chore: Update Terraform versions and required providers in modules

Author: ulises-jeremias

.github/workflows/tf-docs.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Render terraform docs inside modules
         uses: terraform-docs/[email protected]
         with:
-          working-dir: modules/amplify-app,modules/bastion,modules/mongodb,modules/rds,modules/rds-aurora,modules/vpc,modules/vpc-endpoints,live/terraform-backend,live/core-networking,live/common-infra
+          working-dir: modules/*,live/*
           output-file: docs/MODULE.md
           output-method: replace
           git-push: "true"

README.md

@@ -12,11 +12,6 @@ Welcome to the Terraform AWS Starter Kit! This comprehensive and robust starter
 
 The Terraform AWS Starter Kit solves the most challenging aspect of AWS infrastructure building by providing a powerful solution for our clients. Our goal is to simplify the process of setting up a reliable and scalable AWS environment, allowing you to focus on developing and deploying your applications swiftly and confidently.
 
-<picture>
-  <source media="(prefers-color-scheme: dark)" alt="" align="right" width="400px" srcset="./tools/dac/live_prod_infrastructure.png"/>
-  <img alt="" align="right" width="400px" src="./tools/dac/live_prod_infrastructure.png"/>
-</picture>
-
 ## Key Features
 
 ### Secure State Management 🔒
@@ -33,7 +28,11 @@ The starter kit implements security groups for the bastion host and database ins
 
 ### Database Provisioning 🗃️
 
-We have included configurations to provision an RDS PostgreSQL instance and other database resources. This allows you to easily set up and manage your database infrastructure in a consistent and reproducible manner.
+We have included configurations to provision an RDS PostgreSQL instance, RDS Aurora cluster, MSK cluster, MongoDB Atlas cluster, and more. These configurations enable you to set up and manage your databases with ease, ensuring optimal performance and reliability for your applications.
+
+### Kubernetes Cluster Provisioning 🚢
+
+Our starter kit includes configurations to provision an Amazon Elastic Kubernetes Service (EKS) cluster. This enables you to deploy and manage containerized applications using Kubernetes, leveraging the scalability and flexibility of AWS for your workloads.
 
 ### Secrets Management 🔑
 
@@ -60,45 +59,55 @@ We welcome contributions and feedback to improve this starter kit further, makin
 
 ## Quick Start
 
-Check the [Live Infrastructure](#live-infrastructure) section for more information about existing infrastructure modules and how to use them.
-
-Once you have chosen the infrastructure module you want to use, move to the module directory and follow the instructions in the README file.
+To get started, explore the available modules and scripts, and follow the instructions provided in their respective README files. For a more hands-on introduction, you can start with the examples provided in the [**Live Infrastructure**](#live-infrastructure) and [**Infra Tools and Scripts**](#infra-tools-and-scripts) sections.
 
 ## Live Infrastructure
 
-The `live` directory houses our live infrastructure components. This is where you'll find our Terraform variables, backend configuration, and Terraform root modules.
-
-It is recommended to create a separate directory for each domain that you want to manage with Terraform. For example, you could have a `core-networking` directory for managing your VPC, subnets, and security groups, and a `common-infra` directory for managing your RDS instances, S3 buckets, and other shared resources.
+The `live` directory houses our active infrastructure configurations. These configurations are organized by domain, allowing you to manage different parts of your infrastructure separately.
 
-| Module                                                                | Description                                                                                                      |
-| :-------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------- |
-| [Terraform Backend Configuration](./live/terraform-backend/README.md) | Terraform module for setting up the S3 backend.                                                                  |
-| [AWS IAM Management](./live/aws-iam-management/README.md)             | Terraform module for managing IAM roles and policies.                                                            |
-| [Core Networking](./live/core-networking/README.md)                   | Terraform module for managing core networking components such as VPC, subnets, and security groups.              |
-| [Common Infrastructure](./live/common-infra/README.md)                | Terraform module for managing common infrastructure components such as RDS instances, S3 buckets, and IAM roles. |
+| Module                                                                | Description                                                                             |
+| :-------------------------------------------------------------------- | :-------------------------------------------------------------------------------------- |
+| [Terraform Backend Configuration](./live/terraform-backend/README.md) | Set up the Terraform backend with an S3 bucket and DynamoDB table for state management. |
+| [AWS IAM Management](./live/iam-management/README.md)                 | Manage IAM roles and policies.                                                          |
+| [Core Networking](./live/core-networking/README.md)                   | Manage core networking components such as VPCs, subnets, and security groups.           |
+| [Services Platform](./live/services-platform/README.md)               | Manage services platform components, including EKS clusters.                            |
 
 ## Terraform Modules
 
-We have created custom Terraform modules to bootstrap our infrastructure, which are located in the `modules` directory.
+Our custom Terraform modules are located in the `modules` directory. These modules are reusable and help you bootstrap various parts of your infrastructure.
 
