From be3d603b4ace442105b25678e7eaf0feb9ef34c2 Mon Sep 17 00:00:00 2001 From: Bobby Iliev Date: Sun, 22 Dec 2024 19:39:12 +0200 Subject: [PATCH] Refactor resource names definitions --- .terraform.lock.hcl | 87 ++++++++++++++++----------------- examples/simple/main.tf | 21 +++----- main.tf | 66 ++++++++++++++++++------- modules/database/main.tf | 12 +++-- modules/database/variables.tf | 9 +++- modules/eks/main.tf | 11 +++-- modules/eks/outputs.tf | 5 ++ modules/eks/variables.tf | 14 +++--- modules/networking/main.tf | 14 ++++-- modules/networking/variables.tf | 20 ++++---- modules/storage/main.tf | 10 +++- modules/storage/variables.tf | 9 +++- modules/storage/versions.tf | 4 ++ outputs.tf | 4 +- providers.tf | 2 +- terraform.tfvars.example | 8 +-- variables.tf | 59 ++++++---------------- 17 files changed, 194 insertions(+), 161 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 6dc5629..ee1045d 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,26 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.81.0" + version = "5.82.2" constraints = ">= 4.33.0, ~> 5.0, >= 5.46.0, >= 5.59.0, >= 5.62.0, >= 5.81.0" hashes = [ - "h1:YoOBDt9gdoivbUh1iGoZNqRBUdBO+PBAxpSZFeTLLYE=", - "h1:Z3G9/bESudmrRsgGrLYQbVfNOQcSYGO3uqTtMBeIxhY=", - "zh:05534adf6f02d6ec26dbeb37a4d2b6edb63f12dc9ab5cc05ab89329fcd793194", - "zh:1d224056866abc4c8f893d55bc6493b73688126fbeaf017ecfbcf5d2f16649c4", - "zh:486d28a0a4af2ea23964a8e9087d66e8d794e3438976633b8554684a9237499d", - "zh:4bc17c2e93034099b64eb94eaea31b48888b6abdf170e26cf0f6ea734926084c", - "zh:5c48c8e82fa8c410499eaa5980c0ebcf6a42360742dfd695393eb9b0bffd4232", - "zh:60c387caa94d67e0b768f5874abbd103638c4c9b14073b6cd121018efdfc77bc", - "zh:72ddd5e5e07aac1c1c54659df238e6490aac3abbd2e4f13ccf7a9d877c2e2d0f", - "zh:8b03d7c4e23a51c9d323f24784d6bfd044f03e6e512df8d458abc97c943a3d3e", - "zh:93b6a3c3299fc67d349f8ab80a9b6b65e0e9f3a7e7ea3da0cd87e3ca3b48137b", - "zh:9982fc3885797ee97aa45ac7eba0fe6870220748bfa3091141ff513dd7583809", + "h1:ce6Dw2y4PpuqAPtnQ0dO270dRTmwEARqnfffrE1VYJ8=", + "zh:0262fc96012fb7e173e1b7beadd46dfc25b1dc7eaef95b90e936fc454724f1c8", + "zh:397413613d27f4f54d16efcbf4f0a43c059bd8d827fe34287522ae182a992f9b", + "zh:436c0c5d56e1da4f0a4c13129e12a0b519d12ab116aed52029b183f9806866f3", + "zh:4d942d173a2553d8d532a333a0482a090f4e82a2238acf135578f163b6e68470", + "zh:624aebc549bfbce06cc2ecfd8631932eb874ac7c10eb8466ce5b9a2fbdfdc724", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:b7d60f8527dbffe11c83a05b63459d18fda921616242246a73cf3044b8732bcf", - "zh:be7a57524298df3c377cdd676e691500277a423ac50f7b33dd02b7d6f4e924fd", - "zh:c6ae0b1510804c705aab99659f228bdbafa663fa72ace50c811c0b9220c7dafb", - "zh:cdf524a269b4aeb5b1f081d91f54bae967ad50d9c392073a0db1602166a48dff", + "zh:9e632dee2dfdf01b371cca7854b1ec63ceefa75790e619b0642b34d5514c6733", + "zh:a07567acb115b60a3df8f6048d12735b9b3bcf85ec92a62f77852e13d5a3c096", + "zh:ab7002df1a1be6432ac0eb1b9f6f0dd3db90973cd5b1b0b33d2dae54553dfbd7", + "zh:bc1ff65e2016b018b3e84db7249b2cd0433cb5c81dc81f9f6158f2197d6b9fde", + "zh:bcad84b1d767f87af6e1ba3dc97fdb8f2ad5de9224f192f1412b09aba798c0a8", + "zh:cf917dceaa0f9d55d9ff181b5dcc4d1e10af21b6671811b315ae2a6eda866a2a", + "zh:d8e90ecfb3216f3cc13ccde5a16da64307abb6e22453aed2ac3067bbf689313b", + "zh:d9054e0e40705df729682ad34c20db8695d57f182c65963abd151c6aba1ab0d3", + "zh:ecf3a4f3c57eb7e89f71b8559e2a71e4cdf94eea0118ec4f2cb37e4f4d71a069", ] } @@ -47,44 +46,42 @@ provider "registry.terraform.io/hashicorp/cloudinit" { } provider "registry.terraform.io/hashicorp/helm" { - version = "2.16.1" + version = "2.17.0" constraints = "~> 2.0" hashes = [ - "h1:3VdXbh+m09VEAdSguT7Ea2MMnOVPZBYx4sUqvo6NPxo=", - "h1:TerRBdq69SxIWg3ET2VE0bcP0BYRIWZOp1QxXj/14Fk=", - "zh:0003f6719a32aee9afaeeb001687fc0cfc8c2d5f54861298cf1dc5711f3b4e65", - "zh:16cd5bfee09e7bb081b8b4470f31a9af508e52220fd97fd81c6dda725d9422fe", - "zh:51817de8fdc2c2e36785f23fbf4ec022111bd1cf7679498c16ad0ad7471c16db", - "zh:51b95829b2873be40a65809294bffe349e40cfccc3ff6fee0f471d01770e0ebd", - "zh:56b158dde897c47e1460181fc472c3e920aa23db40579fdc2aad333c1456d2dd", - "zh:916641d26c386959eb982e680028aa677b787687ef7c1283241e45620bc8df50", - "zh:aec15ca8605babba77b283f2ca35daca53e006d567e1c3a3daf50497035b820b", - "zh:c2cecf710b87c8f3a4d186da2ea12cf08041f97ae0c6db82649720d6ed929d65", - "zh:dbdd96f17aea25c7db2d516ab8172a5e683c6686c72a1a44173d2fe96319be39", - "zh:de11e180368434a796b1ab6f20fde7554dc74f7800e063b8e4c8ec3a86d0be63", + "h1:kQMkcPVvHOguOqnxoEU2sm1ND9vCHiT8TvZ2x6v/Rsw=", + "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", + "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", + "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3", + "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c", + "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd", + "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940", + "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e", + "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930", + "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f", + "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654", + "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f827a9c1540d210c56053a2d5d5a6abda924896ffa8eeedc94054cf6d44c5f60", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.34.0" + version = "2.35.1" constraints = "~> 2.0" hashes = [ - "h1:QOiO85qZnkUm7kAtuPkfblchuKPWUqRdNVWE5agpr8k=", - "h1:SiShdPw9XInKFuX740Il4fcA2kmH84FFJObpeDeG+QQ=", - "zh:076b451dc8629c49f4260de6d43595e98ac5f1bdbebb01d112659ef94d99451f", - "zh:0c29855dbd3c6ba82fce680fa5ac969d4e09e20fecb4ed40166b778bd19895a4", - "zh:583b4dfcea4d8392dd7904c00b2ff41bbae78d238e8b72e5ad580370a24a4ecb", - "zh:5e20844d8d1af052381d00de4febd4055ad0f3c3c02795c361265b9ef72a1075", - "zh:766b7ab7c4727c62b5887c3922e0467c4cc355ba0dc3aabe465ebb86bc1caabb", - "zh:776a5000b441d7c8262d17d4a4aa4aa9760ae64de4cb7172961d9e007e0be1e5", - "zh:7838f509235116e55adeeecbe6def3da1b66dd3c4ce0de02fc7dc66a60e1d630", - "zh:931e5581ec66c145c1d29198bd23fddc8d0c5cbf4cda22e02dba65644c7842f2", - "zh:95e728efa2a31a63b879fd093507466e509e3bfc9325eb35ea3dc28fed15c6f7", - "zh:972b9e3ca2b6a1057dcf5003fc78cabb0dd8847580bddeb52d885ebd64df38ea", - "zh:ef6114217965d55f5bddbd7a316b8f85f15b8a77c075fcbed95813039d522e0a", + "h1:zgXeWvp4//Ry+4glwNrLMpPFOU8QBQlARNmR9WCNe9o=", + "zh:12212ca5ae47823ce14bfafb909eeb6861faf1e2435fb2fc4a8b334b3544b5f5", + "zh:3f49b3d77182df06b225ab266667de69681c2e75d296867eb2cf06a8f8db768c", + "zh:40832494d19f8a2b3cd0c18b80294d0b23ef6b82f6f6897b5fe00248a9997460", + "zh:739a5ddea61a77925ee7006a29c8717377a2e9d0a79a0bbd98738d92eec12c0d", + "zh:a02b472021753627c5c39447a56d125a32214c29ff9108fc499f2dcdf4f1cc4f", + "zh:b78865b3867065aa266d6758c9601a2756741478f5735a838c20d633d65e085b", + "zh:d362e87464683f5632790e66920ea803adb54c2bc0cb24b6fd9a314d2b1efffd", + "zh:d98206fe88c2c9a52b8d2d0cb2c877c812a4a51d19f9d8428e63cbd5fd8a304d", + "zh:dfa320946b1ce3f3615c42b3447a28dc9f604c06d8b9a6fe289855ab2ade4d11", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fc1debd2e695b5222d2ccc8b24dab65baba4ee2418ecce944e64d42e79474cb5", + "zh:fdaf960443720a238c09e519aeb30faf74f027ac5d1e0a309c3b326888e031d7", ] } diff --git a/examples/simple/main.tf b/examples/simple/main.tf index e4e20ef..ef019f7 