v2 Refactor (BREAKING CHANGES):

- Namespace is not required anymore - ALB moved to it's own file - EFS moved into it's own file - ECR moved into it's own file - IAM instance profile name doesn't include namespace (only if it's part of `var.name`) - Cloudwatch ECS events name renamed (use `-` instead of `_`0 - Cluster name can't be inferred anymore (must be passed via parameter). Also is mandatory now. - ECR Repo name doesn't use namespace (only if it's included by the `var.name` - Docker image can be inferred from the ECR repo name (if managed) - EFS share creation separated from EFS share mount - Added ability to provide efs file system id explicitly (if it's not managed) - Bridgecrew tests removed (product discontinued) - Minor directory restructure - Variables ordering and updates - Minor reformatting & language updates - Precommit workflow added - Simple example added to README - Submodules README files added - Complete Examples updated - Added .editorconfig
hazelops · May 8, 2024 · 5db53f6 · 5db53f6
1 parent cdddeb0
commit 5db53f6
Show file tree

Hide file tree

Showing 39 changed files with 614 additions and 243 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,30 @@
+# EditorConfig is awesome: http://EditorConfig.org
+# Uses editorconfig to maintain consistent coding styles
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+[Makefile]
+tab_width = 2
+indent_style = tab
+
+[COMMIT_EDITMSG]
+max_line_length = 0
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,98 @@
+name: Pre-Commit
+
+on:
+  pull_request:
+    branches:
+      - main
+
+env:
+  TERRAFORM_DOCS_VERSION: v0.16.0
+  TFLINT_VERSION: v0.50.3
+
+jobs:
+  collect-inputs:
+    name: Collect workflow inputs
+    runs-on: ubuntu-latest
+    outputs:
+      directories: ${{ steps.dirs.outputs.directories }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get root directories
+        id: dirs
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+
+  precommit-min-versions:
+    name: Min TF pre-commit
+    needs: collect-inputs
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: ${{ fromJson(needs.collect-inputs.outputs.directories) }}
+    steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Terraform min/max versions
+        id: min-max
+        uses: clowdhaus/[email protected]
+        with:
+          directory: ${{ matrix.directory }}
+
+      - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory !=  '.' }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.min-max.outputs.min-version }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+      - name: Pre-commit Terraform ${{ steps.min-max.outputs.min-version }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory ==  '.' }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.min-max.outputs.min-version }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+
+  precommit-max-versions:
+    name: Max TF pre-commit
+    runs-on: ubuntu-latest
+    needs: collect-inputs
+    steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Terraform min/max versions
+        id: min-max
+        uses: clowdhaus/[email protected]
+
+      - name: Pre-commit Terraform ${{ steps.min-max.outputs.max-version }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.min-max.outputs.max-version }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          install-hcledit: true
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2021-2022 HazelOps OÜ
+   Copyright 2021 HazelOps OÜ
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
diff --git a/alb.tf b/alb.tf
@@ -0,0 +1,30 @@
+module "alb" {
+  count = var.app_type == "web" || var.app_type == "tcp-app" ? 1 : 0
+
+  source  = "registry.terraform.io/terraform-aws-modules/alb/aws"
+  version = "~> 7.0"
+
+  name               = var.public ? local.name : "${local.name}-private"
+  load_balancer_type = var.app_type == "web" ? "application" : "network"
+  internal           = var.public ? false : true
+  vpc_id             = var.vpc_id
+  security_groups    = var.alb_security_groups
+  subnets            = var.public ? var.public_subnets : var.private_subnets
+  idle_timeout       = var.alb_idle_timeout
+
+
+
+  http_tcp_listeners  = local.alb_http_tcp_listeners
+  https_listeners = var.https_enabled ? concat(local.alb_https_listeners) : []
+
+  target_groups = concat(var.app_type == "web" ? local.target_groups_web : local.target_groups_tcp)
+
+  access_logs = var.alb_access_logs_enabled && var.alb_access_logs_s3bucket_name != "" ? {
+    bucket = var.alb_access_logs_s3bucket_name
+  } : {}
+
+  tags = {
+    env = var.env
+    Env = var.env
+  }
+}
diff --git a/autoscaling.tf b/autoscaling.tf
@@ -17,7 +17,7 @@ module "autoscaling" {
 
   create                  = var.ecs_launch_type == "EC2" ? true : false
   create_launch_template  = var.ecs_launch_type == "EC2" ? true : false
-  
+
   name                  = local.name
   launch_template_name  = local.name
 
@@ -29,13 +29,13 @@ module "autoscaling" {
 
   # EC2 Instance Profile
   create_iam_instance_profile   = var.ecs_launch_type == "EC2" ? var.create_iam_instance_profile : false
-  iam_instance_profile_name     = "${var.env}-${var.namespace}"
-  iam_role_name                 = "${var.env}-${var.namespace}-ec2-profile-role"
+  iam_instance_profile_name     = "${var.env}-${var.name}"
+  iam_role_name                 = "${var.env}-${var.name}-ec2-profile-role"
   iam_role_path                 = "/ec2/"
   iam_role_policies = {
     AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
   }
-  
+
   block_device_mappings = [
     {
       # Root volume

