From 7bcefc575f9c02f18608a6756167eddf64c902b5 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Wed, 29 May 2024 14:09:10 +0200 Subject: [PATCH 01/10] OPS-5932: Migrating to launchtemplate --- modules/consul-cluster/main.tf | 80 ++++++++++++++++++++++++++-------- modules/vault-cluster/main.tf | 76 +++++++++++++++++++++++++------- 2 files changed, 121 insertions(+), 35 deletions(-) diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index 598b6fc..acc22d5 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -1,7 +1,11 @@ resource "aws_autoscaling_group" "autoscaling_group" { name_prefix = var.cluster_name - launch_configuration = aws_launch_configuration.launch_configuration.name + launch_template { + id = aws_launch_template.launch_configuration.id + version = aws_launch_template.launch_configuration.latest_version + } + # launch_configuration = aws_launch_configuration.launch_configuration.name vpc_zone_identifier = flatten(var.subnet_ids) @@ -44,36 +48,74 @@ resource "aws_autoscaling_group" "autoscaling_group" { } } -resource "aws_launch_configuration" "launch_configuration" { +# resource "aws_launch_configuration" "launch_configuration" { +# name_prefix = "${var.cluster_name}-" +# image_id = var.ami_id +# instance_type = var.instance_type +# user_data = var.user_data + +# iam_instance_profile = aws_iam_instance_profile.instance_profile.name +# placement_tenancy = var.tenancy + +# metadata_options { +# http_tokens = "required" +# http_put_response_hop_limit = 1 +# http_endpoint = "enabled" +# } + +# security_groups = [ +# module.lc_security_group.security_group_id, +# module.attach_security_group.security_group_id, +# ] + +# associate_public_ip_address = false + +# ebs_optimized = var.root_volume_ebs_optimized +# root_block_device { +# volume_type = var.root_volume_type +# volume_size = var.root_volume_size +# delete_on_termination = var.root_volume_delete_on_termination +# } + +# lifecycle { +# create_before_destroy = true +# } +# } +resource "aws_launch_template" "launch_configuration" { name_prefix = "${var.cluster_name}-" image_id = var.ami_id instance_type = var.instance_type user_data = var.user_data - iam_instance_profile = aws_iam_instance_profile.instance_profile.name - placement_tenancy = var.tenancy + iam_instance_profile { + name = aws_iam_instance_profile.instance_profile.name + } + placement { + tenancy = var.tenancy + } + vpc_security_group_ids = [ + module.lc_security_group.security_group_id, + module.attach_security_group.security_group_id, + ] metadata_options { http_tokens = "required" http_put_response_hop_limit = 1 http_endpoint = "enabled" } - security_groups = [ - module.lc_security_group.security_group_id, - module.attach_security_group.security_group_id, - ] - - associate_public_ip_address = false - - ebs_optimized = var.root_volume_ebs_optimized - root_block_device { - volume_type = var.root_volume_type - volume_size = var.root_volume_size - delete_on_termination = var.root_volume_delete_on_termination + network_interfaces { + associate_public_ip_address = false } - lifecycle { - create_before_destroy = true + ebs_optimized = var.root_volume_ebs_optimized + block_device_mappings { + device_name = "/dev/sda1" + ebs { + volume_size = var.root_volume_size + #volume_size = 20 # LT Update Testing - Version 2 of LT + delete_on_termination = var.root_volume_delete_on_termination + volume_type = var.root_volume_type + } } -} +} \ No newline at end of file diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index e621648..d0840ff 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -1,7 +1,11 @@ resource "aws_autoscaling_group" "autoscaling_group" { name_prefix = var.cluster_name - launch_configuration = aws_launch_configuration.launch_configuration.name + launch_template { + id = aws_launch_template.launch_configuration.id + version = aws_launch_template.launch_configuration.latest_version + } + # launch_configuration = aws_launch_configuration.launch_configuration.name vpc_zone_identifier = flatten(var.subnet_ids) @@ -39,36 +43,76 @@ resource "aws_autoscaling_group" "autoscaling_group" { } } -resource "aws_launch_configuration" "launch_configuration" { +# resource "aws_launch_configuration" "launch_configuration" { +# name_prefix = "${var.cluster_name}-" +# image_id = var.ami_id +# instance_type = var.instance_type +# user_data = var.user_data + +# iam_instance_profile = aws_iam_instance_profile.instance_profile.name +# placement_tenancy = var.tenancy + +# security_groups = [ +# module.lc_security_group.security_group_id, +# module.attach_security_group.security_group_id, +# ] + +# metadata_options { +# http_tokens = "required" +# http_put_response_hop_limit = 1 +# http_endpoint = "enabled" +# } + +# associate_public_ip_address = false + +# ebs_optimized = var.root_volume_ebs_optimized +# root_block_device { +# volume_type = var.root_volume_type +# volume_size = var.root_volume_size +# delete_on_termination = var.root_volume_delete_on_termination +# } + +# lifecycle { +# create_before_destroy = true +# } +# } + +# Launch Template Resource +resource "aws_launch_template" "launch_configuration" { name_prefix = "${var.cluster_name}-" image_id = var.ami_id instance_type = var.instance_type user_data = var.user_data - iam_instance_profile = aws_iam_instance_profile.instance_profile.name - placement_tenancy = var.tenancy + iam_instance_profile { + name = aws_iam_instance_profile.instance_profile.name + } + placement { + tenancy = var.tenancy + } - security_groups = [ + vpc_security_group_ids = [ module.lc_security_group.security_group_id, module.attach_security_group.security_group_id, ] - metadata_options { http_tokens = "required" http_put_response_hop_limit = 1 http_endpoint = "enabled" } - associate_public_ip_address = false - - ebs_optimized = var.root_volume_ebs_optimized - root_block_device { - volume_type = var.root_volume_type - volume_size = var.root_volume_size - delete_on_termination = var.root_volume_delete_on_termination + network_interfaces { + associate_public_ip_address = false } - lifecycle { - create_before_destroy = true + ebs_optimized = var.root_volume_ebs_optimized + block_device_mappings { + device_name = "/dev/sda1" + ebs { + volume_size = var.root_volume_size + #volume_size = 20 # LT Update Testing - Version 2 of LT + delete_on_termination = var.root_volume_delete_on_termination + volume_type = var.root_volume_type + } } -} +} \ No newline at end of file From a960ae8a55e1e63903a2a323410062419e99cb40 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Wed, 29 May 2024 14:13:41 +0200 Subject: [PATCH 02/10] OPS-5932: quick fix --- modules/consul-cluster/main.tf | 6 +++--- modules/consul-cluster/outputs.tf | 12 ++++++++---- modules/vault-cluster/main.tf | 6 +++--- modules/vault-cluster/outputs.tf | 11 ++++++++--- 4 files changed, 22 insertions(+), 13 deletions(-) diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index acc22d5..61be226 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -2,8 +2,8 @@ resource "aws_autoscaling_group" "autoscaling_group" { name_prefix = var.cluster_name launch_template { - id = aws_launch_template.launch_configuration.id - version = aws_launch_template.launch_configuration.latest_version + id = aws_launch_template.launch_template.id + version = aws_launch_template.launch_template.latest_version } # launch_configuration = aws_launch_configuration.launch_configuration.name @@ -81,7 +81,7 @@ resource "aws_autoscaling_group" "autoscaling_group" { # create_before_destroy = true # } # } -resource "aws_launch_template" "launch_configuration" { +resource "aws_launch_template" "launch_template" { name_prefix = "${var.cluster_name}-" image_id = var.ami_id instance_type = var.instance_type diff --git a/modules/consul-cluster/outputs.tf b/modules/consul-cluster/outputs.tf index fe67331..2b71d42 100644 --- a/modules/consul-cluster/outputs.tf +++ b/modules/consul-cluster/outputs.tf @@ -8,11 +8,15 @@ output "cluster_size" { description = "Number of Consul nodes" } -output "launch_config_name" { - value = aws_launch_configuration.launch_configuration.name - description = "Name of the Consul launch configuration" -} +# output "launch_config_name" { +# value = aws_launch_configuration.launch_configuration.name +# description = "Name of the Consul launch configuration" +# } +output "launch_template" { + value = aws_launch_configuration.launch_template.name + description = "Name of the Vault launch_template" +} output "iam_role_arn" { value = aws_iam_role.instance_role.arn description = "ARN of the IAM role attached to the Consul instance." diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index d0840ff..bf93773 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -2,8 +2,8 @@ resource "aws_autoscaling_group" "autoscaling_group" { name_prefix = var.cluster_name launch_template { - id = aws_launch_template.launch_configuration.id - version = aws_launch_template.launch_configuration.latest_version + id = aws_launch_template.launch_template.id + version = aws_launch_template.launch_template.latest_version } # launch_configuration = aws_launch_configuration.launch_configuration.name @@ -78,7 +78,7 @@ resource "aws_autoscaling_group" "autoscaling_group" { # } # Launch Template Resource -resource "aws_launch_template" "launch_configuration" { +resource "aws_launch_template" "launch_template" { name_prefix = "${var.cluster_name}-" image_id = var.ami_id instance_type = var.instance_type diff --git a/modules/vault-cluster/outputs.tf b/modules/vault-cluster/outputs.tf index 79e97f3..f85b66d 100644 --- a/modules/vault-cluster/outputs.tf +++ b/modules/vault-cluster/outputs.tf @@ -8,9 +8,14 @@ output "cluster_size" { description = "Number of Vault nodes" } -output "launch_config_name" { - value = aws_launch_configuration.launch_configuration.name - description = "Name of the Vault launch configuration" +# output "launch_config_name" { +# value = aws_launch_configuration.launch_configuration.name +# description = "Name of the Vault launch configuration" +# } + +output "launch_template" { + value = aws_launch_configuration.launch_template.name + description = "Name of the Vault launch_template" } output "iam_role_arn" { From a04d5577f0bacd1c73c3d44314ae1df9cac1f308 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Wed, 29 May 2024 14:17:41 +0200 Subject: [PATCH 03/10] OPS-5932: typo --- modules/consul-cluster/outputs.tf | 2 +- modules/vault-cluster/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/consul-cluster/outputs.tf b/modules/consul-cluster/outputs.tf index 2b71d42..81645f6 100644 --- a/modules/consul-cluster/outputs.tf +++ b/modules/consul-cluster/outputs.tf @@ -14,7 +14,7 @@ output "cluster_size" { # } output "launch_template" { - value = aws_launch_configuration.launch_template.name + value = aws_launch_template.launch_template.name