Add lables

MaterializeInc · Oct 31, 2024 · 41587c6 · 41587c6
1 parent a043304
commit 41587c6
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -38,6 +38,10 @@ The module has been tested with:
 | Name | Type |
 |------|------|
 | [aws_cloudwatch_log_group.materialize](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_iam_access_key.materialize_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
+| [aws_iam_user.materialize](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
+| [aws_iam_user_policy.materialize_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
@@ -82,6 +86,8 @@ The module has been tested with:
 |------|-------------|
 | <a name="output_database_endpoint"></a> [database\_endpoint](#output\_database\_endpoint) | RDS instance endpoint |
 | <a name="output_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | EKS cluster endpoint |
+| <a name="output_metadata_backend_url"></a> [metadata\_backend\_url](#output\_metadata\_backend\_url) | PostgreSQL connection URL in the format required by Materialize |
+| <a name="output_persist_backend_url"></a> [persist\_backend\_url](#output\_persist\_backend\_url) | S3 connection URL in the format required by Materialize |
 | <a name="output_s3_bucket_name"></a> [s3\_bucket\_name](#output\_s3\_bucket\_name) | Name of the S3 bucket |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | VPC ID |
 <!-- END_TF_DOCS -->
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -19,7 +19,7 @@ module "materialize_infrastructure" {
 
   # EKS Configuration
   cluster_version           = "1.31"
-  node_group_instance_types = ["t3.micro"]
+  node_group_instance_types = ["t3.medium"]
   node_group_desired_size   = 2
   node_group_min_size       = 1
   node_group_max_size       = 3

diff --git a/main.tf b/main.tf
@@ -65,3 +65,38 @@ resource "aws_cloudwatch_log_group" "materialize" {
 
   tags = var.tags
 }
+
+resource "aws_iam_user" "materialize" {
+  name = "${var.environment}-materialize-user"
+}
+
+resource "aws_iam_access_key" "materialize_user" {
+  user = aws_iam_user.materialize.name
+}
+
+resource "aws_iam_user_policy" "materialize_s3" {
+  name = "materialize-s3-access"
+  user = aws_iam_user.materialize.name
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject",
+          "s3:ListBucket"
+        ]
+        Resource = [
+          module.storage.bucket_arn,
+          "${module.storage.bucket_arn}/*"
+        ]
+      }
+    ]
+  })
+}
+
+# Data source for current region
+data "aws_region" "current" {}
diff --git a/modules/eks/main.tf b/modules/eks/main.tf
@@ -5,11 +5,12 @@ module "eks" {
   cluster_name    = var.cluster_name
   cluster_version = var.cluster_version
 
-  cluster_addons = {
-    aws-ebs-csi-driver = {
-      service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
-    }
-  }
+  # TODO: Uncomment the following to enable the EBS CSI driver
+  # cluster_addons = {
+  #   aws-ebs-csi-driver = {
+  #     service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
+  #   }
+  # }
 
   vpc_id     = var.vpc_id
   subnet_ids = var.private_subnet_ids
@@ -29,8 +30,10 @@ module "eks" {
       capacity_type  = var.node_group_capacity_type
 
       labels = {
-        Environment = var.environment
-        GithubRepo  = "materialize"
+        Environment              = var.environment
+        GithubRepo               = "materialize"
+        "materialize.cloud/disk" = "true"
+        "workload"               = "materialize-instance"
       }
     }
   }

diff --git a/outputs.tf b/outputs.tf
@@ -17,3 +17,27 @@ output "s3_bucket_name" {
   description = "Name of the S3 bucket"
   value       = module.storage.bucket_name
 }
+
+output "metadata_backend_url" {
+  description = "PostgreSQL connection URL in the format required by Materialize"
+  value = format("postgres://%s:%s@%s/%s?sslmode=disable",
+    var.database_username,
+    var.database_password,
+    module.database.db_instance_endpoint,
+    var.database_name
+  )
+  sensitive = true
+}
+
+output "persist_backend_url" {
+  description = "S3 connection URL in the format required by Materialize"
+  value = format("s3://%s:%s@%s/%s?endpoint=https%%3A%%2F%%2Fs3.%s.amazonaws.com&region=%s",
+    aws_iam_access_key.materialize_user.id,
+    aws_iam_access_key.materialize_user.secret,
+    var.bucket_name,
+    var.environment,
+    data.aws_region.current.name,
+    data.aws_region.current.name
+  )
+  sensitive = true
+}
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -0,0 +1,20 @@
+environment       = "my-environment"
+vpc_name          = "my-environment-vpc"
+cluster_name      = "my-environment-eks"
+bucket_name       = "my-environment-bucket"
+database_password = "your-secure-password-here"
+
+tags = {
+  Environment = "my-environment"
+  Team        = "my-team"
+  Project     = "my-project"
+}
+
+node_group_instance_types = ["t3.micro"]
+node_group_desired_size   = 3
+node_group_min_size       = 2
+node_group_max_size       = 5
+
+db_instance_class    = "db.t3.micro"
+db_allocated_storage = 20
+db_multi_az          = false