diff --git a/modules/ecr-repository/outputs.tf b/modules/ecr-repository/outputs.tf index bb80ef6..8643141 100644 --- a/modules/ecr-repository/outputs.tf +++ b/modules/ecr-repository/outputs.tf @@ -40,3 +40,19 @@ output "encryption" { kms_key = aws_ecr_repository.this.encryption_configuration[0].kms_key } } + +output "resource_group" { + description = "The resource group created to manage resources in this module." + value = merge( + { + enabled = var.resource_group.enabled && var.module_tags_enabled + }, + (var.resource_group.enabled && var.module_tags_enabled + ? { + arn = module.resource_group[0].arn + name = module.resource_group[0].name + } + : {} + ) + ) +} diff --git a/modules/ecr-repository/resource-group.tf b/modules/ecr-repository/resource-group.tf index 7487ba0..85c4fb0 100644 --- a/modules/ecr-repository/resource-group.tf +++ b/modules/ecr-repository/resource-group.tf @@ -1,6 +1,6 @@ locals { - resource_group_name = (var.resource_group_name != "" - ? var.resource_group_name + resource_group_name = (var.resource_group.name != "" + ? var.resource_group.name : join(".", [ local.metadata.package, local.metadata.module, @@ -12,12 +12,12 @@ locals { module "resource_group" { source = "tedilabs/misc/aws//modules/resource-group" - version = "~> 0.10.0" + version = "~> 0.12.0" - count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0 + count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0 name = local.resource_group_name - description = var.resource_group_description + description = var.resource_group.description query = { resource_tags = local.module_tags diff --git a/modules/ecr-repository/variables.tf b/modules/ecr-repository/variables.tf index 3623ac9..1bfb42e 100644 --- a/modules/ecr-repository/variables.tf +++ b/modules/ecr-repository/variables.tf @@ -111,23 +111,21 @@ variable "module_tags_enabled" { # Resource Group ################################################### -variable "resource_group_enabled" { - description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module." - type = bool - default = true - nullable = false -} -variable "resource_group_name" { - description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`." - type = string - default = "" - nullable = false -} -variable "resource_group_description" { - description = "(Optional) The description of Resource Group." - type = string - default = "Managed by Terraform." - nullable = false + +variable "resource_group" { + description = < [terraform](#requirement\_terraform) | >= 1.10 | +| [terraform](#requirement\_terraform) | >= 1.6 | | [aws](#requirement\_aws) | >= 5.42 | ## Providers @@ -22,7 +22,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [node](#module\_node) | ../eks-access-entry | n/a | -| [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 | +| [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.12.0 | | [user](#module\_user) | ../eks-access-entry | n/a | ## Resources @@ -36,9 +36,7 @@ No resources. | [cluster\_name](#input\_cluster\_name) | (Required) The name of the Amazon EKS cluster to create IAM access entries. | `string` | n/a | yes | | [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | | [node\_access\_entries](#input\_node\_access\_entries) | (Optional) A list of configurations for EKS access entries for nodes (EC2 instances, Fargate) that are allowed to access the EKS cluster. Each item of `node_access_entries` block as defined below.
(Required) `name` - A unique name for the access entry. This value is only used internally within Terraform code.
(Required) `type` - The type of the access entry. Valid values are `EC2_LINUX`, `EC2_WINDOWS`, `FARGATE_LINUX`.
(Required) `principal` - The ARN of one, and only one, existing IAM principal to grant access to Kubernetes objects on the cluster. An IAM principal can't be included in more than one access entry. | 
list(object({
    name      = string
    type      = string
    principal = string
  }))
| `[]` | no | -| [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | -| [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | -| [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | +| [resource\_group](#input\_resource\_group) | (Optional) A configurations of Resource Group for this module. `resource_group` as defined below.
(Optional) `enabled` - Whether to create Resource Group to find and group AWS resources which are created by this module. Defaults to `true`.
(Optional) `name` - The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. If not provided, a name will be generated using the module name and instance name.
(Optional) `description` - The description of Resource Group. Defaults to `Managed by Terraform.`. | 
object({
    enabled     = optional(bool, true)
    name        = optional(string, "")
    description = optional(string, "Managed by Terraform.")
  })
| `{}` | no | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | | [timeouts](#input\_timeouts) | (Optional) How long to wait for the EKS Cluster to be created/updated/deleted. | 
object({
    create = optional(string, "30m")
    update = optional(string, "60m")
    delete = optional(string, "15m")
  })
| `{}` | no | | [user\_access\_entries](#input\_user\_access\_entries) | (Optional) A list of configurations for EKS access entries for users (IAM roles, users) that are allowed to access the EKS cluster. Each item of `user_access_entries` block as defined below.
