Skip to content

Commit

Permalink
feat: add troubleshooting client security group to resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@BrianKopp
Brian Kopp authored and BrianKopp committed Jan 10, 2024
1 parent 29fae91 commit 817e9f3
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 27 deletions.
7 changes: 5 additions & 2 deletions modules/bigeye/locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,14 +88,17 @@ locals {
STITCH_API_TOKEN = var.stitch_api_token_secretsmanager_arn
}

troubleshooting_module_security_group_ids = var.enable_troubleshooting_module ? [module.troubleshooting[0].client_security_group_id] : []

datawatch_additional_security_groups = var.create_security_groups ? concat(
[
module.redis.client_security_group_id,
module.rabbitmq.client_security_group_id,
module.datawatch_rds.client_security_group_id
],
var.datawatch_rds_replica_enabled ? [module.datawatch_rds.replica_client_security_group_id] : []
) : []
var.datawatch_rds_replica_enabled ? [module.datawatch_rds.replica_client_security_group_id] : [],
local.troubleshooting_module_security_group_ids
) : local.troubleshooting_module_security_group_ids

datawatch_secret_arns = merge(
local.auth0_secrets_map,
Expand Down
51 changes: 26 additions & 25 deletions modules/bigeye/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,11 +598,12 @@ resource "aws_secretsmanager_secret_version" "rabbitmq_user_password" {
}

module "rabbitmq" {
source = "../rabbitmq"
name = local.name
vpc_id = local.vpc_id
deployment_mode = var.redundant_infrastructure ? "CLUSTER_MULTI_AZ" : "SINGLE_INSTANCE"
create_security_groups = var.create_security_groups
source = "../rabbitmq"
name = local.name
vpc_id = local.vpc_id
deployment_mode = var.redundant_infrastructure ? "CLUSTER_MULTI_AZ" : "SINGLE_INSTANCE"
create_security_groups = var.create_security_groups
# TODO add local.troubleshooting_module_security_group_ids to the list of extra_security_groups when AWS MQ supports modifying security groups
extra_security_groups = var.rabbitmq_extra_security_group_ids
subnet_ids = local.rabbitmq_subnet_group_ids
instance_type = var.rabbitmq_instance_type
Expand Down Expand Up @@ -734,7 +735,7 @@ module "haproxy" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.haproxy_extra_security_group_ids
additional_security_group_ids = concat(var.haproxy_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.haproxy_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -746,7 +747,7 @@ module "haproxy" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = var.internet_facing ? local.public_alb_subnet_ids : local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.haproxy_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.haproxy_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
lb_stickiness_enabled = true
lb_deregistration_delay = 900

Expand Down Expand Up @@ -811,7 +812,7 @@ module "web" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.web_extra_security_group_ids
additional_security_group_ids = concat(var.web_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.web_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -823,7 +824,7 @@ module "web" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 180
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.web_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.web_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
lb_stickiness_enabled = true
lb_deregistration_delay = 120

Expand Down Expand Up @@ -906,7 +907,7 @@ module "temporal_rds" {
storage_type = "gp3"
db_subnet_group_name = local.database_subnet_group_name
create_security_groups = var.create_security_groups
extra_security_group_ids = var.temporal_rds_extra_security_group_ids
extra_security_group_ids = concat(var.temporal_rds_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
instance_class = var.temporal_rds_instance_type
backup_window = var.rds_backup_window
backup_retention_period = var.temporal_rds_backup_retention_period
Expand Down Expand Up @@ -952,7 +953,7 @@ resource "aws_lb" "temporal" {
load_balancer_type = "network"
subnets = var.temporal_internet_facing ? local.public_alb_subnet_ids : local.internal_service_alb_subnet_ids
enable_cross_zone_load_balancing = true
security_groups = var.create_security_groups ? concat([aws_security_group.temporal_lb[0].id], var.temporal_lb_extra_security_group_ids) : var.temporal_lb_extra_security_group_ids
security_groups = var.create_security_groups ? concat([aws_security_group.temporal_lb[0].id], var.temporal_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids) : concat(var.temporal_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
tags = local.tags

access_logs {
Expand Down Expand Up @@ -1136,7 +1137,7 @@ resource "aws_ecs_service" "temporal" {
network_configuration {
subnets = local.application_subnet_ids
assign_public_ip = false
security_groups = var.create_security_groups ? concat([aws_security_group.temporal[0].id, module.temporal_rds.client_security_group_id], var.temporal_extra_security_group_ids) : var.temporal_extra_security_group_ids
security_groups = var.create_security_groups ? concat([aws_security_group.temporal[0].id, module.temporal_rds.client_security_group_id], var.temporal_extra_security_group_ids, local.troubleshooting_module_security_group_ids) : concat(var.temporal_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
}

