From 24b5ef3acd09add9373c2005d2afadb8b1eb79be Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 12:15:08 +0530
Subject: [PATCH 1/7] remove count 1 from gitlab EC2 instance

---
 main.tf    | 7 +++----
 outputs.tf | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/main.tf b/main.tf
index 826aa7e..26402bb 100644
--- a/main.tf
+++ b/main.tf
@@ -11,7 +11,6 @@ locals {
 }
 
 resource "aws_instance" "gitlab" {
-  count                       = 1
   ami                         = var.ami_id
   instance_type               = var.instance_type
   subnet_id                   = var.private_subnet_id
@@ -234,8 +233,8 @@ module "elb" {
     unhealthy_threshold = var.healthcheck_unhealthy_threshold
     timeout             = var.healthcheck_timeout
   }
-  number_of_instances = length(aws_instance.gitlab)
-  instances           = aws_instance.gitlab[*].id
+  number_of_instances = 1
+  instances           = tolist([aws_instance.gitlab.id])
 
   tags = {
     Environment = var.environment_prefix
@@ -502,7 +501,7 @@ resource "null_resource" "gitlab_reconfigure" {
     timestamp = timestamp()
   }
   provisioner "local-exec" {
-    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab[0].private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab[0].private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab.private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
   }
 }
 
diff --git a/outputs.tf b/outputs.tf
index 6c3dbea..4692735 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
 output "gitlab_instance_id" {
   description = "Instance Id of the Gitlab EC2 instance."
-  value       = aws_instance.gitlab[*].id
+  value       = aws_instance.gitlab.id
 }
 
 output "gitlab_sg_id" {

From b808416ccec670aa88a8bbc3295a57ca3e35c34a Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 12:49:17 +0530
Subject: [PATCH 2/7] add managed_by and environment to default tags. add
 environment prefix to resource names

---
 main.tf      | 114 ++++++++++++++++++++++++++++++---------------------
 variables.tf |   6 +--
 2 files changed, 71 insertions(+), 49 deletions(-)

diff --git a/main.tf b/main.tf
index 26402bb..82a538b 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,9 @@
 locals {
-  managed_by                         = "Terraform"
+  default_tags = {
+    managed_by  = "Terraform"
+    environment = var.environment
+  }
+  environment_prefix                 = substr(var.environment, 0, 1)
   gitlab_config_file_name            = "gitlab.rb"
   rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
   gitlab_additional_config_file_name = "gitlab_additional.rb"
@@ -24,18 +28,19 @@ resource "aws_instance" "gitlab" {
     delete_on_termination = false
   }
 
-  tags = {
-    Name        = "${var.environment_prefix}-gitlab"
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab"
+  }, local.default_tags)
 
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
   count      = var.gitlab_ssh_public_key != null ? 1 : 0
-  key_name   = "${var.environment_prefix}-gitlab-key-pair"
+  key_name   = "${local.environment_prefix}-gitlab-key-pair"
   public_key = var.gitlab_ssh_public_key
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-key-pair"
+  }, local.default_tags)
 }
 
 data "aws_vpc" "vpc" {
@@ -47,7 +52,7 @@ data "aws_route53_zone" "zone" {
 }
 
 resource "aws_security_group" "gitlab" {
-  name        = "${var.environment_prefix}-gitlab"
+  name        = "${local.environment_prefix}-gitlab"
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab instance"
   ingress = [
@@ -98,14 +103,13 @@ resource "aws_security_group" "gitlab" {
       description      = "allow all egress"
     }
   ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab"
+  }, local.default_tags)
 }
 
 resource "aws_security_group" "gitlab_lb" {
-  name        = "${var.environment_prefix}-gitlab-lb"
+  name        = "${local.environment_prefix}-gitlab-lb"
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab load balancer"
   ingress = [
@@ -156,10 +160,9 @@ resource "aws_security_group" "gitlab_lb" {
       description      = "allow all egress"
     }
   ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-lb"
+  }, local.default_tags)
 }
 
 module "records" {
@@ -189,16 +192,16 @@ module "acm" {
 
   wait_for_validation = true
 
-  tags = {
+  tags = merge({
     Name = var.gitlab_domain
-  }
+  }, local.default_tags)
 }
 
 module "elb" {
   source  = "terraform-aws-modules/elb/aws"
   version = "~> 2.0"
 
-  name = "${var.environment_prefix}-gitlab"
+  name = "${local.environment_prefix}-gitlab"
 
   subnets         = var.public_subnet_ids
   security_groups = [aws_security_group.gitlab_lb.id]
@@ -236,20 +239,20 @@ module "elb" {
   number_of_instances = 1
   instances           = tolist([aws_instance.gitlab.id])
 
-  tags = {
-    Environment = var.environment_prefix
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab"
+  }, local.default_tags)
 }
 
 module "gitlab_pg" {
   source                    = "terraform-aws-modules/rds/aws"
-  identifier                = "${var.environment_prefix}-gitlab-pg"
+  identifier                = "${local.environment_prefix}-gitlab-pg"
   create_db_instance        = true
   create_db_subnet_group    = true
   create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
   parameter_group_name      = var.gitlab_pg_parameter_group_name
   parameters                = var.gitlab_pg_parameters
-  db_subnet_group_name      = "${var.environment_prefix}-gitlab-pg"
+  db_subnet_group_name      = "${var.environment}-gitlab-pg"
   subnet_ids                = var.gitlab_pg_subnet_ids
   allocated_storage         = var.gitlab_pg_allocated_storage
   storage_type              = var.gitlab_pg_storage_type
@@ -263,10 +266,13 @@ module "gitlab_pg" {
   create_random_password    = false
   publicly_accessible       = var.gitlab_pg_publicly_accessible
   vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-pg"
+  }, local.default_tags)
 }
 
 resource "aws_security_group" "gitlab_rds" {
-  name        = "${var.environment_prefix}-gitlab-rds"
+  name        = "${local.environment_prefix}-gitlab-rds"
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab RDS"
   ingress = [
@@ -282,14 +288,13 @@ resource "aws_security_group" "gitlab_rds" {
       description      = "allow TCP access from Gitlab instance"
     }
   ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-rds"
+  }, local.default_tags)
 }
 
 resource "aws_elasticache_cluster" "gitlab_redis" {
-  cluster_id           = "${var.environment_prefix}-gitlab-redis"
+  cluster_id           = "${local.environment_prefix}-gitlab-redis"
   engine               = "redis"
   node_type            = var.gitlab_redis_node_type
   num_cache_nodes      = var.gitlab_redis_num_cache_nodes
@@ -299,6 +304,10 @@ resource "aws_elasticache_cluster" "gitlab_redis" {
   security_group_ids   = [aws_security_group.gitlab_redis.id]
   subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
 
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags)
+
   lifecycle {
     precondition {
       condition = anytrue([
@@ -325,12 +334,13 @@ resource "aws_elasticache_parameter_group" "gitlab_redis" {
 
 resource "aws_elasticache_subnet_group" "gitlab_redis" {
   count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
-  name       = "${var.environment_prefix}-gitlab-redis"
+  name       = "${local.environment_prefix}-gitlab-redis"
   subnet_ids = var.gitlab_redis_subnet_ids
-  tags = {
-    Name      = "${var.environment_prefix}-gitlab-redis"
-    ManagedBy = local.managed_by
-  }
+
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags)
+
   lifecycle {
     precondition {
       condition     = var.gitlab_redis_create_subnet_group && length(var.gitlab_redis_subnet_ids) != 0
@@ -340,7 +350,7 @@ resource "aws_elasticache_subnet_group" "gitlab_redis" {
 }
 
 resource "aws_security_group" "gitlab_redis" {
-  name        = "${var.environment_prefix}-gitlab-redis"
+  name        = "${local.environment_prefix}-gitlab-redis"
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab Redis"
   ingress = [
@@ -356,15 +366,19 @@ resource "aws_security_group" "gitlab_redis" {
       description      = "allow TCP access from Gitlab instance"
     }
   ]
-  tags = {
-    Environment = var.environment_prefix
-    ManagedBy   = local.managed_by
-  }
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags)
 }
 
 resource "aws_s3_bucket" "gitlab_backup" {
   count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  bucket = var.gitlab_backup_bucket_name
+  bucket = "${local.environment_prefix}-${var.gitlab_backup_bucket_name}"
+
+  tags = merge({
+    Name = "${local.environment_prefix}-${var.gitlab_backup_bucket_name}"
+  }, local.default_tags)
+
   lifecycle {
     precondition {
       condition = anytrue([
@@ -373,7 +387,6 @@ resource "aws_s3_bucket" "gitlab_backup" {
       ])
       error_message = "Gitlab backup to S3 is set to ${var.enable_gitlab_backup_to_s3}. gitlab_backup_bucket_name is mandatory to create S3 bucket."
     }
-
   }
 }
 