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -7,11 +7,10 @@ module "materialize_infrastructure" { # source = "git::https://github.com/MaterializeInc/terraform-aws-materialize.git" source = "../../" - # Basic settings - environment = "dev" - vpc_name = "materialize-simple" - cluster_name = "materialize-eks-simple" - mz_iam_service_account_name = "materialize-user" + # The namespace and environment variables are used to construct the names of the resources + # e.g. ${namespace}-${environment}-storage, ${namespace}-${environment}-db etc. + namespace = "simple-mz-tf" + environment = "dev" # VPC Configuration vpc_cidr = "10.0.0.0/16" @@ -21,8 +20,9 @@ module "materialize_infrastructure" { single_nat_gateway = true # EKS Configuration - cluster_version = "1.31" - node_group_instance_types = ["m6g.medium"] + cluster_version = "1.31" + # node_group_instance_types = ["m6g.medium"] + node_group_instance_types = ["r5.xlarge"] node_group_desired_size = 2 node_group_min_size = 1 node_group_max_size = 3 @@ -30,14 +30,12 @@ module "materialize_infrastructure" { enable_cluster_creator_admin_permissions = true # Storage Configuration - bucket_name = "materialize-simple-storage-${random_id.suffix.hex}" enable_bucket_versioning = true enable_bucket_encryption = true bucket_force_destroy = true # Database Configuration database_password = "your-secure-password" - db_identifier = "materialize-simple" postgres_version = "15" db_instance_class = "db.t3.large" db_allocated_storage = 20 @@ -57,11 +55,6 @@ module "materialize_infrastructure" { } } -# Generate random suffix for unique S3 bucket name -resource "random_id" "suffix" { - byte_length = 4 -} - # Outputs output "vpc_id" { description = "VPC ID" diff --git a/main.tf b/main.tf index 3e16687..d596000 100644 --- a/main.tf +++ b/main.tf @@ -1,50 +1,67 @@ module "networking" { source = "./modules/networking" - vpc_name = var.vpc_name + # The namespace and environment variables are used to construct the names of the resources + # e.g. ${namespace}-${environment}-vpc + namespace = var.namespace + environment = var.environment + vpc_cidr = var.vpc_cidr availability_zones = var.availability_zones private_subnet_cidrs = var.private_subnet_cidrs public_subnet_cidrs = var.public_subnet_cidrs - cluster_name = var.cluster_name single_nat_gateway = var.single_nat_gateway - tags = var.tags + + tags = local.common_tags } module "eks" { source = "./modules/eks" - cluster_name = var.cluster_name + # The namespace and environment variables are used to construct the names of the resources + # e.g. ${namespace}-${environment}-eks + namespace = var.namespace + environment = var.environment + cluster_version = var.cluster_version vpc_id = local.network_id private_subnet_ids = local.network_private_subnet_ids - environment = var.environment node_group_desired_size = var.node_group_desired_size node_group_min_size = var.node_group_min_size node_group_max_size = var.node_group_max_size node_group_instance_types = var.node_group_instance_types node_group_ami_type = var.node_group_ami_type - tags = var.tags cluster_enabled_log_types = var.cluster_enabled_log_types node_group_capacity_type = var.node_group_capacity_type enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions + + tags = local.common_tags } module "storage" { source = "./modules/storage" - bucket_name = var.bucket_name - tags = var.tags + # The namespace and environment variables are used to construct the names of the resources + # e.g. ${namespace}-${environment}-storage + namespace = var.namespace + environment = var.environment + bucket_lifecycle_rules = var.bucket_lifecycle_rules