Commons bump

README.md

@@ -31,8 +31,6 @@ jobs:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}}
         aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}}
         aws_default_region: us-east-1
-
-        aws_eks_create: true
 ```
 
 ### Advanced example
@@ -53,9 +51,10 @@ jobs:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}}
         aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}}
         aws_default_region: us-east-1
+
+        # tf_stack_destroy: true
         tf_state_bucket_destroy: true 
 
-        aws_eks_create: true
         aws_eks_environment: qa
         aws_eks_stackname: qa-stack
         aws_eks_cluster_version: 1.25
@@ -77,6 +76,7 @@ jobs:
 1. [Action Defaults](#action-defaults-inputs)
 1. [AWS](#aws-inputs)
 1. [EKS](#eks-inputs)
+1. [VPC](#vpc-inputs)
 
 The following inputs can be used as `step.with` keys
 <br/>
@@ -88,8 +88,11 @@ The following inputs can be used as `step.with` keys
 | `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). |
 | `bitops_code_only` | Boolean  | Set to `true` to run a code generation test. |
 | `bitops_code_store` | Boolean | Store the generated code in an artifact to download. |
+| `tf_stack_destroy` | Boolean  | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. |
+| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. |
+| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |
 | `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) | 
-| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `aws_eks_create` must also be `false`. |
+| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`. Default is `false`. |
 <hr/>
 <br/>
 
@@ -100,24 +103,22 @@ The following inputs can be used as `step.with` keys
 | `aws_secret_access_key` | String | AWS secret access key |
 | `aws_session_token` | String | AWS session token |
 | `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |
+| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
+| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources.|
 <hr/>
 <br/>
 
 #### **EKS Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
-| `aws_eks_create` | Boolean | Define if an EKS cluster should be created |
-| `aws_eks_region` | String | Define the region where EKS cluster should be created. Defaults to `us-east-1`. |
-| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Master`. |
-| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Worker`. |
+| `aws_eks_create` | Boolean | Define if an EKS cluster should be created. Defaults to `true`. |
+f| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${var.aws_resource_identifier} - EKS Master`. |
+| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${var.aws_resource_identifier} - EKS Worker`. |
 | `aws_eks_environment` | String | Specify the eks environment name. Defaults to `env` |
-| `aws_eks_stackname` | String | Specify the eks stack name for your environment. Defaults to `eks-stack`.  |
-| `aws_eks_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
-| `aws_eks_workstation_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. |
-| `aws_eks_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b`.  |
-| `aws_eks_private_subnets` | String | Comma separated list of private subnets. Defaults to `10.0.1.0/24,10.0.2.0/24`. |
-| `aws_eks_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`|
-| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}-cluster` |
+| `aws_eks_management_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. |
+| `aws_eks_allowed_ports` | String | Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports_cidr`. |
+| `aws_eks_allowed_ports_cidr` | String | Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports`. If none defined, will allow all incoming traffic. |
+| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${var.aws_resource_identifier}-cluster` |
 | `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `none`. |
 | `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.27` |
 | `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. |
@@ -128,10 +129,29 @@ The following inputs can be used as `step.with` keys
 | `aws_eks_desired_capacity` | String | Enter the desired capacity for the worker nodes. Defaults to `2`. |
 | `aws_eks_max_size` | String | Enter the max_size for the worker nodes. Defaults to `4`. |
 | `aws_eks_min_size` | String | Enter the min_size for the worker nodes. Defaults to `2`. |
+| `aws_eks_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to eks provisioned resources.|
 | `input_helm_charts` | String | Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files. |
 <hr/>
 <br/>
 
+#### **VPC Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `true`. |
+| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |
+| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
+| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`. |
+| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `10.0.1.0/24,10.0.2.0/24`. |
+| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b` value. |
+| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |
+| `aws_vpc_enable_nat_gateway` | String | Adds a NAT gateway for each public subnet. Defaults to `true`. |
+| `aws_vpc_single_nat_gateway` | String | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. |
+| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). |
+| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|
+<hr/>
+<br/>
+
 ## Note about resource identifiers
 
 Most resources will contain the tag `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`, some of them, even the resource name after. 

action.yaml

@@ -15,11 +15,20 @@ inputs:
   bitops_code_store:
     description: 'Store BitOps code as a GitHub artifact'
     required: false
+  tf_stack_destroy:
+    description: 'Set to "true" to Destroy the stack through Terraform.'
