efs only test

dominodatalab · Feb 19, 2025 · 84d8a64 · 84d8a64
1 parent 2014313
commit 84d8a64
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 12 deletions.
diff --git a/examples/tfvars/no-storage.tfvars b/examples/tfvars/no-storage.tfvars
@@ -18,8 +18,4 @@ bastion = {
   enabled = false
 }
 
-storage = {
-  s3              = { "create" : false }
-  ecr             = { "create" : false }
-  filesystem_type = "none"
-}
+storage = null
diff --git a/modules/infra/main.tf b/modules/infra/main.tf
@@ -57,6 +57,8 @@ locals {
       instance_tags = merge(data.aws_default_tags.this.tags, ng.tags)
     })
   }
+  create_s3  = try(var.storage.s3.create, false)
+  create_ecr = try(var.storage.ecr.create, false)
 }
 
 
@@ -71,7 +73,8 @@ module "network" {
   region              = var.region
   node_groups         = local.node_groups
   network             = var.network
-  flow_log_bucket_arn = var.storage != null && var.storage.s3.create ? { arn = module.storage[0].info.s3.buckets.monitoring.arn } : null
+  flow_log_bucket_arn = local.create_s3 ? { arn = module.storage[0].info.s3.buckets.monitoring.arn } : null
+  create_s3_endpoint  = local.create_s3
 }
 
 module "vpn" {
@@ -114,7 +117,7 @@ module "bastion" {
 locals {
   cost_usage_report_info = var.domino_cur.provision_cost_usage_report && length(module.cost_usage_report) > 0 ? module.cost_usage_report[0].info : null
   bastion_info           = var.bastion.enabled && length(module.bastion) > 0 ? module.bastion[0].info : null
-  add_s3_pol             = var.storage != null && var.storage.s3.create ? [module.storage[0].info.s3.iam_policy_arn] : []
-  add_ecr_pol            = var.storage != null && var.storage.ecr.create ? concat([module.storage[0].info.ecr.iam_policy_arn], local.add_s3_pol) : local.add_s3_pol
+  add_s3_pol             = local.create_s3 ? [module.storage[0].info.s3.iam_policy_arn] : []
+  add_ecr_pol            = local.create_ecr ? concat([module.storage[0].info.ecr.iam_policy_arn], local.add_s3_pol) : local.add_s3_pol
   node_iam_policies      = local.cost_usage_report_info != null ? concat(local.add_ecr_pol, [local.cost_usage_report_info.cur_iam_policy_arn]) : local.add_ecr_pol
 }
diff --git a/modules/infra/outputs.tf b/modules/infra/outputs.tf
@@ -75,7 +75,7 @@ output "create_eks_role_arn" {
 
 output "monitoring_bucket" {
   description = "Monitoring Bucket"
-  value       = var.storage != null && var.storage.s3.create ? module.storage[0].info.s3.buckets.monitoring.bucket_name : null
+  value       = var.storage != null ? (var.storage.s3.create ? module.storage[0].info.s3.buckets.monitoring.bucket_name : null) : null
 }
 
 output "cost_usage_report" {

diff --git a/modules/infra/submodules/network/README.md b/modules/infra/submodules/network/README.md
@@ -56,6 +56,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_add_eks_elb_tags"></a> [add\_eks\_elb\_tags](#input\_add\_eks\_elb\_tags) | Toggle k8s cluster tag on subnet | `bool` | `true` | no |
+| <a name="input_create_s3_endpoint"></a> [create\_s3\_endpoint](#input\_create\_s3\_endpoint) | Toggle to create the S3 VPC endpoint | `bool` | `true` | no |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_flow_log_bucket_arn"></a> [flow\_log\_bucket\_arn](#input\_flow\_log\_bucket\_arn) | Bucket for vpc flow logging | `object({ arn = string })` | `null` | no |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr        = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking.<br/>    create\_ecr\_endpoint = Create the VPC Endpoint For ECR. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string)<br/>      subnets = optional(object({<br/>        private = optional(list(string))<br/>        public  = optional(list(string))<br/>        pod     = optional(list(string))<br/>      }))<br/>    }))<br/>    network_bits = optional(object({<br/>      public  = optional(number)<br/>      private = optional(number)<br/>      pod     = optional(number)<br/>      }<br/>    ))<br/>    cidrs = optional(object({<br/>      vpc = optional(string)<br/>      pod = optional(string)<br/>    }))<br/>    use_pod_cidr        = optional(bool)<br/>    create_ecr_endpoint = optional(bool, false)<br/>  })</pre> | n/a | yes |

diff --git a/modules/infra/submodules/network/outputs.tf b/modules/infra/submodules/network/outputs.tf
@@ -16,7 +16,7 @@ output "info" {
     eips      = [for k, eip in aws_eip.public : eip.public_ip]
     vpc_cidrs = local.create_vpc ? aws_vpc.this[0].cidr_block : data.aws_vpc.provided[0].cidr_block
     pod_cidrs = local.pod_cidr_blocks
-    s3_cidrs  = local.create_vpc ? data.aws_prefix_list.s3[0].cidr_blocks : null
+    s3_cidrs  = local.create_vpc && var.create_s3_endpoint ? data.aws_prefix_list.s3[0].cidr_blocks : null
     ecr_endpoint = local.create_ecr_endpoint ? {
       security_group_id = aws_security_group.ecr_endpoint[0].id
     } : null

diff --git a/modules/infra/submodules/network/variables.tf b/modules/infra/submodules/network/variables.tf
@@ -132,3 +132,9 @@ variable "node_groups" {
     })
   }))
 }
+
+variable "create_s3_endpoint" {
+  description = "Toggle to create the S3 VPC endpoint"
+  type        = bool
+  default     = true
+}
diff --git a/modules/infra/submodules/network/vpc.tf b/modules/infra/submodules/network/vpc.tf
@@ -37,7 +37,7 @@ resource "aws_default_security_group" "default" {
 }
 
 resource "aws_vpc_endpoint" "s3" {
-  count             = local.create_vpc ? 1 : 0
+  count             = local.create_vpc && var.create_s3_endpoint ? 1 : 0
   vpc_id            = aws_vpc.this[0].id
   service_name      = "com.amazonaws.${var.region}.s3"
   vpc_endpoint_type = "Gateway"
@@ -50,7 +50,7 @@ resource "aws_vpc_endpoint" "s3" {
 }
 
 data "aws_prefix_list" "s3" {
-  count          = local.create_vpc ? 1 : 0
+  count          = local.create_vpc && var.create_s3_endpoint ? 1 : 0
   prefix_list_id = aws_vpc_endpoint.s3[0].prefix_list_id
 }