Skip to content

Commit

Permalink
Update module resource names and structure
Browse files Browse the repository at this point in the history
  • Loading branch information
@jacobwgillespie
jacobwgillespie committed Aug 8, 2022
1 parent e8f8667 commit 4d6f83e
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 77 deletions.
32 changes: 17 additions & 15 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,8 @@
module "connection" {
source = "depot/connection/aws"
version = "x.x.x"
name = "connection-name"
connection-id = "xxxxxx"
api-token = "xxxxxx"
connection-token = "xxxxxx"
availability-zone = "us-east-1a"
}
```
Expand All @@ -15,21 +14,24 @@ module "connection" {

## Inputs

| Name | Description | Type | Default | Required |
| ------------------------------------------------------------------------------------ | ------------------------------------------------------------------ | ---------------------------------------- | ------------------------------------------------------------------ | :------: |
| <a name="input_availability-zone"></a> [availability-zone](#input_availability-zone) | Availability zone to use for the builder instances | `string` | n/a | yes |
| <a name="input_connection-id"></a> [connection-id](#input_connection-id) | ID for the Depot connection (provided in the Depot console) | `string` | n/a | yes |
| <a name="input_connection-token"></a> [connection-token](#input_connection-token) | API token for the Depot connection (provided in the Depot console) | `string` | n/a | yes |
| <a name="input_allow-ssm-access"></a> [allow-ssm-access](#input_allow-ssm-access) | Controls if SSM access should be allowed for the builder instances | `bool` | `false` | no |
| <a name="input_create"></a> [create](#input_create) | Controls if Depot connection resources should be created | `bool` | `true` | no |
| <a name="input_instance-types"></a> [instance-types](#input_instance-types) | Instance types to use for the builder instances | `object({ x86 = string, arm = string })` | <pre>{<br> "arm": "c6g.xlarge",<br> "x86": "c6i.xlarge"<br>}</pre> | no |
| <a name="input_tags"></a> [tags](#input_tags) | A map of tags to apply to all resources | `map(string)` | `{}` | no |
| <a name="input_vpc-cidr-prefix"></a> [vpc-cidr-prefix](#input_vpc-cidr-prefix) | VPC CIDR prefix | `string` | `"10.0"` | no |
| Name | Description | Type | Default | Required |
| ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------ | ---------------------------------------- | ------------------------------------------------------------------ | :------: |
| <a name="input_availability-zone"></a> [availability-zone](#input_availability-zone) | Availability zone to use for the builder instances | `string` | n/a | yes |
| <a name="input_connection-id"></a> [connection-id](#input_connection-id) | ID for the Depot connection (provided in the Depot console) | `string` | n/a | yes |
| <a name="input_connection-token"></a> [connection-token](#input_connection-token) | API token for the Depot connection (provided in the Depot console) | `string` | n/a | yes |
| <a name="input_allow-ssm-access"></a> [allow-ssm-access](#input_allow-ssm-access) | Controls if SSM access should be allowed for the builder instances | `bool` | `false` | no |
| <a name="input_cloud-agent-version"></a> [cloud-agent-version](#input_cloud-agent-version) | Version tag for ghcr.io/depot/cloud-agent container | `string` | `"1.0.0"` | no |
| <a name="input_create"></a> [create](#input_create) | Controls if Depot connection resources should be created | `bool` | `true` | no |
| <a name="input_instance-types"></a> [instance-types](#input_instance-types) | Instance types to use for the builder instances | `object({ x86 = string, arm = string })` | <pre>{<br> "arm": "c6g.xlarge",<br> "x86": "c6i.xlarge"<br>}</pre> | no |
| <a name="input_tags"></a> [tags](#input_tags) | A map of tags to apply to all resources | `map(string)` | `{}` | no |
| <a name="input_vpc-cidr-prefix"></a> [vpc-cidr-prefix](#input_vpc-cidr-prefix) | VPC CIDR prefix | `string` | `"10.0"` | no |

## Outputs

| Name | Description | Value | Sensitive |
| ----------------------------------------------------- | -------------- | ---------- | :-------: |
| <a name="output_vpc-id"></a> [vpc-id](#output_vpc-id) | Builder VPC ID | `"VPC-ID"` | no |
| Name | Description | Value | Sensitive |
| -------------------------------------------------------------------------------------- | ------------------------ | ------------ | :-------: |