@@ -424,12 +437,15 @@ data "aws_iam_policy_document" "gitlab_s3_backup" {
 
 resource "aws_iam_policy" "gitlab_backup" {
   count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  name   = "gitlab-backup"
+  name   = "${local.environment_prefix}-gitlab-backup"
   policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-backup"
+  }, local.default_tags)
 }
 
 resource "aws_iam_role" "gitlab_backup" {
-  name                = "gitlab-backup"
+  name                = "${local.environment_prefix}-gitlab-backup"
   assume_role_policy  = <<EOF
 {
     "Version": "2012-10-17",
@@ -446,11 +462,17 @@ resource "aws_iam_role" "gitlab_backup" {
 }
 EOF
   managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-backup"
+  }, local.default_tags)
 }
 
 resource "aws_iam_instance_profile" "gitlab" {
-  name = "gitlab"
+  name = "${local.environment_prefix}-gitlab"
   role = aws_iam_role.gitlab_backup.name
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab"
+  }, local.default_tags)
 }
 
 data "template_file" "gitlab_config_template" {
diff --git a/variables.tf b/variables.tf
index f268e09..bba315e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,7 +1,7 @@
-variable "environment_prefix" {
+variable "environment" {
   type        = string
-  default     = "p"
-  description = "Development environment prefix. Eg: s for staging, p for production, etc."
+  default     = "production"
+  description = "Development environment. Eg: staging, production, etc."
 }
 
 variable "vpc_id" {

From bb20397d465cfebb908efd561cd31d544a677aef Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 13:07:17 +0530
Subject: [PATCH 3/7] add support for additional tags

---
 main.tf      | 34 ++++++++++++++++++----------------
 variables.tf |  6 ++++++
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/main.tf b/main.tf
index 82a538b..0623875 100644
--- a/main.tf
+++ b/main.tf
@@ -30,7 +30,7 @@ resource "aws_instance" "gitlab" {
 
   tags = merge({
     Name = "${local.environment_prefix}-gitlab"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 
 }
 
@@ -40,7 +40,7 @@ resource "aws_key_pair" "gitlab_ssh" {
   public_key = var.gitlab_ssh_public_key
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-key-pair"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 data "aws_vpc" "vpc" {
@@ -105,7 +105,7 @@ resource "aws_security_group" "gitlab" {
   ]
   tags = merge({
     Name = "${local.environment_prefix}-gitlab"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_security_group" "gitlab_lb" {
@@ -162,7 +162,7 @@ resource "aws_security_group" "gitlab_lb" {
   ]
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-lb"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 module "records" {
@@ -194,7 +194,7 @@ module "acm" {
 
   tags = merge({
     Name = var.gitlab_domain
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 module "elb" {
@@ -241,7 +241,7 @@ module "elb" {
 
   tags = merge({
     Name = "${local.environment_prefix}-gitlab"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 module "gitlab_pg" {
@@ -268,7 +268,7 @@ module "gitlab_pg" {
   vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-pg"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_security_group" "gitlab_rds" {
@@ -290,7 +290,7 @@ resource "aws_security_group" "gitlab_rds" {
   ]
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-rds"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_elasticache_cluster" "gitlab_redis" {
@@ -306,7 +306,7 @@ resource "aws_elasticache_cluster" "gitlab_redis" {
 
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 
   lifecycle {
     precondition {
@@ -323,7 +323,9 @@ resource "aws_elasticache_parameter_group" "gitlab_redis" {
   count  = var.gitlab_redis_create_parameter_group == true ? 1 : 0
   family = var.gitlab_redis_parameter_group.family
   name   = var.gitlab_redis_parameter_group.name
-
+  tags = merge({
+    Name = "${local.environment_prefix}-${var.gitlab_redis_parameter_group.name}"
+  }, local.default_tags, var.additional_tags)
   lifecycle {
     precondition {
       condition     = var.gitlab_redis_parameter_group.name != null && var.gitlab_redis_parameter_group.family != null
@@ -339,7 +341,7 @@ resource "aws_elasticache_subnet_group" "gitlab_redis" {
 
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 
   lifecycle {
     precondition {
@@ -368,7 +370,7 @@ resource "aws_security_group" "gitlab_redis" {
   ]
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_s3_bucket" "gitlab_backup" {
@@ -377,7 +379,7 @@ resource "aws_s3_bucket" "gitlab_backup" {
 
   tags = merge({
     Name = "${local.environment_prefix}-${var.gitlab_backup_bucket_name}"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 
   lifecycle {
     precondition {
@@ -441,7 +443,7 @@ resource "aws_iam_policy" "gitlab_backup" {
   policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-backup"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_role" "gitlab_backup" {
@@ -464,7 +466,7 @@ EOF
   managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
   tags = merge({
     Name = "${local.environment_prefix}-gitlab-backup"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_instance_profile" "gitlab" {
@@ -472,7 +474,7 @@ resource "aws_iam_instance_profile" "gitlab" {
   role = aws_iam_role.gitlab_backup.name
   tags = merge({
     Name = "${local.environment_prefix}-gitlab"
-  }, local.default_tags)
+  }, local.default_tags, var.additional_tags)
 }
 
 data "template_file" "gitlab_config_template" {
diff --git a/variables.tf b/variables.tf
index bba315e..e2c0602 100644
--- a/variables.tf
+++ b/variables.tf
@@ -297,3 +297,9 @@ variable "ses_username" {
   description = "Username for Gitlab SMTP user"
   default     = "gitlab_smtp_user"
 }
+
+variable "additional_tags" {
+  type        = map(string)
+  default     = {}
+  description = "A map of additional tags to attach to the resources."
+}

From 8fe083dfe8f0aedb9662a37c77dc02ac0de34266 Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 13:11:57 +0530
Subject: [PATCH 4/7] add configurable EBS volume IOPS with default to 3000

---
 main.tf      | 1 +
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/main.tf b/main.tf
index 0623875..b3085b7 100644
--- a/main.tf
+++ b/main.tf
@@ -25,6 +25,7 @@ resource "aws_instance" "gitlab" {
   root_block_device {
     volume_type           = var.volume_type
     volume_size           = var.volume_size
+    iops                  = var.volume_iops
     delete_on_termination = false
   }
 
diff --git a/variables.tf b/variables.tf
index e2c0602..dd60320 100644
--- a/variables.tf
+++ b/variables.tf
@@ -36,6 +36,12 @@ variable "volume_size" {
   description = "Size of root EBS volume for Gitlab instance."
 }
 
+variable "volume_iops" {
+  type        = number
+  default     = 3000
+  description = "IOPS for the Gitlab EBS volume"
+}
+
 variable "public_subnet_ids" {
   type        = list(string)
   description = "List of public subnet Ids for Gitlab load balancer."

