Merge pull request #16 from pkuber-tamr/DEV-14916

DEV-14916

Author: pkuber-tamr

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Tamr Terraform Template Repo
 
+## v2.0.0 - June 30th 2021
+* Accepts a list of security groups
+* Returns a list of ports used by RDS
+* Removes ability for the creation of security groups
+
 ## v1.0.0 - April 12th 2021
 * Updates minimum Terraform version to 13
 * Updates minimum AWS provider version to 3.36.0

README.md

@@ -7,7 +7,7 @@ This repo follows the [terraform standard module structure](https://www.terrafor
 Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
 ```
 module "rds_postgres" {
-  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
+  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=2.0.0"
   postgres_name        = "example_rds_postgres"
   parameter_group_name = "example-rds-postgres-pg"
   identifier_prefix    = "example-rds-"
@@ -29,7 +29,6 @@ This terraform module will create:
 * an AWS RDS Postgres instance
 * a database parameter group
 * a database subnet group
-* a security group for the rds instance
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -49,9 +48,9 @@ This terraform module will create:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | password | The password for the master DB user. | `string` | n/a | yes |
 | rds\_subnet\_ids | VPC subnet IDs in subnet group | `list(string)` | n/a | yes |
+| security\_group\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | subnet\_group\_name | The name of the subnet group to add the RDS instance to | `string` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
@@ -84,7 +83,7 @@ This terraform module will create:
 | rds\_hostname | n/a |
 | rds\_postgres\_id | ID of the of the RDS instance |
 | rds\_postgres\_pg\_id | ID of the RDS postgres parameter group |
-| rds\_sg\_id | ID of the security group attached to the rds instance |
+| rds\_security\_group\_ids | List of security group ids attached to the rds instance |
 | rds\_username | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

VERSION

@@ -1 +1 @@
-1.0.0
+2.0.0

examples/minimal/README.md

@@ -11,12 +11,18 @@ No provider.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
+| ingress\_cidr\_blocks | CIDR blocks to attach to security groups for ingress | `list(string)` | n/a | yes |
+| name\_prefix | A string to prepend to names of resources created by this example | `any` | n/a | yes |
+| security\_group\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | subnet\_ids | List of at least 2 subnets in different AZs for DB subnet group | `list(string)` | n/a | yes |
 | vpc\_id | VPC ID of network. | `string` | n/a | yes |
+| egress\_cidr\_blocks | CIDR blocks to attach to security groups for egress | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 
 ## Outputs
 
-No output.
+| Name | Description |
+|------|-------------|
+| ingress\_ports | List of ingress ports |
+| rds | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/minimal/local.tfvars

@@ -1,3 +1,5 @@
-vpc_id         = "vpc-example"
-subnet_ids     = ["subnet-az1", "subnet-az2"]
-ingress_sg_ids = ["example-spark-service-access-sg", "example-tamr-vm-sg"]
+vpc_id              = "vpc-example"
+subnet_ids          = ["subnet-az1", "subnet-az2"]
+security_group_ids  = ["example-spark-service-access-sg", "example-tamr-vm-sg"]
+name_prefix         = "test" # Replace me for a more specific prefix
+ingress_cidr_blocks = ["1.2.3.0/24"]

examples/minimal/main.tf

@@ -1,16 +1,32 @@
 module "rds_postgres" {
-  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
+  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=2.0.0"
   source = "../.."
 
   identifier_prefix    = "example-rds-pg-"
   postgres_name        = "example0"
   parameter_group_name = "example-rds-postgres-pg"
-  username             = "example-tamr-master"
-  password             = "foo" #tfsec:ignore:GEN003
+  username             = "exampleUsername"
