Use only predefined VPC

Author: farioas

terraform/aws/README.md

@@ -133,11 +133,7 @@ email           = "[email protected]"
 Deploy to existing VPC.
 
 ```hcl
-predefined_vpc = {
-  id                 = "vpc-***",
-  subnet_public_ids  = ["subnet-***", "subnet-***", "subnet-***"],
-  subnet_private_ids = ["subnet-***", "subnet-***", "subnet-***"],
-}
+predefined_vpc_id = "vpc-***"
 ```
 
 [Full tfvars file example](examples/opensource_predefined_vpc.tfvars)

terraform/aws/env/.terraform.lock.hcl

@@ -92,7 +92,7 @@
 | <a name="input_postgresql_type"></a> [postgresql\_type](#input\_postgresql\_type) | Postgresql type | `string` | `"internal"` | no |
 | <a name="input_postgresql_username"></a> [postgresql\_username](#input\_postgresql\_username) | Postgresql username | `string` | `"labelstudio"` | no |
 | <a name="input_predefined_s3_bucket"></a> [predefined\_s3\_bucket](#input\_predefined\_s3\_bucket) | Predefined S3 Bucket | <pre>object(<br>    {<br>      name : string<br>      region : string<br>      folder : string<br>      kms_arn : string<br>    }<br>  )</pre> | `null` | no |
-| <a name="input_predefined_vpc"></a> [predefined\_vpc](#input\_predefined\_vpc) | Predefined VPC | <pre>object(<br>    {<br>      id : string<br>      subnet_public_ids : list(string)<br>      subnet_private_ids : list(string)<br>    }<br>  )</pre> | `null` | no |
+| <a name="input_predefined_vpc_id"></a> [predefined\_vpc\_id](#input\_predefined\_vpc\_id) | Predefined VPC | `string` | `null` | no |
 | <a name="input_private_cidr_block"></a> [private\_cidr\_block](#input\_private\_cidr\_block) | List of private subnet cidr blocks | `list(string)` | <pre>[<br>  "10.0.1.0/24",<br>  "10.0.2.0/24",<br>  "10.0.3.0/24"<br>]</pre> | no |
 | <a name="input_public_cidr_block"></a> [public\_cidr\_block](#input\_public\_cidr\_block) | List of public subnet cidr blocks | `list(string)` | <pre>[<br>  "10.0.101.0/24",<br>  "10.0.102.0/24",<br>  "10.0.103.0/24"<br>]</pre> | no |
 | <a name="input_record_name"></a> [record\_name](#input\_record\_name) | Main record domain name | `string` | `null` | no |

terraform/aws/env/README.md

@@ -17,21 +17,19 @@ locals {
   redis_password      = var.redis_password == null ? random_password.redis_password[0].result : var.redis_password
 }
 
-# Create VPC
+# Create and/or configure VPC
 module "vpc" {
-  source = "../modules/vpc"
-  providers = {
-    aws = aws.aws_ignore_tags
-  }
-
-  count = var.predefined_vpc == null ? 1 : 0
+  source    = "../modules/vpc"
 
   name               = local.name_prefix
   environment        = var.environment
   region             = var.region
   public_cidr_block  = var.public_cidr_block
   private_cidr_block = var.private_cidr_block
   tags               = local.tags
+
+  # Predefined VPC
+  predefined_vpc_id = var.predefined_vpc_id
 }
 
 # Create Identity Access Management
@@ -88,9 +86,9 @@ module "eks" {
   min_size                             = var.min_size
   role_arn                             = module.iam.role_arn
   worker_role_arn                      = module.iam.worker_role_arn
-  public_subnets                       = var.predefined_vpc == null ? module.vpc[0].aws_subnet_public_ids : var.predefined_vpc.subnet_public_ids
-  subnet_ids                           = var.predefined_vpc == null ? module.vpc[0].aws_subnet_private_ids : var.predefined_vpc.subnet_private_ids
-  vpc_id                               = var.predefined_vpc == null ? module.vpc[0].aws_vpc_id : var.predefined_vpc.id
+  public_subnets                       = module.vpc.aws_subnet_public_ids
+  subnet_ids                           = module.vpc.aws_subnet_private_ids
+  vpc_id                               = module.vpc.aws_vpc_id
   instance_profile_name                = module.iam.iam_instance_profile
   tags                                 = local.tags
   capacity_type                        = var.eks_capacity_type
@@ -136,8 +134,8 @@ module "rds" {
 
