From b51235937e9d42feaa34eda38e5c2fcfb631885d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 19 Feb 2026 14:26:13 -0500 Subject: [PATCH] refactor --- common/availabilty_zones.tf | 25 ----- common/base_settings.tf | 5 - common/base_tags.tf | 16 --- common/locals.tf | 2 - common/main.tf | 4 - common/resources.tf | 43 -------- common/variables.common.availability_zones.tf | 5 - common/variables.common.tf | 20 ---- common/variables.parameters.tf | 59 ----------- common/version.tf | 1 - ec2/README.md | 52 ---------- {common => modules/ec2}/data.tf | 12 ++- common/defaults.tf => modules/ec2/locals.tf | 52 ++++++---- modules/ec2/main.tf | 48 +++++++++ {ec2 => modules/ec2}/module_name.tf | 0 {common => modules/ec2}/outputs.tf | 15 +++ {common => modules/ec2}/prefixes.tf | 0 .../ec2/variables.common.tf | 97 +++++++++++++++++-- .../ec2}/variables.safeguards.tf | 0 {common => modules/ec2}/variables.tags.tf | 0 {common => modules/ec2}/versions.tf | 0 {ec2 => s3}/availabilty_zones.tf | 0 {ec2 => s3}/base_settings.tf | 0 {ec2 => s3}/base_tags.tf | 0 {ec2 => s3}/data.tf | 0 {ec2 => s3}/defaults.tf | 0 {ec2 => s3}/locals.tf | 0 s3/main.tf | 1 + {ec2 => s3}/outputs.tf | 0 s3/prefixes.tf | 1 + {ec2 => s3}/resources.tf | 0 .../variables.common.availability_zones.tf | 0 {ec2 => s3}/variables.common.tf | 0 {ec2 => s3}/variables.parameters.tf | 0 {ec2 => s3}/variables.product.tf | 0 {ec2 => s3}/variables.safeguards.tf | 0 {ec2 => s3}/variables.tags.tf | 0 {ec2 => s3}/version.tf | 0 {ec2 => s3}/versions.tf | 0 39 files changed, 200 insertions(+), 258 deletions(-) delete mode 100644 common/availabilty_zones.tf delete mode 100644 common/base_settings.tf delete mode 100644 common/base_tags.tf delete mode 100644 common/locals.tf delete mode 100644 common/main.tf delete mode 100644 common/resources.tf delete mode 100644 common/variables.common.availability_zones.tf delete mode 100644 common/variables.common.tf delete mode 100644 common/variables.parameters.tf delete mode 120000 common/version.tf delete mode 100644 ec2/README.md rename {common => modules/ec2}/data.tf (85%) rename common/defaults.tf => modules/ec2/locals.tf (57%) create mode 100644 modules/ec2/main.tf rename {ec2 => modules/ec2}/module_name.tf (100%) rename {common => modules/ec2}/outputs.tf (80%) rename {common => modules/ec2}/prefixes.tf (100%) rename common/variables.product.tf => modules/ec2/variables.common.tf (56%) rename {common => modules/ec2}/variables.safeguards.tf (100%) rename {common => modules/ec2}/variables.tags.tf (100%) rename {common => modules/ec2}/versions.tf (100%) rename {ec2 => s3}/availabilty_zones.tf (100%) rename {ec2 => s3}/base_settings.tf (100%) rename {ec2 => s3}/base_tags.tf (100%) rename {ec2 => s3}/data.tf (100%) rename {ec2 => s3}/defaults.tf (100%) rename {ec2 => s3}/locals.tf (100%) create mode 120000 s3/main.tf rename {ec2 => s3}/outputs.tf (100%) create mode 120000 s3/prefixes.tf rename {ec2 => s3}/resources.tf (100%) rename {ec2 => s3}/variables.common.availability_zones.tf (100%) rename {ec2 => s3}/variables.common.tf (100%) rename {ec2 => s3}/variables.parameters.tf (100%) rename {ec2 => s3}/variables.product.tf (100%) rename {ec2 => s3}/variables.safeguards.tf (100%) rename {ec2 => s3}/variables.tags.tf (100%) rename {ec2 => s3}/version.tf (100%) rename {ec2 => s3}/versions.tf (100%) diff --git a/common/availabilty_zones.tf b/common/availabilty_zones.tf deleted file mode 100644 index 0684edb..0000000 --- a/common/availabilty_zones.tf +++ /dev/null @@ -1,25 +0,0 @@ -data "aws_availability_zones" "zones" { - state = "available" -} - -data "aws_availability_zone" "zone" { - for_each = toset(data.aws_availability_zones.zones.names) - state = "available" - name = each.key -} - - -output "availability_zone_names" { - description = "VPC Availability zone name list" - value = data.aws_availability_zones.zones.names -} - -output "availability_zone_ids" { - description = "VPC Availability zone id list" - value = data.aws_availability_zones.zones.zone_ids -} - -output "availability_zone_suffixes" { - description = "VPC Availability zone suffix list" - value = [for k, v in data.aws_availability_zone.zone : v.name_suffix] -} diff --git a/common/base_settings.tf b/common/base_settings.tf deleted file mode 100644 index a27da54..0000000 --- a/common/base_settings.tf +++ /dev/null @@ -1,5 +0,0 @@ -locals { - account_id = data.aws_caller_identity.current.account_id - region = data.aws_region.current.id - partition = data.aws_partition.current.partition -} diff --git a/common/base_tags.tf b/common/base_tags.tf deleted file mode 100644 index 1c3a269..0000000 --- a/common/base_tags.tf +++ /dev/null @@ -1,16 +0,0 @@ -locals { - standard_tags = { - ManagedBy = "Terraform" - Module = local.module_name - } - - enforced_tags = merge( - local.standard_tags, - var.enforced_tags - ) - - tags = merge( - local.enforced_tags, - var.tags - ) -} diff --git a/common/locals.tf b/common/locals.tf deleted file mode 100644 index b491acd..0000000 --- a/common/locals.tf +++ /dev/null @@ -1,2 +0,0 @@ -# Intentionally empty file for consistency with aws-s3 pattern -# Module-specific locals should be defined in each submodule \ No newline at end of file diff --git a/common/main.tf b/common/main.tf deleted file mode 100644 index 60ccef9..0000000 --- a/common/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -# Product Submodule -# -# Provisions a Service Catalog product -# using a pre-configured portfolio and product diff --git a/common/resources.tf b/common/resources.tf deleted file mode 100644 index 19afffd..0000000 --- a/common/resources.tf +++ /dev/null @@ -1,43 +0,0 @@ -resource "aws_servicecatalog_provisioned_product" "this" { - name = var.provisioned_product_name - product_id = local.product_id - provisioning_artifact_id = local.provisioning_artifact_id - region = local.region - path_id = var.path_id - accept_language = var.accept_language - ignore_errors = var.ignore_errors - notification_arns = var.notification_arns - retain_physical_resources = var.retain_physical_resources - - dynamic "provisioning_parameters" { - for_each = local.provisioning_parameters - content { - key = provisioning_parameters.value.key - value = provisioning_parameters.value.value - } - } - - dynamic "stack_set_provisioning_preferences" { - for_each = var.stack_set_provisioning_preferences != null ? [var.stack_set_provisioning_preferences] : [] - content { - accounts = try(stack_set_provisioning_preferences.value.accounts, null) - failure_tolerance_count = try(stack_set_provisioning_preferences.value.failure_tolerance_count, null) - failure_tolerance_percentage = try(stack_set_provisioning_preferences.value.failure_tolerance_percentage, null) - max_concurrency_count = try(stack_set_provisioning_preferences.value.max_concurrency_count, null) - max_concurrency_percentage = try(stack_set_provisioning_preferences.value.max_concurrency_percentage, null) - regions = try(stack_set_provisioning_preferences.value.regions, null) - } - } - - tags = local.tags - - timeouts { - create = var.timeout - update = var.timeout - delete = var.timeout - } - - depends_on = [ - data.aws_servicecatalog_provisioning_artifacts.this - ] -} diff --git a/common/variables.common.availability_zones.tf b/common/variables.common.availability_zones.tf deleted file mode 100644 index 3e17e57..0000000 --- a/common/variables.common.availability_zones.