+  password             = "examplePassword" #tfsec:ignore:GEN003
 
   vpc_id            = var.vpc_id
   subnet_group_name = "example_subnet_group"
   # Network requirement: DB subnet group needs a subnet in at least two Availability Zones
   rds_subnet_ids = var.subnet_ids
-  ingress_sg_ids = var.ingress_sg_ids
+  security_group_ids = module.rds-postgres-sg.security_group_ids
+}
+
+module "sg-ports" {
+  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git//modules/rds-postgres-ports?ref=2.0.0"
+  source = "../../modules/rds-postgres-ports"
+}
+
+module "rds-postgres-sg" {
+  source = "git::[email protected]:Datatamer/terraform-aws-security-groups.git?ref=1.0.0"
+  vpc_id = var.vpc_id
+  ingress_cidr_blocks = var.ingress_cidr_blocks
+  egress_cidr_blocks = var.egress_cidr_blocks
+  ingress_ports  = module.sg-ports.ingress_ports
+  sg_name_prefix = var.name_prefix
+  egress_protocol = "all"
+  ingress_protocol = "tcp"
 }

examples/minimal/outputs.tf

@@ -0,0 +1,8 @@
+output "ingress_ports" {
+  value = module.sg-ports
+  description = "List of ingress ports"
+}
+
+output "rds" {
+  value = module.rds_postgres
+}

examples/minimal/variables.tf

@@ -8,7 +8,22 @@ variable "subnet_ids" {
   description = "List of at least 2 subnets in different AZs for DB subnet group"
 }
 
-variable "ingress_sg_ids" {
+variable "security_group_ids" {
   description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"
   type        = list(string)
 }
+
+variable "name_prefix" {
+  description = "A string to prepend to names of resources created by this example"
+}
+
+variable "ingress_cidr_blocks" {
+  description = "CIDR blocks to attach to security groups for ingress"
+  type = list(string)
+}
+
+variable "egress_cidr_blocks" {
+  description = "CIDR blocks to attach to security groups for egress"
+  type = list(string)
+  default = ["0.0.0.0/0"]
+}

main.tf

@@ -10,15 +10,6 @@ resource "aws_db_subnet_group" "rds_postgres_subnet_group" {
   subnet_ids = var.rds_subnet_ids
 }
 
-module "rds_sg" {
-  source              = "./modules/rds-postgres-sg"
-  ingress_sg_ids      = var.ingress_sg_ids
-  vpc_id              = var.vpc_id
-  security_group_name = var.security_group_name
-  additional_cidrs    = var.additional_cidrs
-  additional_tags     = var.additional_tags
-}
-
 resource "aws_db_instance" "rds_postgres" {
   name = var.postgres_name
 
@@ -39,7 +30,7 @@ resource "aws_db_instance" "rds_postgres" {
   db_subnet_group_name   = aws_db_subnet_group.rds_postgres_subnet_group.name
   multi_az               = true
   publicly_accessible    = false
-  vpc_security_group_ids = [module.rds_sg.rds_sg_id]
+  vpc_security_group_ids = var.security_group_ids
   parameter_group_name   = aws_db_parameter_group.rds_postgres_pg.name
 
   maintenance_window      = var.maintenance_window

modules/rds-postgres-ports/README.md

@@ -0,0 +1,46 @@
+# Tamr AWS RDS Postgres Ports Module
+This module returns a list of ports used by the RDS Postgres Service.
+
+# Examples
+## Basic
+Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
+```
+module "rds_postgres" {
+  source = "git::https://github.com/Datatamer/terraform-aws-rds-postgres//modules/rds-postgres-ports?ref=2.0.0"
+}
+```
+
+# Resources Created
+This module creates no resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No provider.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| additional\_ports | Additional ports to add to the output of this module | `list(number)` | `[]` | no |
+| ports | Ports used by RDS Postgres | `list(number)` | <pre>[<br>  5432<br>]</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ingress\_ports | List of ingress ports |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+# References
+This repo is based on:
+* [terraform standard module structure](https://www.terraform.io/docs/modules/index.html#standard-module-structure)
+* [templated terraform module](https://github.com/tmknom/template-terraform-module)
+
+# License
+Apache 2 Licensed. See LICENSE for full details.