From 1c72e6edb391d739fe38788afd7408da840e7780 Mon Sep 17 00:00:00 2001 From: rakeshclouddevops Date: Sat, 16 Nov 2024 00:57:09 +0530 Subject: [PATCH 1/2] Refactor Terraform configurations: Update variables, outputs, and examples --- examples/complete/README.md | 3 - examples/complete/example.tf | 73 ++-- examples/complete/output.tf | 14 - examples/complete/outputs.tf | 109 +++++ examples/complete/variables.auto.tfvars | 3 - examples/complete/variables.tf | 17 + examples/complete/versions.tf | 8 +- main.tf | 275 ++----------- outputs.tf | 111 ++++- variables.tf | 523 +++++++++--------------- 10 files changed, 501 insertions(+), 635 deletions(-) delete mode 100644 examples/complete/README.md delete mode 100644 examples/complete/output.tf create mode 100644 examples/complete/outputs.tf delete mode 100644 examples/complete/variables.auto.tfvars diff --git a/examples/complete/README.md b/examples/complete/README.md deleted file mode 100644 index 743bb00..0000000 --- a/examples/complete/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## examples/complete - -An example which shows _complete_ usage of the module. diff --git a/examples/complete/example.tf b/examples/complete/example.tf index 4452665..e530571 100644 --- a/examples/complete/example.tf +++ b/examples/complete/example.tf @@ -90,56 +90,57 @@ module "mq_broker" { source = "../.." # Reference the path of the root module where the MQ broker is defined # Pass in the values to configure the MQ broker - aws_region = var.aws_region - mq_broker_name = var.mq_broker_name - engine_type = var.engine_type - engine_version = var.engine_version - host_instance_type = var.host_instance_type - broker_name = var.broker_name + # aws_region = var.aws_region + broker_name = var.mq_broker_name + engine_type = var.engine_type + engine_version = var.engine_version + host_instance_type = var.host_instance_type + # broker_name = var.broker_name deployment_mode = var.deployment_mode maintenance_day_of_week = var.maintenance_day_of_week - maintenance_time = var.maintenance_time + maintenance_time_of_day = var.maintenance_time_of_day + maintenance_time_zone = var.maintenance_time_zone tags = var.tags # Pass in the VPC and Subnet created by the VPC and Subnet modules - vpc_id = module.vpc.vpc_id # Pass VPC ID - subnet_ids = [module.public_subnet.public_subnet_id[0]] # Pass subnet IDs - security_group_id = [module.security_group.security_group_id] + vpc_id = module.vpc.vpc_id # Pass VPC ID + subnet_ids = [module.public_subnet.public_subnet_id[0]] # Pass subnet IDs + security_group_id = [module.security_group.security_group_id] # MQ broker-specific settings - apply_immediately = var.apply_immediately - auto_minor_version_upgrade = var.auto_minor_version_upgrade - publicly_accessible = var.publicly_accessible - general_log_enabled = var.general_log_enabled - audit_log_enabled = var.audit_log_enabled - kms_mq_key_arn = var.kms_mq_key_arn - use_aws_owned_key = var.use_aws_owned_key - ssm_path = var.ssm_path - encryption_enabled = var.encryption_enabled - kms_ssm_key_arn = var.kms_ssm_key_arn - allowed_ingress_ports = var.allowed_ingress_ports + apply_immediately = var.apply_immediately + auto_minor_version_upgrade = var.auto_minor_version_upgrade + publicly_accessible = var.publicly_accessible + general_log_enabled = var.general_log_enabled + audit_log_enabled = var.audit_log_enabled + kms_mq_key_arn = var.kms_mq_key_arn + use_aws_owned_key = var.use_aws_owned_key + ssm_path = var.ssm_path + encryption_enabled = var.encryption_enabled + kms_ssm_key_arn = var.kms_ssm_key_arn + allowed_ingress_ports = var.allowed_ingress_ports additional_security_group_ids = var.additional_security_group_ids # Admin and Application user credentials - mq_admin_user = var.mq_admin_user - mq_admin_password = var.mq_admin_password - mq_application_user = var.mq_application_username - mq_application_password = var.mq_application_password - alias = format( - "alias/%s", - replace(var.alias, "[^a-zA-Z0-9_-]", "_") - ) + mq_admin_user = var.mq_admin_user + mq_admin_password = var.mq_admin_password + # mq_application_user = var.mq_application_username + # mq_application_password = var.mq_application_password + # # alias = format( + # "alias/%s", + # replace(var.alias, "[^a-zA-Z0-9_-]", "_") + # ) # CloudWatch Log Settings - enable_cloudwatch_logs = var.enable_cloudwatch_logs - cloudwatch_log_group_name = var.cloudwatch_log_group_name - cloudwatch_log_retention_days = var.cloudwatch_log_retention_days + # enable_cloudwatch_logs = var.enable_cloudwatch_logs + # cloudwatch_log_group_name = var.cloudwatch_log_group_name + # cloudwatch_log_retention_days = var.cloudwatch_log_retention_days - # Secrets Manager settings (if enabled) - use_secrets_manager = var.use_secrets_manager - secret_manager_key_prefix = var.secret_manager_key_prefix + # # Secrets Manager settings (if enabled) + # use_secrets_manager = var.use_secrets_manager + # secret_manager_key_prefix = var.secret_manager_key_prefix + # } } - output "security_group_id" { value = module.security_group.security_group_id description = "The Security Group ID" diff --git a/examples/complete/output.tf b/examples/complete/output.tf deleted file mode 100644 index df79fef..0000000 --- a/examples/complete/output.tf +++ /dev/null @@ -1,14 +0,0 @@ -# # VPC module (outputs.tf) -# output "vpc_id" { -# value = aws_vpc.this.id -# } - -# # public_subnet module outputs.tf -# output "subnet_ids" { -# value = aws_subnet.this[*].id -# } - - -# output "security_group_ids" { -# value = aws_security_group.this[*].id -# } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf new file mode 100644 index 0000000..ae2be15 --- /dev/null +++ b/examples/complete/outputs.tf @@ -0,0 +1,109 @@ +# output "public_subnet_cidrs" { +# value = module.subnets.public_subnet_cidrs +# description = "Public subnet CIDR blocks" +# } + +# output "private_subnet_cidrs" { +# value = module.subnets.private_subnet_cidrs +# description = "Private subnet CIDR blocks" +# } + +# output "vpc_cidr" { +# value = module.vpc.vpc_cidr_block +# description = "VPC CIDR" +# } + +# output "broker_id" { +# value = module.mq_broker.broker_id +# description = "AmazonMQ broker ID" +# } + +# output "broker_arn" { +# value = module.mq_broker.broker_arn +# description = "AmazonMQ broker ARN" +# } + +# output "primary_console_url" { +# value = module.mq_broker.primary_console_url +# description = "AmazonMQ active web console URL" +# } + +# output "primary_ssl_endpoint" { +# value = module.mq_broker.primary_ssl_endpoint +# description = "AmazonMQ primary SSL endpoint" +# } + +# output "primary_amqp_ssl_endpoint" { +# value = module.mq_broker.primary_amqp_ssl_endpoint +# description = "AmazonMQ primary AMQP+SSL endpoint" +# } + +# output "primary_stomp_ssl_endpoint" { +# value = module.mq_broker.primary_stomp_ssl_endpoint +# description = "AmazonMQ primary STOMP+SSL endpoint" +# } + +# output "primary_mqtt_ssl_endpoint" { +# value = module.mq_broker.primary_mqtt_ssl_endpoint +# description = "AmazonMQ primary MQTT+SSL endpoint" +# } + +# output "primary_wss_endpoint" { +# value = module.mq_broker.primary_wss_endpoint +# description = "AmazonMQ primary WSS endpoint" +# } + +# output "primary_ip_address" { +# value = module.mq_broker.primary_ip_address +# description = "AmazonMQ primary IP address" +# } + +# output "secondary_console_url" { +# value = module.mq_broker.secondary_console_url +# description = "AmazonMQ secondary web console URL" +# } + +# output "secondary_ssl_endpoint" { +# value = module.mq_broker.secondary_ssl_endpoint +# description = "AmazonMQ secondary SSL endpoint" +# } + +# output "secondary_amqp_ssl_endpoint" { +# value = module.mq_broker.secondary_amqp_ssl_endpoint +# description = "AmazonMQ secondary AMQP+SSL endpoint" +# } + +# output "secondary_stomp_ssl_endpoint" { +# value = module.mq_broker.secondary_stomp_ssl_endpoint +# description = "AmazonMQ secondary STOMP+SSL endpoint" +# } + +# output "secondary_mqtt_ssl_endpoint" { +# value = module.mq_broker.secondary_mqtt_ssl_endpoint +# description = "AmazonMQ secondary MQTT+SSL endpoint" +# } + +# output "secondary_wss_endpoint" { +# value = module.mq_broker.secondary_wss_endpoint +# description = "AmazonMQ secondary WSS endpoint" +# } + +# output "secondary_ip_address" { +# value = module.mq_broker.secondary_ip_address +# description = "AmazonMQ secondary IP address" +# } + +# output "security_group_id" { +# value = module.mq_broker.security_group_id +# description = "AmazonMQ Security Group ID" +# } + +# output "security_group_arn" { +# value = module.mq_broker.security_group_arn +# description = "AmazonMQ Security Group ARN" +# } + +# output "security_group_name" { +# value = module.mq_broker.security_group_name +# description = "AmazonMQ Security Group name" +# } diff --git a/examples/complete/variables.auto.tfvars b/examples/complete/variables.auto.tfvars deleted file mode 100644 index dc91c44..0000000 --- a/examples/complete/variables.auto.