(Required) `name` - A unique name for the access entry. This value is only used internally within Terraform code.
(Required) `principal` - The ARN of one, and only one, existing IAM principal to grant access to Kubernetes objects on the cluster. An IAM principal can't be included in more than one access entry.
(Optional) `kubernetes_username` - The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. Defaults to the IAM principal ARN.
(Optional) `kubernetes_groups` - A set of groups within the Kubernetes cluster.
(Optional) `kubernetes_permissions` - A list of permissions for EKS access entry to the EKS cluster. Each item of `kubernetes_permissions` block as defined below.
(Required) `policy` - The ARN of the access policy that you're associating.
(Optional) `scope` - The type of access scope that you're associating. Valid values are `NAMESPACE`, `CLUSTER`. Defaults to `CLUSTER`.
(Optional) `namespaces` - A set of namespaces to which the access scope applies. You can enter plain text namespaces, or wildcard namespaces such as `dev-*`. | 
list(object({
    name                = string
    principal           = string
    kubernetes_username = optional(string)
    kubernetes_groups   = optional(set(string), [])
    kubernetes_permissions = optional(list(object({
      policy     = string
      scope      = optional(string, "CLUSTER")
      namespaces = optional(set(string), [])
    })), [])
  }))
| `[]` | no | @@ -49,5 +47,6 @@ No resources. |------|-------------| | [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster. | | [node\_access\_entries](#output\_node\_access\_entries) | The list of configurations for EKS access entries for nodes (EC2 instances, Fargate). | +| [resource\_group](#output\_resource\_group) | The resource group created to manage resources in this module. | | [user\_access\_entries](#output\_user\_access\_entries) | The list of configurations for EKS access entries for users (IAM roles, users). | diff --git a/modules/eks-iam-access/main.tf b/modules/eks-iam-access/main.tf index d876485..6e61faf 100644 --- a/modules/eks-iam-access/main.tf +++ b/modules/eks-iam-access/main.tf @@ -35,8 +35,10 @@ module "node" { type = each.value.type principal = each.value.principal - resource_group_enabled = false - module_tags_enabled = false + resource_group = { + enabled = false + } + module_tags_enabled = false tags = merge( { @@ -75,8 +77,10 @@ module "user" { } ] - resource_group_enabled = false - module_tags_enabled = false + resource_group = { + enabled = false + } + module_tags_enabled = false tags = merge( { diff --git a/modules/eks-iam-access/outputs.tf b/modules/eks-iam-access/outputs.tf index 8b48e63..d5b5a58 100644 --- a/modules/eks-iam-access/outputs.tf +++ b/modules/eks-iam-access/outputs.tf @@ -39,3 +39,19 @@ output "user_access_entries" { } } } + +output "resource_group" { + description = "The resource group created to manage resources in this module." + value = merge( + { + enabled = var.resource_group.enabled && var.module_tags_enabled + }, + (var.resource_group.enabled && var.module_tags_enabled + ? { + arn = module.resource_group[0].arn + name = module.resource_group[0].name + } + : {} + ) + ) +} diff --git a/modules/eks-iam-access/resource-group.tf b/modules/eks-iam-access/resource-group.tf index 7487ba0..85c4fb0 100644 --- a/modules/eks-iam-access/resource-group.tf +++ b/modules/eks-iam-access/resource-group.tf @@ -1,6 +1,6 @@ locals { - resource_group_name = (var.resource_group_name != "" - ? var.resource_group_name + resource_group_name = (var.resource_group.name != "" + ? var.resource_group.name : join(".", [ local.metadata.package, local.metadata.module, @@ -12,12 +12,12 @@ locals { module "resource_group" { source = "tedilabs/misc/aws//modules/resource-group" - version = "~> 0.10.0" + version = "~> 0.12.0" - count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0 + count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0 name = local.resource_group_name - description = var.resource_group_description + description = var.resource_group.description query = { resource_tags = local.module_tags diff --git a/modules/eks-iam-access/variables.tf b/modules/eks-iam-access/variables.tf index 0a00f5b..a45204f 100644 --- a/modules/eks-iam-access/variables.tf +++ b/modules/eks-iam-access/variables.tf @@ -85,23 +85,21 @@ variable "module_tags_enabled" { # Resource Group ################################################### -variable "resource_group_enabled" { - description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module." - type = bool - default = true - nullable = false -} -variable "resource_group_name" { - description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`." - type = string - default = "" - nullable = false -} -variable "resource_group_description" { - description = "(Optional) The description of Resource Group." - type = string - default = "Managed by Terraform." - nullable = false + +variable "resource_group" { + description = <