load_balancer {
Expand Down Expand Up @@ -1196,7 +1197,7 @@ module "temporalui" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.temporalui_extra_security_group_ids
additional_security_group_ids = concat(var.temporalui_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.temporalui_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -1207,7 +1208,7 @@ module "temporalui" {
ssl_policy = var.alb_ssl_policy
acm_certificate_arn = local.acm_certificate_arn
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.temporalui_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.temporalui_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
lb_deregistration_delay = 120

lb_access_logs_enabled = var.elb_access_logs_enabled
Expand Down Expand Up @@ -1310,7 +1311,7 @@ module "monocle" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.create_security_groups ? concat([module.rabbitmq.client_security_group_id], var.monocle_extra_security_group_ids) : var.monocle_extra_security_group_ids
additional_security_group_ids = var.create_security_groups ? concat([module.rabbitmq.client_security_group_id], var.monocle_extra_security_group_ids, local.troubleshooting_module_security_group_ids) : concat(var.monocle_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.monocle_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -1322,7 +1323,7 @@ module "monocle" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.monocle_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.monocle_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
lb_deregistration_delay = 300

lb_access_logs_enabled = var.elb_access_logs_enabled
Expand Down Expand Up @@ -1389,7 +1390,7 @@ module "toretto" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.create_security_groups ? concat([module.rabbitmq.client_security_group_id], var.toretto_extra_security_group_ids) : var.toretto_extra_security_group_ids
additional_security_group_ids = var.create_security_groups ? concat([module.rabbitmq.client_security_group_id], var.toretto_extra_security_group_ids, local.troubleshooting_module_security_group_ids) : concat(var.toretto_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.toretto_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -1400,7 +1401,7 @@ module "toretto" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.toretto_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.toretto_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)

lb_access_logs_enabled = var.elb_access_logs_enabled
lb_access_logs_bucket_name = var.elb_access_logs_bucket
Expand Down Expand Up @@ -1466,7 +1467,7 @@ module "scheduler" {
vpc_cidr_block = var.vpc_cidr_block
subnet_ids = local.application_subnet_ids
create_security_groups = var.create_security_groups
additional_security_group_ids = var.create_security_groups ? concat([module.redis.client_security_group_id], var.scheduler_extra_security_group_ids) : var.scheduler_extra_security_group_ids
additional_security_group_ids = var.create_security_groups ? concat([module.redis.client_security_group_id], var.scheduler_extra_security_group_ids, local.troubleshooting_module_security_group_ids) : concat(var.scheduler_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
traffic_port = var.scheduler_port
ecs_cluster_id = aws_ecs_cluster.this.id
fargate_version = var.fargate_version
Expand All @@ -1477,7 +1478,7 @@ module "scheduler" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.scheduler_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.scheduler_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)

lb_access_logs_enabled = var.elb_access_logs_enabled
lb_access_logs_bucket_name = var.elb_access_logs_bucket
Expand Down Expand Up @@ -1683,7 +1684,7 @@ module "redis" {
vpc_id = local.vpc_id
create_security_groups = var.create_security_groups
subnet_group_name = local.elasticache_subnet_group_name
extra_security_group_ids = var.redis_extra_security_group_ids
extra_security_group_ids = concat(var.redis_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
auth_token_secret_arn = local.redis_auth_token_secret_arn
instance_type = var.redis_instance_type
instance_count = var.redundant_infrastructure ? 2 : 1
Expand Down Expand Up @@ -1726,7 +1727,7 @@ module "datawatch_rds" {
vpc_id = local.vpc_id
db_subnet_group_name = local.database_subnet_group_name
create_security_groups = var.create_security_groups
extra_security_group_ids = var.datawatch_rds_extra_security_group_ids
extra_security_group_ids = concat(var.datawatch_rds_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
enable_multi_az = var.redundant_infrastructure ? true : false

# Settings
Expand Down Expand Up @@ -1844,7 +1845,7 @@ module "datawatch" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.datawatch_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.datawatch_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)
lb_deregistration_delay = 900

lb_access_logs_enabled = var.elb_access_logs_enabled
Expand Down Expand Up @@ -1944,7 +1945,7 @@ module "datawork" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.datawork_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.datawork_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)

lb_access_logs_enabled = var.elb_access_logs_enabled
lb_access_logs_bucket_name = var.elb_access_logs_bucket
Expand Down Expand Up @@ -2045,7 +2046,7 @@ module "metricwork" {
acm_certificate_arn = local.acm_certificate_arn
lb_idle_timeout = 900
lb_subnet_ids = local.internal_service_alb_subnet_ids
lb_additional_security_group_ids = var.metricwork_lb_extra_security_group_ids
lb_additional_security_group_ids = concat(var.metricwork_lb_extra_security_group_ids, local.troubleshooting_module_security_group_ids)

lb_access_logs_enabled = var.elb_access_logs_enabled
lb_access_logs_bucket_name = var.elb_access_logs_bucket
Expand Down

0 comments on commit 817e9f3

Please sign in to comment.