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# ------------------------------------------------------------------------------ -# Variables -# ------------------------------------------------------------------------------ diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 5768a88..1c268f2 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -252,3 +252,20 @@ variable "secret_manager_key_prefix" { type = string default = "mq" # Default key prefix for Secrets Manager } +variable "attributes" { + description = "List of attributes to be used in SSM path" + type = list(string) + default = ["default_value"] # Provide a default value (a non-empty list) +} + +variable "maintenance_time_of_day" { + description = "The time of day for the maintenance window (e.g., 02:00)." + type = string + default = "02:00" # Set a default value, or leave it blank if required +} + +variable "maintenance_time_zone" { + description = "The time zone for the maintenance window (e.g., UTC, America/New_York)." + type = string + default = "UTC" # Set a default value, or leave it blank if required +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 6481c92..858e1cf 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,11 +1,17 @@ + +# ------------------------------------------------------------------------------ +# Versions +# ------------------------------------------------------------------------------ + terraform { required_version = ">= 1.6.6" required_providers { aws = { - source = "hashicorp/aws" # + source = "hashicorp/aws" version = ">= 5.31.0" } } } + diff --git a/main.tf b/main.tf index 1b80b2e..5865cb2 100644 --- a/main.tf +++ b/main.tf @@ -1,211 +1,32 @@ -# ------------------------------------------------------------------------------ -# Resources -# ------------------------------------------------------------------------------ locals { - label_order = var.label_order -} - -# Fetch existing SSM Parameters for MQ Application and Admin users -data "aws_ssm_parameter" "mq_application_username" { - count = var.mq_application_user_ssm_parameter_name != "" && var.use_secrets_manager ? 1 : 0 - name = var.mq_application_user_ssm_parameter_name -} - -data "aws_ssm_parameter" "mq_application_password" { - count = var.mq_application_password_ssm_parameter_name != "" && var.use_secrets_manager ? 1 : 0 - name = var.mq_application_password_ssm_parameter_name -} - -data "aws_ssm_parameter" "mq_master_username" { - count = var.mq_admin_user_ssm_parameter_name != "" && var.use_secrets_manager ? 1 : 0 - name = var.mq_admin_user_ssm_parameter_name -} - -data "aws_ssm_parameter" "mq_master_password" { - count = var.mq_admin_password_ssm_parameter_name != "" && var.use_secrets_manager ? 1 : 0 - name = var.mq_admin_password_ssm_parameter_name -} - -# Call the Clouddrove KMS module to create the KMS key if enabled -module "kms" { - source = "clouddrove/kms/aws" - enabled = var.kms_key_enabled - description = "KMS key for MQ" - key_usage = "ENCRYPT_DECRYPT" - alias = format( - "alias/%s", - replace(var.alias, "[^a-zA-Z0-9_-]", "_") - ) - enable_key_rotation = true - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Action = "kms:*" - Effect = "Allow" - Resource = "*" - Principal = { - AWS = "*" - } - } - ] - }) -} - -# Store Secrets in Secrets Manager or fallback to SSM based on flag -resource "aws_secretsmanager_secret" "mq_master_username_secret" { - count = var.use_secrets_manager && var.mq_admin_user != "" ? 1 : 0 - name = "${var.secret_manager_key_prefix}/admin/username" - description = "MQ Admin Username" - tags = var.tags -} - -resource "aws_secretsmanager_secret_version" "mq_master_username_version" { - count = var.use_secrets_manager && var.mq_admin_user != "" ? 1 : 0 - secret_id = aws_secretsmanager_secret.mq_master_username_secret[0].id - secret_string = jsonencode({ - username = var.mq_admin_user - }) -} - -# Secrets Manager for Admin Password -resource "aws_secretsmanager_secret" "mq_master_password_secret" { - count = var.use_secrets_manager && var.mq_admin_password != "" ? 1 : 0 - name = "${var.secret_manager_key_prefix}/admin/password" - description = "MQ Admin Password" - tags = var.tags -} - -resource "aws_secretsmanager_secret_version" "mq_master_password_version" { - count = var.use_secrets_manager && var.mq_admin_password != "" ? 