forked from cloudposse/terraform-aws-efs
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmain.tf
99 lines (89 loc) · 3.23 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#
# Setup AWS EFS file system
#
# https://www.terraform.io/docs/providers/aws/r/efs_file_system.html
# https://www.terraform.io/docs/providers/aws/r/efs_mount_target.html
module "enabled" {
source = "devops-workflow/boolean/local"
version = "0.1.2"
value = "${var.enabled}"
}
# Define composite variables for resources
module "label" {
source = "devops-workflow/label/local"
version = "0.2.1"
attributes = "${var.attributes}"
component = "${var.component}"
delimiter = "${var.delimiter}"
environment = "${var.environment}"
monitor = "${var.monitor}"
name = "${var.name}"
namespace-env = "${var.namespace-env}"
namespace-org = "${var.namespace-org}"
organization = "${var.organization}"
owner = "${var.owner}"
product = "${var.product}"
service = "${var.service}"
tags = "${var.tags}"
team = "${var.team}"
}
resource "aws_efs_file_system" "default" {
count = "${module.enabled.value}"
performance_mode = "${var.performance_mode}"
encrypted = "${var.encrypted}"
kms_key_id = "${var.kms_key_id}"
tags = "${module.label.tags}"
}
resource "aws_efs_mount_target" "default" {
count = "${module.enabled.value ? length(compact(var.subnets)) : 0}"
file_system_id = "${aws_efs_file_system.default.id}"
subnet_id = "${element(compact(var.subnets), count.index)}"
security_groups = ["${aws_security_group.default.id}"]
}
resource "aws_security_group" "default" {
count = "${module.enabled.value}"
name = "${module.label.id}"
description = "EFS Access"
vpc_id = "${var.vpc_id}"
tags = "${module.label.tags}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_security_group_rule" "ingress" {
count = "${module.enabled.value ? length(compact(var.security_groups)) : 0}"
type = "ingress"
from_port = "2049"
to_port = "2049"
protocol = "tcp"
source_security_group_id = "${element(compact(var.security_groups), count.index)}"
security_group_id = "${aws_security_group.default.id}"
}
resource "aws_security_group_rule" "ingress_cidr" {
count = "${module.enabled.value && length(compact(var.ingress_cidr)) > 0 ? 1 : 0}"
type = "ingress"
from_port = "2049"
to_port = "2049"
protocol = "tcp"
cidr_blocks = ["${var.ingress_cidr}"]
security_group_id = "${aws_security_group.default.id}"
}
resource "aws_security_group_rule" "egress" {
count = "${module.enabled.value}"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.default.id}"
}
# TODO: use alias module instead. This does CNAME
module "dns" {
source = "cloudposse/route53-cluster-hostname/aws"
version = "0.2.1"
name = "${module.label.name}"
ttl = "${var.dns_ttl}"
zone_id = "${var.zone_id}"
records = ["${element(concat(aws_efs_file_system.default.*.dns_name, list("")),0)}"]
enabled = "${module.enabled.value ? (length(var.zone_id) > 0 ? "true" : "false") : "false"}"
}