forked from devops-workflow/terraform-aws-efs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
86 lines (78 loc) · 3.01 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#
# Setup AWS EFS file system
#
# https://www.terraform.io/docs/providers/aws/r/efs_file_system.html
# https://www.terraform.io/docs/providers/aws/r/efs_mount_target.html
module "enabled" {
#source = "devops-workflow/boolean/local"
#version = "0.1.0"
#source = "git::https://github.com/WisePricer/terraform-local-boolean.git?ref=tags/v0.1.1"
source = "git::https://github.com/WisePricer/terraform-local-boolean.git"
value = "${var.enabled}"
}
# Define composite variables for resources
module "label" {
#source = "devops-workflow/label/local"
#version = "0.1.0"
#source = "git::https://github.com/WisePricer/terraform-local-label.git?ref=tags/v0.1.3"
source = "git::https://github.com/WisePricer/terraform-local-label.git"
organization = "${var.organization}"
name = "${var.name}"
namespace-env = "${var.namespace-env}"
namespace-org = "${var.namespace-org}"
environment = "${var.environment}"
delimiter = "${var.delimiter}"
attributes = "${var.attributes}"
tags = "${var.tags}"
}
resource "aws_efs_file_system" "default" {
count = "${module.enabled.value}"
performance_mode = "${var.performance_mode}"
encrypted = "${var.encrypted}"
kms_key_id = "${var.kms_key_id}"
tags = "${module.label.tags}"
}
resource "aws_efs_mount_target" "default" {
count = "${module.enabled.value ? length(compact(var.subnets)) : 0}"
file_system_id = "${aws_efs_file_system.default.id}"
subnet_id = "${element(compact(var.subnets), count.index)}"
security_groups = ["${aws_security_group.default.id}"]
}
resource "aws_security_group" "default" {
count = "${module.enabled.value}"
name = "${module.label.id}"
description = "EFS Access"
vpc_id = "${var.vpc_id}"
tags = "${module.label.tags}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_security_group_rule" "ingress" {
count = "${module.enabled.value ? length(compact(var.security_groups)) : 0}"
type = "ingress"
from_port = "2049"
to_port = "2049"
protocol = "tcp"
source_security_group_id = "${element(compact(var.security_groups), count.index)}"
security_group_id = "${aws_security_group.default.id}"
}
resource "aws_security_group_rule" "egress" {
count = "${module.enabled.value}"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.default.id}"
}
# TODO: use alias module instead. This does CNAME
module "dns" {
source = "cloudposse/route53-cluster-hostname/aws"
version = "0.2.1"
name = "${module.label.name}"
ttl = "${var.dns_ttl}"
zone_id = "${var.zone_id}"
records = ["${element(concat(aws_efs_file_system.default.*.dns_name, list("")),0)}"]
enabled = "${module.enabled.value ? (length(var.zone_id) > 0 ? "true" : "false") : "false"}"
}