Provision AWS LB should have an option to choose the Private subnet

components/automate-backend-deployment/README.md

@@ -5,4 +5,4 @@ This provides the `automate-backend-deployment` package.
 
 This package will build a package using terraform/a2ha-terraform, inspecs, test, certs and Makefile.
 
-This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package
+This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.

terraform/a2ha-terraform/modules/aws/loadbalancing.tf

@@ -1,12 +1,11 @@
-
 /////////////////////////
 // Automate Load Balancing
 resource "aws_alb" "automate_lb" {
   name               = "${var.tag_name}-${random_id.random.hex}-automate-lb"
-  internal           = false
+  internal           = (length(var.public_custom_subnets) > 0 || var.aws_cidr_block_addr != "") ? false : true
   load_balancer_type = "application"
   security_groups    = [aws_security_group.load_balancer.id]
-  subnets            = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public.*.id : aws_subnet.public.*.id
+  subnets            = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public.*.id : (var.aws_cidr_block_addr != "" ? aws_subnet.public.*.id : data.aws_subnet.default.*.id)
   tags               = var.tags
 }
 
@@ -58,10 +57,10 @@ resource "aws_alb_listener" "automate_lb_listener_80" {
 // Chef Server
 resource "aws_alb" "chef_server_lb" {
   name               = "${var.tag_name}-${random_id.random.hex}-chef-server-lb"
-  internal           = false
+  internal           = (length(var.public_custom_subnets) > 0 || var.aws_cidr_block_addr != "") ? false : true
   load_balancer_type = "application"
   security_groups    = [aws_security_group.load_balancer.id]
-  subnets            = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public.*.id : aws_subnet.public.*.id
+  subnets            = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public.*.id : (var.aws_cidr_block_addr != "" ? aws_subnet.public.*.id : data.aws_subnet.default.*.id)
   tags               = var.tags
 }
 

terraform/a2ha-terraform/modules/aws/main.tf

@@ -1,4 +1,3 @@
-
 resource "random_id" "random" {
   byte_length = 4
 }
@@ -26,7 +25,7 @@ locals {
 }
 
 data "aws_subnet" "public" {                                  
-  count = length(var.private_custom_subnets) > 0 ? 3 : 0            
+  count = length(var.public_custom_subnets) > 0 ? 3 : 0            
   id    = local.public_subnet_ids_list[count.index]
 }
 
@@ -38,7 +37,7 @@ data "aws_internet_gateway" "default" {
 }
 
 resource "aws_subnet" "default" {
-  count             = length(var.private_custom_subnets) > 0 ? 0 : 3
+  count             = (length(var.private_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 3 : 0
   vpc_id            = data.aws_vpc.default.id
   cidr_block        = cidrsubnet("${var.aws_cidr_block_addr}/18", 8, count.index + 1)
   availability_zone = data.aws_availability_zones.available.names[count.index]
@@ -47,7 +46,7 @@ resource "aws_subnet" "default" {
 }
 
 resource "aws_subnet" "public" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 3
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 3 : 0
   vpc_id                  = data.aws_vpc.default.id
   cidr_block              = cidrsubnet("${var.aws_cidr_block_addr}/18", 8, count.index + 4)
   availability_zone       = data.aws_availability_zones.available.names[count.index]
@@ -57,61 +56,61 @@ resource "aws_subnet" "public" {
 }
 
 resource "aws_eip" "eip1" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc              = true
   public_ipv4_pool = "amazon"
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_eip"))
 }
 
 resource "aws_eip" "eip2" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc              = true
   public_ipv4_pool = "amazon"
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_eip"))
 }
 
 resource "aws_eip" "eip3" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc              = true
   public_ipv4_pool = "amazon"
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_eip"))
 }
 
 resource "aws_nat_gateway" "nat1" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   allocation_id = aws_eip.eip1[0].id
-  subnet_id     = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public[0].id : aws_subnet.public[0].id
+  subnet_id     = aws_subnet.public[0].id
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_nat_gw"))
 
   depends_on = [data.aws_internet_gateway.default]
 }
 
 resource "aws_nat_gateway" "nat2" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   allocation_id = aws_eip.eip2[0].id
-  subnet_id     = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public[1].id : aws_subnet.public[1].id
+  subnet_id     = aws_subnet.public[1].id
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_nat_gw"))
 
   depends_on = [data.aws_internet_gateway.default]
 }
 
 resource "aws_nat_gateway" "nat3" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   allocation_id = aws_eip.eip3[0].id
-  subnet_id     = length(var.public_custom_subnets) > 0 ? data.aws_subnet.public[2].id : aws_subnet.public[2].id
+  subnet_id     = aws_subnet.public[2].id
 
   tags = merge(var.tags, map("Name", "${var.tag_name}_${random_id.random.hex}_nat_gw"))
 
   depends_on = [data.aws_internet_gateway.default]
 }
 
 resource "aws_route_table" "route1" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc_id = data.aws_vpc.default.id
   route {
     cidr_block     = "0.0.0.0/0"
@@ -123,7 +122,7 @@ resource "aws_route_table" "route1" {
 }
 
 resource "aws_route_table" "route2" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc_id = data.aws_vpc.default.id
   route {
     cidr_block     = "0.0.0.0/0"
@@ -135,7 +134,7 @@ resource "aws_route_table" "route2" {
 }
 
 resource "aws_route_table" "route3" {
-  count                   = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count                   = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   vpc_id = data.aws_vpc.default.id
   route {
     cidr_block     = "0.0.0.0/0"
@@ -148,19 +147,19 @@ resource "aws_route_table" "route3" {
 
 
 resource "aws_route_table_association" "nat1" {
-  count          = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count          = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   subnet_id      = length(var.private_custom_subnets) > 0 ? data.aws_subnet.default[0].id : aws_subnet.default[0].id
   route_table_id = aws_route_table.route1[0].id
 }
 
 resource "aws_route_table_association" "nat2" {
-  count          = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count          = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   subnet_id      = length(var.private_custom_subnets) > 0 ? data.aws_subnet.default[1].id : aws_subnet.default[1].id
   route_table_id = aws_route_table.route2[0].id
 }
 
 resource "aws_route_table_association" "nat3" {
-  count          = length(var.public_custom_subnets) > 0 ? 0 : 1
+  count          = (length(var.public_custom_subnets) == 0 && var.aws_cidr_block_addr != "") ? 1 : 0
   subnet_id      = length(var.private_custom_subnets) > 0 ? data.aws_subnet.default[2].id : aws_subnet.default[2].id
   route_table_id = aws_route_table.route3[0].id
 }
@@ -170,7 +169,7 @@ locals {
 }
 
 resource "aws_instance" "chef_automate_postgresql" {
-  count = var.setup_managed_services ? 0 : var.postgresql_instance_count
+  count = ((length(var.private_custom_subnets) == 0 && var.aws_cidr_block_addr == "") || var.setup_managed_services) ? 0 : var.postgresql_instance_count
 
   ami                         = local.ami
   instance_type               = var.postgresql_server_instance_type
@@ -221,7 +220,7 @@ resource "aws_instance" "chef_automate_postgresql" {
 
 }
 resource "aws_instance" "chef_automate_opensearch" {
-  count = var.setup_managed_services ? 0 : var.opensearch_instance_count
+  count = ((length(var.private_custom_subnets) == 0 && var.aws_cidr_block_addr == "") || var.setup_managed_services) ? 0 : var.opensearch_instance_count
 
   ami                         = local.ami
   instance_type               = var.opensearch_server_instance_type
@@ -262,7 +261,7 @@ resource "aws_instance" "chef_automate_opensearch" {
 }
 
 resource "aws_instance" "chef_automate" {
-  count = var.automate_instance_count
+  count = (length(var.private_custom_subnets) > 0 || var.aws_cidr_block_addr != "") ? var.automate_instance_count : 0
 
   ami                         = local.ami
   instance_type               = var.automate_server_instance_type
@@ -301,11 +300,11 @@ resource "aws_instance" "chef_automate" {
     instance_metadata_tags = "enabled"
   }
   depends_on = [aws_route_table.route1,aws_route_table.route2,aws_route_table.route3]
-  
+
 }
 
 resource "aws_instance" "chef_server" {
-  count = var.chef_server_instance_count
+  count = (length(var.private_custom_subnets) > 0 || var.aws_cidr_block_addr != "") ? var.chef_server_instance_count : 0
 
 
   ami                         = local.ami

terraform/a2ha-terraform/modules/aws/outputs.tf

@@ -66,9 +66,7 @@ output "random_id" {
 }
 
 output "subnet_id" {
-
   value = length(var.private_custom_subnets) > 0 ? var.private_custom_subnets : aws_subnet.default.*.id
-
 }
 
 output "mount_id" {