feat: Adding and updating controllers (#61)

aws-ia · Aug 6, 2024 · 23c3c27 · 23c3c27
1 parent 4359c36
commit 23c3c27
Show file tree

Hide file tree

Showing 6 changed files with 840 additions and 49 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -9,10 +9,10 @@ on:
       - '**.yml'
       - '**.yaml'
 
+permissions: read-all
+
 env:
   TERRAFORM_DOCS_VERSION: v0.16.0
-  TFSEC_VERSION: v1.22.0
-  TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
   TFLINT_VERSION: v0.50.3
 
 concurrency:
@@ -57,18 +57,6 @@ jobs:
             src:
               - '${{ matrix.directory }}/*.tf'
 
-      - name: Config Terraform plugin cache
-        if: steps.changes.outputs.src== 'true'
-        run: mkdir --parents ${{ env.TERRAFORM_DOCS_VERSION }}
-
-      - name: Cache Terraform
-        uses: actions/cache@v3
-        if: steps.changes.outputs.src== 'true'
-        with:
-          path: ${{ env.TERRAFORM_DOCS_VERSION }}
-          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
-          restore-keys: ${{ runner.os }}-terraform-
-
       - name: Terraform min/max versions
         uses: clowdhaus/[email protected]
         if: steps.changes.outputs.src== 'true'
@@ -110,22 +98,6 @@ jobs:
             src:
               - '**/*.tf'
 
-      - name: Config Terraform plugin cache
-        if: steps.changes.outputs.src== 'true'
-        run: mkdir --parents ${{ env.TERRAFORM_DOCS_VERSION }}
-
-      - name: Cache Terraform
-        uses: actions/cache@v3
-        if: steps.changes.outputs.src== 'true'
-        with:
-          path: ${{ env.TF_PLUGIN_CACHE_DIR }}
-          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
-          restore-keys: ${{ runner.os }}-terraform-
-
-      - name: Install tfsec
-        if: steps.changes.outputs.src== 'true'
-        run: curl -sSLo ./tfsec https://github.com/aquasecurity/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-$(uname)-amd64 && chmod +x tfsec && sudo mv tfsec /usr/bin/
-
       - name: Terraform min/max versions
         id: minMax
         uses: clowdhaus/[email protected]

diff --git a/README.md b/README.md
@@ -18,9 +18,15 @@ module "eks_ack_addons" {
   ecrpublic_token    = "<ecr token>"
 
