Review of AWS modules and subsequent correction of RKE/RKE2/K3S recipes

modules/infra/aws/README.md

@@ -1,49 +1,79 @@
-# Terraform | AWS Infrastructure
+# Terraform | AWS - Preparatory steps
 
-Terraform module to provide AWS nodes prepared for creating a kubernetes cluster.
+In order for Terraform to run operations on your behalf, you must [install and configure the AWS CLI tool](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions).
 
-Basic infrastructure options are provided to be coupled with other modules for example environments.
+## Example
 
-Documentation can be found [here](./docs.md).
+#### macOS installation and setup for all users
 
-## Examples
+```console
+curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
+```
+
+```console
+sudo installer -pkg AWSCLIV2.pkg -target /
+```
+
+#### Verify installation
+
+```console
+$ which aws
+/usr/local/bin/aws
+```
+
+```console
+$ aws --version
+aws-cli/2.13.33 Python/3.11.6 Darwin/23.1.0 exe/x86_64 prompt/off
+```
 
-#### Launch a single instance, create a keypair
+#### Setup credentials and configuration
 
-```terraform
-module "upstream_cluster" {
-  source              = "git::https://github.com/rancherlabs/tf-rancher-up.git//modules/infra/aws"
-  aws_region          = "us-east-1"
-  prefix              = "example-rancher"
-  instance_count      = 1
-  create_ssh_key_pair = true
-  user_data           = |
-    echo "hello world"
-}
+##### Option 1 - AWS CLI
+
+```console
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export AWS_DEFAULT_REGION=
+export AWS_DEFAULT_OUTPUT=text
 ```
 
-#### Provide an existing SSH key and Security Group
+##### Option 2 - Manually creating credential files
 
-```terraform
-module "upstream_cluster" {
-  source                  = "git::https://github.com/rancherlabs/tf-rancher-up.git//modules/infra/aws"
-  aws_region              = "us-east-1"
-  prefix                  = "example-rancher"
-  instance_count          = 1
-  ssh_key_pair_name       = "rancher-ssh"
-  instance_security_group = "sg-xxxxx"
-}
+```console
+mkdir ~/.aws
 ```
 
-#### Provide an existing VPC and Subnet
+```console
+cd ~/.aws
+```
+
+```console
+cat > credentials << EOL
+[default]
+aws_access_key_id = <YOUR_ACCESS_KEY>
+aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>
+EOL
+```
+
+```console
+cat > config << EOL
+[default]
+region = <REGION>
+output = text
+EOL
+```
+
+##### Option 3 - IAM Identity Center credentials
+
+```console
+aws configure sso
+```
+
+```console
+export AWS_PROFILE=<YOUR_CONFIG_PROFILE>
+```
 
