Merge pull request #1319 from jordimassaguerpla/add_missin_tags_lb_ba…

…ckport_4_5_0 Add Resource Groups + AZ filter for AWS tf (#1225)
SUSE · Aug 12, 2020 · 3ba97f9 · 3ba97f9
2 parents 6733b0f + 9c11530
commit 3ba97f9
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 0 deletions.
diff --git a/ci/infra/aws/README.md b/ci/infra/aws/README.md
@@ -213,3 +213,7 @@ in the cluster.
 ### Availability zones
 
 Right now all the nodes are created inside of the same availability zone.
+
+It is possible to filter the available AZ by configuring `availability_zones_filter`.
+
+The available filters can be found [here in the AWS API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html)
diff --git a/ci/infra/aws/aws.tf b/ci/infra/aws/aws.tf
@@ -35,3 +35,40 @@ resource "aws_key_pair" "kube" {
   )
 }
 
+resource "aws_resourcegroups_group" "kube" {
+  name = "${var.stack_name}-resourcegroup"
+
+  tags = merge(
+    local.basic_tags,
+    {
+      "Name"  = "${var.stack_name}-resourcegroup"
+      "Class" = "ResourceGroup"
+    },
+  )
+
+  resource_query {
+    query = jsonencode({
+      "ResourceTypeFilters" : [
+        "AWS::EC2::DHCPOptions",
+        "AWS::EC2::EIP",
+        "AWS::EC2::Instance",
+        "AWS::EC2::InternetGateway",
+        "AWS::EC2::NatGateway",
+        "AWS::EC2::NetworkInterface",
+        "AWS::EC2::RouteTable",
+        "AWS::EC2::SecurityGroup",
+        "AWS::EC2::Subnet",
+        "AWS::EC2::VPC",
+        "AWS::EC2::VPCPeeringConnection",
+        "AWS::ElasticLoadBalancing::LoadBalancer",
+        "AWS::ResourceGroups::Group"
+      ],
+      "TagFilters" : [
+        {
+          "Key" : "Environment",
+          "Values" : [var.stack_name]
+        }
+      ]
+    })
+  }
+}
diff --git a/ci/infra/aws/network.tf b/ci/infra/aws/network.tf
@@ -14,6 +14,11 @@ resource "aws_vpc" "platform" {
 # list of az which can be access from the current region
 data "aws_availability_zones" "az" {
   state = "available"
+
+  filter {
+    name = var.availability_zones_filter.name
+    values = var.availability_zones_filter.values
+  }
 }
 
 resource "aws_vpc_dhcp_options" "platform" {

diff --git a/ci/infra/aws/terraform.tfvars.example b/ci/infra/aws/terraform.tfvars.example
@@ -43,3 +43,9 @@ authorized_keys = [
 #
 # Note well: you must  have the right set of permissions.
 # iam_profile_worker = "caasp-k8s-worker-vm-profile"
+
+# Use specific Availibility Zone
+#availability_zones_filter= {
+#    name   = "zone-name"
+#    values = ["eu-west-3c"]
+#}
diff --git a/ci/infra/aws/variables.tf b/ci/infra/aws/variables.tf
@@ -111,3 +111,14 @@ variable "peer_vpc_ids" {
   description = "IDs of a VPCs to connect to via a peering connection"
 }
 
+variable "availability_zones_filter" {
+  type = object({
+    name   = string
+    values = list(string)
+  })
+  default = {
+    name   = "zone-name"
+    values = ["*"]
+  }
+  description = "Filter Availability Zones"
+}