From 562cefa26ad884383cade3c648e715b9f145733f Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 14:03:42 +0530
Subject: [PATCH 5/7] add tags for ses resources

---
 main.tf | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index b3085b7..5a373f5 100644
--- a/main.tf
+++ b/main.tf
@@ -550,15 +550,15 @@ resource "aws_route53_record" "email_domain_amazonses_verification_record" {
 }
 
 resource "aws_ses_domain_identity_verification" "email_domain_verification" {
-  count  = var.create_ses_identity ? 1 : 0
-  domain = aws_ses_domain_identity.email_domain[0].id
-
+  count      = var.create_ses_identity ? 1 : 0
+  domain     = aws_ses_domain_identity.email_domain[0].id
   depends_on = [aws_route53_record.email_domain_amazonses_verification_record[0]]
 }
 
 resource "aws_iam_user" "gitlab_smtp_user" {
   count = var.create_ses_identity ? 1 : 0
   name  = var.ses_username
+  tags  = merge(local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_access_key" "gitlab_smtp_user" {
@@ -576,9 +576,12 @@ data "aws_iam_policy_document" "gitlab_ses_sender" {
 
 resource "aws_iam_policy" "gitlab_ses_sender" {
   count       = var.create_ses_identity ? 1 : 0
-  name        = "gitlab_ses_sender"
+  name        = "${local.environment_prefix}-gitlab_ses_sender"
   description = "Allows sending of e-mails via Simple Email Service"
   policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab_ses_sender"
+  }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_user_policy_attachment" "gitlab_ses_sender" {

From 89134cd2d7c7e3bda90efb75a7f6727d04906f86 Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 14:50:27 +0530
Subject: [PATCH 6/7] cleanup main.tf by separating resources logically by
 functionality

---
 backup.tf                                     |  95 ++++
 config.tf                                     |  68 +++
 gitlab_config_templates/gitlab-nginx.rb.tftpl |   3 -
 gitlab_config_templates/gitlab-postgres.tftpl |   1 -
 gitlab_config_templates/gitlab-rails.tftpl    |  22 -
 gitlab_config_templates/gitlab-redis.tftpl    |   1 -
 load_balancers.tf                             |  99 ++++
 main.tf                                       | 455 +-----------------
 rds.tf                                        |  49 ++
 redis.tf                                      |  80 +++
 ses.tf                                        |  60 +++
 .../nginx.tftpl                               |   0
 .../postgres.tftpl                            |   0
 .../rails.tftpl                               |   0
 .../redis.tftpl                               |   0
 .../smtp.tftpl                                |   0
 variables.tf                                  |   2 +-
 17 files changed, 455 insertions(+), 480 deletions(-)
 create mode 100644 backup.tf
 create mode 100644 config.tf
 delete mode 100644 gitlab_config_templates/gitlab-nginx.rb.tftpl
 delete mode 100644 gitlab_config_templates/gitlab-postgres.tftpl
 delete mode 100644 gitlab_config_templates/gitlab-rails.tftpl
 delete mode 100644 gitlab_config_templates/gitlab-redis.tftpl
 create mode 100644 load_balancers.tf
 create mode 100644 rds.tf
 create mode 100644 redis.tf
 create mode 100644 ses.tf
 rename {gitlab_config_templates => templates}/nginx.tftpl (100%)
 rename {gitlab_config_templates => templates}/postgres.tftpl (100%)
 rename {gitlab_config_templates => templates}/rails.tftpl (100%)
 rename {gitlab_config_templates => templates}/redis.tftpl (100%)
 rename {gitlab_config_templates => templates}/smtp.tftpl (100%)

diff --git a/backup.tf b/backup.tf
new file mode 100644
index 0000000..2993b01
--- /dev/null
+++ b/backup.tf
@@ -0,0 +1,95 @@
+/* Resources for setting up Gitlab remote backup on Amazon S3 */
+
+resource "aws_s3_bucket" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  bucket = var.gitlab_backup_bucket_name
+
+  tags = merge(local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition = anytrue([
+        (var.enable_gitlab_backup_to_s3 == false),
+        (var.enable_gitlab_backup_to_s3 == true && var.gitlab_backup_bucket_name != null)
+      ])
+      error_message = "Gitlab backup to S3 is set to ${var.enable_gitlab_backup_to_s3}. gitlab_backup_bucket_name is mandatory to create S3 bucket."
+    }
+  }
+}
+
+resource "aws_s3_bucket_acl" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  bucket = aws_s3_bucket.gitlab_backup[0].id
+  acl    = "private"
+}
+
+data "aws_iam_policy_document" "gitlab_s3_backup" {
+  count = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:AbortMultipartUpload",
+      "s3:GetBucketAcl",
+      "s3:GetBucketLocation",
+      "s3:GetObject",
+      "s3:GetObjectAcl",
+      "s3:ListBucketMultipartUploads",
+      "s3:PutObject",
+      "s3:PutObjectAcl"
+    ]
+    resources = [
+      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}/*"
+    ]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetBucketLocation",
+      "s3:ListAllMyBuckets"
+    ]
+    resources = [
+      "*"
+    ]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:ListBucket"
+    ]
+    resources = [
+      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "gitlab_backup" {
+  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
+  name   = "${local.environment_prefix}-gitlab-backup"
+  policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-backup"
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_role" "gitlab_backup" {
+  name                = "${local.environment_prefix}-gitlab-backup"
+  assume_role_policy  = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+               "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+  managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-backup"
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/config.tf b/config.tf
new file mode 100644
index 0000000..39c38dc
--- /dev/null
+++ b/config.tf
@@ -0,0 +1,68 @@
+/* Resources for management of gitlab.rb from within the terraform module itself using Ansible playbooks */
+
+locals {
+  gitlab_config_file_name            = "gitlab.rb"
+  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
+  gitlab_additional_config_file_name = "gitlab_additional.rb"
+  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
+  gitlab_config_template_file_path   = "${path.module}/templates"
+  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
+  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
+  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
+}
+
+data "template_file" "gitlab_config_template" {
+  template = join("\n", [
+    file("${local.gitlab_config_template_file_path}/postgres.tftpl"),
+    file("${local.gitlab_config_template_file_path}/redis.tftpl"),
+    file("${local.gitlab_config_template_file_path}/nginx.tftpl"),
+    file("${local.gitlab_config_template_file_path}/rails.tftpl"),
+    var.create_ses_identity ? file("${local.gitlab_config_template_file_path}/smtp.tftpl") : "",
+  ])
+  vars = merge({
+    gitlab_url                   = local.gitlab_complete_url,
+    gitlab_db_name               = module.gitlab_pg.db_instance_name,
+    gitlab_db_username           = module.gitlab_pg.db_instance_username,
+    gitlab_db_password           = module.gitlab_pg.db_instance_password,
+    gitlab_db_host               = module.gitlab_pg.db_instance_address,
+    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
+    aws_region                   = aws_s3_bucket.gitlab_backup[0].region,
+    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
+    }, var.create_ses_identity ? {
+    smtp_address  = "email-smtp.${var.aws_region}.amazonaws.com",
+    smtp_username = aws_iam_access_key.gitlab_smtp_user[0].id,
+    smtp_password = aws_iam_access_key.gitlab_smtp_user[0].ses_smtp_password_v4,
+    smtp_domain   = data.aws_route53_zone.email_domain[0].name
+  } : {})
+}
+
+resource "local_sensitive_file" "rendered_gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
+  content  = data.template_file.gitlab_config_template.rendered
+}
+
+data "local_sensitive_file" "gitlab_additional_config" {
+  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
+  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
+}
+
+resource "local_sensitive_file" "gitlab_config_file" {
+  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
+  content = join("\n", tolist([
+    data.template_file.gitlab_config_template.rendered,
+    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
+  ]))
+}
+
+/*
+  Adding null_resource trigger on timestamp is a hack to always check the diff in the
+  config if any and apply the config changes to Gitlab.
+*/
+resource "null_resource" "gitlab_reconfigure" {
+  triggers = {
+    timestamp = timestamp()
+  }
+  provisioner "local-exec" {
+    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab.private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
+  }
+}
diff --git a/gitlab_config_templates/gitlab-nginx.rb.tftpl b/gitlab_config_templates/gitlab-nginx.rb.tftpl
deleted file mode 100644
index 66b9a0c..0000000
--- a/gitlab_config_templates/gitlab-nginx.rb.tftpl
+++ /dev/null
@@ -1,3 +0,0 @@
-nginx['redirect_http_to_https'] = false
-nginx['listen_port'] = 80
-nginx['listen_https'] = false
diff --git a/gitlab_config_templates/gitlab-postgres.tftpl b/gitlab_config_templates/gitlab-postgres.tftpl
deleted file mode 100644
index b1908e3..0000000
--- a/gitlab_config_templates/gitlab-postgres.tftpl
+++ /dev/null
@@ -1 +0,0 @@
-postgresql['enable'] = false
diff --git a/gitlab_config_templates/gitlab-rails.tftpl b/gitlab_config_templates/gitlab-rails.tftpl
deleted file mode 100644
index 5dd46e6..0000000
--- a/gitlab_config_templates/gitlab-rails.tftpl
+++ /dev/null
@@ -1,22 +0,0 @@
-external_url '${gitlab_url}'
-
-gitlab_rails['monitoring_whitelist'] = ['0.0.0.0/0','127.0.0.0/8', '::1/128']
-
-gitlab_rails['db_adapter'] = "postgresql"
-gitlab_rails['db_encoding'] = "unicode"
-gitlab_rails['db_database'] = "${gitlab_db_name}"
-gitlab_rails['db_username'] = "${gitlab_db_username}"
-gitlab_rails['db_password'] = "${gitlab_db_password}"
-gitlab_rails['db_host'] = "${gitlab_db_host}"
-
-gitlab_rails['redis_host'] = "${gitlab_redis_host}"
-gitlab_rails['redis_port'] = 6379
-
-letsencrypt['enable'] = false
-
-gitlab_rails['backup_upload_connection'] = {
-  'provider' => 'AWS',
-  'region' => '${aws_region}',
-  'use_iam_profile' => true
-}
-gitlab_rails['backup_upload_remote_directory'] = '${gitlab_backup_s3_bucket_name}'
diff --git a/gitlab_config_templates/gitlab-redis.tftpl b/gitlab_config_templates/gitlab-redis.tftpl
deleted file mode 100644
index ed60013..0000000
--- a/gitlab_config_templates/gitlab-redis.tftpl
+++ /dev/null
@@ -1 +0,0 @@
-redis['enable'] = false
diff --git a/load_balancers.tf b/load_balancers.tf
new file mode 100644
index 0000000..8550b6d
--- /dev/null
+++ b/load_balancers.tf
@@ -0,0 +1,99 @@
+/* Resources for Gitlab classic load balancer */
+resource "aws_security_group" "gitlab_lb" {
+  name        = "${local.environment_prefix}-gitlab-lb"
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab load balancer"
+  ingress = [
+    {
+      from_port        = 80
+      protocol         = "tcp"
+      to_port          = 80
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow http ingress from anywhere"
+    },
+    {
+      from_port        = 443
+      protocol         = "tcp"
+      to_port          = 443
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow https ingress from anywhere"
+    },
+    {
+      from_port        = 22
+      protocol         = "tcp"
+      to_port          = 22
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow SSH ingress from anywhere"
+    }
+  ]
+  egress = [
+    {
+      from_port        = 0
+      protocol         = "-1"
+      to_port          = 0
+      cidr_blocks      = ["0.0.0.0/0"]
+      ipv6_cidr_blocks = ["::/0"]
+      prefix_list_ids  = []
+      security_groups  = []
+      self             = false
+      description      = "allow all egress"
+    }
+  ]
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-lb"
+  }, local.default_tags, var.additional_tags)
+}
+
+module "elb" {
+  source          = "terraform-aws-modules/elb/aws"
+  version         = "~> 2.0"
+  name            = "${local.environment_prefix}-gitlab"
+  subnets         = var.public_subnet_ids
+  security_groups = [aws_security_group.gitlab_lb.id]
+  internal        = false
+  listener = [
+    {
+      instance_port     = 80
+      instance_protocol = "HTTP"
+      lb_port           = 80
+      lb_protocol       = "HTTP"
+    },
+    {
+      instance_port      = 80
+      instance_protocol  = "HTTP"
+      lb_port            = 443
+      lb_protocol        = "HTTPS"
+      ssl_certificate_id = var.create_acm_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
+    },
+    {
+      instance_port     = 22
+      instance_protocol = "TCP"
+      lb_port           = 22
+      lb_protocol       = "TCP"
+    },
+  ]
+  health_check = {
+    target              = "${var.healthcheck_protocol}:${var.healthcheck_port}${var.healthcheck_path}"
+    interval            = var.healthcheck_interval
+    healthy_threshold   = var.healthcheck_healthy_threshold
+    unhealthy_threshold = var.healthcheck_unhealthy_threshold
+    timeout             = var.healthcheck_timeout
+  }
+  number_of_instances = 1
+  instances           = tolist([aws_instance.gitlab.id])
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab"
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/main.tf b/main.tf
index 5a373f5..ca2c33c 100644
--- a/main.tf
+++ b/main.tf
@@ -1,17 +1,9 @@
 locals {
   default_tags = {
-    managed_by  = "Terraform"
-    environment = var.environment
+    ManagedBy   = "Terraform"
+    Environment = var.environment
   }
-  environment_prefix                 = substr(var.environment, 0, 1)
-  gitlab_config_file_name            = "gitlab.rb"
-  rendered_gitlab_config_file_name   = "gitlab_rendered.rb"
-  gitlab_additional_config_file_name = "gitlab_additional.rb"
-  gitlab_config_tmp_path             = "/tmp/gitlab/gitlab_config"
-  gitlab_config_template_file_path   = "${path.module}/gitlab_config_templates"
-  gitlab_config_file_path            = "${path.cwd}/gitlab_config"
-  gitlab_config_playbook_file        = "${path.module}/playbooks/gitlab_setup.yaml"
-  gitlab_complete_url                = join("", tolist(["https://", values(module.records.route53_record_name)[0]]))
+  environment_prefix = substr(var.environment, 0, 1)
 }
 