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "availability_zones" { - description = "AWS Availability Zones to use (by default will use all available)" - type = list(string) - default = [] -} diff --git a/common/variables.common.tf b/common/variables.common.tf deleted file mode 100644 index e2363b9..0000000 --- a/common/variables.common.tf +++ /dev/null @@ -1,20 +0,0 @@ -#--- -# account info -#--- -variable "account_id" { - description = "AWS Account ID (default will pull from current user)" - type = string - default = "" -} - -variable "account_alias" { - description = "AWS Account Alias" - type = string - default = "" -} - -variable "override_prefixes" { - description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things" - type = map(string) - default = {} -} diff --git a/common/variables.parameters.tf b/common/variables.parameters.tf deleted file mode 100644 index 23f6da2..0000000 --- a/common/variables.parameters.tf +++ /dev/null @@ -1,59 +0,0 @@ -variable "parameters" { - description = "Parameters to pass to the Service Catalog product. Map of parameter names to values" - type = map(string) - default = {} -} - -variable "project_name" { - description = "Project name (ProjectName parameter)" - type = string - default = "" -} - -variable "creator" { - description = "Creator's JBID (Creator parameter)" - type = string - default = "" -} - -variable "contact_email" { - description = "Provisioning user's email (ContactEmail parameter)" - type = string - default = "" -} - -variable "inc_poc_email" { - description = "Incident POC email (IncPocEmail parameter)" - type = string - default = "" -} - -variable "instance_type" { - description = "EC2 instance type" - type = string - default = "t3.small" -} - -variable "os_name" { - description = "Operating system version" - type = string - default = "RHEL9" -} - -variable "requires_backup" { - description = "Backup requirement" - type = string - default = "no" -} - -variable "power_schedule" { - description = "Power schedule" - type = string - default = "" -} - -variable "fisma_id" { - description = "FISMA ID" - type = string - default = "" -} diff --git a/common/version.tf b/common/version.tf deleted file mode 120000 index 061373c..0000000 --- a/common/version.tf +++ /dev/null @@ -1 +0,0 @@ -../version.tf \ No newline at end of file diff --git a/ec2/README.md b/ec2/README.md deleted file mode 100644 index b305736..0000000 --- a/ec2/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# AWS Service Catalog - EC2 Module - -Provisions EC2 instances from AWS Service Catalog. - -## Usage - -```hcl -module "ec2_instance" { - source = "path/to/aws-servicecatalog/ec2" - - provisioned_product_name = "my-web-server" - portfolio_name_pattern = "edl-portfolio" - product_name_pattern = "linux-product" - - parameters = { - InstanceType = "t3.medium" - KeyName = "my-key" - SubnetId = "subnet-12345" - VpcId = "vpc-12345" - } - - tags = { - Environment = "production" - Application = "web" - } -} -``` - -## Requirements - -| Name | Version | -|------|---------| -| terraform | >= 1.0 | -| aws | >= 5.0 | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| provisioned_product_name | Name of the provisioned product | `string` | n/a | yes | -| parameters | Product parameters | `map(string)` | `{}` | no | -| portfolio_name_pattern | Pattern to search for portfolio | `string` | `"edl-portfolio"` | no | -| product_name_pattern | Pattern to search for product | `string` | `"linux-product"` | no | -| tags | Additional tags | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| provisioned_product_id | The ID of the provisioned product | -| provisioned_product_arn | The ARN of the provisioned product | -| stack_outputs | CloudFormation stack outputs | \ No newline at end of file diff --git a/common/data.tf b/modules/ec2/data.tf similarity index 85% rename from common/data.tf rename to modules/ec2/data.tf index 1cc0dec..4a0532d 100644 --- a/common/data.tf +++ b/modules/ec2/data.tf @@ -50,8 +50,18 @@ data "aws_servicecatalog_provisioning_artifacts" "this" { product_id = local.product_id } +data "aws_availability_zones" "zones" { + state = "available" +} + +data "aws_availability_zone" "zone" { + for_each = toset(data.aws_availability_zones.zones.names) + state = "available" + name = each.key +} + data "external" "portfolio" { - program = ["bash", "-c", "aws servicecatalog list-portfolios --region ${local.region} --query \"PortfolioDetails[?contains(DisplayName, 'Service Portfolio for csvd-dev account')]|[0]|{id: Id}\" --output json"] + program = ["bash", "-c", "aws servicecatalog list-portfolios --region ${local.region} --query \"PortfolioDetails[?contains(DisplayName, 'Service Portfolio for')]|[0]|{id: Id}\" --output json"] } data "external" "product" { diff --git a/common/defaults.tf b/modules/ec2/locals.tf similarity index 57% rename from common/defaults.tf rename to modules/ec2/locals.tf index af7248f..26bea18 100644 --- a/common/defaults.tf +++ b/modules/ec2/locals.tf @@ -1,7 +1,10 @@ locals { - vpc_id = data.aws_vpc.vpc.id - az_name = data.aws_subnet.subnets[sort(data.aws_subnets.subnets.ids)[0]].availability_zone - + account_id = data.aws_caller_identity.current.account_id + az_name = data.aws_subnet.subnets[sort(data.aws_subnets.subnets.ids)[0]].availability_zone + partition = data.aws_partition.current.partition + region = data.aws_region.current.id + vpc_id = data.aws_vpc.vpc.id + # Use provided portfolio_id or fall back to external data source lookup portfolio_id = var.portfolio_id != null ? var.portfolio_id : try(data.external.portfolio.result.id, null) @@ -21,20 +24,20 @@ locals { # Build default parameters from module variables default_parameters = { - ProjectName = var.project_name - VpcId = local.vpc_id - AZName = local.az_name - InstanceType = var.instance_type - NameTag = var.provisioned_product_name - OSName = var.os_name - Creator = var.creator - ContactEmail = var.contact_email - IncPocEmail = var.inc_poc_email - RequiresBackup = var.requires_backup - PowerSchedule = var.power_schedule - FISMAID = var.fisma_id + ProjectName = var.project_name + VpcId = local.vpc_id + AZName = local.az_name + InstanceType = var.instance_type + NameTag = var.provisioned_product_name + OSName = var.os_name + Creator = var.creator + ContactEmail = var.contact_email + IncPocEmail = var.inc_poc_email + RequiresBackup = var.requires_backup + PowerSchedule = var.power_schedule + FISMAID = var.fisma_id } - + # Merge defaults with user-provided parameters (user params override defaults) parameters = merge( local.default_parameters, @@ -49,4 +52,19 @@ locals { } if value != "" # Only include non-empty values ] -} + + standard_tags = { + ManagedBy = "Terraform" + Module = local.module_name + } + + enforced_tags = merge( + local.standard_tags, + var.enforced_tags + ) + + tags = merge( + local.enforced_tags, + var.tags + ) +} \ No newline at end of file diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf new file mode 100644 index 0000000..b4f97fe --- /dev/null +++ b/modules/ec2/main.tf @@ -0,0 +1,48 @@ +# Product Submodule +# +# Provisions a Service Catalog product +# using a pre-configured portfolio and product + +resource "aws_servicecatalog_provisioned_product" "this" { + name = var.provisioned_product_name + product_id = local.product_id + provisioning_artifact_id = local.provisioning_artifact_id + region = local.region + path_id = var.path_id + accept_language = var.accept_language + ignore_errors = var.ignore_errors + notification_arns = var.notification_arns + retain_physical_resources = var.retain_physical_resources + + dynamic "provisioning_parameters" { + for_each = local.provisioning_parameters + content { + key = provisioning_parameters.value.key + value = provisioning_parameters.value.value + } + } + + dynamic "stack_set_provisioning_preferences" { + for_each = var.stack_set_provisioning_preferences != null ? [var.stack_set_provisioning_preferences] : [] + content { + accounts = try(stack_set_provisioning_preferences.value.accounts, null) + failure_tolerance_count = try(stack_set_provisioning_preferences.value.failure_tolerance_count, null) + failure_tolerance_percentage = try(stack_set_provisioning_preferences.value.failure_tolerance_percentage, null) + max_concurrency_count = try(stack_set_provisioning_preferences.value.max_concurrency_count, null) + max_concurrency_percentage = try(stack_set_provisioning_preferences.value.max_concurrency_percentage, null) + regions = try(stack_set_provisioning_preferences.value.regions, null) + } + } + + tags = local.tags + + timeouts { + create = var.timeout + update = var.timeout + delete = var.timeout + } + + depends_on = [ + data.aws_servicecatalog_provisioning_artifacts.this + ] +} diff --git a/ec2/module_name.tf b/modules/ec2/module_name.tf similarity index 100% rename from ec2/module_name.tf rename to modules/ec2/module_name.tf diff --git a/common/outputs.tf b/modules/ec2/outputs.tf similarity index 80% rename from common/outputs.tf rename to modules/ec2/outputs.tf index da95dd3..5ab1436 100644 --- a/common/outputs.tf +++ b/modules/ec2/outputs.tf @@ -62,3 +62,18 @@ output "availability_zone" { description = "The availability zone of the first selected subnet" value = data.aws_subnet.subnets[sort(data.aws_subnets.subnets.ids)[0]].availability_zone } + +output "availability_zone_names" { + description = "VPC Availability zone name list" + value = data.aws_availability_zones.zones.names +} + +output "availability_zone_ids" { + description = "VPC Availability zone id list" + value = data.aws_availability_zones.zones.zone_ids +} + +output "availability_zone_suffixes" { + description = "VPC Availability zone suffix list" + value = [for k, v in data.aws_availability_zone.zone : v.name_suffix] +} \ No newline at end of file diff --git a/common/prefixes.tf b/modules/ec2/prefixes.tf similarity index 100% rename from common/prefixes.tf rename to modules/ec2/prefixes.tf diff --git a/common/variables.product.tf b/modules/ec2/variables.common.tf similarity index 56% rename from common/variables.product.tf rename to modules/ec2/variables.common.tf index b6dae08..195849d 100644 --- a/common/variables.product.tf +++ b/modules/ec2/variables.common.tf @@ -1,3 +1,90 @@ +#--- +# account info +#--- +variable "account_id" { + description = "AWS Account ID (default will pull from current user)" + type = string + default = "" +} + +variable "account_alias" { + description = "AWS Account Alias" + type = string + default = "" +} + +variable "override_prefixes" { + description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things" + type = map(string) + default = {} +} + +variable "availability_zones" { + description = "AWS Availability Zones to use (by default will use all available)" + type = list(string) + default = [] +} + +variable "parameters" { + description = "Parameters to pass to the Service Catalog product. Map of parameter names to values" + type = map(string) + default = {} +} + +variable "project_name" { + description = "Project name (ProjectName parameter)" + type = string + default = "" +} + +variable "creator" { + description = "Creator's JBID (Creator parameter)" + type = string + default = "" +} + +variable "contact_email" { + description = "Provisioning user's email (ContactEmail parameter)" + type = string + default = "" +} + +variable "inc_poc_email" { + description = "Incident POC email (IncPocEmail parameter)" + type = string + default = "" +} + +variable "instance_type" { + description = "EC2 instance type" + type = string + default = "t3.small" +} + +variable "os_name" { + description = "Operating system version" + type = string + default = "RHEL9" +} + +variable "requires_backup" { + description = "Backup requirement" + type = string + default = "no" +} + +variable "power_schedule" { + description = "Power schedule" + type = string + default = "" +} + +variable "fisma_id" { + description = "FISMA ID" + type = string + default = "" +} + variable "provisioned_product_name" { description = "Name of the provisioned product" type = string @@ -11,19 +98,13 @@ variable "provisioned_product_name" { variable "portfolio_id" { description = "Portfolio ID. If not provided, will lookup by portfolio_name_pattern" type = string - default = null -} - -variable "portfolio_name_pattern" { - description = "Pattern to search for portfolio by name. Used when portfolio_id is not provided" - type = string - default = "edl-portfolio" + default = "port-pgj3zvoqca7ya" } variable "product_id" { description = "Product ID. If not provided, will lookup by product_name_pattern" type = string - default = null + default = "prod-43foqxjcq5isw" } variable "product_name_pattern" { diff --git a/common/variables.safeguards.tf b/modules/ec2/variables.safeguards.tf similarity index 100% rename from common/variables.safeguards.tf rename to modules/ec2/variables.safeguards.tf diff --git a/common/variables.tags.tf b/modules/ec2/variables.tags.tf similarity index 100% rename from common/variables.tags.tf rename to modules/ec2/variables.tags.tf diff --git a/common/versions.tf b/modules/ec2/versions.tf similarity index 100% rename from common/versions.tf rename to modules/ec2/versions.tf diff --git a/ec2/availabilty_zones.tf b/s3/availabilty_zones.tf similarity index 100% rename from ec2/availabilty_zones.tf rename to s3/availabilty_zones.tf diff --git a/ec2/base_settings.tf b/s3/base_settings.tf similarity index 100% rename from ec2/base_settings.tf rename to s3/base_settings.tf diff --git a/ec2/base_tags.tf b/s3/base_tags.tf similarity index 100% rename from ec2/base_tags.tf rename to s3/base_tags.tf diff --git a/ec2/data.tf b/s3/data.tf similarity index 100% rename from ec2/data.tf rename to s3/data.tf diff --git a/ec2/defaults.tf b/s3/defaults.tf similarity index 100% rename from ec2/defaults.tf rename to s3/defaults.tf diff --git a/ec2/locals.tf b/s3/locals.tf similarity index 100% rename from ec2/locals.tf rename to s3/locals.tf diff --git a/s3/main.tf b/s3/main.tf new file mode 120000 index 0000000..4a4ab61 --- /dev/null +++ b/s3/main.tf @@ -0,0 +1 @@ +../common/main.tf \ No newline at end of file diff --git a/ec2/outputs.tf b/s3/outputs.tf similarity index 100% rename from ec2/outputs.tf rename to s3/outputs.tf diff --git a/s3/prefixes.tf b/s3/prefixes.tf new file mode 120000 index 0000000..7e265d5 --- /dev/null +++ b/s3/prefixes.tf @@ -0,0 +1 @@ +../common/prefixes.tf \ No newline at end of file diff --git a/ec2/resources.tf b/s3/resources.tf similarity index 100% rename from ec2/resources.tf rename to s3/resources.tf diff --git a/ec2/variables.common.availability_zones.tf b/s3/variables.common.availability_zones.tf similarity index 100% rename from ec2/variables.common.availability_zones.tf rename to s3/variables.common.availability_zones.tf diff --git a/ec2/variables.common.tf b/s3/variables.common.tf similarity index 100% rename from ec2/variables.common.tf rename to s3/variables.common.tf diff --git a/ec2/variables.parameters.tf b/s3/variables.parameters.tf similarity index 100% rename from ec2/variables.parameters.tf rename to s3/variables.parameters.tf diff --git a/ec2/variables.product.tf b/s3/variables.product.tf similarity index 100% rename from ec2/variables.product.tf rename to s3/variables.product.tf diff --git a/ec2/variables.safeguards.tf b/s3/variables.safeguards.tf similarity index 100% rename from ec2/variables.safeguards.tf rename to s3/variables.safeguards.tf diff --git a/ec2/variables.tags.tf b/s3/variables.tags.tf similarity index 100% rename from ec2/variables.tags.tf rename to s3/variables.tags.tf diff --git a/ec2/version.tf b/s3/version.tf similarity index 100% rename from ec2/version.tf rename to s3/version.tf diff --git a/ec2/versions.tf b/s3/versions.tf similarity index 100% rename from ec2/versions.tf rename to s3/versions.tf