From 0344585b1e6fb7a426a5e5f0fd09fd59995f2de0 Mon Sep 17 00:00:00 2001 From: Michael Barroco Date: Thu, 4 Jan 2024 10:52:09 +0100 Subject: [PATCH] [terraform] Improve terraform aws teardown dependencies (#982) --- .../terraform-aws-kubernetes/cluster.tf | 15 +++++++++++++-- .../dependencies/terraform-commons-dss/output.tf | 6 +++++- .../modules/terraform-aws-dss/main.tf | 1 - .../modules/terraform-aws-dss/output.tf | 11 ++++++++++- 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf index 1c5153026..b4e408cc7 100644 --- a/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf +++ b/deploy/infrastructure/dependencies/terraform-aws-kubernetes/cluster.tf @@ -1,7 +1,7 @@ resource "aws_eks_cluster" "kubernetes_cluster" { name = var.cluster_name role_arn = aws_iam_role.dss-cluster.arn - + vpc_config { subnet_ids = aws_subnet.dss[*].id endpoint_public_access = true @@ -13,8 +13,14 @@ resource "aws_eks_cluster" "kubernetes_cluster" { # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling. # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups. depends_on = [ + aws_iam_role.dss-cluster-node-group, aws_iam_role_policy_attachment.dss-cluster-service, - aws_internet_gateway.dss + aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy, + aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy, + aws_iam_role_policy_attachment.AWSLoadBalancerControllerPolicy, + aws_internet_gateway.dss, + aws_eip.gateway, + aws_eip.ip_crdb ] version = "1.24" @@ -39,4 +45,9 @@ resource "aws_eks_node_group" "eks_node_group" { lifecycle { create_before_destroy = true } + + depends_on = [ + aws_eip.gateway, + aws_eip.ip_crdb + ] } diff --git a/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf b/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf index eff4a3ce7..129081388 100644 --- a/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf +++ b/deploy/infrastructure/dependencies/terraform-commons-dss/output.tf @@ -2,4 +2,8 @@ output "generated_files_location" { value = <<-EOT Workspace location with generated files: ${local.workspace_location} EOT -} \ No newline at end of file +} + +output "workspace_location" { + value = local.workspace_location +} diff --git a/deploy/infrastructure/modules/terraform-aws-dss/main.tf b/deploy/infrastructure/modules/terraform-aws-dss/main.tf index 0099d214b..fdf906cf8 100644 --- a/deploy/infrastructure/modules/terraform-aws-dss/main.tf +++ b/deploy/infrastructure/modules/terraform-aws-dss/main.tf @@ -6,7 +6,6 @@ module "terraform-aws-kubernetes" { crdb_hostname_suffix = var.crdb_hostname_suffix aws_instance_type = var.aws_instance_type aws_route53_zone_id = var.aws_route53_zone_id - aws_iam_path = var.aws_iam_path aws_iam_permissions_boundary = var.aws_iam_permissions_boundary node_count = var.node_count diff --git a/deploy/infrastructure/modules/terraform-aws-dss/output.tf b/deploy/infrastructure/modules/terraform-aws-dss/output.tf index 4b0fceb15..4ab65ab50 100644 --- a/deploy/infrastructure/modules/terraform-aws-dss/output.tf +++ b/deploy/infrastructure/modules/terraform-aws-dss/output.tf @@ -6,10 +6,19 @@ output "gateway_address" { value = module.terraform-aws-kubernetes.gateway_address } +output "iam_role_node_group_arn" { + value = module.terraform-aws-kubernetes.iam_role_node_group_arn +} + output "generated_files_location" { value = module.terraform-commons-dss.generated_files_location } +output "workspace_location" { + value = module.terraform-commons-dss.workspace_location +} + output "cluster_context" { value = module.terraform-aws-kubernetes.kubernetes_context_name -} \ No newline at end of file +} +