maddevsio · halfb00t · Aug 11, 2021 · Aug 9, 2021 · Aug 9, 2021 · Aug 9, 2021
diff --git a/terraform/layer1-aws/.terraform.lock.hcl b/terraform/layer1-aws/.terraform.lock.hcl
diff --git a/terraform/layer1-aws/aws-acm.tf b/terraform/layer1-aws/aws-acm.tf
@@ -1,23 +1,23 @@
 module "acm" {
   source  = "terraform-aws-modules/acm/aws"
-  version = "2.12.0"
+  version = "3.2.0"
 
   create_certificate = var.create_acm_certificate
 
-  domain_name               = local.domain_name
-  subject_alternative_names = ["*.${local.domain_name}"]
-  zone_id                   = local.zone_id
+  domain_name = local.domain_name
+  subject_alternative_names = [
+  "*.${local.domain_name}"]
+  zone_id = local.zone_id
 
-  tags = {
-    Name        = local.name
-    Environment = local.env
-  }
+  tags = local.tags
 }
 
 data "aws_acm_certificate" "main" {
   count = var.create_acm_certificate ? 0 : 1
 
-  domain      = var.domain_name
-  statuses    = ["ISSUED", "PENDING_VALIDATION"]
+  domain = var.domain_name
+  statuses = [
+    "ISSUED",
+  "PENDING_VALIDATION"]
   most_recent = true
 }
diff --git a/terraform/layer1-aws/aws-eks.tf b/terraform/layer1-aws/aws-eks.tf
@@ -1,6 +1,6 @@
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "15.1.0"
+  version = "17.1.0"
 
   cluster_name    = local.name
   cluster_version = var.eks_cluster_version

diff --git a/terraform/layer1-aws/aws-r53.tf b/terraform/layer1-aws/aws-r53.tf
@@ -1,16 +1,13 @@
 module "r53_zone" {
   source  = "terraform-aws-modules/route53/aws//modules/zones"
-  version = "~> 1.9.0"
+  version = "2.1.0"
 
   create = var.create_r53_zone
 
   zones = {
     (var.domain_name) = {
       comment = var.domain_name
-      tags = {
-        Name        = local.name
-        Environment = local.env
-      }
+      tags    = local.tags
     }
   }
 }

diff --git a/terraform/layer1-aws/aws-vpc-endpoints.tf b/terraform/layer1-aws/aws-vpc-endpoints.tf
@@ -0,0 +1,27 @@
+# https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/examples/complete-vpc/main.tf#L82
+
+data "aws_security_group" "default" {
+  name   = "default"
+  vpc_id = module.vpc.vpc_id
+}
+
+module "vpc_endpoints" {
+  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  version = "3.2.0"
+
+  vpc_id = module.vpc.vpc_id
+
+  security_group_ids = [
+  data.aws_security_group.default.id]
+
+  endpoints = {
+    s3 = {
+      service = "s3"
+      tags = {
+        Name = "s3-vpc-endpoint"
+      }
+    },
+  }
+
+  tags = local.tags
+}
diff --git a/terraform/layer1-aws/aws-vpc.tf b/terraform/layer1-aws/aws-vpc.tf
@@ -6,13 +6,12 @@ locals {
   database_subnets = chunklist(local.cidr_subnets[2], var.az_count)[0]
   intra_subnets    = chunklist(local.cidr_subnets[3], var.az_count)[0]
 
-  azs = chunklist(data.aws_availability_zones.available.names, var.az_count)[0]
-
+  azs = data.aws_availability_zones.available.names
 }
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "2.70.0"
+  version = "3.2.0"
 
   name = local.name
   cidr = var.cidr
@@ -29,20 +28,15 @@ module "vpc" {
   enable_dns_hostnames = true
   enable_dns_support   = true
 
-  enable_s3_endpoint = true
-
   create_database_subnet_group = false
 
   manage_default_security_group  = true
-  default_security_group_ingress = [{}]
-  default_security_group_egress  = [{}]
+  default_security_group_ingress = []
+  default_security_group_egress  = []
 
-  tags = {
-    Name                                  = local.name
-    Environment                           = local.env
+  tags = merge(local.tags, {
     "kubernetes.io/cluster/${local.name}" = "shared"
-
-  }
+  })
 
   private_subnet_tags = {
     Name                              = "${local.name}-private"
@@ -87,5 +81,3 @@ module "vpc" {
   }
 
 }
-
-
diff --git a/terraform/layer1-aws/locals.tf b/terraform/layer1-aws/locals.tf
@@ -7,16 +7,22 @@ locals {
   domain_name    = var.domain_name
   account_id     = data.aws_caller_identity.current.account_id
 
+  tags = {
+    Name        = local.name
+    Environment = local.env
+  }
+
   ssl_certificate_arn = var.create_acm_certificate ? module.acm.this_acm_certificate_arn : data.aws_acm_certificate.main[0].arn
 
   zone_id = var.create_r53_zone ? keys(module.r53_zone.this_route53_zone_zone_id)[0] : (var.zone_id != null ? var.zone_id : data.aws_route53_zone.main[0].zone_id)
 
-  eks_map_roles = concat(
-    [{
-      rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator"
-      username = "administrator"
-      groups   = ["system:masters"]
-    }],
-    var.eks_map_roles
+  eks_map_roles = concat(var.eks_map_roles,
+    [
+      {
+        rolearn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/administrator"
+        username = "administrator"
+        groups = [
+        "system:masters"]
+    }]
   )
 }
diff --git a/terraform/layer1-aws/main.tf b/terraform/layer1-aws/main.tf
@@ -4,11 +4,11 @@ terraform {
   required_providers {
     aws = {
       source  = "aws"
-      version = "3.38.0"
+      version = "3.53.0"
     }
     kubernetes = {
       source  = "kubernetes"
-      version = "2.1.0"
+      version = "2.4.1"
     }
   }
 }