chore: Remove remaining modules from project, update workflows now th…

…at modules are removed (#1699)
aws-ia · Jul 31, 2023 · a1de62c · a1de62c
1 parent 667f502
commit a1de62c
Show file tree

Hide file tree

Showing 15 changed files with 3 additions and 606 deletions.
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -60,9 +60,6 @@ jobs:
       - uses: dorny/paths-filter@v2
         id: changes
         with:
-          # We only need to check Terraform files for the current directory
-          # because the `preCommitMaxVersion` job will run the full,
-          # exhaustive checks (always)
           filters: |
             src:
               - '${{ matrix.directory }}/*.tf'
@@ -87,71 +84,10 @@ jobs:
           directory: ${{ matrix.directory }}
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory !=  '.' && steps.changes.outputs.src== 'true' }}
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          tflint-version: ${{ env.TFLINT_VERSION }}
-          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
-        uses: clowdhaus/terraform-composite-actions/[email protected]
-        # Run only validate pre-commit check on min version supported
-        if: ${{ matrix.directory ==  '.' && steps.changes.outputs.src== 'true' }}
-        with:
-          terraform-version: ${{ steps.minMax.outputs.minVersion }}
-          tflint-version: ${{ env.TFLINT_VERSION }}
-          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
-
-  preCommitMaxVersion:
-    name: Max TF pre-commit
-    runs-on: ubuntu-latest
-    needs: collectInputs
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      - name: Remove default Terraform
-        run: rm -rf $(which terraform)
-
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - uses: dorny/paths-filter@v2
-        id: changes
-        with:
-          filters: |
-            src:
-              - '**/*.tf'
-
-      - name: Config Terraform plugin cache
-        if: steps.changes.outputs.src== 'true'
-        run: mkdir --parents ${{ env.TERRAFORM_DOCS_VERSION }}
-
-      - name: Cache Terraform
-        uses: actions/cache@v3
-        if: steps.changes.outputs.src== 'true'
-        with:
-          path: ${{ env.TF_PLUGIN_CACHE_DIR }}
-          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
-          restore-keys: ${{ runner.os }}-terraform-
-
-      - name: Install tfsec
-        if: steps.changes.outputs.src== 'true'
-        run: curl -sSLo ./tfsec https://github.com/aquasecurity/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-$(uname)-amd64 && chmod +x tfsec && sudo mv tfsec /usr/bin/
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/[email protected]
-        if: steps.changes.outputs.src== 'true'
-
-      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
         uses: clowdhaus/terraform-composite-actions/[email protected]
         if: steps.changes.outputs.src== 'true'
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
           tflint-version: ${{ env.TFLINT_VERSION }}
+          args: '--files ${{ matrix.directory }}/*'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -32,9 +32,4 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
       - id: terraform_validate
-        exclude: docs
-      # - id: terraform_tfsec
-      #   files: ^examples/ # only scan `examples/*` which are the implementation
-      #   args:
-      #     - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
-      #     - --args=--concise-output
+        exclude: (docs|modules)
diff --git a/examples/fully-private-cluster/README.md b/examples/fully-private-cluster/README.md
@@ -29,15 +29,12 @@ Ensure that you have the following tools installed locally:
 
 Since this is a Fully Private Amazon EKS Cluster, make sure that you'll have access to the Amazon VPC where the cluster will be deployed, otherwise you won't be able to access it.
 
-For this example, we'll be using an Amazon Cloud9 environment to run Terraform and manage the Amazon EKS Cluster. The Cloud9 environment is already running in the Default VPC, we'll setup a VPC peering between the Default and the Cluster VPC in order to have access to the Kubernetes API and manage our EKS Cluster.
-
+See the [`privatelink-access`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/privatelink-access) pattern for using AWS PrivateLink to access the private cluster from another VPC.
 
 To provision this example:
 
 ```sh
 terraform init
-terraform apply -target module.vpc -target module.vpc_endpoints -target module.vpc_endpoints_sg
-terraform apply -target module.eks
 terraform apply
 ```
 

diff --git a/examples/fully-private-cluster/main.tf b/examples/fully-private-cluster/main.tf
@@ -116,43 +116,3 @@ module "vpc_endpoints" {
 
   tags = local.tags
 }
-
-resource "aws_vpc_peering_connection" "this" {
-  peer_vpc_id = module.vpc.vpc_id
-  vpc_id      = module.vpc.default_vpc_id
-  auto_accept = true
-
-  accepter {
-    allow_remote_vpc_dns_resolution = true
-  }
-
-  requester {
-    allow_remote_vpc_dns_resolution = true
-  }
-}
-
-resource "aws_route" "default_to_eks" {
-  route_table_id            = module.vpc.default_vpc_default_route_table_id
-  destination_cidr_block    = module.vpc.vpc_cidr_block
-  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
-  depends_on                = [module.vpc]
-}
-
-resource "aws_route" "eks_to_default" {
-  for_each = { for rt in module.vpc.private_route_table_ids : rt => rt }
-
-  route_table_id            = each.value
-  destination_cidr_block    = module.vpc.default_vpc_cidr_block
-  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
-  depends_on                = [module.vpc]
-}
-
-resource "aws_vpc_security_group_ingress_rule" "this" {
-  for_each          = { for sg in concat([module.eks.cluster_security_group_id, module.eks.cluster_primary_security_group_id]) : sg => sg }
-  security_group_id = each.value
-
-  cidr_ipv4   = module.vpc.default_vpc_cidr_block
-  from_port   = 443
-  to_port     = 443
-  ip_protocol = "tcp"
-}
diff --git a/modules/irsa/README.md b/modules/irsa/README.md
diff --git a/modules/irsa/main.tf b/modules/irsa/main.tf
diff --git a/modules/irsa/outputs.tf b/modules/irsa/outputs.tf