rancher
/
terraform-aws-access
mirror of https://github.com/rancher/terraform-aws-access.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
A Terraform Module for Managing AWS Access Objects
82 Commits 4 Branches 46 Tags 646 KiB
HCL 70.3%
Go 15%
Shell 10.4%
Nix 4.3%
Go to file
github-actions[bot] 1c8bb96828
chore(main): release 2.1.0 (#54) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 		2024-04-17 21:27:30 -05:00
.github fix: resolve weird exit problems (#63) 2024-04-17 19:59:12 -05:00
examples feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
modules feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
notes fix: adding notes about leftovers (#65) 2024-04-17 21:14:25 -05:00
tests feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
updatecli feat: generate new security group rules and add automatic updates 2023-10-30 15:18:12 -05:00
.aliases fix: Fix ip discover (#19) 2023-12-12 12:48:14 -06:00
.envrc fix: update workflows to meet new standards (#40) 2024-03-23 01:36:50 -05:00
.functions fix: update workflows to meet new standards (#40) 2024-03-23 01:36:50 -05:00
.gitignore initial 2023-07-10 10:45:06 -05:00
.rcs fix: update workflows to meet new standards (#40) 2024-03-23 01:36:50 -05:00
.variables fix: update workflows to meet new standards (#40) 2024-03-23 01:36:50 -05:00
CHANGELOG.md chore(main): release 2.1.0 (#54) 2024-04-17 21:27:30 -05:00
README.md fix: update notes on ingress (#47) 2024-04-05 23:13:40 -05:00
flake.lock feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
flake.nix refactor!: add domains and load balancing (#42) 2024-04-05 18:32:16 -05:00
main.tf feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
outputs.tf feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
terraform.md fix: update workflows to meet new standards (#40) 2024-03-23 01:36:50 -05:00
variables.tf feat: adding listeners and targets (#53) 2024-04-17 13:17:31 -05:00
versions.tf refactor!: add domains and load balancing (#42) 2024-04-05 18:32:16 -05:00

README.md

Terraform AWS Access

Recent Changes

  • Manage external access

    You can now add ingress from external addresses by cidr and port. This will generate security group rules with 'from' and 'to' having the port number specified. The input is a map of port to list of CIDRs, eg. {"443" = ["1.1.1.1/32","2.2.2.2/32"], "6443" = ["3.3.3.3/24"]}.

  • BREAKING CHANGES!

    While adding the loadbalancer and domain to this module it kinda seems like the ssh key shouldn't be included. I also found a more standardized approach to how to skip or select modules. When adding a load balancer I discovered that subnets will need to be tied to availability zones. I also found that it was easier to combine the subnet input to something more complex, but should be easy enough to figure out

    1. No longer managing ssh keys with this module!
    2. The -use-strategy variables now determine how modules are used (create, skip, or select)
    3. Subnets inputs needed to change to incorporate high availability With this is a massive change in the interface, this is a major break from the previous version, but I believe necessary for its growth.

AWS Access

The first step to using the AWS modules is having an AWS account, here is a document describing this process. You will need an API access key id and API secret key, you can get the API keys following this tutorial. The Terraform AWS provider uses the AWS Go SDK, which allows the use of either environment variables or config files for authentication. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-settings

You do not need the AWS cli to generate the files, just place them in the proper place and Terraform will find and read them. In development, we use environment variables to configure the AWS provider and load them by sourcing an RC file. In CI we use OIDC connection to AWS to authenticate.

export AWS_ACCESS_KEY_ID='ABC123'
export AWS_SECRET_ACCESS_KEY='abc123'
export AWS_REGION='us-west-1'

These help the tests set you as the owner on the testing infra and generate the proper key. The .envrc file sources .rcs file which assumes a local file at path ~/.config/aws/default exists with the above information.

Examples

Local State

The specific use case for the example modules is temporary infrastructure for testing purposes. With that in mind, it is not expected that we manage the resources as a team, therefore the state files are all stored locally. If you would like to store the state files remotely, add a terraform backend file (*.name.tfbackend) to your implementation module. https://www.terraform.io/language/settings/backends/configuration#file

Development and Testing

Paradigms and Expectations

Please make sure to read terraform.md to understand the paradigms and expectations that this module has for development.

Environment

It is important to us that all collaborators have the ability to develop in similar environments, so we use tools which enable this as much as possible. These tools are not necessary, but they can make it much simpler to collaborate.

  • I use nix that I have installed using their recommended script
  • I use direnv that I have installed using brew.
  • I simply use direnv allow to enter the environment
  • I navigate to the tests directory and run go test -v -timeout=5m -parallel=10
  • To run an individual test I nvaigate to the tests directory and run go test -v -timeout=5m -run <test function name>
    • eg. go test -v -timeout=5m -run TestBasic

Our continuous integration tests in the GitHub ubuntu-latest runner, which has many different things installed, we use nix to add dependencies.

Override Tests

You may want to test this code with slightly different parameters for your environment. Check out Terraform override files as a clean way to modify the inputs without accidentally committing any personalized code.