Merge pull request #296 from lbodor/aws-provider-5

Updates for AWS provider v5
opendatacube · May 13, 2024 · 96ea7e6 · 96ea7e6
2 parents 551e7c2 + bb0260a
commit 96ea7e6
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+# master
+
+* The update to the version of Terraform AWS VPC module will require the following manual edits to the state file:
+
+```bash
+terraform state rm module.odc_eks.module.vpc[0].aws_vpc_endpoint_route_table_association.private_s3
+terraform state rm module.odc_eks.module.vpc[0].aws_vpc_endpoint_route_table_association.public_s3
+```
+
+See Terraform AWS VPC module upgrade instructions at https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/fbd4ff646b4caaa6fcc1fb71bc88d377cc8b3b48/UPGRADE-3.0.md?plain=1#L25.
+
 # v1.10.0 odc_eks - Optional vpc creation update procedure
 
 Making VPC creation optional has added a `count` to the `module.odc_eks.module.vpc` resource path.
@@ -50,4 +61,4 @@ terraform state mv module.odc_eks.module.vpc.aws_vpc_endpoint_route_table_associ
 terraform state mv module.odc_eks.module.vpc.aws_vpc_endpoint_route_table_association.private_s3[1] module.odc_eks.module.vpc[0].aws_vpc_endpoint_route_table_association.private_s3[1]
 terraform state mv module.odc_eks.module.vpc.aws_vpc_endpoint_route_table_association.private_s3[2] module.odc_eks.module.vpc[0].aws_vpc_endpoint_route_table_association.private_s3[2]
 terraform state mv module.odc_eks.module.vpc.aws_vpc_endpoint_route_table_association.public_s3[0] module.odc_eks.module.vpc[0].aws_vpc_endpoint_route_table_association.public_s3[0]
-```
+```
diff --git a/odc_eks/main.tf b/odc_eks/main.tf
@@ -13,10 +13,20 @@ module "odc_eks_label" {
 
 locals {
   cluster_id = (var.cluster_id != "") ? var.cluster_id : module.odc_eks_label.id
+
+  tags = merge(
+    {
+      Name        = "${local.cluster_id}-vpc"
+      owner       = var.owner
+      namespace   = var.namespace
+      environment = var.environment
+    },
+    var.tags
+  )
 }
 
 module "vpc" {
-  source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v2.70.0"
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v5.5.2"
 
   count = var.create_vpc ? 1 : 0
 
@@ -53,17 +63,39 @@ module "vpc" {
   enable_nat_gateway           = var.enable_nat_gateway
   create_igw                   = var.create_igw
   create_database_subnet_group = true
-  enable_s3_endpoint           = var.enable_s3_endpoint
 
-  tags = merge(
-    {
-      Name        = "${local.cluster_id}-vpc"
-      owner       = var.owner
-      namespace   = var.namespace
-      environment = var.environment
-    },
-    var.tags
-  )
+  manage_default_security_group = false
+  manage_default_network_acl    = false
+  manage_default_route_table    = false
+
+  tags = local.tags
+}
+
+moved {
+  from = module.vpc[0].aws_vpc_endpoint.s3[0]
+  to   =  module.vpc_endpoints[0].aws_vpc_endpoint.this["s3"]
+}
+
+module "vpc_endpoints" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//modules/vpc-endpoints?ref=v5.1.1"
+  count  = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
+
+  vpc_id = module.vpc[0].vpc_id
+  security_group_ids = [ module.vpc[0].default_security_group_id ]
+
+  endpoints = {
+    s3 = {
+      service      = "s3"
+      service_type = "Gateway"
+
+      route_table_ids = flatten([
+        module.vpc[0].private_route_table_ids,
+        module.vpc[0].public_route_table_ids
+      ])
+    }
+  }
+
+  tags = local.tags
 }
 
 # Creates network and Kuberenetes master nodes

diff --git a/odc_eks/waf.tf b/odc_eks/waf.tf
@@ -429,8 +429,8 @@ resource "aws_kinesis_firehose_delivery_stream" "waf_delivery_stream" {
     role_arn   = aws_iam_role.waf_firehose_role[0].arn
     bucket_arn = data.aws_s3_bucket.waf_log_bucket[0].arn
 
-    buffer_size     = var.waf_firehose_buffer_size
-    buffer_interval = var.waf_firehose_buffer_interval
+    buffering_size     = var.waf_firehose_buffer_size
+    buffering_interval = var.waf_firehose_buffer_interval
 
     prefix              = "logs/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/"
     error_output_prefix = "errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}"
@@ -518,4 +518,4 @@ resource "aws_wafregional_web_acl_association" "alb" {
   resource_arn = "arn:aws:elasticloadbalancing:ap-southeast-1:<account-id>:loadbalancer/app/<lb-name>/<lb-id>" # ARN of the ALB
   web_acl_id   = "${aws_wafregional_web_acl.waf_webacl.id}"
 }
-*/
+*/