description = "Name of the Vault launch_template" } output "iam_role_arn" { diff --git a/modules/vault-cluster/outputs.tf b/modules/vault-cluster/outputs.tf index f85b66d..442cdde 100644 --- a/modules/vault-cluster/outputs.tf +++ b/modules/vault-cluster/outputs.tf @@ -14,7 +14,7 @@ output "cluster_size" { # } output "launch_template" { - value = aws_launch_configuration.launch_template.name + value = aws_launch_template.launch_template.name description = "Name of the Vault launch_template" } From af96a7f04fe39b097a1d63c1006230e279bb5949 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Wed, 29 May 2024 14:21:13 +0200 Subject: [PATCH 04/10] OPS-5932: typo --- outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outputs.tf b/outputs.tf index 34ff54a..22e8e98 100644 --- a/outputs.tf +++ b/outputs.tf @@ -19,12 +19,12 @@ output "asg_name_vault_cluster" { } output "launch_config_name_consul_cluster" { - value = module.consul_cluster.launch_config_name + value = module.consul_cluster.launch_template description = "Launch configuration name of the Consul cluster." } output "launch_config_name_vault_cluster" { - value = module.vault_cluster.launch_config_name + value = module.vault_cluster.launch_template description = "Launch configuration name of the Vault cluster." } From 33d0500637f816601b62a6e7c819514134467396 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Wed, 29 May 2024 14:29:31 +0200 Subject: [PATCH 05/10] OPS-5932: rm tenancy --- modules/consul-cluster/main.tf | 3 --- modules/consul-cluster/variables.tf | 10 +++++----- modules/vault-cluster/main.tf | 3 --- modules/vault-cluster/variables.tf | 10 +++++----- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index 61be226..5ec9036 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -90,9 +90,6 @@ resource "aws_launch_template" "launch_template" { iam_instance_profile { name = aws_iam_instance_profile.instance_profile.name } - placement { - tenancy = var.tenancy - } vpc_security_group_ids = [ module.lc_security_group.security_group_id, diff --git a/modules/consul-cluster/variables.tf b/modules/consul-cluster/variables.tf index 498e31c..fd72db7 100644 --- a/modules/consul-cluster/variables.tf +++ b/modules/consul-cluster/variables.tf @@ -30,11 +30,11 @@ variable "cluster_size" { type = number } -variable "tenancy" { - description = "The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used." - default = "" - type = string -} +# variable "tenancy" { +# description = "The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used." +# default = "" +# type = string +# } variable "root_volume_ebs_optimized" { description = "If true, the launched EC2 instance will be EBS-optimized." diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index bf93773..f2bfc6e 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -87,9 +87,6 @@ resource "aws_launch_template" "launch_template" { iam_instance_profile { name = aws_iam_instance_profile.instance_profile.name } - placement { - tenancy = var.tenancy - } vpc_security_group_ids = [ module.lc_security_group.security_group_id, diff --git a/modules/vault-cluster/variables.tf b/modules/vault-cluster/variables.tf index 7c4053c..4c6aeb0 100644 --- a/modules/vault-cluster/variables.tf +++ b/modules/vault-cluster/variables.tf @@ -30,11 +30,11 @@ variable "cluster_size" { type = number } -variable "tenancy" { - description = "The tenancy of the instance. Must be one of: default or dedicated." - default = "default" - type = string -} +# variable "tenancy" { +# description = "The tenancy of the instance. Must be one of: default or dedicated." +# default = "default" +# type = string +# } variable "root_volume_ebs_optimized" { description = "If true, the launched EC2 instance will be EBS-optimized." From 5ba9299970339f94242c558c429a9f2b01a7944e Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Thu, 30 May 2024 12:57:50 +0200 Subject: [PATCH 06/10] OPS-5932: refactoring --- main.tf | 8 +++--- modules/consul-cluster/main.tf | 38 ---------------------------- modules/consul-cluster/outputs.tf | 5 ---- modules/consul-cluster/variables.tf | 6 ----- modules/vault-cluster/main.tf | 39 ----------------------------- modules/vault-cluster/outputs.tf | 5 ---- modules/vault-cluster/variables.tf | 6 ----- outputs.tf | 8 +++--- 8 files changed, 8 insertions(+), 107 deletions(-) diff --git a/main.tf b/main.tf index f48559b..3d036a5 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,7 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = templatefile("${path.module}/user-data/vault.sh.tftpl", { + user_data = base64encode(templatefile("${path.module}/user-data/vault.sh.tftpl", { enable_s3_backend = var.enable_s3_backend ? 