 resource "aws_instance" "gitlab" {
@@ -109,63 +101,6 @@ resource "aws_security_group" "gitlab" {
   }, local.default_tags, var.additional_tags)
 }
 
-resource "aws_security_group" "gitlab_lb" {
-  name        = "${local.environment_prefix}-gitlab-lb"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab load balancer"
-  ingress = [
-    {
-      from_port        = 80
-      protocol         = "tcp"
-      to_port          = 80
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow http ingress from anywhere"
-    },
-    {
-      from_port        = 443
-      protocol         = "tcp"
-      to_port          = 443
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow https ingress from anywhere"
-    },
-    {
-      from_port        = 22
-      protocol         = "tcp"
-      to_port          = 22
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow SSH ingress from anywhere"
-    }
-  ]
-  egress = [
-    {
-      from_port        = 0
-      protocol         = "-1"
-      to_port          = 0
-      cidr_blocks      = ["0.0.0.0/0"]
-      ipv6_cidr_blocks = ["::/0"]
-      prefix_list_ids  = []
-      security_groups  = []
-      self             = false
-      description      = "allow all egress"
-    }
-  ]
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-lb"
-  }, local.default_tags, var.additional_tags)
-}
-
 module "records" {
   source  = "terraform-aws-modules/route53/aws//modules/records"
   version = "~> 2.0"
@@ -198,278 +133,6 @@ module "acm" {
   }, local.default_tags, var.additional_tags)
 }
 
