6 +1275,18 @@ variable "pgbackup_s3_bucket_name_override" {
12701275
description = "The name of the existing S3 bucket to be created/loaded and used as the postgres backup bucket"
12711276
}
12721277

1278+
variable "create_cluster_security_group" {
1279+
type = bool
1280+
default = true
1281+
description = "Flag to create or load cluster security group"
1282+
}
1283+
1284+
variable "create_node_security_group" {
1285+
type = bool
1286+
default = true
1287+
description = "Flag to create or load node security group"
1288+
}
1289+
12731290
# Additional variables
12741291
variable "enable_s3_replication" {
12751292
type = bool
@@ -1326,6 +1343,12 @@ variable "fsx_deployment_type" {
13261343
description = "The deployment type to launch"
13271344
}
13281345

1346+
variable "enable_backup_lambda" {
1347+
type = bool
1348+
default = true
1349+
description = "If true this will enable the backup lambda for fsx"
1350+
}
1351+
13291352
variable "fsx_type" {
13301353
type = string
13311354
default = "create"

0 commit comments

Comments
 (0)