Datatamer · daniosim · Oct 28, 2020 · Oct 28, 2020 · Oct 28, 2020
@@ -1,5 +1,8 @@
 # Tamr Terraform Template Repo
 
+## v0.4.0 - Oct 27th 2020
+* Consolidates inputs `tamr_vm_sg_id` and `spark_cluster_sg_ids` into one input, `ingress_sg_ids`
+
 ## v0.3.1 - Sep 10th 2020
 * Adds outputs, `rds_username` and `rds_dbname`
 

@@ -7,7 +7,7 @@ This repo follows the [terraform standard module structure](https://www.terrafor
 Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
 ```
 module "rds_postgres" {
-  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.3.0"
+  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
   postgres_name        = "example_rds_postgres"
   parameter_group_name = "example-rds-postgres-pg"
   identifier_prefix    = "example-rds-"
@@ -16,8 +16,7 @@ module "rds_postgres" {
 
   subnet_group_name    = "example_subnet"
   rds_subnet_ids       = ["example-subnet-1", "example-subnet-2"]
-  spark_cluster_sg_ids = ["sg-examplesecuritygroup1", "sg-examplesecuritygroup2"]
-  tamr_vm_sg_id        = "sg-exampletamrsecuritygroup"
+  ingress_sg_ids       = ["sg-sparksecuritygroup1", "sg-sparksecuritygroup2", "sg-tamrvmsecuritygroup"]
   vpc_id               = "vpc-examplevpcnetworkid"
 }
 ```
@@ -50,11 +49,10 @@ This terraform module will create:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | password | The password for the master DB user. | `string` | n/a | yes |
 | rds\_subnet\_ids | VPC subnet IDs in subnet group | `list(string)` | n/a | yes |
-| spark\_cluster\_sg\_ids | List of Spark service access security group IDs to allow ingress from | `list(string)` | n/a | yes |
 | subnet\_group\_name | The name of the subnet group to add the RDS instance to | `string` | n/a | yes |
-| tamr\_vm\_sg\_id | Tamr VM security group ID to allow ingress from | `string` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
 | additional\_tags | Additional tags to set on the RDS instance | `map` | `{}` | no |

@@ -1 +1 @@
-0.3.1
+0.4.0
@@ -1,4 +1,3 @@
-vpc_id                      = "vpc-example"
-subnet_ids                  = ["subnet-az1", "subnet-az2"]
-spark_service_access_sg_ids = ["example-spark-service-access-sg"]
-tamr_vm_sg_id               = "example-tamr-vm-sg"
+vpc_id         = "vpc-example"
+subnet_ids     = ["subnet-az1", "subnet-az2"]
+ingress_sg_ids = ["example-spark-service-access-sg", "example-tamr-vm-sg"]
@@ -1,5 +1,5 @@
 module "rds_postgres" {
-  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.3.0"
+  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
   source = "../.."
 
   identifier_prefix    = "example-rds-pg-"
@@ -12,7 +12,5 @@ module "rds_postgres" {
   subnet_group_name = "example_subnet_group"
   # Network requirement: DB subnet group needs a subnet in at least two Availability Zones
   rds_subnet_ids = var.subnet_ids
-
-  spark_cluster_sg_ids = var.spark_service_access_sg_ids
-  tamr_vm_sg_id        = var.tamr_vm_sg_id
+  ingress_sg_ids = var.ingress_sg_ids
 }
@@ -11,13 +11,12 @@ resource "aws_db_subnet_group" "rds_postgres_subnet_group" {
 }
 
 module "rds_sg" {
-  source               = "./modules/rds-postgres-sg"
-  spark_cluster_sg_ids = var.spark_cluster_sg_ids
-  tamr_vm_sg_id        = var.tamr_vm_sg_id
-  vpc_id               = var.vpc_id
-  security_group_name  = var.security_group_name
-  additional_cidrs     = var.additional_cidrs
-  additional_tags      = var.additional_tags
+  source              = "./modules/rds-postgres-sg"
+  ingress_sg_ids      = var.ingress_sg_ids
+  vpc_id              = var.vpc_id
+  security_group_name = var.security_group_name
+  additional_cidrs    = var.additional_cidrs
+  additional_tags     = var.additional_tags
 }
 
 resource "aws_db_instance" "rds_postgres" {

@@ -4,9 +4,8 @@ This terraform module creates the security group and the security group rules fo
 # Example
 ```
 module "rds_sg" {
-  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git//modules/rds-postgres-sg?ref=0.3.0"
-  spark_cluster_sg_ids = ["sg-examplesparksecuritygroup1", "sg-examplesparksecuritygroup2"]
-  tamr_vm_sg_id        = "sg-exampletamrvmsecuritygroup"
+  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git//modules/rds-postgres-sg?ref=0.4.0"
+  ingress_sg_ids       = ["sg-examplesparksecuritygroup1", "sg-examplesparksecuritygroup2", "sg-exampletamrvmsecuritygroup"]
   vpc_id               = "vpc-examplevpcid"
   security_group_name  = "examplerdssecuritygroup"
   additional_cidrs     = ["1.2.3.4/32"]
@@ -36,8 +35,7 @@ This terraform module will create:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| spark\_cluster\_sg\_ids | List of Security groups attached to the ec2 instances of EMR Spark | `list(string)` | n/a | yes |
-| tamr\_vm\_sg\_id | Security group id attached to the tamr vm | `string` | n/a | yes |
+| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
 | additional\_tags | Additional tags to set on the RDS instance | `map` | `{}` | no |

@@ -5,25 +5,15 @@ resource "aws_security_group" "rds_postgres_sg" {
   tags        = var.additional_tags
 }
 
-resource "aws_security_group_rule" "tamr_vm" {
-  description              = "Rule for ingress from Tamr VM to Postgres"
+resource "aws_security_group_rule" "pg_ingress" {
+  description              = "Ingress rule to Postgres DB instance."
+  count                    = length(var.ingress_sg_ids)
   from_port                = 5432
   protocol                 = "tcp"
   security_group_id        = aws_security_group.rds_postgres_sg.id
   to_port                  = 5432
   type                     = "ingress"
-  source_security_group_id = var.tamr_vm_sg_id
-}
-
-resource "aws_security_group_rule" "spark_cluster" {
-  description              = "Rule for ingress from Spark cluster to Postgres"
-  count                    = length(var.spark_cluster_sg_ids)
-  from_port                = 5432
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.rds_postgres_sg.id
-  to_port                  = 5432
-  type                     = "ingress"
-  source_security_group_id = var.spark_cluster_sg_ids[count.index]
+  source_security_group_id = var.ingress_sg_ids[count.index]
 }
 
 resource "aws_security_group_rule" "additional_cidrs" {

@@ -4,13 +4,8 @@ variable "security_group_name" {
   default     = "tamr_rds_sg"
 }
 
-variable "tamr_vm_sg_id" {
-  description = "Security group id attached to the tamr vm"
-  type        = string
-}
-
-variable "spark_cluster_sg_ids" {
-  description = "List of Security groups attached to the ec2 instances of EMR Spark"
+variable "ingress_sg_ids" {
+  description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"
   type        = list(string)
 }
 

@@ -109,13 +109,8 @@ variable "security_group_name" {
   default     = "tamr_rds_sg"
 }
 
-variable "tamr_vm_sg_id" {
-  description = "Tamr VM security group ID to allow ingress from"
-  type        = string
-}
-
-variable "spark_cluster_sg_ids" {
-  description = "List of Spark service access security group IDs to allow ingress from"
+variable "ingress_sg_ids" {
+  description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"
   type        = list(string)
 }