+    required: false
+  tf_state_file_name:
+    description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
+    required: false
+  tf_state_file_name_append:
+    description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
+    required: false
   tf_state_bucket:
     description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
     required: false
   tf_state_bucket_destroy:
-    description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. Will only run if aws_eks_create is set to false.' 
+    description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
     required: false
 
   # AWS
@@ -36,47 +45,42 @@ inputs:
     description: 'AWS default region'
     default: us-east-1
     required: false
+  aws_resource_identifier:
+    description: 'Set to override the AWS resource identifier for the deployment.  Defaults to `${org}-{repo}-{branch}`.  Use with destroy to destroy specific resources.'
+    required: false
+  aws_additional_tags:
+    description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+    required: false
 
   #  EKS
   aws_eks_create:
     description: 'Define if an EKS cluster should be created'
     required: false
-  aws_eks_region:
-    description: 'Define the region where EKS cluster should be created'
-    required: false
+    default: true
   aws_eks_security_group_name_master:
-    description: 'Define the security group name master'
+    description:  "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Master"
     required: false
   aws_eks_security_group_name_worker:
-    description: 'Define the security group name worker'
-    required: false  
+    description:  "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Worker"
+    required: false
   aws_eks_environment:
-    description: 'Specify the eks environment name. ex: dev or test'
-    required: false
-  aws_eks_stackname:
-    description: 'Specify the eks stack name for your environment. Ex: eks-test'
-    required: false  
-  aws_eks_cidr_block:
-    description: 'Define Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)'
-    required: false  
-  aws_eks_workstation_cidr:
-    description: 'Enter your local workstation public IP to add it to Worker nodes security groups' 
-    required: true 
-  aws_eks_availability_zones:
-    description: "List of Availability Zones, Ex: `['us-east-1a', 'us-east-1b', 'us-east-1c']`"
-    required: false 
-  aws_eks_private_subnets:
-    description:  "List of private subnets (e.g. `['10.0.1.0/24', '10.0.2.0/24']`)"
-    required: false 
-  aws_eks_public_subnets:
-    description:  "List of public subnets (e.g. `['10.0.101.0/24', '10.0.102.0/24']`)"
+    description: 'Specify the eks environment name. Defaults to env'
+    required: false
+  aws_eks_management_cidr:
+    description: 'Enter your public IP or CIDR to add it to the allowed master security groups port 443.' 
     required: false 
+  aws_eks_allowed_ports:
+    description: 'Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports_cidr.'
+    required: false
+  aws_eks_allowed_ports_cidr:
+    description: 'Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports. If none defined, will allow all incoming traffic.'
+    required: false
   aws_eks_cluster_name:
-    description: 'Specify the k8s cluster name'
-    required: false   
+    description: "EKS Cluster name. Defaults to eks-cluster"
+    required: false
   aws_eks_cluster_log_types:
-    description: 'Specify the k8s cluster log type'
-    required: false   
+    description: "EKS Log types, csv list"
+    required: false
   aws_eks_cluster_version:
     description: 'Specify the k8s cluster version'
     required: false 
@@ -87,11 +91,11 @@ inputs:
     description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.'
     required: false
   aws_eks_instance_user_data_file:
-    description: 'Relative path in the repo for a user provided script to be executed with the EC2 Instance creation.'
+    description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.'
     required: false
   aws_eks_ec2_key_pair:
-    description: 'Enter the existing ec2 key pair for worker nodes'
-    required: true 
+    description: 'Enter the existing ec2 key pair for worker nodes. If none, one will be created.'
+    required: false 
   aws_eks_store_keypair_sm:
     description: 'If true, will store the newly created keys in Secret Manager'
     required: false 
@@ -104,7 +108,55 @@ inputs:
   aws_eks_min_size:
     description: 'Enter the min_size for the worker nodes'
     required: false
+  aws_eks_additional_tags:
+    description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+    required: false
 
+  # AWS VPC Inputs
+  aws_vpc_create:
+    description: 'Define if a VPC should be created'
+    required: false
+    default: true
+  aws_vpc_name:
+    description: 'Set a specific name for the VPC'
+    required: false
+  aws_vpc_cidr_block:
+    description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
+    required: false
+    default: 10.0.0.0/16
+  aws_vpc_public_subnets:
+    description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
+    required: false
+    default: 10.0.101.0/24,10.0.102.0/24
+  aws_vpc_private_subnets:
+    description: 'Comma separated list of private subnets. If none, none will be created.'