| <a name="output_instance-role-arn"></a> [instance-role-arn](#output_instance-role-arn) | ARN of the instance role | `"ROLE-ARN"` | no |
| <a name="output_instance-role-id"></a> [instance-role-id](#output_instance-role-id) | ID of the instance role | `"ROLE-ID"` | no |
| <a name="output_vpc-id"></a> [vpc-id](#output_vpc-id) | Builder VPC ID | `"VPC-ID"` | no |

<!-- END_TF_DOCS -->
11 changes: 3 additions & 8 deletions example-outputs.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
{
"role-arn": {
"instance-role-arn": {
"sensitive": false,
"type": "string",
"value": "ROLE-ARN"
},
"autoscaling-group-arn-arm": {
"instance-role-id": {
"sensitive": false,
"type": "string",
"value": "ASG-ARN"
},
"autoscaling-group-arn-x86": {
"sensitive": false,
"type": "string",
"value": "ASG-ARN"
"value": "ROLE-ID"
},
"vpc-id": {
"sensitive": false,
Expand Down
78 changes: 25 additions & 53 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ data "aws_region" "current" {}
# Locals

locals {
version = "0.0.2"
version = "0.1.0"
}

# VPC
Expand Down Expand Up @@ -98,10 +98,10 @@ resource "aws_security_group" "cloud-agent" {
})
}

resource "aws_security_group" "instance-open" {
resource "aws_security_group" "instance-buildkit" {
count = var.create ? 1 : 0
name = "depot-connection-${var.connection-id}-instance-open"
description = "Security group for Depot connection builder instance"
name = "depot-connection-${var.connection-id}-instance-buildkit"
description = "Security group for Depot connection instance"
vpc_id = aws_vpc.vpc[0].id

ingress {
Expand All @@ -119,14 +119,14 @@ resource "aws_security_group" "instance-open" {
}

tags = merge(var.tags, {
Name = "depot-connection-${var.connection-id}-instance-open"
Name = "depot-connection-${var.connection-id}-instance-buildkit"
})
}

resource "aws_security_group" "instance-closed" {
resource "aws_security_group" "instance-default" {
count = var.create ? 1 : 0
name = "depot-connection-${var.connection-id}-instance-closed"
description = "Security group for Depot connection builder instance"
name = "depot-connection-${var.connection-id}-instance-default"
description = "Security group for Depot connection instance"
vpc_id = aws_vpc.vpc[0].id

egress {
Expand All @@ -137,30 +137,17 @@ resource "aws_security_group" "instance-closed" {
}

tags = merge(var.tags, {
Name = "depot-connection-${var.connection-id}-instance-closed"
Name = "depot-connection-${var.connection-id}-instance-default"
})
}

# AMIs

data "aws_ssm_parameter" "x86" {
count = var.create ? 1 : 0
name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2"
}

data "aws_ssm_parameter" "arm" {
count = var.create ? 1 : 0
name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2"
}

# Launch Templates

resource "aws_launch_template" "x86" {
count = var.create ? 1 : 0
name = "depot-connection-${var.connection-id}-x86"
description = "Launch template for Depot connection builder instances (x86)"
ebs_optimized = true
image_id = nonsensitive(data.aws_ssm_parameter.x86[0].value)
instance_type = var.instance-types.x86
tags = var.tags
user_data = base64encode(templatefile("${path.module}/user-data.sh.tftpl", { DEPOT_CLOUD_CONNECTION_ID = var.connection-id }))
Expand All @@ -183,26 +170,20 @@ resource "aws_launch_template" "x86" {
network_interfaces {
device_index = 0
associate_public_ip_address = true
security_groups = [aws_security_group.instance-closed[0].id]
security_groups = [aws_security_group.instance-default[0].id]
subnet_id = aws_subnet.public[0].id
}

placement {
availability_zone = var.availability-zone
}

tag_specifications {
resource_type = "instance"
tags = merge(var.tags, { Name = "depot-connection-${var.connection-id}-x86", "depot-connection" = var.connection-id })
}
}

resource "aws_launch_template" "arm" {
count = var.create ? 1 : 0
name = "depot-connection-${var.connection-id}-arm"
description = "Launch template for Depot connection builder instances (arm)"
ebs_optimized = true
image_id = nonsensitive(data.aws_ssm_parameter.arm[0].value)
instance_type = var.instance-types.arm
tags = var.tags
user_data = base64encode(templatefile("${path.module}/user-data.sh.tftpl", { DEPOT_CLOUD_CONNECTION_ID = var.connection-id }))
Expand All @@ -225,18 +206,13 @@ resource "aws_launch_template" "arm" {
network_interfaces {
device_index = 0
associate_public_ip_address = true
security_groups = [aws_security_group.instance-closed[0].id]
security_groups = [aws_security_group.instance-default[0].id]
subnet_id = aws_subnet.public[0].id
}

placement {
availability_zone = var.availability-zone
}

tag_specifications {
resource_type = "instance"
tags = merge(var.tags, { Name = "depot-connection-${var.connection-id}-arm", "depot-connection" = var.connection-id })
}
}

# cloud-agent ECS Task
Expand Down Expand Up @@ -283,7 +259,7 @@ resource "aws_iam_role" "execution-role" {
Statement = [{
Action = ["ssm:GetParameters"]
Effect = "Allow"
Resource = [aws_ssm_parameter.api-token[0].arn]
Resource = [aws_ssm_parameter.connection-token[0].arn]
}]
})
}
Expand Down Expand Up @@ -327,8 +303,8 @@ resource "aws_iam_role" "cloud-agent" {
Resource = [
aws_launch_template.arm[0].arn,
aws_launch_template.x86[0].arn,
aws_security_group.instance-open[0].arn,
aws_security_group.instance-closed[0].arn,
aws_security_group.instance-buildkit[0].arn,
aws_security_group.instance-default[0].arn,
aws_subnet.public[0].arn,
"arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:network-interface/*",
"arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:volume/*",
Expand Down Expand Up @@ -390,9 +366,9 @@ resource "aws_cloudwatch_log_group" "connection" {
retention_in_days = 7
}

resource "aws_ssm_parameter" "api-token" {
resource "aws_ssm_parameter" "connection-token" {
count = var.create ? 1 : 0
name = "depot-connection-${var.connection-id}-api-token"
name = "depot-connection-${var.connection-id}-connection-token"
type = "SecureString"
value = var.connection-token
}
Expand All @@ -408,20 +384,20 @@ resource "aws_ecs_task_definition" "cloud-agent" {
task_role_arn = aws_iam_role.cloud-agent[0].arn
container_definitions = jsonencode([{
name = "cloud-agent"
image = "ghcr.io/depot/cloud-agent:main"
image = "ghcr.io/depot/cloud-agent:${var.cloud-agent-version}"
essential = true
environment = [
{ name = "AWS_AVAILABILITY_ZONE", value = var.availability-zone },
{ name = "CLOUD_AGENT_VERSION", value = local.version },
{ name = "CLOUD_AGENT_AWS_AVAILABILITY_ZONE", value = var.availability-zone },
{ name = "CLOUD_AGENT_AWS_LAUNCH_TEMPLATE_ARM", value = aws_launch_template.arm[0].id },
{ name = "CLOUD_AGENT_AWS_LAUNCH_TEMPLATE_X86", value = aws_launch_template.x86[0].id },
{ name = "CLOUD_AGENT_AWS_SG_BUILDKIT", value = aws_security_group.instance-buildkit[0].id },
{ name = "CLOUD_AGENT_AWS_SG_DEFAULT", value = aws_security_group.instance-default[0].id },
{ name = "CLOUD_AGENT_AWS_SUBNET_ID", value = aws_subnet.public[0].id },
{ name = "CLOUD_AGENT_CONNECTION_ID", value = var.connection-id },
{ name = "CLOUD_AGENT_SUBNET_ID", value = aws_subnet.public[0].id },
{ name = "CLOUD_AGENT_SG_OPEN", value = aws_security_group.instance-open[0].id },
{ name = "CLOUD_AGENT_SG_CLOSED", value = aws_security_group.instance-closed[0].id },
{ name = "LAUNCH_TEMPLATE_X86", value = aws_launch_template.x86[0].id },
{ name = "LAUNCH_TEMPLATE_ARM", value = aws_launch_template.arm[0].id },
{ name = "CLOUD_AGENT_TF_MODULE_VERSION", value = local.version },
]
secrets = [
{ name = "CLOUD_AGENT_API_TOKEN", valueFrom = aws_ssm_parameter.api-token[0].arn },
{ name = "CLOUD_AGENT_CONNECTION_TOKEN", valueFrom = aws_ssm_parameter.connection-token[0].arn },
]
logConfiguration = {
logDriver = "awslogs"
Expand Down Expand Up @@ -460,8 +436,4 @@ resource "aws_ecs_service" "cloud-agent" {
base = 0
weight = 0
}

# lifecycle {
# ignore_changes = [task_definition, desired_count]
# }
}
10 changes: 10 additions & 0 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
output "instance-role-arn" {
value = try(aws_iam_role.instance[0].arn, "")
description = "ARN of the instance role"
}

output "instance-role-id" {
value = try(aws_iam_role.instance[0].id, "")
description = "ID of the instance role"
}

output "vpc-id" {
value = try(aws_vpc.vpc[0].id, "")
description = "Builder VPC ID"
Expand Down
2 changes: 1 addition & 1 deletion user-data.sh.tftpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ After=network-online.target
Requires=network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/machine-agent listen
ExecStart=/usr/bin/machine-agent start
Restart=always
RestartSec=5
Environment="DEPOT_CLOUD_CONNECTION_ID=${DEPOT_CLOUD_CONNECTION_ID}"
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ variable "availability-zone" {

// Optional

variable "cloud-agent-version" {
type = string
description = "Version tag for ghcr.io/depot/cloud-agent container"
default = "1.0.0"
}

variable "create" {
type = bool
description = "Controls if Depot connection resources should be created"
Expand Down

0 comments on commit 4d6f83e

Please sign in to comment.