-module "elb" {
-  source  = "terraform-aws-modules/elb/aws"
-  version = "~> 2.0"
-
-  name = "${local.environment_prefix}-gitlab"
-
-  subnets         = var.public_subnet_ids
-  security_groups = [aws_security_group.gitlab_lb.id]
-  internal        = false
-
-  listener = [
-    {
-      instance_port     = 80
-      instance_protocol = "HTTP"
-      lb_port           = 80
-      lb_protocol       = "HTTP"
-    },
-    {
-      instance_port      = 80
-      instance_protocol  = "HTTP"
-      lb_port            = 443
-      lb_protocol        = "HTTPS"
-      ssl_certificate_id = var.create_acm_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
-    },
-    {
-      instance_port     = 22
-      instance_protocol = "TCP"
-      lb_port           = 22
-      lb_protocol       = "TCP"
-    },
-  ]
-
-  health_check = {
-    target              = "${var.healthcheck_protocol}:${var.healthcheck_port}${var.healthcheck_path}"
-    interval            = var.healthcheck_interval
-    healthy_threshold   = var.healthcheck_healthy_threshold
-    unhealthy_threshold = var.healthcheck_unhealthy_threshold
-    timeout             = var.healthcheck_timeout
-  }
-  number_of_instances = 1
-  instances           = tolist([aws_instance.gitlab.id])
-
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab"
-  }, local.default_tags, var.additional_tags)
-}
-
-module "gitlab_pg" {
-  source                    = "terraform-aws-modules/rds/aws"
-  identifier                = "${local.environment_prefix}-gitlab-pg"
-  create_db_instance        = true
-  create_db_subnet_group    = true
-  create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
-  parameter_group_name      = var.gitlab_pg_parameter_group_name
-  parameters                = var.gitlab_pg_parameters
-  db_subnet_group_name      = "${var.environment}-gitlab-pg"
-  subnet_ids                = var.gitlab_pg_subnet_ids
-  allocated_storage         = var.gitlab_pg_allocated_storage
-  storage_type              = var.gitlab_pg_storage_type
-  db_name                   = var.gitlab_pg_db_name
-  port                      = tostring(var.gitlab_pg_port)
-  engine                    = "postgres"
-  engine_version            = var.gitlab_pg_engine_version
-  instance_class            = var.gitlab_pg_db_instance_class
-  username                  = var.gitlab_pg_username
-  password                  = var.gitlab_pg_password
-  create_random_password    = false
-  publicly_accessible       = var.gitlab_pg_publicly_accessible
-  vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-pg"
-  }, local.default_tags, var.additional_tags)
-}
-
-resource "aws_security_group" "gitlab_rds" {
-  name        = "${local.environment_prefix}-gitlab-rds"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab RDS"
-  ingress = [
-    {
-      from_port        = var.gitlab_pg_port
-      protocol         = "tcp"
-      to_port          = var.gitlab_pg_port
-      cidr_blocks      = []
-      ipv6_cidr_blocks = []
-      prefix_list_ids  = []
-      security_groups  = [aws_security_group.gitlab.id]
-      self             = false
-      description      = "allow TCP access from Gitlab instance"
-    }
-  ]
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-rds"
-  }, local.default_tags, var.additional_tags)
-}
-
-resource "aws_elasticache_cluster" "gitlab_redis" {
-  cluster_id           = "${local.environment_prefix}-gitlab-redis"
-  engine               = "redis"
-  node_type            = var.gitlab_redis_node_type
-  num_cache_nodes      = var.gitlab_redis_num_cache_nodes
-  parameter_group_name = var.gitlab_redis_create_parameter_group == true ? aws_elasticache_parameter_group.gitlab_redis[0].name : var.gitlab_redis_parameter_group_name
-  engine_version       = var.gitlab_redis_engine_version
-  port                 = var.gitlab_redis_port
-  security_group_ids   = [aws_security_group.gitlab_redis.id]
-  subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
-
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags, var.additional_tags)
-
-  lifecycle {
-    precondition {
-      condition = anytrue([
-        (var.gitlab_redis_create_parameter_group == false && var.gitlab_redis_parameter_group_name != null),
-        (var.gitlab_redis_create_parameter_group)
-      ])
-      error_message = "Parameter Group creation for Gitlab Redis is set to ${var.gitlab_redis_create_parameter_group}. Provide a pre-existing Parameter Group name."
-    }
-  }
-}
-
-resource "aws_elasticache_parameter_group" "gitlab_redis" {
-  count  = var.gitlab_redis_create_parameter_group == true ? 1 : 0
-  family = var.gitlab_redis_parameter_group.family
-  name   = var.gitlab_redis_parameter_group.name
-  tags = merge({
-    Name = "${local.environment_prefix}-${var.gitlab_redis_parameter_group.name}"
-  }, local.default_tags, var.additional_tags)
-  lifecycle {
-    precondition {
-      condition     = var.gitlab_redis_parameter_group.name != null && var.gitlab_redis_parameter_group.family != null
-      error_message = "Provide name and family in gitlab_redis_parameter_group for Parameter Group creation"
-    }
-  }
-}
-
-resource "aws_elasticache_subnet_group" "gitlab_redis" {
-  count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
-  name       = "${local.environment_prefix}-gitlab-redis"
-  subnet_ids = var.gitlab_redis_subnet_ids
-
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags, var.additional_tags)
-
-  lifecycle {
-    precondition {
-      condition     = var.gitlab_redis_create_subnet_group && length(var.gitlab_redis_subnet_ids) != 0
-      error_message = "Subnet Group creation needs subnet-ids. Add subnet-ids to gitlab_redis_subnet_ids"
-    }
-  }
-}
-
-resource "aws_security_group" "gitlab_redis" {
-  name        = "${local.environment_prefix}-gitlab-redis"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for Gitlab Redis"
-  ingress = [
-    {
-      from_port        = var.gitlab_redis_port
-      protocol         = "tcp"
-      to_port          = var.gitlab_redis_port
-      cidr_blocks      = []
-      ipv6_cidr_blocks = []
-      prefix_list_ids  = []
-      security_groups  = [aws_security_group.gitlab.id]
-      self             = false
-      description      = "allow TCP access from Gitlab instance"
-    }
-  ]
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
-  }, local.default_tags, var.additional_tags)
-}
-
-resource "aws_s3_bucket" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  bucket = "${local.environment_prefix}-${var.gitlab_backup_bucket_name}"
-
-  tags = merge({
-    Name = "${local.environment_prefix}-${var.gitlab_backup_bucket_name}"
-  }, local.default_tags, var.additional_tags)
-
-  lifecycle {
-    precondition {
-      condition = anytrue([
-        (var.enable_gitlab_backup_to_s3 == false),
-        (var.enable_gitlab_backup_to_s3 == true && var.gitlab_backup_bucket_name != null)
-      ])
-      error_message = "Gitlab backup to S3 is set to ${var.enable_gitlab_backup_to_s3}. gitlab_backup_bucket_name is mandatory to create S3 bucket."
-    }
-  }
-}
-
-resource "aws_s3_bucket_acl" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  bucket = aws_s3_bucket.gitlab_backup[0].id
-  acl    = "private"
-}
-
-data "aws_iam_policy_document" "gitlab_s3_backup" {
-  count = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:AbortMultipartUpload",
-      "s3:GetBucketAcl",
-      "s3:GetBucketLocation",
-      "s3:GetObject",
-      "s3:GetObjectAcl",
-      "s3:ListBucketMultipartUploads",
-      "s3:PutObject",
-      "s3:PutObjectAcl"
-    ]
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}/*"
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetBucketLocation",
-      "s3:ListAllMyBuckets"
-    ]
-    resources = [
-      "*"
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:ListBucket"
-    ]
-    resources = [
-      "arn:aws:s3:::${aws_s3_bucket.gitlab_backup[0].bucket}"
-    ]
-  }
-}
-
-resource "aws_iam_policy" "gitlab_backup" {
-  count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  name   = "${local.environment_prefix}-gitlab-backup"
-  policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-backup"
-  }, local.default_tags, var.additional_tags)
-}
-
-resource "aws_iam_role" "gitlab_backup" {
-  name                = "${local.environment_prefix}-gitlab-backup"
-  assume_role_policy  = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Action": "sts:AssumeRole",
-            "Principal": {
-               "Service": "ec2.amazonaws.com"
-            },
-            "Effect": "Allow",
-            "Sid": ""
-        }
-    ]
-}
-EOF
-  managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab-backup"
-  }, local.default_tags, var.additional_tags)
-}
-
 resource "aws_iam_instance_profile" "gitlab" {
   name = "${local.environment_prefix}-gitlab"
   role = aws_iam_role.gitlab_backup.name
@@ -477,115 +140,3 @@ resource "aws_iam_instance_profile" "gitlab" {
     Name = "${local.environment_prefix}-gitlab"
   }, local.default_tags, var.additional_tags)
 }
-
-data "template_file" "gitlab_config_template" {
-  template = join("\n", [
-    file("${local.gitlab_config_template_file_path}/postgres.tftpl"),
-    file("${local.gitlab_config_template_file_path}/redis.tftpl"),
-    file("${local.gitlab_config_template_file_path}/nginx.tftpl"),
-    file("${local.gitlab_config_template_file_path}/rails.tftpl"),
-    var.create_ses_identity ? file("${local.gitlab_config_template_file_path}/smtp.tftpl") : "",
-  ])
-  vars = merge({
-    gitlab_url                   = local.gitlab_complete_url,
-    gitlab_db_name               = module.gitlab_pg.db_instance_name,
-    gitlab_db_username           = module.gitlab_pg.db_instance_username,
-    gitlab_db_password           = module.gitlab_pg.db_instance_password,
-    gitlab_db_host               = module.gitlab_pg.db_instance_address,
-    gitlab_redis_host            = aws_elasticache_cluster.gitlab_redis.cache_nodes[0].address,
-    aws_region                   = aws_s3_bucket.gitlab_backup[0].region,
-    gitlab_backup_s3_bucket_name = aws_s3_bucket.gitlab_backup[0].bucket
-    }, var.create_ses_identity ? {
-    smtp_address  = "email-smtp.${var.aws_region}.amazonaws.com",
-    smtp_username = aws_iam_access_key.gitlab_smtp_user[0].id,
-    smtp_password = aws_iam_access_key.gitlab_smtp_user[0].ses_smtp_password_v4,
-    smtp_domain   = data.aws_route53_zone.email_domain[0].name
-  } : {})
-}
-
-resource "local_sensitive_file" "rendered_gitlab_config_file" {
-  filename = "${local.gitlab_config_tmp_path}/${local.rendered_gitlab_config_file_name}"
-  content  = data.template_file.gitlab_config_template.rendered
-}
-
-data "local_sensitive_file" "gitlab_additional_config" {
-  count    = fileexists("${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}") ? 1 : 0
-  filename = "${local.gitlab_config_file_path}/${local.gitlab_additional_config_file_name}"
-}
-
-resource "local_sensitive_file" "gitlab_config_file" {
-  filename = "${local.gitlab_config_tmp_path}/${local.gitlab_config_file_name}"
-  content = join("\n", tolist([
-    data.template_file.gitlab_config_template.rendered,
-    data.local_sensitive_file.gitlab_additional_config != [] ? data.local_sensitive_file.gitlab_additional_config[0].content : ""
-  ]))
-}
-
-resource "null_resource" "gitlab_reconfigure" {
-  triggers = {
-    timestamp = timestamp()
-  }
-  provisioner "local-exec" {
-    command = "ansible-playbook -u ubuntu -i '${aws_instance.gitlab.private_ip},' --private-key ${var.private_key} -e 'instance_ip_address=${aws_instance.gitlab.private_ip} workdir=${local.gitlab_config_tmp_path} config_file=${local_sensitive_file.gitlab_config_file.filename}' ${local.gitlab_config_playbook_file}"
-  }
-}
-
-data "aws_route53_zone" "email_domain" {
-  count = var.create_ses_identity ? 1 : 0
-  name  = var.ses_domain != null ? var.ses_domain : var.hosted_zone
-}
-
-resource "aws_ses_domain_identity" "email_domain" {
-  count  = var.create_ses_identity ? 1 : 0
-  domain = data.aws_route53_zone.email_domain[0].name
-}
-
-resource "aws_route53_record" "email_domain_amazonses_verification_record" {
-  count   = var.create_ses_identity ? 1 : 0
-  zone_id = data.aws_route53_zone.email_domain[0].zone_id
-  name    = "_amazonses.${aws_ses_domain_identity.email_domain[0].id}"
-  type    = "TXT"
-  ttl     = "600"
-  records = [aws_ses_domain_identity.email_domain[0].verification_token]
-}
-
-resource "aws_ses_domain_identity_verification" "email_domain_verification" {
-  count      = var.create_ses_identity ? 1 : 0
-  domain     = aws_ses_domain_identity.email_domain[0].id
-  depends_on = [aws_route53_record.email_domain_amazonses_verification_record[0]]
-}
-
-resource "aws_iam_user" "gitlab_smtp_user" {
-  count = var.create_ses_identity ? 1 : 0
-  name  = var.ses_username
-  tags  = merge(local.default_tags, var.additional_tags)
-}
-
-resource "aws_iam_access_key" "gitlab_smtp_user" {
-  count = var.create_ses_identity ? 1 : 0
-  user  = aws_iam_user.gitlab_smtp_user[0].name
-}
-
-data "aws_iam_policy_document" "gitlab_ses_sender" {
-  count = var.create_ses_identity ? 1 : 0
-  statement {
-    actions   = ["ses:SendRawEmail"]
-    resources = [aws_ses_domain_identity.email_domain[0].arn]
-  }
-}
-
-resource "aws_iam_policy" "gitlab_ses_sender" {
-  count       = var.create_ses_identity ? 1 : 0
-  name        = "${local.environment_prefix}-gitlab_ses_sender"
-  description = "Allows sending of e-mails via Simple Email Service"
-  policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
-  tags = merge({
-    Name = "${local.environment_prefix}-gitlab_ses_sender"
-  }, local.default_tags, var.additional_tags)
-}
-
-resource "aws_iam_user_policy_attachment" "gitlab_ses_sender" {
-  count      = var.create_ses_identity ? 1 : 0
-  user       = aws_iam_user.gitlab_smtp_user[0].name
-  policy_arn = aws_iam_policy.gitlab_ses_sender[0].arn
-}
diff --git a/rds.tf b/rds.tf
new file mode 100644
index 0000000..5ca3fef
--- /dev/null
+++ b/rds.tf
@@ -0,0 +1,49 @@
+/* Resources for RDS setup */
+resource "aws_security_group" "gitlab_rds" {
+  name        = "${local.environment_prefix}-gitlab-rds"
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab RDS"
+  ingress = [
+    {
+      from_port        = var.gitlab_pg_port
+      protocol         = "tcp"
+      to_port          = var.gitlab_pg_port
+      cidr_blocks      = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = [aws_security_group.gitlab.id]
+      self             = false
+      description      = "allow TCP access from Gitlab instance"
+    }
+  ]
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-rds"
+  }, local.default_tags, var.additional_tags)
+}
+
+module "gitlab_pg" {
+  source                    = "terraform-aws-modules/rds/aws"
+  identifier                = "${local.environment_prefix}-gitlab-pg"
+  create_db_instance        = true
+  create_db_subnet_group    = true
+  create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
+  parameter_group_name      = var.gitlab_pg_parameter_group_name
+  parameters                = var.gitlab_pg_parameters
+  db_subnet_group_name      = "${local.environment_prefix}-gitlab-pg"
+  subnet_ids                = var.gitlab_pg_subnet_ids
+  allocated_storage         = var.gitlab_pg_allocated_storage
+  storage_type              = var.gitlab_pg_storage_type
+  db_name                   = var.gitlab_pg_db_name
+  port                      = tostring(var.gitlab_pg_port)
+  engine                    = "postgres"
+  engine_version            = var.gitlab_pg_engine_version
+  instance_class            = var.gitlab_pg_db_instance_class
+  username                  = var.gitlab_pg_username
+  password                  = var.gitlab_pg_password
+  create_random_password    = false
+  publicly_accessible       = var.gitlab_pg_publicly_accessible
+  vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-pg"
+  }, local.default_tags, var.additional_tags)
+}
diff --git a/redis.tf b/redis.tf
new file mode 100644
index 0000000..6d43a25
--- /dev/null
+++ b/redis.tf
@@ -0,0 +1,80 @@
+/* Resources for Gitlab Redis setup */
+resource "aws_security_group" "gitlab_redis" {
+  name        = "${local.environment_prefix}-gitlab-redis"
+  vpc_id      = data.aws_vpc.vpc.id
+  description = "Security group for Gitlab Redis"
+  ingress = [
+    {
+      from_port        = var.gitlab_redis_port
+      protocol         = "tcp"
+      to_port          = var.gitlab_redis_port
+      cidr_blocks      = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      security_groups  = [aws_security_group.gitlab.id]
+      self             = false
+      description      = "allow TCP access from Gitlab instance"
+    }
+  ]
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_elasticache_parameter_group" "gitlab_redis" {
+  count  = var.gitlab_redis_create_parameter_group == true ? 1 : 0
+  family = var.gitlab_redis_parameter_group.family
+  name   = var.gitlab_redis_parameter_group.name
+  tags = merge({
+    Name = "${local.environment_prefix}-${var.gitlab_redis_parameter_group.name}"
+  }, local.default_tags, var.additional_tags)
+  lifecycle {
+    precondition {
+      condition     = var.gitlab_redis_parameter_group.name != null && var.gitlab_redis_parameter_group.family != null
+      error_message = "Provide name and family in gitlab_redis_parameter_group for Parameter Group creation"
+    }
+  }
+}
+
+resource "aws_elasticache_subnet_group" "gitlab_redis" {
+  count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
+  name       = "${local.environment_prefix}-gitlab-redis"
+  subnet_ids = var.gitlab_redis_subnet_ids
+
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition     = var.gitlab_redis_create_subnet_group && length(var.gitlab_redis_subnet_ids) != 0
+      error_message = "Subnet Group creation needs subnet-ids. Add subnet-ids to gitlab_redis_subnet_ids"
+    }
+  }
+}
+
+resource "aws_elasticache_cluster" "gitlab_redis" {
+  cluster_id           = "${local.environment_prefix}-gitlab-redis"
+  engine               = "redis"
+  node_type            = var.gitlab_redis_node_type
+  num_cache_nodes      = var.gitlab_redis_num_cache_nodes
+  parameter_group_name = var.gitlab_redis_create_parameter_group == true ? aws_elasticache_parameter_group.gitlab_redis[0].name : var.gitlab_redis_parameter_group_name
+  engine_version       = var.gitlab_redis_engine_version
+  port                 = var.gitlab_redis_port
+  security_group_ids   = [aws_security_group.gitlab_redis.id]
+  subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
+
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-redis"
+  }, local.default_tags, var.additional_tags)
+
+  lifecycle {
+    precondition {
+      condition = anytrue([
+        (var.gitlab_redis_create_parameter_group == false && var.gitlab_redis_parameter_group_name != null),
+        (var.gitlab_redis_create_parameter_group)
+      ])
+      error_message = "Parameter Group creation for Gitlab Redis is set to ${var.gitlab_redis_create_parameter_group}. Provide a pre-existing Parameter Group name."
+    }
+  }
+}
diff --git a/ses.tf b/ses.tf
new file mode 100644
index 0000000..8eb0919
--- /dev/null
+++ b/ses.tf
@@ -0,0 +1,60 @@
+/* Resources for Amazon SES setup to be used as SMTP service for Gitlab */
+data "aws_route53_zone" "email_domain" {
+  count = var.create_ses_identity ? 1 : 0
+  name  = var.ses_domain != null ? var.ses_domain : var.hosted_zone
+}
+
+resource "aws_ses_domain_identity" "email_domain" {
+  count  = var.create_ses_identity ? 1 : 0
+  domain = data.aws_route53_zone.email_domain[0].name
+}
+
+resource "aws_route53_record" "email_domain_amazonses_verification_record" {
+  count   = var.create_ses_identity ? 1 : 0
+  zone_id = data.aws_route53_zone.email_domain[0].zone_id
+  name    = "_amazonses.${aws_ses_domain_identity.email_domain[0].id}"
+  type    = "TXT"
+  ttl     = "600"
+  records = [aws_ses_domain_identity.email_domain[0].verification_token]
+}
+
+resource "aws_ses_domain_identity_verification" "email_domain_verification" {
+  count      = var.create_ses_identity ? 1 : 0
+  domain     = aws_ses_domain_identity.email_domain[0].id
+  depends_on = [aws_route53_record.email_domain_amazonses_verification_record[0]]
+}
+
+resource "aws_iam_user" "gitlab_smtp_user" {
+  count = var.create_ses_identity ? 1 : 0
+  name  = var.ses_username
+  tags  = merge(local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_access_key" "gitlab_smtp_user" {
+  count = var.create_ses_identity ? 1 : 0
+  user  = aws_iam_user.gitlab_smtp_user[0].name
+}
+
+data "aws_iam_policy_document" "gitlab_ses_sender" {
+  count = var.create_ses_identity ? 1 : 0
+  statement {
+    actions   = ["ses:SendRawEmail"]
+    resources = [aws_ses_domain_identity.email_domain[0].arn]
+  }
+}
+
+resource "aws_iam_policy" "gitlab_ses_sender" {
+  count       = var.create_ses_identity ? 1 : 0
+  name        = "${local.environment_prefix}-gitlab-ses-sender"
+  description = "Allows sending of e-mails via Simple Email Service"
+  policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
+  tags = merge({
+    Name = "${local.environment_prefix}-gitlab-ses-sender"
+  }, local.default_tags, var.additional_tags)
+}
+
+resource "aws_iam_user_policy_attachment" "gitlab_ses_sender" {
+  count      = var.create_ses_identity ? 1 : 0
+  user       = aws_iam_user.gitlab_smtp_user[0].name
+  policy_arn = aws_iam_policy.gitlab_ses_sender[0].arn
+}
diff --git a/gitlab_config_templates/nginx.tftpl b/templates/nginx.tftpl
similarity index 100%
rename from gitlab_config_templates/nginx.tftpl
rename to templates/nginx.tftpl
diff --git a/gitlab_config_templates/postgres.tftpl b/templates/postgres.tftpl
similarity index 100%
rename from gitlab_config_templates/postgres.tftpl
rename to templates/postgres.tftpl
diff --git a/gitlab_config_templates/rails.tftpl b/templates/rails.tftpl
similarity index 100%
rename from gitlab_config_templates/rails.tftpl
rename to templates/rails.tftpl
diff --git a/gitlab_config_templates/redis.tftpl b/templates/redis.tftpl
similarity index 100%
rename from gitlab_config_templates/redis.tftpl
rename to templates/redis.tftpl
diff --git a/gitlab_config_templates/smtp.tftpl b/templates/smtp.tftpl
similarity index 100%
rename from gitlab_config_templates/smtp.tftpl
rename to templates/smtp.tftpl
diff --git a/variables.tf b/variables.tf
index dd60320..e84985c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -301,7 +301,7 @@ variable "aws_region" {
 variable "ses_username" {
   type        = string
   description = "Username for Gitlab SMTP user"
-  default     = "gitlab_smtp_user"
+  default     = "gitlab-smtp-user"
 }
 
 variable "additional_tags" {

From c9bb7ce40cbf28beac53a4308ea796e247992d91 Mon Sep 17 00:00:00 2001
From: Premdeep Saini <premdeep.saini@vedantu.com>
Date: Mon, 23 Jan 2023 15:07:47 +0530
Subject: [PATCH 7/7] move resource name evaluation to locals

---
 backup.tf         | 13 ++++++++-----
 load_balancers.tf | 12 ++++++++----
 main.tf           | 20 ++++++++++++--------
 rds.tf            | 12 ++++++++----
 redis.tf          | 17 +++++++++++------
 ses.tf            |  7 +++++--
 6 files changed, 52 insertions(+), 29 deletions(-)

diff --git a/backup.tf b/backup.tf
index 2993b01..83ce09e 100644
--- a/backup.tf
+++ b/backup.tf
@@ -1,5 +1,8 @@
 /* Resources for setting up Gitlab remote backup on Amazon S3 */
-
+locals {
+  gitlab_backup_iam_policy_name = "${local.environment_prefix}-gitlab-backup"
+  gitlab_backup_iam_role_name   = "${local.environment_prefix}-gitlab-backup"
+}
 resource "aws_s3_bucket" "gitlab_backup" {
   count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
   bucket = var.gitlab_backup_bucket_name
@@ -64,15 +67,15 @@ data "aws_iam_policy_document" "gitlab_s3_backup" {
 
 resource "aws_iam_policy" "gitlab_backup" {
   count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
-  name   = "${local.environment_prefix}-gitlab-backup"
+  name   = local.gitlab_backup_iam_policy_name
   policy = data.aws_iam_policy_document.gitlab_s3_backup[0].json
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-backup"
+    Name = local.gitlab_backup_iam_policy_name
   }, local.default_tags, var.additional_tags)
 }
 
 resource "aws_iam_role" "gitlab_backup" {
-  name                = "${local.environment_prefix}-gitlab-backup"
+  name                = local.gitlab_backup_iam_role_name
   assume_role_policy  = <<EOF
 {
     "Version": "2012-10-17",
@@ -90,6 +93,6 @@ resource "aws_iam_role" "gitlab_backup" {
 EOF
   managed_policy_arns = var.enable_gitlab_backup_to_s3 ? [aws_iam_policy.gitlab_backup[0].arn] : []
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-backup"
+    Name = local.gitlab_backup_iam_role_name
   }, local.default_tags, var.additional_tags)
 }
diff --git a/load_balancers.tf b/load_balancers.tf
index 8550b6d..20857c8 100644
--- a/load_balancers.tf
+++ b/load_balancers.tf
@@ -1,6 +1,10 @@
 /* Resources for Gitlab classic load balancer */
+locals {
+  gitlab_lb_sg_name = "${local.environment_prefix}-gitlab-lb"
+  gitlab_lb_name    = "${local.environment_prefix}-gitlab"
+}
 resource "aws_security_group" "gitlab_lb" {
-  name        = "${local.environment_prefix}-gitlab-lb"
+  name        = local.gitlab_lb_sg_name
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab load balancer"
   ingress = [
@@ -52,14 +56,14 @@ resource "aws_security_group" "gitlab_lb" {
     }
   ]
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-lb"
+    Name = local.gitlab_lb_sg_name
   }, local.default_tags, var.additional_tags)
 }
 
