From bd6ca7e86ad06174ae0816ae0532b0fab418f1c7 Mon Sep 17 00:00:00 2001 From: lcavajani <33934779+lcavajani@users.noreply.github.com> Date: Mon, 13 Jul 2020 06:51:16 +0200 Subject: [PATCH] Add Resource Groups + AZ filter for AWS tf (#1225) * Add resourcegroup in AWS tf Signed-off-by: lcavajani * Add AZ filter in AWS tf Signed-off-by: lcavajani * add az filter in tfvars example Signed-off-by: lcavajani --- ci/infra/aws/README.md | 4 +++ ci/infra/aws/aws.tf | 37 +++++++++++++++++++++++++++ ci/infra/aws/network.tf | 5 ++++ ci/infra/aws/terraform.tfvars.example | 6 +++++ ci/infra/aws/variables.tf | 11 ++++++++ 5 files changed, 63 insertions(+) diff --git a/ci/infra/aws/README.md b/ci/infra/aws/README.md index f4523569fa..8bd6ab3fd7 100644 --- a/ci/infra/aws/README.md +++ b/ci/infra/aws/README.md @@ -213,3 +213,7 @@ in the cluster. ### Availability zones Right now all the nodes are created inside of the same availability zone. + +It is possible to filter the available AZ by configuring `availability_zones_filter`. + +The available filters can be found [here in the AWS API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) diff --git a/ci/infra/aws/aws.tf b/ci/infra/aws/aws.tf index 3a7c7d9169..5bdbd89c95 100644 --- a/ci/infra/aws/aws.tf +++ b/ci/infra/aws/aws.tf @@ -35,3 +35,40 @@ resource "aws_key_pair" "kube" { ) } +resource "aws_resourcegroups_group" "kube" { + name = "${var.stack_name}-resourcegroup" + + tags = merge( + local.basic_tags, + { + "Name" = "${var.stack_name}-resourcegroup" + "Class" = "ResourceGroup" + }, + ) + + resource_query { + query = jsonencode({ + "ResourceTypeFilters" : [ + "AWS::EC2::DHCPOptions", + "AWS::EC2::EIP", + "AWS::EC2::Instance", + "AWS::EC2::InternetGateway", + "AWS::EC2::NatGateway", + "AWS::EC2::NetworkInterface", + "AWS::EC2::RouteTable", + "AWS::EC2::SecurityGroup", + "AWS::EC2::Subnet", + "AWS::EC2::VPC", + "AWS::EC2::VPCPeeringConnection", + "AWS::ElasticLoadBalancing::LoadBalancer", + "AWS::ResourceGroups::Group" + ], + "TagFilters" : [ + { + "Key" : "Environment", + "Values" : [var.stack_name] + } + ] + }) + } +} diff --git a/ci/infra/aws/network.tf b/ci/infra/aws/network.tf index f2b0128875..45122eb3e0 100644 --- a/ci/infra/aws/network.tf +++ b/ci/infra/aws/network.tf @@ -14,6 +14,11 @@ resource "aws_vpc" "platform" { # list of az which can be access from the current region data "aws_availability_zones" "az" { state = "available" + + filter { + name = var.availability_zones_filter.name + values = var.availability_zones_filter.values + } } resource "aws_vpc_dhcp_options" "platform" { diff --git a/ci/infra/aws/terraform.tfvars.example b/ci/infra/aws/terraform.tfvars.example index 3fd84e4303..468ff3779f 100644 --- a/ci/infra/aws/terraform.tfvars.example +++ b/ci/infra/aws/terraform.tfvars.example @@ -43,3 +43,9 @@ authorized_keys = [ # # Note well: you must have the right set of permissions. # iam_profile_worker = "caasp-k8s-worker-vm-profile" + +# Use specific Availibility Zone +#availability_zones_filter= { +# name = "zone-name" +# values = ["eu-west-3c"] +#} diff --git a/ci/infra/aws/variables.tf b/ci/infra/aws/variables.tf index 704567bb79..e70380f10f 100644 --- a/ci/infra/aws/variables.tf +++ b/ci/infra/aws/variables.tf @@ -111,3 +111,14 @@ variable "peer_vpc_ids" { description = "IDs of a VPCs to connect to via a peering connection" } +variable "availability_zones_filter" { + type = object({ + name = string + values = list(string) + }) + default = { + name = "zone-name" + values = ["*"] + } + description = "Filter Availability Zones" +}