feat(eks-vpc): verify available ec2 elastic ips quotas before apply

[leiicamundi]

This pull request introduces a check to validate the availability of Elastic IP quotas before creating resources.

I did not use the native data sources provided by the provider as they do not meet the requirements for this specific validation.

The checks will be executed during the terraform plan phase. Since the checks are independent of the resource lifecycle, a strong dependency with depends_on is not feasible. These checks will only raise warnings if the conditions are not met, without interrupting the overall execution of Terraform operations.

[Langleu]

Tried it out and didn't work for me, it mentioned it couldn't find the bash scripts, double checked and they were present.

I'm also not sure the solution would help as it highly depends on a local existing and configured AWS environment, which may not be the case at all times depending on how the provider is configured (ci environments, tf cloud, ...)

My proposal would be to utilize native Terraform for it instead as this will fallback to the provider being configured and nothing external.

The following should achieve the same thing. Not sure why data sources were dismissed in the beginning as I'm not sure what they don't fulfill.

# Pulls the available EC2 IP quota for the provider specific region
data "aws_servicequotas_service_quota" "eip_quota" {
  service_code = "ec2"
  quota_code   = "L-0263D0A3" # Quota code for Elastic IP addresses per region
}

data "aws_vpcs" "current_vpcs" {
  tags = {
    Name = local.vpc_name
  }
}

data "aws_eips" "current_usage" {}

locals {
 # On initial apply there's no VPC, so we consider 0 reserved IPs
 # On follow up applies, there's a VPC so we add a minimum of AZ IPs, so the warning will not happen again.
  remaining_eip_quota = data.aws_servicequotas_service_quota.eip_quota.value - length(data.aws_eips.current_usage.public_ips) + (length(data.aws_vpcs.current_vpcs.ids) > 0 ? var.availability_zones_count : 0)
}

check "elastic_ip_quota_check" {
  assert {
    condition     = local.remaining_eip_quota >= var.availability_zones_count
    error_message = "Error: Not enough Elastic IP quota to allocate ${var.availability_zones_count} new IPs. Remaining quota: ${local.remaining_eip_quota}. Maximum Quota: ${data.aws_servicequotas_service_quota.eip_quota.value}, Currently used IPs: ${length(data.aws_eips.current_usage.public_ips)} "
  }
}

Texts etc can be changed, just as an example of afaik achieving the same.

Example where I temporarily changed the condition from >= to <=

Happy to discuss this further, would like to try to keep it less disruptive for backwards compatibility. Otherwise we force users to properly define their environment + install AWS CLI, which may not always be possible.

// edit: update example
On initial apply the data source of the VPC = 0, so fresh installation.
After that, the value is defined, meaning we're adding the value to the quota to not cause the warning to happen.
Remaining quota would never be below the required value.