rancher
/
terraform-aws-access
mirror of https://github.com/rancher/terraform-aws-access.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: add private address (#76) 

Signed-off-by: matttrach <matt.trachier@suse.com>
This commit is contained in:
Matt Trachier 2024-05-30 15:34:18 -05:00 committed by GitHub
parent eecdc7138c
commit 6bb4328c5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 51 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock
View File

@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1715316543, "lastModified": 1716977081,
"narHash": "sha256-4XOPcWmyH77Gd+cvVr2Hp7PHAlNAesvsLtHHbqy8xfA=", "narHash": "sha256-pFe5jLeIPlKEln5n2h998d7cpzXFdbrBMRe3suz4K1o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c669412a552f31c45adad47894e7fd6a8698e53f", "rev": "ac82a513e55582291805d6f09d35b6d8b60637a1",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
main.tf
View File

@ -44,7 +44,7 @@ locals {
# vpc # vpc
vpc_name = var.vpc_name vpc_name = var.vpc_name
vpc_cidr = (var.vpc_cidr == "" ? "10.0.255.0/24" : var.vpc_cidr) vpc_cidr = var.vpc_cidr
# subnet # subnet
subnets = var.subnets subnets = var.subnets
@ -122,7 +122,7 @@ module "network_load_balancer" {
name = local.load_balancer_name name = local.load_balancer_name
vpc_id = module.vpc[0].id vpc_id = module.vpc[0].id
security_group_id = module.security_group[0].id security_group_id = module.security_group[0].id
subnet_ids = [for subnet in module.subnet : subnet.id] subnets = { for s in keys(local.subnets) : s => { id = module.subnet[s].id, cidr = module.subnet[s].cidr } }
access_info = local.load_balancer_access_cidrs access_info = local.load_balancer_access_cidrs
} }
@ -138,5 +138,5 @@ module "domain" {
use = local.domain_use_strategy use = local.domain_use_strategy
cert_use_strategy = local.cert_use_strategy cert_use_strategy = local.cert_use_strategy
content = lower(local.domain) content = lower(local.domain)
ip = module.network_load_balancer[0].public_ip ips = module.network_load_balancer[0].public_ips
} }

4
modules/domain/main.tf
View File

@ -2,7 +2,7 @@ locals {
use = var.use use = var.use
cert_use = var.cert_use_strategy cert_use = var.cert_use_strategy
content = lower(var.content) content = lower(var.content)
ip = var.ip ips = var.ips
content_parts = split(".", local.content) content_parts = split(".", local.content)
top_level_domain = join(".", [ top_level_domain = join(".", [
@ -48,7 +48,7 @@ resource "aws_route53_record" "new" {
name = local.content name = local.content
type = "A" type = "A"
ttl = 30 ttl = 30
records = [local.ip] records = local.ips
} }
# cert generation # cert generation

10
modules/domain/variables.tf
View File

@ -30,11 +30,11 @@ variable "content" {
EOT EOT
} }
variable "ip" { variable "ips" {
type = string type = list(string)
description = <<-EOT description = <<-EOT
The ip address to attach to the domain. The ip addresses to attach to the domain.
When selecting a domain we won't generate any domain objects, we won't create a cert. When selecting a domain we won't generate any domain objects and we won't create a cert.
EOT EOT
default = "" default = []
} }