diff --git a/ecr.tf b/ecr.tf
@@ -0,0 +1,8 @@
+module "ecr" {
+  source  = "registry.terraform.io/hazelops/ecr/aws"
+  version = "~> 1.1"
+
+  name         = local.ecr_repo_name
+  enabled      = var.ecr_repo_create
+  force_delete = var.ecr_force_delete
+}
diff --git a/efs.tf b/efs.tf
@@ -0,0 +1,18 @@
+module "efs" {
+  source  = "registry.terraform.io/cloudposse/efs/aws"
+  version = "~> 0.31"
+
+  enabled         = var.efs_enabled && var.efs_share_create ? true : false
+  stage           = var.env
+  name            = var.name
+  region          = data.aws_region.current.name
+  vpc_id          = var.vpc_id
+  security_groups = var.security_groups
+
+  # This is a workaround for 2-zone legacy setups
+  subnets = length(regexall("legacy", var.env)) > 0 ? [
+    var.private_subnets[0],
+    var.private_subnets[1]
+  ] : var.private_subnets
+
+}
diff --git a/examples/complete-tcp-app/main.tf b/examples/complete-tcp-app/main.tf
@@ -102,8 +102,7 @@ module "tcp_app" {
   name                  = "tcpapp"
   app_type              = "tcp-app"
   env                   = var.env
-  namespace             = var.namespace
-
+
   # Containers
   ecs_cluster_name      = module.ecs.cluster_name
   docker_registry       = var.docker_registry

diff --git a/examples/complete-web-windows/main.tf b/examples/complete-web-windows/main.tf
@@ -85,8 +85,7 @@ module "web_complete" {
   name                  = "app"
   app_type              = "web"
   env                   = var.env
-  namespace             = var.namespace
-
+
   # Containers
   cpu                     = 1024
   memory                  = 2048

diff --git a/examples/complete-web/main.tf b/examples/complete-web/main.tf
@@ -102,8 +102,7 @@ module "web_complete" {
   name                  = "app"
   app_type              = "web"
   env                   = var.env
-  namespace             = var.namespace
-
+
   # Containers
   ecs_cluster_name      = module.ecs.cluster_name
   docker_registry       = var.docker_registry

diff --git a/examples/complete-worker-ec2/main.tf b/examples/complete-worker-ec2/main.tf
@@ -94,7 +94,6 @@ module "worker_complete" {
   name             = "worker"
   app_type         = "worker"
   env              = var.env
-  namespace        = var.namespace
 
   public           = false
   ecs_launch_type  = "EC2"

diff --git a/examples/complete-worker/main.tf b/examples/complete-worker/main.tf
@@ -67,7 +67,6 @@ module "worker_complete" {
   name             = "worker"
   app_type         = "worker"
   env              = var.env
-  namespace        = var.namespace
 
   public           = false
   ecs_launch_type  = "FARGATE"

diff --git a/examples/web-nginx-proxy/main.tf b/examples/web-nginx-proxy/main.tf
@@ -88,11 +88,10 @@ module "web_proxy" {
   name                  = "proxy"
   app_type              = "web"
   env                   = var.env
-  namespace             = var.namespace
-
+
   # Nginx Proxy enabling
   web_proxy_enabled     = true
-  # We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh.  
+  # We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh.
 
   # Containers
   ecs_cluster_name      = module.ecs.cluster_name

diff --git a/examples/worker-scheduled-autoscale/main.tf b/examples/worker-scheduled-autoscale/main.tf
@@ -66,7 +66,6 @@ module "worker_scheduled" {
   name             = "worker-scheduled-auto"
   app_type         = "worker"
   env              = var.env
-  namespace        = var.namespace
 
   public           = false
   ecs_launch_type  = "FARGATE"

diff --git a/examples/worker-scheduled/main.tf b/examples/worker-scheduled/main.tf
@@ -66,7 +66,6 @@ module "worker_scheduled" {
   name             = "worker-scheduled"
   app_type         = "worker"
   env              = var.env
-  namespace        = var.namespace
 
   public           = false
   ecs_launch_type  = "FARGATE"

diff --git a/locals.tf b/locals.tf
@@ -1,14 +1,15 @@
 locals {
   name             = "${var.env}-${var.name}"
   ecs_service_name = var.ecs_service_name != "" ? var.ecs_service_name : "${var.env}-${var.name}"
-  ecs_cluster_name = var.ecs_cluster_name != "" ? var.ecs_cluster_name : "${var.env}-${var.namespace}"
+  ecs_cluster_name = var.ecs_cluster_name
   ecs_cluster_arn  = length(var.ecs_cluster_arn) != "" ? var.ecs_cluster_arn : "arn:aws:ecs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:cluster/${local.ecs_cluster_name}"
-  ecr_repo_name    = var.ecr_repo_name != "" ? var.ecr_repo_name : "${var.namespace}-${var.name}"
+  ecr_repo_name    = var.ecr_repo_name != "" ? var.ecr_repo_name : var.name
   name_prefix      = "${substr(var.name, 0, 5)}-"
-  domain_names     = var.root_domain_name != "example.com" ? concat([
+  domain_names     = var.root_domain_name != "" ? concat([
     "${var.name}.${var.env}.${var.root_domain_name}"
   ], var.domain_names) : []
 
+
   # Datadog Environment Variables: https://docs.datadoghq.com/agent/guide/environment-variables/
   #                                https://docs.datadoghq.com/agent/docker/apm/?tab=linux#docker-apm-agent-environment-variables
   datadog_env_vars = var.datadog_enabled ? {
@@ -95,7 +96,7 @@ locals {
 
         efs_volume_configuration = [
           {
-            file_system_id : module.efs.id
+            file_system_id : var.efs_share_create ? module.efs.id : var.efs_file_system_id
             root_directory : var.efs_root_directory
             transit_encryption : "ENABLED"
             transit_encryption_port : 2999