1 : 0 s3_bucket_region = data.aws_region.current.name s3_bucket_name = var.s3_bucket_name @@ -14,7 +14,7 @@ module "vault_cluster" { consul_cluster_tag_value = local.consul_cluster_tag_val ssh_keys = join("\n", var.ssh_keys) ssh_user = "ubuntu" - }) + })) vpc_id = var.vpc_id subnet_ids = var.private_subnet_ids @@ -82,12 +82,12 @@ module "consul_cluster" { instance_type = var.consul_instance_type ami_id = var.ami_id - user_data = templatefile("${path.module}/user-data/consul.sh.tftpl", { + user_data = base64encode(templatefile("${path.module}/user-data/consul.sh.tftpl", { consul_cluster_tag_key = local.consul_cluster_tag_key consul_cluster_tag_value = local.consul_cluster_tag_val ssh_keys = join("\n", var.ssh_keys) ssh_user = "ubuntu" - }) + })) vpc_id = var.vpc_id subnet_ids = var.private_subnet_ids diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index 5ec9036..cbecec8 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -48,39 +48,6 @@ resource "aws_autoscaling_group" "autoscaling_group" { } } -# resource "aws_launch_configuration" "launch_configuration" { -# name_prefix = "${var.cluster_name}-" -# image_id = var.ami_id -# instance_type = var.instance_type -# user_data = var.user_data - -# iam_instance_profile = aws_iam_instance_profile.instance_profile.name -# placement_tenancy = var.tenancy - -# metadata_options { -# http_tokens = "required" -# http_put_response_hop_limit = 1 -# http_endpoint = "enabled" -# } - -# security_groups = [ -# module.lc_security_group.security_group_id, -# module.attach_security_group.security_group_id, -# ] - -# associate_public_ip_address = false - -# ebs_optimized = var.root_volume_ebs_optimized -# root_block_device { -# volume_type = var.root_volume_type -# volume_size = var.root_volume_size -# delete_on_termination = var.root_volume_delete_on_termination -# } - -# lifecycle { -# create_before_destroy = true -# } -# } resource "aws_launch_template" "launch_template" { name_prefix = "${var.cluster_name}-" image_id = var.ami_id @@ -101,16 +68,11 @@ resource "aws_launch_template" "launch_template" { http_endpoint = "enabled" } - network_interfaces { - associate_public_ip_address = false - } - ebs_optimized = var.root_volume_ebs_optimized block_device_mappings { device_name = "/dev/sda1" ebs { volume_size = var.root_volume_size - #volume_size = 20 # LT Update Testing - Version 2 of LT delete_on_termination = var.root_volume_delete_on_termination volume_type = var.root_volume_type } diff --git a/modules/consul-cluster/outputs.tf b/modules/consul-cluster/outputs.tf index 81645f6..f2e5bde 100644 --- a/modules/consul-cluster/outputs.tf +++ b/modules/consul-cluster/outputs.tf @@ -8,11 +8,6 @@ output "cluster_size" { description = "Number of Consul nodes" } -# output "launch_config_name" { -# value = aws_launch_configuration.launch_configuration.name -# description = "Name of the Consul launch configuration" -# } - output "launch_template" { value = aws_launch_template.launch_template.name description = "Name of the Vault launch_template" diff --git a/modules/consul-cluster/variables.tf b/modules/consul-cluster/variables.tf index fd72db7..0030ad1 100644 --- a/modules/consul-cluster/variables.tf +++ b/modules/consul-cluster/variables.tf @@ -30,12 +30,6 @@ variable "cluster_size" { type = number } -# variable "tenancy" { -# description = "The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used." -# default = "" -# type = string -# } - variable "root_volume_ebs_optimized" { description = "If true, the launched EC2 instance will be EBS-optimized." default = false diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index f2bfc6e..2ff695c 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -43,40 +43,6 @@ resource "aws_autoscaling_group" "autoscaling_group" { } } -# resource "aws_launch_configuration" "launch_configuration" { -# name_prefix = "${var.cluster_name}-" -# image_id = var.ami_id -# instance_type = var.instance_type -# user_data = var.user_data - -# iam_instance_profile = aws_iam_instance_profile.instance_profile.name -# placement_tenancy = var.tenancy - -# security_groups = [ -# module.lc_security_group.security_group_id, -# module.attach_security_group.security_group_id, -# ] - -# metadata_options { -# http_tokens = "required" -# http_put_response_hop_limit = 1 -# http_endpoint = "enabled" -# } - -# associate_public_ip_address = false - -# ebs_optimized = var.root_volume_ebs_optimized -# root_block_device { -# volume_type = var.root_volume_type -# volume_size = var.root_volume_size -# delete_on_termination = var.root_volume_delete_on_termination -# } - -# lifecycle { -# create_before_destroy = true -# } -# } - # Launch Template Resource resource "aws_launch_template" "launch_template" { name_prefix = "${var.cluster_name}-" @@ -98,16 +64,11 @@ resource "aws_launch_template" "launch_template" { http_endpoint = "enabled" } - network_interfaces { - associate_public_ip_address = false - } - ebs_optimized = var.root_volume_ebs_optimized block_device_mappings { device_name = "/dev/sda1" ebs { volume_size = var.root_volume_size - #volume_size = 20 # LT Update Testing - Version 2 of LT delete_on_termination = var.root_volume_delete_on_termination volume_type = var.root_volume_type } diff --git a/modules/vault-cluster/outputs.tf b/modules/vault-cluster/outputs.tf index 442cdde..21e0097 100644 --- a/modules/vault-cluster/outputs.tf +++ b/modules/vault-cluster/outputs.tf @@ -8,11 +8,6 @@ output "cluster_size" { description = "Number of Vault nodes" } -# output "launch_config_name" { -# value = aws_launch_configuration.launch_configuration.name -# description = "Name of the Vault launch configuration" -# } - output "launch_template" { value = aws_launch_template.launch_template.name description = "Name of the Vault launch_template" diff --git a/modules/vault-cluster/variables.tf b/modules/vault-cluster/variables.tf index 4c6aeb0..a99aab0 100644 --- a/modules/vault-cluster/variables.tf +++ b/modules/vault-cluster/variables.tf @@ -30,12 +30,6 @@ variable "cluster_size" { type = number } -# variable "tenancy" { -# description = "The tenancy of the instance. Must be one