-| Module                                               | Description                                                                      |
-| :--------------------------------------------------- | :------------------------------------------------------------------------------- |
-| [Amplify App](./modules/amplify-app/README.md)       | Terraform module for bootstrapping an Amplify app.                               |
-| [Bastion](./modules/bastion/README.md)               | Terraform module for bootstrapping a bastion host.                               |
-| [AWS IAM Role](./modules/iam-role/README.md)         | Terraform module for bootstrapping an AWS IAM role.                              |
-| [RDS Instance](./modules/rds/README.md)              | Terraform module for bootstrapping an RDS Instance.                              |
-| [RDS Aurora Cluster](./modules/rds-aurora/README.md) | Terraform module for bootstrapping an RDS Aurora Cluster.                        |
-| [VPC](./modules/vpc/README.md)                       | Terraform module for bootstrapping a VPC for use with our shared infrastructure. |
+| Module                                               | Description                                                   |
+| :--------------------------------------------------- | :------------------------------------------------------------ |
+| [Amplify App](./modules/amplify-app/README.md)       | Bootstrap an Amplify app.                                     |
+| [Bastion](./modules/bastion/README.md)               | Bootstrap a bastion host.                                     |
+| [EKS](./modules/eks/README.md)                       | Bootstrap an EKS cluster.                                     |
+| [AWS IAM Role](./modules/iam-role/README.md)         | Bootstrap an AWS IAM role.                                    |
+| [MSK Cluster](./modules/msk/README.md)               | Bootstrap an MSK cluster.                                     |
+| [RDS Instance](./modules/rds/README.md)              | Bootstrap an RDS Instance.                                    |
+| [RDS Aurora Cluster](./modules/rds-aurora/README.md) | Bootstrap an RDS Aurora Cluster.                              |
+| [VPC](./modules/vpc/README.md)                       | Bootstrap a VPC for shared infrastructure.                    |
+| [VPC Endpoint](./modules/vpc-endpoint/README.md)     | Bootstrap VPC endpoints for S3, DynamoDB, and other services. |
 
 ## Apps and Services
 
-In addition to infrastructure provisioning, we have included a few apps and services to help you get started.
+In addition to infrastructure provisioning, we have included a few apps and services to help you get started. These are located in the `apps` directory and provide useful examples of how to use the infrastructure we have provisioned.
+
+| Service                                                         | Description                                                                               |
+| :-------------------------------------------------------------- | :---------------------------------------------------------------------------------------- |
+| [Start and Stop EC2 Instance](./apps/start-stop-ec2-instances/) | A Serverless Framework-based project to start and stop EC2 instances based on a schedule. |
+
+## Infra Tools and Scripts
+
+This section contains additional tools and scripts that complement our Terraform modules, helping you manage specific tasks.
+
+**What tools and scripts are available?**
 
-These apps and services are located in the `apps` directory. In there you can find useful examples of how to use the infrastructure we have provisioned.
+- Bastion Host Connection script: Connect to an AWS Bastion host securely.
+- Generate `kubeconfig` script: Generate a `kubeconfig` file for an EKS Cluster.
+- Tunnel to EKS Cluster script: Create a tunnel to an EKS Cluster for `kubectl` access.
+- and more!
 
-| Service                                                         | Description                                                                                       |
-| :-------------------------------------------------------------- | :------------------------------------------------------------------------------------------------ |
-| [Start and Stop EC2 Instance](./apps/start-stop-ec2-instances/) | This is a Serverless Framework based project to start and stop EC2 instances based on a schedule. |
+Refer to the [Infra Tools and Scripts README](./scripts/README.md) for more details and usage examples!
 