 module "elb" {
   source          = "terraform-aws-modules/elb/aws"
   version         = "~> 2.0"
-  name            = "${local.environment_prefix}-gitlab"
+  name            = local.gitlab_lb_name
   subnets         = var.public_subnet_ids
   security_groups = [aws_security_group.gitlab_lb.id]
   internal        = false
@@ -94,6 +98,6 @@ module "elb" {
   number_of_instances = 1
   instances           = tolist([aws_instance.gitlab.id])
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab"
+    Name = local.gitlab_lb_name
   }, local.default_tags, var.additional_tags)
 }
diff --git a/main.tf b/main.tf
index ca2c33c..55a551f 100644
--- a/main.tf
+++ b/main.tf
@@ -3,7 +3,11 @@ locals {
     ManagedBy   = "Terraform"
     Environment = var.environment
   }
-  environment_prefix = substr(var.environment, 0, 1)
+  environment_prefix           = substr(var.environment, 0, 1)
+  gitlab_instance_name         = "${local.environment_prefix}-gitlab"
+  gitlab_ssh_key_name          = "${local.environment_prefix}-gitlab-key-pair"
+  gitlab_instance_sg_name      = "${local.environment_prefix}-gitlab"
+  gitlab_instance_profile_name = "${local.environment_prefix}-gitlab"
 }
 
 resource "aws_instance" "gitlab" {
@@ -22,17 +26,17 @@ resource "aws_instance" "gitlab" {
   }
 
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab"
+    Name = local.gitlab_instance_name
   }, local.default_tags, var.additional_tags)
 
 }
 
 resource "aws_key_pair" "gitlab_ssh" {
   count      = var.gitlab_ssh_public_key != null ? 1 : 0
-  key_name   = "${local.environment_prefix}-gitlab-key-pair"
+  key_name   = local.gitlab_ssh_key_name
   public_key = var.gitlab_ssh_public_key
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-key-pair"
+    Name = local.gitlab_ssh_key_name
   }, local.default_tags, var.additional_tags)
 }
 
@@ -45,7 +49,7 @@ data "aws_route53_zone" "zone" {
 }
 
 resource "aws_security_group" "gitlab" {
-  name        = "${local.environment_prefix}-gitlab"
+  name        = local.gitlab_instance_sg_name
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab instance"
   ingress = [
@@ -97,7 +101,7 @@ resource "aws_security_group" "gitlab" {
     }
   ]
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab"
+    Name = local.gitlab_instance_sg_name
   }, local.default_tags, var.additional_tags)
 }
 
@@ -134,9 +138,9 @@ module "acm" {
 }
 
 resource "aws_iam_instance_profile" "gitlab" {
-  name = "${local.environment_prefix}-gitlab"
+  name = local.gitlab_instance_profile_name
   role = aws_iam_role.gitlab_backup.name
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab"
+    Name = local.gitlab_instance_profile_name
   }, local.default_tags, var.additional_tags)
 }
diff --git a/rds.tf b/rds.tf
index 5ca3fef..7b742c6 100644
--- a/rds.tf
+++ b/rds.tf
@@ -1,6 +1,10 @@
 /* Resources for RDS setup */
+locals {
+  gitlab_rds_cluster_name = "${local.environment_prefix}-gitlab-pg"
+  gitlab_rds_sg_name      = "${local.environment_prefix}-gitlab-rds"
+}
 resource "aws_security_group" "gitlab_rds" {
-  name        = "${local.environment_prefix}-gitlab-rds"
+  name        = local.gitlab_rds_sg_name
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab RDS"
   ingress = [
@@ -17,13 +21,13 @@ resource "aws_security_group" "gitlab_rds" {
     }
   ]
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-rds"
+    Name = local.gitlab_rds_sg_name
   }, local.default_tags, var.additional_tags)
 }
 
 module "gitlab_pg" {
   source                    = "terraform-aws-modules/rds/aws"
-  identifier                = "${local.environment_prefix}-gitlab-pg"
+  identifier                = local.gitlab_rds_cluster_name
   create_db_instance        = true
   create_db_subnet_group    = true
   create_db_parameter_group = var.gitlab_pg_create_db_parameter_group
@@ -44,6 +48,6 @@ module "gitlab_pg" {
   publicly_accessible       = var.gitlab_pg_publicly_accessible
   vpc_security_group_ids    = [aws_security_group.gitlab_rds.id]
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-pg"
+    Name = local.gitlab_rds_cluster_name
   }, local.default_tags, var.additional_tags)
 }
diff --git a/redis.tf b/redis.tf
index 6d43a25..b436649 100644
--- a/redis.tf
+++ b/redis.tf
@@ -1,6 +1,11 @@
 /* Resources for Gitlab Redis setup */
+locals {
+  gitlab_redis_sg_name           = "${local.environment_prefix}-gitlab-redis"
+  gitlab_redis_subnet_group_name = "${local.environment_prefix}-gitlab-redis"
+  gitlab_redis_cluster_id        = "${local.environment_prefix}-gitlab-redis"
+}
 resource "aws_security_group" "gitlab_redis" {
-  name        = "${local.environment_prefix}-gitlab-redis"
+  name        = local.gitlab_redis_sg_name
   vpc_id      = data.aws_vpc.vpc.id
   description = "Security group for Gitlab Redis"
   ingress = [
@@ -17,7 +22,7 @@ resource "aws_security_group" "gitlab_redis" {
     }
   ]
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
+    Name = local.gitlab_redis_sg_name
   }, local.default_tags, var.additional_tags)
 }
 
@@ -38,11 +43,11 @@ resource "aws_elasticache_parameter_group" "gitlab_redis" {
 
 resource "aws_elasticache_subnet_group" "gitlab_redis" {
   count      = var.gitlab_redis_create_subnet_group == true ? 1 : 0
-  name       = "${local.environment_prefix}-gitlab-redis"
+  name       = local.gitlab_redis_subnet_group_name
   subnet_ids = var.gitlab_redis_subnet_ids
 
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
+    Name = local.gitlab_redis_subnet_group_name
   }, local.default_tags, var.additional_tags)
 
   lifecycle {
@@ -54,7 +59,7 @@ resource "aws_elasticache_subnet_group" "gitlab_redis" {
 }
 
 resource "aws_elasticache_cluster" "gitlab_redis" {
-  cluster_id           = "${local.environment_prefix}-gitlab-redis"
+  cluster_id           = local.gitlab_redis_cluster_id
   engine               = "redis"
   node_type            = var.gitlab_redis_node_type
   num_cache_nodes      = var.gitlab_redis_num_cache_nodes
@@ -65,7 +70,7 @@ resource "aws_elasticache_cluster" "gitlab_redis" {
   subnet_group_name    = var.gitlab_redis_create_subnet_group == true ? aws_elasticache_subnet_group.gitlab_redis[0].name : var.gitlab_redis_subnet_group_name
 
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-redis"
+    Name = local.gitlab_redis_cluster_id
   }, local.default_tags, var.additional_tags)
 
   lifecycle {
diff --git a/ses.tf b/ses.tf
index 8eb0919..b55bb3f 100644
--- a/ses.tf
+++ b/ses.tf
@@ -1,4 +1,7 @@
 /* Resources for Amazon SES setup to be used as SMTP service for Gitlab */
+locals {
+  gitlab_ses_sender_name = "${local.environment_prefix}-gitlab-ses-sender"
+}
 data "aws_route53_zone" "email_domain" {
   count = var.create_ses_identity ? 1 : 0
   name  = var.ses_domain != null ? var.ses_domain : var.hosted_zone
@@ -45,11 +48,11 @@ data "aws_iam_policy_document" "gitlab_ses_sender" {
 
 resource "aws_iam_policy" "gitlab_ses_sender" {
   count       = var.create_ses_identity ? 1 : 0
-  name        = "${local.environment_prefix}-gitlab-ses-sender"
+  name        = local.gitlab_ses_sender_name
   description = "Allows sending of e-mails via Simple Email Service"
   policy      = data.aws_iam_policy_document.gitlab_ses_sender[0].json
   tags = merge({
-    Name = "${local.environment_prefix}-gitlab-ses-sender"
+    Name = local.gitlab_ses_sender_name
   }, local.default_tags, var.additional_tags)
 }