   # Controllers to enable
+  enable_iam               = true
+  enable_ec2               = true
+  enable_eks               = true
+  enable_kms               = true
+  enable_acm               = true
   enable_apigatewayv2      = true
   enable_dynamodb          = true
   enable_s3                = true
+  enable_elasticache       = true
   enable_rds               = true
   enable_prometheusservice = true
   enable_emrcontainers     = true
@@ -59,11 +65,16 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_acm"></a> [acm](#module\_acm) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_apigatewayv2"></a> [apigatewayv2](#module\_apigatewayv2) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_dynamodb"></a> [dynamodb](#module\_dynamodb) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_ec2"></a> [ec2](#module\_ec2) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_eks"></a> [eks](#module\_eks) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_elasticache"></a> [elasticache](#module\_elasticache) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_emrcontainers"></a> [emrcontainers](#module\_emrcontainers) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_iam"></a> [iam](#module\_iam) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
+| <a name="module_kms"></a> [kms](#module\_kms) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_prometheusservice"></a> [prometheusservice](#module\_prometheusservice) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_rds"></a> [rds](#module\_rds) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
 | <a name="module_s3"></a> [s3](#module\_s3) | aws-ia/eks-blueprints-addon/aws | 1.1.1 |
@@ -73,7 +84,11 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Type |
 |------|------|
+| [aws_iam_policy.acmpolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.ekspolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.iampolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.kmspolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.sfnpasspolicy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [time_sleep.this](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_iam_policy_document.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -84,27 +99,37 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_acm"></a> [acm](#input\_acm) | ACK acm Helm Chart config | `any` | `{}` | no |
 | <a name="input_apigatewayv2"></a> [apigatewayv2](#input\_apigatewayv2) | ACK API gateway v2 Helm Chart config | `any` | `{}` | no |
 | <a name="input_cluster_endpoint"></a> [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint for your Kubernetes API server | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_create_delay_dependencies"></a> [create\_delay\_dependencies](#input\_create\_delay\_dependencies) | Dependency attribute which must be resolved before starting the `create_delay_duration` | `list(string)` | `[]` | no |
 | <a name="input_create_delay_duration"></a> [create\_delay\_duration](#input\_create\_delay\_duration) | The duration to wait before creating resources | `string` | `"30s"` | no |
 | <a name="input_create_kubernetes_resources"></a> [create\_kubernetes\_resources](#input\_create\_kubernetes\_resources) | Create Kubernetes resource with Helm or Kubernetes provider | `bool` | `true` | no |
 | <a name="input_dynamodb"></a> [dynamodb](#input\_dynamodb) | ACK dynamodb Helm Chart config | `any` | `{}` | no |
+| <a name="input_ec2"></a> [ec2](#input\_ec2) | ACK ec2 Helm Chart config | `any` | `{}` | no |
 | <a name="input_ecrpublic_token"></a> [ecrpublic\_token](#input\_ecrpublic\_token) | Password decoded from the authorization token for accessing public ECR | `string` | `""` | no |
 | <a name="input_ecrpublic_username"></a> [ecrpublic\_username](#input\_ecrpublic\_username) | User name decoded from the authorization token for accessing public ECR | `string` | `""` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | ACK eks Helm Chart config | `any` | `{}` | no |
 | <a name="input_elasticache"></a> [elasticache](#input\_elasticache) | ACK elasticache Helm Chart config | `any` | `{}` | no |
 | <a name="input_emrcontainers"></a> [emrcontainers](#input\_emrcontainers) | ACK EMR container Helm Chart config | `any` | `{}` | no |
+| <a name="input_enable_acm"></a> [enable\_acm](#input\_enable\_acm) | Enable ACK acm add-on | `bool` | `false` | no |
 | <a name="input_enable_apigatewayv2"></a> [enable\_apigatewayv2](#input\_enable\_apigatewayv2) | Enable ACK API gateway v2 add-on | `bool` | `false` | no |
 | <a name="input_enable_dynamodb"></a> [enable\_dynamodb](#input\_enable\_dynamodb) | Enable ACK dynamodb add-on | `bool` | `false` | no |
+| <a name="input_enable_ec2"></a> [enable\_ec2](#input\_enable\_ec2) | Enable ACK ec2 add-on | `bool` | `false` | no |
+| <a name="input_enable_eks"></a> [enable\_eks](#input\_enable\_eks) | Enable ACK eks add-on | `bool` | `false` | no |
 | <a name="input_enable_elasticache"></a> [enable\_elasticache](#input\_enable\_elasticache) | Enable ACK elasticache add-on | `bool` | `false` | no |
 | <a name="input_enable_emrcontainers"></a> [enable\_emrcontainers](#input\_enable\_emrcontainers) | Enable ACK EMR container add-on | `bool` | `false` | no |
 | <a name="input_enable_eventbridge"></a> [enable\_eventbridge](#input\_enable\_eventbridge) | Enable ACK EventBridge add-on | `bool` | `false` | no |
+| <a name="input_enable_iam"></a> [enable\_iam](#input\_enable\_iam) | Enable ACK iam add-on | `bool` | `false` | no |
+| <a name="input_enable_kms"></a> [enable\_kms](#input\_enable\_kms) | Enable ACK kms add-on | `bool` | `false` | no |
 | <a name="input_enable_prometheusservice"></a> [enable\_prometheusservice](#input\_enable\_prometheusservice) | Enable ACK prometheusservice add-on | `bool` | `false` | no |
 | <a name="input_enable_rds"></a> [enable\_rds](#input\_enable\_rds) | Enable ACK rds add-on | `bool` | `false` | no |
 | <a name="input_enable_s3"></a> [enable\_s3](#input\_enable\_s3) | Enable ACK s3 add-on | `bool` | `false` | no |
 | <a name="input_enable_sfn"></a> [enable\_sfn](#input\_enable\_sfn) | Enable ACK step functions add-on | `bool` | `false` | no |
 | <a name="input_eventbridge"></a> [eventbridge](#input\_eventbridge) | ACK EventBridge Helm Chart config | `any` | `{}` | no |
+| <a name="input_iam"></a> [iam](#input\_iam) | ACK iam Helm Chart config | `any` | `{}` | no |
+| <a name="input_kms"></a> [kms](#input\_kms) | ACK kms Helm Chart config | `any` | `{}` | no |
 | <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the cluster OIDC Provider | `string` | n/a | yes |
 | <a name="input_prometheusservice"></a> [prometheusservice](#input\_prometheusservice) | ACK prometheusservice Helm Chart config | `any` | `{}` | no |
 | <a name="input_rds"></a> [rds](#input\_rds) | ACK rds Helm Chart config | `any` | `{}` | no |

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -131,9 +131,15 @@ module "eks_ack_addons" {
   ecrpublic_token    = data.aws_ecrpublic_authorization_token.token.password
 
   # Controllers to enable
+  enable_iam               = true
+  enable_ec2               = true
+  enable_eks               = true
+  enable_kms               = true
+  enable_acm               = true
   enable_apigatewayv2      = true
   enable_dynamodb          = true
   enable_s3                = true
+  enable_elasticache       = true
   enable_rds               = true
   enable_prometheusservice = true
   enable_emrcontainers     = true