 ## Best practices
 

live/aws-iam-management/configs/develop-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-develop-tfbackend-state"
+key     = "nan-develop-aws-iam-management.tfstate"
+encrypt = "true"
+profile = ""

live/aws-iam-management/configs/prod.tfvars renamed to live/aws-iam-management/configs/develop.tfvars

@@ -3,5 +3,6 @@
 region      = "us-west-2"
 name        = "aws-iam-management"
 namespace   = "nan"
-environment = "prod"
-tags        = {}
+environment = "develop"
+tags = {
+}

live/aws-iam-management/configs/sandbox-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-sandbox-tfbackend-state"
+key     = "nan-sandbox-aws-iam-management.tfstate"
+encrypt = "true"
+profile = ""

live/aws-iam-management/configs/staging.tfvars renamed to live/aws-iam-management/configs/sandbox.tfvars

@@ -3,5 +3,6 @@
 region      = "us-west-2"
 name        = "aws-iam-management"
 namespace   = "nan"
-environment = "staging"
-tags        = {}
+environment = "sandbox"
+tags = {
+}

live/aws-iam-management/main.tf

@@ -5,6 +5,7 @@ provider "aws" {
     tags = merge(module.label.tags, {
       ManagedBy      = "terraform"
       Owner          = "NaNLABS"
+      Project        = "[Project Name]"
       Repository     = "https://github.com/nanlabs/terraform-aws-starter"
       RepositoryPath = "live/aws-iam-management"
     })

live/common-infra/configs/develop-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-develop-tfbackend-state"
+key     = "nan-develop-common-infra.tfstate"
+encrypt = "true"
+profile = ""

live/common-infra/configs/prod.tfvars renamed to live/common-infra/configs/develop.tfvars

@@ -3,12 +3,13 @@
 region      = "us-west-2"
 name        = "common-infra"
 namespace   = "nan"
-environment = "prod"
-tags        = {}
+environment = "develop"
+tags = {
+}
 
 # Core Networking settings
 
-core_networking_ssm_parameter_prefix = "/nan-core-networking-prod"
+core_networking_ssm_parameter_prefix = "/nan-core-networking-develop"
 
 # RDS Database settings
 

live/common-infra/configs/sandbox-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-sandbox-tfbackend-state"
+key     = "nan-sandbox-common-infra.tfstate"
+encrypt = "true"
+profile = ""

live/common-infra/configs/staging.tfvars renamed to live/common-infra/configs/sandbox.tfvars

@@ -3,12 +3,13 @@
 region      = "us-west-2"
 name        = "common-infra"
 namespace   = "nan"
-environment = "staging"
-tags        = {}
+environment = "sandbox"
+tags = {
+}
 
 # Core Networking settings
 
-core_networking_ssm_parameter_prefix = "/nan-core-networking-staging"
+core_networking_ssm_parameter_prefix = "/nan-core-networking-sandbox"
 
 # RDS Database settings
 

live/core-networking/README.md

@@ -33,7 +33,7 @@
    Initialize the working directory with the required providers and modules:
 
    ```sh
-   terraform init -backend-config="./configs/prod-backend.tfvars"
+   terraform init -backend-config="./configs/sandbox-backend.tfvars"
    ```
 
 3. **Workspace Management:**
@@ -42,12 +42,12 @@
 
    ```sh
    # Select an existing workspace
-   terraform workspace select prod
+   terraform workspace select sandbox
 
    # Create a new workspace if it doesn't exist
    # and select it
-   terraform workspace new prod
-   terraform workspace select prod
+   terraform workspace new sandbox
+   terraform workspace select sandbox
    ```
 
 ## Deploy

live/core-networking/bastion.tf

@@ -12,7 +12,7 @@ module "bastion" {
   vpc_id          = module.vpc.vpc_id
   private_subnets = module.vpc.private_subnets
   instance_type   = "t2.micro"
-  tags            = module.label.tags
+  tags            = merge(module.label.tags, { "Name" = "${module.label.id}-bastion" })
 }
 
 output "bastion_instance_id" {

live/core-networking/configs/develop-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-develop-tfbackend-state"
+key     = "nan-develop-core-networking.tfstate"
+encrypt = "true"
+profile = ""

live/core-networking/configs/staging.tfvars renamed to live/core-networking/configs/develop.tfvars

@@ -3,10 +3,12 @@
 region      = "us-west-2"
 name        = "core-networking"
 namespace   = "nan"
-environment = "staging"
+environment = "develop"
 tags        = {}
 
-# AWS settings
+# Resources settings
 
 vpc_cidr_block = "10.0.0.0/16"
 enable_bastion = true
+
+cluster_name = "nan-develop-services-platform-cluster"

live/core-networking/configs/sandbox-backend.tfvars

@@ -0,0 +1,5 @@
+region  = "us-west-2"
+bucket  = "nan-sandbox-tfbackend-state"
+key     = "nan-sandbox-core-networking.tfstate"
+encrypt = "true"
+profile = ""

live/core-networking/configs/prod.tfvars renamed to live/core-networking/configs/sandbox.tfvars