of: default or dedicated." -# default = "default" -# type = string -# } - variable "root_volume_ebs_optimized" { description = "If true, the launched EC2 instance will be EBS-optimized." default = false diff --git a/outputs.tf b/outputs.tf index 22e8e98..32c59c3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -18,14 +18,14 @@ output "asg_name_vault_cluster" { description = "Autoscaling group name of the Vault cluster." } -output "launch_config_name_consul_cluster" { +output "launch_template_name_consul_cluster" { value = module.consul_cluster.launch_template - description = "Launch configuration name of the Consul cluster." + description = "Launch template name of the Consul cluster." } -output "launch_config_name_vault_cluster" { +output "launch_template_name_vault_cluster" { value = module.vault_cluster.launch_template - description = "Launch configuration name of the Vault cluster." + description = "Launch template name of the Vault cluster." } output "iam_role_arn_consul_cluster" { From c8bf91749ef33006d781ac8059337db4a79f6b16 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Thu, 30 May 2024 12:58:34 +0200 Subject: [PATCH 07/10] OPS-5932: typo --- modules/consul-cluster/main.tf | 1 - modules/vault-cluster/main.tf | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index cbecec8..32b4366 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -5,7 +5,6 @@ resource "aws_autoscaling_group" "autoscaling_group" { id = aws_launch_template.launch_template.id version = aws_launch_template.launch_template.latest_version } - # launch_configuration = aws_launch_configuration.launch_configuration.name vpc_zone_identifier = flatten(var.subnet_ids) diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index 2ff695c..f00ec0a 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -5,7 +5,6 @@ resource "aws_autoscaling_group" "autoscaling_group" { id = aws_launch_template.launch_template.id version = aws_launch_template.launch_template.latest_version } - # launch_configuration = aws_launch_configuration.launch_configuration.name vpc_zone_identifier = flatten(var.subnet_ids) From a818eedcf59c0eb66d90742e8b6eaa1c0b9cf8e2 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Thu, 30 May 2024 12:59:42 +0200 Subject: [PATCH 08/10] OPS-5932: typo --- modules/consul-cluster/main.tf | 2 +- modules/vault-cluster/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf index 32b4366..8b6e2c1 100644 --- a/modules/consul-cluster/main.tf +++ b/modules/consul-cluster/main.tf @@ -76,4 +76,4 @@ resource "aws_launch_template" "launch_template" { volume_type = var.root_volume_type } } -} \ No newline at end of file +} diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf index f00ec0a..50cec40 100644 --- a/modules/vault-cluster/main.tf +++ b/modules/vault-cluster/main.tf @@ -72,4 +72,4 @@ resource "aws_launch_template" "launch_template" { volume_type = var.root_volume_type } } -} \ No newline at end of file +} From b36a88afeba831268da50d998fd07e13d32fb2c2 Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Thu, 30 May 2024 13:16:30 +0200 Subject: [PATCH 09/10] OPS-5932: fixed readme --- README.md | 4 ++-- modules/consul-cluster/README.md | 35 +++++++++++++-------------- modules/vault-cluster/README.md | 41 ++++++++++++++++---------------- 3 files changed, 39 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 5ccc080..8877782 100644 --- a/README.md +++ b/README.md @@ -254,8 +254,8 @@ Default: `null` | [iam\_role\_arn\_vault\_cluster](#output\_iam\_role\_arn\_vault\_cluster) | IAM role ARN attached to the Vault cluster. | | [iam\_role\_id\_consul\_cluster](#output\_iam\_role\_id\_consul\_cluster) | IAM role ID attached to the Consul cluster. | | [iam\_role\_id\_vault\_cluster](#output\_iam\_role\_id\_vault\_cluster) | IAM role ID attached to the Vault cluster. | -| [launch\_config\_name\_consul\_cluster](#output\_launch\_config\_name\_consul\_cluster) | Launch configuration name of the Consul cluster. | -| [launch\_config\_name\_vault\_cluster](#output\_launch\_config\_name\_vault\_cluster) | Launch configuration name of the Vault cluster. | +| [launch\_template\_name\_consul\_cluster](#output\_launch\_template\_name\_consul\_cluster) | Launch template name of the Consul cluster. | +| [launch\_template\_name\_vault\_cluster](#output\_launch\_template\_name\_vault\_cluster) | Launch template name of the Vault cluster. | | [security\_group\_id\_consul\_cluster](#output\_security\_group\_id\_consul\_cluster) | Security group ID of the Consul cluster to attach to other security group rules. | | [security\_group\_id\_vault\_cluster](#output\_security\_group\_id\_vault\_cluster) | Security group ID of the Vault cluster to attach to other security group rules. | diff --git a/modules/consul-cluster/README.md b/modules/consul-cluster/README.md index 863e1a3..c8a1f13 100644 --- a/modules/consul-cluster/README.md +++ b/modules/consul-cluster/README.md @@ -42,7 +42,7 @@ rules. | [aws_autoscaling_group.autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource | | [aws_iam_instance_profile.instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | | [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource | +| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource | | [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -50,28 +50,27 @@ rules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | | [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Consul