1 : 0 - secret_id = aws_secretsmanager_secret.mq_master_password_secret[0].id - secret_string = jsonencode({ - password = var.mq_admin_password - }) -} - -# Secrets Manager for Application User -resource "aws_secretsmanager_secret" "mq_application_username_secret" { - count = var.use_secrets_manager && var.mq_application_user != "" ? 1 : 0 - name = "${var.secret_manager_key_prefix}/application/username" - description = "AMQ Application Username" - tags = var.tags -} - -resource "aws_secretsmanager_secret_version" "mq_application_username_version" { - count = var.use_secrets_manager && var.mq_application_user != "" ? 1 : 0 - secret_id = aws_secretsmanager_secret.mq_application_username_secret[0].id - secret_string = jsonencode({ - username = var.mq_application_user - }) -} - -# Secrets Manager for Application Password -resource "aws_secretsmanager_secret" "mq_application_password_secret" { - count = var.use_secrets_manager && var.mq_application_password != "" ? 1 : 0 - name = "${var.secret_manager_key_prefix}/application/password" - description = "AMQ Application Password" - tags = var.tags -} + enabled = var.enabled # Directly use the variable 'enabled' -resource "aws_secretsmanager_secret_version" "mq_application_password_version" { - count = var.use_secrets_manager && var.mq_application_password != "" ? 1 : 0 - secret_id = aws_secretsmanager_secret.mq_application_password_secret[0].id - secret_string = jsonencode({ - password = var.mq_application_password - }) -} - -# Fallback to SSM if not using Secrets Manager -resource "aws_ssm_parameter" "mq_master_username_ssm" { - count = var.mq_admin_user != "" && !var.use_secrets_manager ? 1 : 0 + # Admin user enabled if the engine type is ActiveMQ and no user is provided + mq_admin_user_enabled = local.enabled && var.engine_type == "ActiveMQ" + mq_admin_user_needed = local.mq_admin_user_enabled && length(var.mq_admin_user) == 0 + mq_admin_user = local.mq_admin_user_needed ? "" : try(var.mq_admin_user, "") - name = format("%s%s", - replace(trimspace(var.ssm_path), "/$", ""), - var.mq_admin_user_ssm_parameter_name - ) - value = var.mq_admin_user != "" ? var.mq_admin_user : "default_admin_user" - description = "MQ Username for the admin user" - type = "String" - tags = var.tags - overwrite = true - lifecycle { - prevent_destroy = false - create_before_destroy = true - ignore_changes = [value] - } - depends_on = [aws_ssm_parameter.mq_application_username_ssm] -} - -resource "aws_ssm_parameter" "mq_master_password_ssm" { - count = var.mq_admin_password != "" && !var.use_secrets_manager ? 1 : 0 - - name = "kms-alias" - value = var.mq_admin_password != "" ? var.mq_admin_password : "default_password" - description = "MQ Password for the admin user" - type = "SecureString" - key_id = module.kms.key_id - tags = var.tags - overwrite = true - lifecycle { - prevent_destroy = false - create_before_destroy = true - ignore_changes = [value] - } - depends_on = [aws_ssm_parameter.mq_application_username_ssm] -} + mq_admin_password_needed = local.mq_admin_user_enabled && length(var.mq_admin_password) == 0 + mq_admin_password = local.mq_admin_password_needed ? "" : try(var.mq_admin_password, "") -resource "aws_ssm_parameter" "mq_application_username_ssm" { - count = var.mq_application_user != "" && !var.use_secrets_manager ? 1 : 0 - name = format("%s%s", - replace(coalesce(var.ssm_path, ""), "/$", ""), - var.mq_application_user_ssm_parameter_name - ) - value = var.mq_application_user != "" ? var.mq_application_user : "default_application_user" - description = "AMQ Username for the application user" - type = "String" - tags = var.tags - overwrite = true - lifecycle { - prevent_destroy = false - create_before_destroy = true - ignore_changes = [value] + # Logs configuration + mq_logs = { + logs = { + "general_log_enabled" : var.general_log_enabled, + "audit_log_enabled" : var.audit_log_enabled + } } - depends_on = [aws_ssm_parameter.mq_application_username_ssm] -} -resource "aws_ssm_parameter" "mq_application_password_ssm" { - count = var.mq_application_password != "" && !var.use_secrets_manager ? 