@@ -3,10 +3,12 @@
 region      = "us-west-2"
 name        = "core-networking"
 namespace   = "nan"
-environment = "prod"
+environment = "sandbox"
 tags        = {}
 
-# AWS settings
+# Resources settings
 
 vpc_cidr_block = "10.0.0.0/16"
 enable_bastion = true
+
+cluster_name = "nan-sandbox-services-platform-cluster"

live/core-networking/docs/MODULE.md

@@ -27,6 +27,7 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster | `string` | n/a | yes |
 | <a name="input_enable_bastion"></a> [enable\_bastion](#input\_enable\_bastion) | Enable bastion host | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `"development"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use for servers, tags, etc | `string` | `"name"` | no |

live/core-networking/main.tf

@@ -5,6 +5,7 @@ provider "aws" {
     tags = merge(module.label.tags, {
       ManagedBy      = "terraform"
       Owner          = "NaNLABS"
+      Project        = "[Project Name]"
       Repository     = "https://github.com/nanlabs/terraform-aws-starter"
       RepositoryPath = "live/core-networking"
     })

live/core-networking/vpc-endpoints.tf

@@ -10,43 +10,7 @@ module "vpc_endpoints" {
       route_table_ids = module.vpc.public_route_table_ids
       policy          = null
       tags            = { Name = "${module.label.id}-s3-vpc-endpoint" }
-    }
-    # ec2 = {
-    #   service             = "ec2"
-    #   service_type        = "Interface"
-    #   security_group_ids  = [module.vpc.default_security_group_id]
-    #   private_dns_enabled = true
-    #   subnet_ids          = module.vpc.private_subnets
-    #   policy              = null
-    #   tags                = { Name = "${module.label.id}-ec2-vpc-endpoint" }
-    # },
-    # ssm = {
-    #   service             = "ssm"
-    #   service_type        = "Interface"
-    #   security_group_ids  = [module.vpc.default_security_group_id]
-    #   private_dns_enabled = true
-    #   subnet_ids          = module.vpc.private_subnets
-    #   policy              = null
-    #   tags                = { Name = "${module.label.id}-ssm-vpc-endpoint" }
-    # },
-    # ec2messages = {
-    #   service             = "ec2messages"
-    #   service_type        = "Interface"
-    #   security_group_ids  = [module.vpc.default_security_group_id]
-    #   private_dns_enabled = true
-    #   subnet_ids          = module.vpc.private_subnets
-    #   policy              = null
-    #   tags                = { Name = "${module.label.id}-ec2messages-vpc-endpoint" }
-    # },
-    # ssmmessages = {
-    #   service             = "ssmmessages"
-    #   service_type        = "Interface"
-    #   security_group_ids  = [module.vpc.default_security_group_id]
-    #   private_dns_enabled = true
-    #   subnet_ids          = module.vpc.private_subnets
-    #   policy              = null
-    #   tags                = { Name = "${module.label.id}-ssmmessages-vpc-endpoint" }
-    # }
+    },
   }
 
   security_group_ids = [module.vpc.default_security_group_id]

live/core-networking/vpc.tf

@@ -4,13 +4,35 @@ variable "vpc_cidr_block" {
   default     = "10.0.0.0/16"
 }
 
+variable "cluster_name" {
+  description = "The name of the EKS cluster"
+  type        = string
+}
+
+locals {
+  # The usage of the specific kubernetes.io/cluster/* resource tags below are required
+  # for EKS and Kubernetes to discover and manage networking resources
+  # https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/
+  tags = merge(var.tags, { "kubernetes.io/cluster/${var.cluster_name}" = "shared" })
+
+  # required tags to make ALB ingress work https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
+  public_subnets_additional_tags = {
+    "kubernetes.io/role/elb" : 1
+  }
+  private_subnets_additional_tags = {
+    "kubernetes.io/role/internal-elb" : 1
+  }
+}
+
 module "vpc" {
-  source             = "../../modules/vpc"
-  name               = module.label.id
-  vpc_cidr_block     = var.vpc_cidr_block
-  tags               = module.label.tags
-  enable_nat_gateway = true
-  single_nat_gateway = true
+  source              = "../../modules/vpc"
+  name                = module.label.id
+  vpc_cidr_block      = var.vpc_cidr_block
+  enable_nat_gateway  = true
+  single_nat_gateway  = true
+  tags                = local.tags
+  public_subnet_tags  = local.public_subnets_additional_tags
+  private_subnet_tags = local.private_subnets_additional_tags
 }
 
 output "ssm_parameter_vpc_id" {