-```terraform
-module "upstream_cluster" {
-  source                  = "git::https://github.com/rancherlabs/tf-rancher-up.git//modules/infra/aws"
-  aws_region              = "us-east-1"
-  prefix                  = "example-rancher"
-  instance_count          = 1
-  vpc_id                  = "vpc-xxxxx"
-	subnet_id               = "subnet-xxxxxx"
-}
+##### Verify credentials
+```console
+aws sts get-caller-identity
 ```

modules/infra/aws/ec2/README.md

@@ -0,0 +1,217 @@
+# Terraform | AWS EC2
+
+Terraform modules to provide VM instances - AWS EC2.
+
+Documentation can be found [here](./docs.md).
+
+## Example
+
+#### Launch three identical VM instances
+
+```terraform
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.53.0"
+    }
+
+    ssh = {
+      source  = "loafoe/ssh"
+      version = "2.6.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.10.1"
+    }
+  }
+
+  required_version = ">= 0.14"
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+variable "prefix" {}
+
+variable "aws_region" {
+  type        = string
+  description = "AWS region used for all resources"
+  default     = "us-east-1"
+
+  validation {
+    condition = contains([
+      "us-east-2",
+      "us-east-1",
+      "us-west-1",
+      "us-west-2",
+      "af-south-1",
+      "ap-east-1",
+      "ap-south-2",
+      "ap-southeast-3",
+      "ap-southeast-4",
+      "ap-south-1",
+      "ap-northeast-3",
+      "ap-northeast-2",
+      "ap-southeast-1",
+      "ap-southeast-2",
+      "ap-northeast-1",
+      "ca-central-1",
+      "ca-west-1",
+      "eu-central-1",
+      "eu-west-1",
+      "eu-west-2",
+      "eu-south-1",
+      "eu-west-3",
+      "eu-south-2",
+      "eu-north-1",
+      "eu-central-2",
+      "il-central-1",
+      "me-south-1",
+      "me-central-1",
+      "sa-east-1",
+    ], var.aws_region)
+    error_message = "Invalid Region specified!"
+  }
+}
+
+variable "ssh_private_key_path" {
+  description = "The full path where is present the pre-generated SSH PRIVATE key (not generated by Terraform); if `create_ssh_key_pair = false` this variable must be set"
+  default     = null
+}
+
+variable "vpc_id" {}
+
+variable "subnet_id" {}
+
+variable "instance_count" {}
+
+variable "ssh_username" {}
+
+module "aws-ec2-upstream-cluster" {
+  source         = "git::https://github.com/rancher/tf-rancher-up.git//modules/infra/aws/ec2"
+  prefix         = var.prefix
+  aws_region     = var.aws_region
+  vpc_id         = var.vpc_id
+  subnet_id      = var.subnet_id
+  instance_count = var.instance_count
+  ssh_username   = var.ssh_username
+}
+
+output "instances_public_ip" {
+  value = module.aws-ec2-upstream-cluster.instances_public_ip
+}
+
+output "instances_private_ip" {
+  value = module.aws-ec2-upstream-cluster.instances_private_ip
+}
+```
+
+#### Launch two identical VM instances and a dedicated new VPC/Subnet
+
+```terraform
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.53.0"
+    }
+
+    ssh = {
+      source  = "loafoe/ssh"
+      version = "2.6.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.10.1"
+    }
+  }
+
+  required_version = ">= 0.14"
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+variable "prefix" {}
+
+variable "aws_region" {
+  type        = string
+  description = "AWS region used for all resources"
+  default     = "us-east-1"
+
+  validation {
+    condition = contains([
+      "us-east-2",
+      "us-east-1",
+      "us-west-1",
+      "us-west-2",
+      "af-south-1",
+      "ap-east-1",
+      "ap-south-2",
+      "ap-southeast-3",
+      "ap-southeast-4",
+      "ap-south-1",
+      "ap-northeast-3",
+      "ap-northeast-2",
+      "ap-southeast-1",
+      "ap-southeast-2",
+      "ap-northeast-1",
+      "ca-central-1",
+      "ca-west-1",
+      "eu-central-1",
+      "eu-west-1",
+      "eu-west-2",
+      "eu-south-1",
+      "eu-west-3",
+      "eu-south-2",
+      "eu-north-1",
+      "eu-central-2",
+      "il-central-1",
+      "me-south-1",
+      "me-central-1",
+      "sa-east-1",
+    ], var.aws_region)
+    error_message = "Invalid Region specified!"
+  }
+}
+
+variable "ssh_private_key_path" {
+  description = "The full path where is present the pre-generated SSH PRIVATE key (not generated by Terraform); if `create_ssh_key_pair = false` this variable must be set"
+  default     = null
+}
+
+variable "instance_count" {}
+
+variable "ssh_username" {}
+
+module "aws-ec2-upstream-cluster" {
+  source         = "git::https://github.com/rancher/tf-rancher-up.git//modules/infra/aws/ec2"
+  prefix         = var.prefix
+  aws_region     = var.aws_region
+  instance_count = var.instance_count
+  ssh_username   = var.ssh_username
+}
+
+output "instances_public_ip" {
+  value = module.aws-ec2-upstream-cluster.instances_public_ip
+}
+
+output "instances_private_ip" {
+  value = module.aws-ec2-upstream-cluster.instances_private_ip
+}
+```

modules/infra/aws/data.tf → modules/infra/aws/ec2/data.tf

@@ -1,3 +1,5 @@
+data "aws_availability_zones" "available" {}
+
 # TODO: Make the Ubuntu OS version configurable
 # TODO: Add support for ARM architecture
 data "aws_ami" "ubuntu" {