   name         = local.name_prefix
   environment  = var.environment
-  vpc_id       = var.predefined_vpc == null ? module.vpc[0].aws_vpc_id : var.predefined_vpc.id
-  subnet_ids   = var.predefined_vpc == null ? module.vpc[0].aws_subnet_private_ids : var.predefined_vpc.subnet_private_ids
+  vpc_id       = module.vpc.aws_vpc_id
+  subnet_ids   = module.vpc.aws_subnet_private_ids
   machine_type = var.postgresql_machine_type
   database     = var.postgresql_database
   username     = var.postgresql_username
@@ -155,8 +153,8 @@ module "elasticache" {
   count = var.redis_type == "elasticache" && var.enterprise ? 1 : 0
 
   name         = local.name_prefix
-  vpc_id       = var.predefined_vpc == null ? module.vpc[0].aws_vpc_id : var.predefined_vpc.id
-  subnet_ids   = var.predefined_vpc == null ? module.vpc[0].aws_subnet_private_ids : var.predefined_vpc.subnet_private_ids
+  vpc_id       = module.vpc.aws_vpc_id
+  subnet_ids   = module.vpc.aws_subnet_private_ids
   machine_type = var.redis_machine_type
   port         = var.redis_port
   password     = local.redis_password
@@ -179,8 +177,6 @@ module "lbc" {
     module.eks,
     module.vpc,
   ]
-  public_subnets  = var.predefined_vpc == null ? module.vpc[0].aws_subnet_public_ids : var.predefined_vpc.subnet_public_ids
-  private_subnets = var.predefined_vpc == null ? module.vpc[0].aws_subnet_private_ids : var.predefined_vpc.subnet_private_ids
 }
 
 module "nic" {
@@ -209,7 +205,7 @@ module "cert-manager" {
 }
 
 module "label-studio" {
-  count            = var.deploy_label_studio ? 1 : 0
+  count = var.deploy_label_studio ? 1 : 0
 
   source = "../../common/modules/label-studio"
 

terraform/aws/env/main.tf

@@ -2,14 +2,6 @@ provider "aws" {
   region = var.region
 }
 
-provider "aws" {
-  alias  = "aws_ignore_tags"
-  region = var.region
-  ignore_tags {
-    key_prefixes = ["kubernetes.io/"]
-  }
-}
-
 provider "kubernetes" {
   host                   = data.aws_eks_cluster.eks.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)

terraform/aws/env/providers.tf

@@ -321,14 +321,8 @@ variable "lets_encrypt_email" {
 }
 
 # Predefined VPC
-variable "predefined_vpc" {
-  type = object(
-    {
-      id : string
-      subnet_public_ids : list(string)
-      subnet_private_ids : list(string)
-    }
-  )
+variable "predefined_vpc_id" {
+  type = string
   default = null
 }
 

terraform/aws/env/variables.tf

@@ -7,11 +7,7 @@ name        = "ls"
 region      = "us-east-2"
 