+    required: false
+    default: 10.0.1.0/24,10.0.2.0/24
+  aws_vpc_availability_zones:
+    description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
+    required: false
+    default: us-east-1a,us-east-1b
+  aws_vpc_id:
+    description: 'AWS VPC ID. Accepts `vpc-###` values.'
+    required: false
+  aws_vpc_subnet_id:
+    description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
+    required: false
+  aws_vpc_enable_nat_gateway:
+    description: 'Enables NAT gateway'
+    required: false
+    default: true
+  aws_vpc_single_nat_gateway:
+    description: 'Creates only one NAT gateway'
+    required: false
+  aws_vpc_external_nat_ip_ids:
+    description: 'Comma separated list of IP IDS to reuse in the NAT gateways'
+    required: false
+  aws_vpc_additional_tags:
+    description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+    required: false
+
+  # Helm input
   input_helm_charts: 
     description: 'Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files.'
     required: false
@@ -115,10 +167,13 @@ runs:
 
     - name: Deploy with BitOps
       id: deploy
-      uses: bitovi/github-actions-commons@v0.0.2
+      uses: bitovi/github-actions-commons@main
       with:
         bitops_code_only: ${{ inputs.bitops_code_only }}
         bitops_code_store: ${{ inputs.bitops_code_store }}
+        tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
+        tf_state_file_name: ${{ inputs.tf_state_file_name }}
+        tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
         tf_state_bucket: ${{ inputs.tf_state_bucket }}
         tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
 
@@ -127,24 +182,22 @@ runs:
         gh_action_input_helm_charts: operations/deployment/helm
         gh_deployment_input_helm_charts: ${{ inputs.input_helm_charts }}
 
-      #AWS
+       #AWS
         aws_access_key_id: ${{ inputs.aws_access_key_id }}
         aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
         aws_session_token: ${{ inputs.aws_session_token }}
-        aws_default_region: ${{ inputs.aws_default_region }}  
+        aws_default_region: ${{ inputs.aws_default_region }}
+        aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
+        aws_additional_tags: ${{ inputs.aws_additional_tags }}
 
-      # AWS EKS
+        # EKS
         aws_eks_create: ${{ inputs.aws_eks_create }}
-        aws_eks_region: ${{ inputs.aws_eks_region }}
         aws_eks_security_group_name_master: ${{ inputs.aws_eks_security_group_name_master }}
         aws_eks_security_group_name_worker: ${{ inputs.aws_eks_security_group_name_worker }}
         aws_eks_environment: ${{ inputs.aws_eks_environment }}
-        aws_eks_stackname: ${{ inputs.aws_eks_stackname }}
-        aws_eks_cidr_block: ${{ inputs.aws_eks_cidr_block }}
-        aws_eks_workstation_cidr: ${{ inputs.aws_eks_workstation_cidr }}
-        aws_eks_availability_zones: ${{ inputs.aws_eks_availability_zones }}
-        aws_eks_private_subnets: ${{ inputs.aws_eks_private_subnets }}
-        aws_eks_public_subnets: ${{ inputs.aws_eks_public_subnets }}
+        aws_eks_management_cidr: ${{ inputs.aws_eks_management_cidr }}
+        aws_eks_allowed_ports: ${{ inputs.aws_eks_allowed_ports }}
+        aws_eks_allowed_ports_cidr: ${{ inputs.aws_eks_allowed_ports_cidr }}
         aws_eks_cluster_name: ${{ inputs.aws_eks_cluster_name }}
         aws_eks_cluster_log_types: ${{ inputs.aws_eks_cluster_log_types}}
         aws_eks_cluster_version: ${{ inputs.aws_eks_cluster_version }}
@@ -155,4 +208,19 @@ runs:
         aws_eks_store_keypair_sm: ${{ inputs.aws_eks_store_keypair_sm }}
         aws_eks_desired_capacity: ${{ inputs.aws_eks_desired_capacity}}
         aws_eks_max_size: ${{ inputs.aws_eks_max_size }}
-        aws_eks_min_size: ${{ inputs.aws_eks_min_size }}  
+        aws_eks_min_size: ${{ inputs.aws_eks_min_size }} 
+        aws_eks_additional_tags: ${{ inputs.aws_eks_additional_tags }} 
+
+        # VPC
+        aws_vpc_create: ${{ inputs.aws_vpc_create }}
+        aws_vpc_name: ${{ inputs.aws_vpc_name }}
+        aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }}
+        aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }}
+        aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }}
+        aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }}
+        aws_vpc_id: ${{ inputs.aws_vpc_id }}
+        aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }}
+        aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
+        aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
+        aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
+        aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }}