temp

uktrade · Feb 18, 2025 · d0942ef · d0942ef
1 parent eb581f9
commit d0942ef
Showing 1 changed file with 50 additions and 45 deletions.
diff --git a/infra/vpc.tf b/infra/vpc.tf
@@ -842,6 +842,8 @@ data "aws_iam_policy_document" "aws_datasets_endpoint_ecr" {
 }
 
 resource "aws_vpc" "matchbox" {
+  count      = var.matchbox_on ? 1 : 0
+
   cidr_block = var.vpc_matchbox_cidr
 
   enable_dns_support   = true
@@ -857,9 +859,10 @@ resource "aws_vpc" "matchbox" {
 }
 
 resource "aws_subnet" "matchbox_private" {
-  count      = length(var.aws_availability_zones)
-  vpc_id     = aws_vpc.matchbox.id
-  cidr_block = cidrsubnet(aws_vpc.matchbox.cidr_block, var.vpc_matchbox_subnets_num_bits, count.index)
+  count      = var.matchbox_on ? length(var.aws_availability_zones) : 0
+
+  vpc_id     = aws_vpc.matchbox[0].id
+  cidr_block = cidrsubnet(aws_vpc.matchbox[0].cidr_block, var.vpc_matchbox_subnets_num_bits, count.index)
 
   availability_zone = var.aws_availability_zones[count.index]
 
@@ -869,8 +872,9 @@ resource "aws_subnet" "matchbox_private" {
 }
 
 resource "aws_vpc_peering_connection" "matchbox_to_notebooks" {
+  count       = var.matchbox_on ? 1 : 0
   peer_vpc_id = aws_vpc.notebooks.id
-  vpc_id      = aws_vpc.matchbox.id
+  vpc_id      = aws_vpc.matchbox[0].id
   auto_accept = true
 
   accepter {
@@ -887,26 +891,29 @@ resource "aws_vpc_peering_connection" "matchbox_to_notebooks" {
 }
 
 resource "aws_route_table" "matchbox" {
-  vpc_id = aws_vpc.matchbox.id
+  count  = var.matchbox_on ? 1 : 0
+  vpc_id = aws_vpc.matchbox[0].id
   tags = {
     Name = "${var.prefix}-matchbox"
   }
 }
 
 resource "aws_route_table_association" "matchbox_private" {
-  count          = length(var.aws_availability_zones)
+  count          = var.matchbox_on ? length(var.aws_availability_zones) : 0
   subnet_id      = aws_subnet.matchbox_private.*.id[count.index]
-  route_table_id = aws_route_table.matchbox.id
+  route_table_id = aws_route_table.aws_route_table.matchbox[0].id
 }
 
 resource "aws_route" "pcx_matchbox_to_notebooks" {
-  route_table_id            = aws_route_table.matchbox.id
+  count                     = var.matchbox_on ? 1 : 0
+  route_table_id            = aws_route_table.matchbox[0].id
   destination_cidr_block    = aws_vpc.notebooks.cidr_block
-  vpc_peering_connection_id = aws_vpc_peering_connection.matchbox_to_notebooks.id
+  vpc_peering_connection_id = aws_vpc_peering_connection.matchbox_to_notebooks[0].id
 }
 
 resource "aws_vpc_endpoint" "matchbox_ecr_api_endpoint" {
-  vpc_id             = aws_vpc.matchbox.id
+  count              = var.matchbox_on ? 1 : 0
+  vpc_id             = aws_vpc.matchbox[0].id
   service_name       = "com.amazonaws.eu-west-2.ecr.api"
   vpc_endpoint_type  = "Interface"
   subnet_ids         = aws_subnet.matchbox_private.*.id
@@ -920,7 +927,8 @@ resource "aws_vpc_endpoint" "matchbox_ecr_api_endpoint" {
 }
 
 resource "aws_vpc_endpoint" "matchbox_ecr_dkr_endpoint" {
-  vpc_id             = aws_vpc.matchbox.id
+  count              = var.matchbox_on ? 1 : 0
+  vpc_id             = aws_vpc.aws_route_table.matchbox[0].id
   service_name       = "com.amazonaws.${data.aws_region.aws_region.name}.ecr.dkr"
   vpc_endpoint_type  = "Interface"
   subnet_ids         = aws_subnet.matchbox_private.*.id
@@ -934,34 +942,32 @@ resource "aws_vpc_endpoint" "matchbox_ecr_dkr_endpoint" {
 }
 
 data "aws_iam_policy_document" "aws_matchbox_endpoint_ecr" {
+  count = var.matchbox_on ? 1 : 0
 
-  dynamic "statement" {
-    for_each = var.matchbox_on ? [0] : []
-    content {
-
-      principals {
-        type        = "AWS"
-        identifiers = ["${aws_iam_role.matchbox_task_execution[0].arn}"]
-      }
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["${aws_iam_role.matchbox_task_execution[0].arn}"]
+    }
 
-      actions = [
-        "ecr:GetAuthorizationToken",
-        "ecr:BatchGetImage",
-        "ecr:GetDownloadUrlForLayer"
-      ]
+    actions = [
+      "ecr:GetAuthorizationToken",
+      "ecr:BatchGetImage",
+      "ecr:GetDownloadUrlForLayer"
+    ]
 
-      resources = [
-        "*",
-      ]
-    }
+    resources = [
+      "*",
+    ]
   }
 }
 
 resource "aws_vpc_endpoint" "matchbox_endpoint_s3" {
-  vpc_id            = aws_vpc.matchbox.id
+  count             = var.matchbox_on ? 1 : 0
+  vpc_id            = aws_vpc.aws_route_table.matchbox[0].id
   service_name      = "com.amazonaws.${data.aws_region.aws_region.name}.s3"
   vpc_endpoint_type = "Gateway"
-  route_table_ids   = [aws_route_table.matchbox.id]
+  route_table_ids   = [aws_route_table.aws_route_table.matchbox[0].id]
 
   tags = {
     Environment = var.prefix
@@ -970,7 +976,8 @@ resource "aws_vpc_endpoint" "matchbox_endpoint_s3" {
 }
 
 resource "aws_vpc_endpoint" "matchbox_cloudwatch_logs" {
-  vpc_id            = aws_vpc.matchbox.id
+  count             = var.matchbox_on ? 1 : 0
+  vpc_id            = aws_vpc.aws_route_table.matchbox[0].id
   service_name      = "com.amazonaws.${data.aws_region.aws_region.name}.logs"
   vpc_endpoint_type = "Interface"
 
@@ -983,22 +990,20 @@ resource "aws_vpc_endpoint" "matchbox_cloudwatch_logs" {
 }
 
 data "aws_iam_policy_document" "matchbox_cloudwatch_endpoint" {
+  count = var.matchbox_on ? 1 : 0
 
-  dynamic "statement" {
-    for_each = var.matchbox_on ? [0] : []
-    content {
-      principals {
-        type        = "AWS"
-        identifiers = ["${aws_iam_role.matchbox_task_execution[0].arn}"]
-      }
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["${aws_iam_role.matchbox_task_execution[0].arn}"]
+    }
 
-      actions = [
-        "*",
-      ]
+    actions = [
+      "*",
+    ]
 
-      resources = [
-        "*"
-      ]
-    }
+    resources = [
+      "*"
+    ]
   }
 }