installed and configured by the install-consul module. | `string` | n/a | yes | -| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | | [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the Consul cluster. We strongly recommended that you use either 3 or 5. | `number` | `3` | no | -| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used. | `string` | `""` | no | -| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | -| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | -| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | -| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | -| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | -| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | -| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | +| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no | +| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no | | [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | +| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | | [instance\_profile\_path](#input\_instance\_profile\_path) | Path in which to create the IAM instance profile. | `string` | `"/"` | no | +| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no | +| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | +| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | +| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | | [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Consul instances. | `string` | n/a | yes | -| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | | [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | -| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no | -| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no | +| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | +| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes | +| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes | +| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | ## Outputs @@ -79,10 +78,10 @@ rules. |------|-------------| | [asg\_name](#output\_asg\_name) | Name of the Consul autoscaling group | | [cluster\_size](#output\_cluster\_size) | Number of Consul nodes | -| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Consul launch configuration | | [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Consul instance. | | [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Consul instance. | | [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Consul instance. | +| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | | [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. | diff --git a/modules/vault-cluster/README.md b/modules/vault-cluster/README.md index 01e9250..444cfb1 100644 --- a/modules/vault-cluster/README.md +++ b/modules/vault-cluster/README.md @@ -63,7 +63,7 @@ machines. | [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_iam_role_policy.vault_s3_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource | +| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource | | [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -75,30 +75,29 @@ machines. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | | [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Vault installed and configured by the install-vault module. | `string` | n/a | yes | -| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | | [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5. | `number` | `3` | no | -| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: default or dedicated. | `string` | `"default"` | no | -| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | -| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | -| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | -| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | -| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | -| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | -| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | -| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | -| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes | -| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes | | [consul\_security\_group\_id](#input\_consul\_security\_group\_id) | ID of the security group of the Consul instances to allow traffic from Consul into Vault. | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | -| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes | | [enable\_s3\_backend](#input\_enable\_s3\_backend) | Whether to configure an S3 storage backend in addition to Consul. | `bool` | `false` | no | -| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no | | [enable\_s3\_backend\_encryption](#input\_enable\_s3\_backend\_encryption) | Whether to configure the S3 storage backend to be encrypted with a KMS key. | `bool` | `false` | no | +| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | +| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | +| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no | | [kms\_alias\_name](#input\_kms\_alias\_name) | The name of the KMS key that is used for S3 storage backend encryption. | `string` | `""` | no | +| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | +| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | +| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | +| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no | +| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | +| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | +| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes | +| [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | ## Outputs @@ -106,12 +105,12 @@ machines. |------|-------------| | [asg\_name](#output\_asg\_name) | Name of the Vault autoscaling group | | [cluster\_size](#output\_cluster\_size) | Number of Vault nodes | -| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Vault launch configuration | | [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Vault instance. | | [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Vault instance. | | [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Vault instance. | -| [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. | +| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | | [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | ARN of the S3 bucket if used as storage backend | +| [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. | From b4c4500569a73c1a6d50902f9f0cd3afa9b9792a Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Thu, 30 May 2024 13:19:16 +0200 Subject: [PATCH 10/10] OPS-5932: fixed readme --- modules/consul-cluster/README.md | 32 +++++++++++++-------------- modules/vault-cluster/README.md | 38 ++++++++++++++++---------------- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/modules/consul-cluster/README.md b/modules/consul-cluster/README.md index c8a1f13..61659ec 100644 --- a/modules/consul-cluster/README.md +++ b/modules/consul-cluster/README.md @@ -50,27 +50,27 @@ rules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | | [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Consul installed and configured by the install-consul module. | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | -| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the Consul cluster. We strongly recommended that you use either 3 or 5. | `number` | `3` | no | -| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no | -| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no | -| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | -| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | -| [instance\_profile\_path](#input\_instance\_profile\_path) | Path in which to create the IAM instance profile. | `string` | `"/"` | no | +| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes | | [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no | -| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | +| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the Consul cluster. We strongly recommended that you use either 3 or 5. | `number` | `3` | no | | [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | -| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | | [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | -| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Consul instances. | `string` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. We recommend one subnet ID per node in the cluster\_size variable. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | -| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | +| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | | [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | -| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes | -| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the Consul cluster | `string` | n/a | yes | | [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | +| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | +| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | +| [instance\_profile\_path](#input\_instance\_profile\_path) | Path in which to create the IAM instance profile. | `string` | `"/"` | no | +| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Consul instances. | `string` | n/a | yes | +| [vault\_security\_group\_id](#input\_vault\_security\_group\_id) | ID of the security group of the Vault instances to allow traffic from Vault into Consul. | `string` | n/a | yes | +| [cluster\_name](#input\_cluster\_name) | The name of the Consul cluster (e.g. consul-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | +| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [cluster\_tag\_key](#input\_cluster\_tag\_key) | Add a tag with this key and the value var.cluster\_tag\_value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"consul-servers"` | no | +| [cluster\_tag\_value](#input\_cluster\_tag\_value) | Add a tag with key var.clsuter\_tag\_key and this value to each Instance in the ASG. This can be used to automatically find other Consul nodes and form a cluster. | `string` | `"auto-join"` | no | ## Outputs @@ -78,10 +78,10 @@ rules. |------|-------------| | [asg\_name](#output\_asg\_name) | Name of the Consul autoscaling group | | [cluster\_size](#output\_cluster\_size) | Number of Consul nodes | +| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | | [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Consul instance. | | [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Consul instance. | | [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Consul instance. | -| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | | [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. | diff --git a/modules/vault-cluster/README.md b/modules/vault-cluster/README.md index 444cfb1..1d62025 100644 --- a/modules/vault-cluster/README.md +++ b/modules/vault-cluster/README.md @@ -75,29 +75,29 @@ machines. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | | [ami\_id](#input\_ami\_id) | The ID of the AMI to run in this cluster. Should be an AMI that had Vault installed and configured by the install-vault module. | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | -| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5. | `number` | `3` | no | -| [consul\_security\_group\_id](#input\_consul\_security\_group\_id) | ID of the security group of the Consul instances to allow traffic from Consul into Vault. | `string` | n/a | yes | -| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes | -| [enable\_s3\_backend](#input\_enable\_s3\_backend) | Whether to configure an S3 storage backend in addition to Consul. | `bool` | `false` | no | -| [enable\_s3\_backend\_encryption](#input\_enable\_s3\_backend\_encryption) | Whether to configure the S3 storage backend to be encrypted with a KMS key. | `bool` | `false` | no | -| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | -| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | +| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes | | [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no | -| [kms\_alias\_name](#input\_kms\_alias\_name) | The name of the KMS key that is used for S3 storage backend encryption. | `string` | `""` | no | -| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | +| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5. | `number` | `3` | no | | [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no | -| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | | [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no | -| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no | -| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet IDs into which the EC2 Instances should be deployed. You should typically pass in one subnet ID per node in the cluster\_size variable. We strongly recommend that you run Vault in private subnets. At least one of var.subnet\_ids or var.availability\_zones must be non-empty. | `list(string)` | n/a | yes | -| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no | +| [root\_volume\_delete\_on\_termination](#input\_root\_volume\_delete\_on\_termination) | Whether the volume should be destroyed on instance termination. | `bool` | `true` | no | | [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default. | `string` | `"Default"` | no | -| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to deploy the cluster | `string` | n/a | yes | | [wait\_for\_capacity\_timeout](#input\_wait\_for\_capacity\_timeout) | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | `string` | `"10m"` | no | +| [health\_check\_type](#input\_health\_check\_type) | Controls how health checking is done. Must be one of EC2 or ELB. | `string` | `"EC2"` | no | +| [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time, in seconds, after instance comes into service before checking health. | `number` | `60` | no | +| [elb\_security\_group\_id](#input\_elb\_security\_group\_id) | ID of the security group of a public ELB from which you can API access the Vault instances. | `string` | n/a | yes | +| [ssh\_security\_group\_id](#input\_ssh\_security\_group\_id) | ID of the security group of a bastion ssh instance from where you can ssh into the Vault instances. | `string` | n/a | yes | +| [consul\_security\_group\_id](#input\_consul\_security\_group\_id) | ID of the security group of the Consul instances to allow traffic from Consul into Vault. | `string` | n/a | yes | +| [cluster\_name](#input\_cluster\_name) | The name of the Vault cluster (e.g. vault-stage). This variable is used to namespace all resources created by this module. | `string` | n/a | yes | +| [tags](#input\_tags) | Tags to attach to all AWS resources | `map(string)` | `{}` | no | +| [enable\_s3\_backend](#input\_enable\_s3\_backend) | Whether to configure an S3 storage backend in addition to Consul. | `bool` | `false` | no | +| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket in the same region to use as a storage backend. Only used if 'enable\_s3\_backend' is set to true. | `string` | `""` | no | +| [enable\_s3\_backend\_encryption](#input\_enable\_s3\_backend\_encryption) | Whether to configure the S3 storage backend to be encrypted with a KMS key. | `bool` | `false` | no | +| [kms\_alias\_name](#input\_kms\_alias\_name) | The name of the KMS key that is used for S3 storage backend encryption. | `string` | `""` | no | ## Outputs @@ -105,12 +105,12 @@ machines. |------|-------------| | [asg\_name](#output\_asg\_name) | Name of the Vault autoscaling group | | [cluster\_size](#output\_cluster\_size) | Number of Vault nodes | +| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | | [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Vault instance. | | [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Vault instance. | | [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Vault instance. | -| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template | -| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | ARN of the S3 bucket if used as storage backend | | [security\_group\_id](#output\_security\_group\_id) | Security group ID to attach to other security group rules as destination. | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | ARN of the S3 bucket if used as storage backend |