 # Predefined VPC
-predefined_vpc = {
-  id                 = "vpc-11111111",
-  subnet_public_ids  = ["subnet-11111111", "subnet-2222222", "subnet-33333333"],
-  subnet_private_ids = ["subnet-44444444", "subnet-5555555", "subnet-77777777"],
-}
+predefined_vpc_id = "vpc-***"
 
 deploy_label_studio = false
 postgresql_type     = "external"

terraform/aws/examples/only_infrastructure.tfvars

@@ -12,8 +12,4 @@ label_studio_additional_set = {
 }
 
 # Predefined VPC
-predefined_vpc = {
-  id                 = "vpc-***",
-  subnet_public_ids  = ["subnet-***", "subnet-***", "subnet-***"],
-  subnet_private_ids = ["subnet-***", "subnet-***", "subnet-***"],
-}
+predefined_vpc_id = "vpc-***"

terraform/aws/examples/opensource_predefined_vpc.tfvars

@@ -93,4 +93,4 @@ resource "aws_security_group_rule" "cluster_security_group_rule" {
   source_security_group_id = aws_security_group.worker_security_group.id
   to_port                  = 65535
   type                     = "ingress"
-}
+}

terraform/aws/modules/eks/security_groups.tf

@@ -145,4 +145,4 @@ variable "cluster_api_cidr" {
   description = "Allow workstation to communicate with the cluster API Server"
   type        = string
   default     = "10.2.0.0/32"
-}
+}

terraform/aws/modules/eks/variables.tf

@@ -44,13 +44,3 @@ variable "namespace" {
   type        = string
   default     = "ingress"
 }
-
-variable "private_subnets" {
-  type        = list(string)
-  description = "List of private subnets"
-}
-
-variable "public_subnets" {
-  type        = list(string)
-  description = "List of public subnets"
-}

terraform/aws/modules/load-balancer-controller/subnets.tf

@@ -34,6 +34,7 @@ No modules.
 | [aws_subnet.public_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
 | [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
 | [aws_availability_zones.availability_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 
@@ -43,6 +44,7 @@ No modules.
 | <a name="input_environment"></a> [environment](#input\_environment) | Name of the environment where infrastructure is being built | `string` | n/a | yes |
 | <a name="input_multi_az_nat_gateway"></a> [multi\_az\_nat\_gateway](#input\_multi\_az\_nat\_gateway) | place a NAT gateway in each AZ | `number` | `1` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name is the prefix to use for resources that needs to be created | `string` | n/a | yes |
+| <a name="input_predefined_vpc_id"></a> [predefined\_vpc\_id](#input\_predefined\_vpc\_id) | Predefined VPC ID | `string` | n/a | yes |
 | <a name="input_private_cidr_block"></a> [private\_cidr\_block](#input\_private\_cidr\_block) | List of private subnet CIDR blocks | `list(string)` | n/a | yes |
 | <a name="input_public_cidr_block"></a> [public\_cidr\_block](#input\_public\_cidr\_block) | List of public subnet CIDR blocks | `list(string)` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS region in where terraform builds resources | `string` | n/a | yes |
@@ -65,6 +67,5 @@ No modules.
 | <a name="output_aws_route_table_public_ids"></a> [aws\_route\_table\_public\_ids](#output\_aws\_route\_table\_public\_ids) | Output attributes of the route table ids. |
 | <a name="output_aws_subnet_private_ids"></a> [aws\_subnet\_private\_ids](#output\_aws\_subnet\_private\_ids) | n/a |
 | <a name="output_aws_subnet_public_ids"></a> [aws\_subnet\_public\_ids](#output\_aws\_subnet\_public\_ids) | Output attributes of the public and private subnets |
-| <a name="output_aws_vpc_cidr"></a> [aws\_vpc\_cidr](#output\_aws\_vpc\_cidr) | Output attribute of the VPC cidr block. |
 | <a name="output_aws_vpc_id"></a> [aws\_vpc\_id](#output\_aws\_vpc\_id) | Output attribute id of the VPC |
 <!-- END_TF_DOCS -->

terraform/aws/modules/load-balancer-controller/variables.tf

@@ -1,10 +1,6 @@
 # Output attribute id of the VPC
 output "aws_vpc_id" {
-  value = aws_vpc.vpc.id
-}
-# Output attribute of the VPC cidr block.
-output "aws_vpc_cidr" {
-  value = aws_vpc.vpc.cidr_block
+  value = local.vpc_id
 }
 
 # Output attributes of the public and private subnets