enable_bucket_encryption = var.enable_bucket_encryption enable_bucket_versioning = var.enable_bucket_versioning bucket_force_destroy = var.bucket_force_destroy + + tags = local.common_tags } module "database" { source = "./modules/database" - db_identifier = var.db_identifier + # The namespace and environment variables are used to construct the names of the resources + # e.g. ${namespace}-${environment}-db + namespace = var.namespace + environment = var.environment + postgres_version = var.postgres_version instance_class = var.db_instance_class allocated_storage = var.db_allocated_storage @@ -55,27 +72,38 @@ module "database" { vpc_id = local.network_id eks_security_group_id = module.eks.cluster_security_group_id eks_node_security_group_id = module.eks.node_security_group_id - tags = var.tags max_allocated_storage = var.db_max_allocated_storage database_password = var.database_password + + tags = local.common_tags } locals { network_id = var.create_vpc ? module.networking.vpc_id : var.network_id network_private_subnet_ids = var.create_vpc ? module.networking.private_subnet_ids : var.network_private_subnet_ids + + # Common tags that apply to all resources + common_tags = merge( + var.tags, + { + Namespace = var.namespace + Environment = var.environment + ManagedBy = "terraform" + } + ) } resource "aws_cloudwatch_log_group" "materialize" { count = var.enable_monitoring ? 1 : 0 - name = "/aws/${var.log_group_name_prefix}/${var.cluster_name}/${var.environment}" + name = "/aws/${var.log_group_name_prefix}/${module.eks.cluster_name}/${var.environment}" retention_in_days = var.metrics_retention_days tags = var.tags } resource "aws_iam_user" "materialize" { - name = "${var.environment}-${var.mz_iam_service_account_name}" + name = "${local.name_prefix}-mz-user" } resource "aws_iam_access_key" "materialize_user" { @@ -83,7 +111,7 @@ resource "aws_iam_access_key" "materialize_user" { } resource "aws_iam_user_policy" "materialize_s3" { - name = var.mz_iam_policy_name + name = "${local.name_prefix}-mz-s3-policy" user = aws_iam_user.materialize.name policy = jsonencode({ @@ -107,7 +135,7 @@ resource "aws_iam_user_policy" "materialize_s3" { } resource "aws_iam_role" "materialize_s3" { - name = "${var.environment}-${var.mz_iam_role_name}" + name = "${local.name_prefix}-mz-role" # Trust policy allowing EKS to assume this role assume_role_policy = jsonencode({ @@ -120,7 +148,7 @@ resource "aws_iam_role" "materialize_s3" { } Action = "sts:AssumeRoleWithWebIdentity" Condition = { - StringEquals = { + StringLike = { "${trimprefix(module.eks.cluster_oidc_issuer_url, "https://")}:sub" : "system:serviceaccount:*:*", "${trimprefix(module.eks.cluster_oidc_issuer_url, "https://")}:aud" : "sts.amazonaws.com" } @@ -129,7 +157,7 @@ resource "aws_iam_role" "materialize_s3" { ] }) - tags = var.tags + tags = local.common_tags depends_on = [ module.eks @@ -137,7 +165,7 @@ resource "aws_iam_role" "materialize_s3" { } resource "aws_iam_role_policy" "materialize_s3" { - name = var.mz_iam_policy_name + name = "${local.name_prefix}-mz-role-policy" role = aws_iam_role.materialize_s3.id policy = jsonencode({ @@ -159,3 +187,7 @@ resource "aws_iam_role_policy" "materialize_s3" { ] }) } + +locals { + name_prefix = "${var.namespace}-${var.environment}" +} diff --git a/modules/database/main.tf b/modules/database/main.tf index a9380c1..e03acb9 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -1,8 +1,12 @@ +locals { + name_prefix = "${var.namespace}-${var.environment}" +} + module "db" { source = "terraform-aws-modules/rds/aws" version = "~> 6.0" - identifier = var.db_identifier + identifier = "${local.name_prefix}-db" engine = "postgres" engine_version = var.postgres_version @@ -25,7 +29,7 @@ module "db" { subnet_ids = var.database_subnet_ids vpc_security_group_ids = [aws_security_group.database.id] create_db_subnet_group = true - db_subnet_group_name = "${var.db_identifier}-subnet-group" + db_subnet_group_name = "${local.name_prefix}-db-subnet" maintenance_window = var.maintenance_window backup_window = var.backup_window @@ -38,7 +42,7 @@ module "db" { } resource "aws_security_group" "database" { - name_prefix = "${var.db_identifier}-sg-" + name_prefix = "${local.name_prefix}-sg-" vpc_id = var.vpc_id ingress { @@ -65,7 +69,7 @@ resource "aws_security_group" "database" { } tags = merge(var.tags, { - Name = "${var.db_identifier}-sg" + Name = "${local.name_prefix}-sg" }) lifecycle { diff --git a/modules/database/variables.tf b/modules/database/variables.tf index e6a2ef6..518f78d 100644 --- a/modules/database/variables.tf +++ b/modules/database/variables.tf @@ -1,5 +1,10 @@ -variable "db_identifier" { - description = "Identifier for the RDS instance" +variable "namespace" { + description = "Namespace prefix for all resources" + type = string +} + +variable "environment" { + description = "Environment name" type = string } diff --git a/modules/eks/main.tf b/modules/eks/main.tf index 8f21337..9bcadaa 100644 --- a/modules/eks/main.tf +++ b/modules/eks/main.tf @@ -1,8 +1,13 @@ +locals { + name_prefix = "${var.namespace}-${var.environment}" +} + module "eks" { source = "terraform-aws-modules/eks/aws" version = "~> 20.0" - cluster_name = var.cluster_name + cluster_name = "${local.name_prefix}-eks" + cluster_version = var.cluster_version vpc_id = var.vpc_id @@ -14,7 +19,7 @@ module "eks" { cluster_enabled_log_types = var.cluster_enabled_log_types eks_managed_node_groups = { - "${var.environment}-mz-workers" = { + "${local.name_prefix}-mz" = { desired_size = var.node_group_desired_size min_size = var.node_group_min_size max_size = var.node_group_max_size @@ -23,7 +28,7 @@ module "eks" { capacity_type = var.node_group_capacity_type ami_type = var.node_group_ami_type - name = "${var.environment}-mz" + name = local.name_prefix labels = { Environment = var.environment diff --git a/modules/eks/outputs.tf b/modules/eks/outputs.tf index c307267..1ba5e27 100644 --- a/modules/eks/outputs.tf +++ b/modules/eks/outputs.tf @@ -3,6 +3,11 @@ output "cluster_endpoint" { value = module.eks.cluster_endpoint } +output "cluster_name" { + description = "Name of the EKS cluster" + value = module.eks.cluster_name +} + output "cluster_security_group_id" { description = "Security group ID attached to the EKS cluster" value = module.eks.cluster_security_group_id diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf index ec0c983..3d18d80 100644 --- a/modules/eks/variables.tf +++ b/modules/eks/variables.tf @@ -1,5 +1,10 @@ -variable "cluster_name" { - description = "Name of the EKS cluster" +variable "namespace" { + description = "Namespace prefix for all resources" + type = string +} + +variable "environment" { + description = "Environment name" type = string } @@ -50,11 +55,6 @@ variable "cluster_enabled_log_types" { default = ["api", "audit", "authenticator", "controllerManager", "scheduler"] } -variable "environment" { - description = "Environment name" - type = string -} - variable "tags" { description = "Tags to apply to all resources" type = map(string) diff --git a/modules/networking/main.tf b/modules/networking/main.tf index bd5ff68..12bb2f7 100644 --- a/modules/networking/main.tf +++ b/modules/networking/main.tf @@ -1,10 +1,14 @@ +locals { + name_prefix = "${var.namespace}-${var.environment}" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "~> 5.0" create_vpc = var.create_vpc - name = var.vpc_name + name = "${local.name_prefix}-vpc" cidr = var.vpc_cidr azs = var.availability_zones @@ -18,13 +22,13 @@ module "vpc" { # Tags required for EKS private_subnet_tags = { - "kubernetes.io/cluster/${var.cluster_name}" = "shared" - "kubernetes.io/role/internal-elb" = "1" + "kubernetes.io/role/internal-elb" = "1" + "kubernetes.io/cluster/${local.name_prefix}-eks" = "shared" } public_subnet_tags = { - "kubernetes.io/cluster/${var.cluster_name}" = "shared" - "kubernetes.io/role/elb" = "1" + "kubernetes.io/role/elb" = "1" + "kubernetes.io/cluster/${local.name_prefix}-eks" = "shared" } tags = var.tags diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf index 0a8c1a1..4093125 100644 --- a/modules/networking/variables.tf +++ b/modules/networking/variables.tf @@ -1,14 +1,19 @@ +variable "namespace" { + description = "Namespace prefix for all resources" + type = string +} + +variable "environment" { + description = "Environment name" + type = string +} + variable "create_vpc" { description = "Controls if VPC should be created (it affects almost all resources)" type = bool default = true } -variable "vpc_name" { - description = "Name of the VPC" - type = string -} - variable "vpc_cidr" { description = "CIDR block for VPC" type = string @@ -35,11 +40,6 @@ variable "single_nat_gateway" { default = false } -variable "cluster_name" { - description = "Name of the EKS cluster for subnet tagging" - type = string -} - variable "tags" { description = "Tags to apply to all resources" type = map(string) diff --git a/modules/storage/main.tf b/modules/storage/main.tf index 7d60265..5470cc1 100644 --- a/modules/storage/main.tf +++ b/modules/storage/main.tf @@ -1,5 +1,13 @@ +locals { + name_prefix = "${var.namespace}-${var.environment}" +} + +resource "random_id" "bucket_suffix" { + byte_length = 4 +} + resource "aws_s3_bucket" "materialize_storage" { - bucket = var.bucket_name + bucket = "${local.name_prefix}-storage-${random_id.bucket_suffix.hex}" force_destroy = var.bucket_force_destroy tags = var.tags diff --git a/modules/storage/variables.tf b/modules/storage/variables.tf index a34ab80..62b97c5 100644 --- a/modules/storage/variables.tf +++ b/modules/storage/variables.tf @@ -1,5 +1,10 @@ -variable "bucket_name" { - description = "Name of the S3 bucket" +variable "namespace" { + description = "Namespace prefix for all resources" + type = string +} + +variable "environment" { + description = "Environment name" type = string } diff --git a/modules/storage/versions.tf b/modules/storage/versions.tf index a8de733..6e5125e 100644 --- a/modules/storage/versions.tf +++ b/modules/storage/versions.tf @@ -6,5 +6,9 @@ terraform { source = "hashicorp/aws" version = "~> 5.0" } + random = { + source = "hashicorp/random" + version = "~> 3.0" + } } } diff --git a/outputs.tf b/outputs.tf index a045719..1c032d9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -32,9 +32,9 @@ output "metadata_backend_url" { output "persist_backend_url" { description = "S3 connection URL in the format required by Materialize using IRSA" value = format("s3://%s/%s:serviceaccount:%s:%s", - var.bucket_name, + module.storage.bucket_name, var.environment, - var.namespace, + var.kubernetes_namespace, var.service_account_name ) } diff --git a/providers.tf b/providers.tf index 00fa5ad..c85f25e 100644 --- a/providers.tf +++ b/providers.tf @@ -4,7 +4,7 @@ provider "kubernetes" { exec { api_version = "client.authentication.k8s.io/v1beta1" - args = ["eks", "get-token", "--cluster-name", var.cluster_name] + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] command = "aws" } } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 76b7961..df94855 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -1,7 +1,7 @@ -environment = "my-environment" -vpc_name = "my-environment-vpc" -cluster_name = "my-environment-eks" -bucket_name = "my-environment-bucket" +# The namespace and the environment are used to create a unique name for the resources +# eg. ${namespace}-${environment}-${resource_name} +namespace = "my-namespace" +environment = "dev" database_password = "your-secure-password-here" tags = { diff --git a/variables.tf b/variables.tf index 6c5632b..e4d6b60 100644 --- a/variables.tf +++ b/variables.tf @@ -1,8 +1,20 @@ # General Variables +variable "namespace" { + description = "Namespace for all resources, usually the organization or project name" + type = string + validation { + condition = length(var.namespace) <= 18 && can(regex("^[a-z0-9-]+$", var.namespace)) + error_message = "Namespace must be lowercase alphanumeric and hyphens only, max 18 characters" + } +} + variable "environment" { description = "Environment name (e.g., prod, staging, dev)" type = string - default = "dev" + validation { + condition = length(var.environment) <= 8 && can(regex("^[a-z0-9]+$", var.environment)) + error_message = "Environment must be lowercase alphanumeric only, max 8 characters" + } } variable "tags" { @@ -34,12 +46,6 @@ variable "network_private_subnet_ids" { type = list(string) } -variable "vpc_name" { - description = "Name of the VPC" - type = string - default = "materialize-vpc" -} - variable "vpc_cidr" { description = "CIDR block for VPC" type = string @@ -71,12 +77,6 @@ variable "single_nat_gateway" { } # EKS Variables -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string - default = "materialize-cluster" -} - variable "cluster_version" { description = "Kubernetes version for the EKS cluster" type = string @@ -139,12 +139,6 @@ variable "enable_cluster_creator_admin_permissions" { } # RDS Variables -variable "db_identifier" { - description = "Identifier for the RDS instance" - type = string - default = "materialize-db" -} - variable "postgres_version" { description = "Version of PostgreSQL to use" type = string @@ -194,11 +188,6 @@ variable "db_multi_az" { } # S3 Variables -variable "bucket_name" { - description = "Name of the S3 bucket" - type = string -} - variable "bucket_force_destroy" { description = "Enable force destroy for the S3 bucket" type = bool @@ -252,8 +241,8 @@ variable "metrics_retention_days" { default = 7 } -variable "namespace" { - description = "Namespace for Materialize resources" +variable "kubernetes_namespace" { + description = "The Kubernetes namespace for the Materialize resources" type = string default = "materialize-environment" } @@ -264,24 +253,6 @@ variable "service_account_name" { default = "12345678-1234-1234-1234-123456789012" } -variable "mz_iam_service_account_name" { - description = "Name of the IAM user for Materialize service authentication (will be prefixed with environment name)" - type = string - default = "materialize-user" -} - -variable "mz_iam_role_name" { - description = "Name of the IAM role for Materialize S3 access (will be prefixed with environment name)" - type = string - default = "materialize-s3-role" -} - -variable "mz_iam_policy_name" { - description = "Name of the IAM policy for Materialize S3 access" - type = string - default = "materialize-s3-access" -} - variable "log_group_name_prefix" { description = "Prefix for the CloudWatch log group name (will be combined with environment name)" type = string