27
modules/network_load_balancer/main.tf
View File

@ -3,12 +3,12 @@ locals {
name = var.name name = var.name
vpc_id = var.vpc_id vpc_id = var.vpc_id
security_group_id = var.security_group_id security_group_id = var.security_group_id
subnet_ids = var.subnet_ids subnets = var.subnets
access_info = (var.access_info == null ? {} : var.access_info) access_info = (var.access_info == null ? {} : var.access_info)
create = (local.use == "create" ? 1 : 0) create = (local.use == "create" ? 1 : 0)
select = (local.use == "select" ? 1 : 0) select = (local.use == "select" ? 1 : 0)
eip = (local.select == 1 ? data.aws_eip.selected[0] : aws_eip.created[0]) eips = (local.select == 1 ? data.aws_eip.selected : aws_eip.created)
public_ip = (local.select == 1 ? data.aws_eip.selected[0].public_ip : aws_eip.created[0].public_ip) public_ips = (local.select == 1 ? [for e in data.aws_eip.selected : e.public_ip if can(e.public_ip)] : [for e in aws_eip.created : e.public_ip if can(e.public_ip)])
} }
data "aws_lb" "selected" { data "aws_lb" "selected" {
@ -19,21 +19,25 @@ data "aws_lb" "selected" {
} }
data "aws_eip" "selected" { data "aws_eip" "selected" {
count = local.select for_each = (local.select == 1 ? local.subnets : {})
filter { filter {
name = "description" name = "name"
values = ["ELB net/${data.aws_lb.selected[0].name}/*"] values = [local.name]
} }
} }
resource "aws_eip" "created" { resource "aws_eip" "created" {
count = local.create for_each = (local.create == 1 ? local.subnets : {})
domain = "vpc" domain = "vpc"
associate_with_private_ip = cidrhost(each.value.cidr, -2) # map the eip to the last available ip of the private subnet
tags = {
Name = local.name
}
} }
resource "aws_security_group" "load_balancer" { resource "aws_security_group" "load_balancer" {
count = local.create count = local.create
name = "${local.name}-lb" name = local.name
description = "Security group for load balancer ${local.name}" description = "Security group for load balancer ${local.name}"
vpc_id = local.vpc_id vpc_id = local.vpc_id
tags = { tags = {
@ -57,11 +61,12 @@ resource "aws_lb" "new" {
internal = false internal = false
load_balancer_type = "network" load_balancer_type = "network"
security_groups = [local.security_group_id] security_groups = [local.security_group_id]
enable_cross_zone_load_balancing = true
dynamic "subnet_mapping" { dynamic "subnet_mapping" {
for_each = toset(local.subnet_ids) for_each = local.subnets
content { content {
subnet_id = subnet_mapping.key subnet_id = subnet_mapping.value.id
allocation_id = local.eip.id allocation_id = local.eips[subnet_mapping.key].id
} }
} }
tags = { tags = {

4
modules/network_load_balancer/outputs.tf
View File

@ -7,8 +7,8 @@ output "dns_name" {
output "load_balancer" { output "load_balancer" {
value = (local.select == 1 ? data.aws_lb.selected[0] : aws_lb.new[0]) value = (local.select == 1 ? data.aws_lb.selected[0] : aws_lb.new[0])
} }
output "public_ip" { output "public_ips" {
value = local.public_ip value = local.public_ips
} }
output "listeners" { output "listeners" {
value = (local.create == 1 ? aws_lb_listener.created : {}) value = (local.create == 1 ? aws_lb_listener.created : {})

16
modules/network_load_balancer/variables.tf
View File

@ -30,12 +30,20 @@ variable "security_group_id" {
EOT EOT
default = "" default = ""
} }
variable "subnet_ids" { variable "subnets" {
type = list(string) type = map(object({
id = string
cidr = string
}))
description = <<-EOT description = <<-EOT
The subnet ids to attach to the Load Balancer. Map of subnets to attach to the Load Balancer.
EOT EOT
default = [] default = {
"dummy" = {
id = ""
cidr = ""
}
}
} }
variable "access_info" { variable "access_info" {
type = map(object({ type = map(object({

2
variables.tf
View File

@ -32,7 +32,7 @@ variable "vpc_cidr" {
If you attempt to generate a VPC that has no usable addresses you will get an "invalid CIDR" error from AWS. If you attempt to generate a VPC that has no usable addresses you will get an "invalid CIDR" error from AWS.
If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS. If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS.
EOT EOT
default = "" default = "10.0.0.0/16"
} }
# subnet # subnet