1 : 0 - name = format("%s%s", - replace(coalesce(var.ssm_path, ""), "/$", ""), - var.mq_application_password_ssm_parameter_name - ) - value = var.mq_application_password != "" ? var.mq_application_password : "default_app_password" - description = "AMQ Password for the application user" - type = "SecureString" - key_id = module.kms.key_id - tags = var.tags - overwrite = true - lifecycle { - prevent_destroy = false - create_before_destroy = true - ignore_changes = [value] - } - depends_on = [aws_ssm_parameter.mq_application_username_ssm] -} + # Ensure var.security_group_id is always a list (even if it contains one element) + # security_group_ids = type(var.security_group_id) == "list" ? var.security_group_id : [var.security_group_id] -# Create CloudWatch Log Group for MQ Logs (if enabled) -resource "aws_cloudwatch_log_group" "mq_logs" { - count = var.enable_cloudwatch_logs ? 1 : 0 - name = "/aws/mq/${var.mq_broker_name}" - retention_in_days = var.cloudwatch_log_retention_days - tags = var.tags + # Combine the security group ID provided and additional security group IDs + # broker_security_groups = compact(concat(security_group_ids, local.additional_security_group_ids)) } -# MQ Broker resource resource "aws_mq_broker" "default" { - count = var.mq_broker_name != "" ? 1 : 0 - broker_name = var.mq_broker_name + count = var.enabled ? 1 : 0 + broker_name = var.broker_name deployment_mode = var.deployment_mode engine_type = var.engine_type engine_version = var.engine_version @@ -216,62 +37,36 @@ resource "aws_mq_broker" "default" { subnet_ids = var.subnet_ids tags = var.tags security_groups = var.security_group_id + # Ensure security_groups is always a valid list with at least one group + # security_groups = length(local.broker_security_groups) > 0 ? local.broker_security_groups : ["default-security-group-id"] - # Encryption options - Use AWS-owned KMS key or a custom key + # Encryption options, enabled if the flag is true dynamic "encryption_options" { - for_each = var.encryption_enabled ? ["true"] : [] + for_each = var.encryption_enabled ? [1] : [] content { - kms_key_id = module.kms.key_id - use_aws_owned_key = false + kms_key_id = var.kms_mq_key_arn + use_aws_owned_key = var.use_aws_owned_key } } - # Enable CloudWatch logs for general and audit logs if CloudWatch is enabled + # Logs block: Use direct booleans for logging configuration logs { - general = var.general_log_enabled ? true : false - audit = var.audit_log_enabled ? true : false + general = var.general_log_enabled + audit = var.audit_log_enabled } + # Maintenance window configuration maintenance_window_start_time { day_of_week = var.maintenance_day_of_week time_of_day = var.maintenance_time_of_day time_zone = var.maintenance_time_zone } - # Dynamically assign the user based on whether admin or application user exists - dynamic "user" { - for_each = length(var.mq_admin_user) > 0 || length(var.mq_application_user) > 0 ? [1] : [] - - content { - username = length(var.mq_admin_user) > 0 ? ( - var.use_secrets_manager ? ( - length(aws_secretsmanager_secret.mq_master_username_secret) > 0 ? jsondecode(aws_secretsmanager_secret_version.mq_master_username_version[0].secret_string).username : "default_admin_user" - ) : var.mq_admin_user - ) : ( - var.use_secrets_manager ? ( - length(aws_secretsmanager_secret.mq_application_username_secret) > 0 ? jsondecode(aws_secretsmanager_secret_version.mq_application_username_version[0].secret_string).username : "default_application_user" - ) : var.mq_application_user - ) - - password = length(var.mq_admin_password) > 0 ? ( - var.use_secrets_manager ? ( - length(aws_secretsmanager_secret.mq_master_password_secret) > 0 ? jsondecode(aws_secretsmanager_secret_version.mq_master_password_version[0].secret_string).password : "Admin12345678!" - ) : var.mq_admin_password - ) : ( - var.use_secrets_manager ? ( - length(aws_secretsmanager_secret.mq_application_password_secret) > 0 ? jsondecode(aws_secretsmanager_secret_version.mq_application_password_version[0].secret_string).password : "App12345678!" - ) : var.mq_application_password - ) - - groups = var.mq_admin_groups - console_access = var.console_access - } + # Ensure at least one user block is always present + user { + username = var.mq_admin_user != "" ? var.mq_admin_user : "default_admin" # Fallback to "default_admin" + password = var.mq_admin_password != "" ? var.mq_admin_password : "default_password" # Fallback to "default_password" + groups = ["admin"] + console_access = true } - lifecycle { - prevent_destroy = false - create_before_destroy = true - ignore_changes = [value] - } - - depends_on = [aws_ssm_parameter.mq_application_username_ssm, aws_ssm_parameter.mq_master_username_ssm] } diff --git a/outputs.tf b/outputs.tf index 22dc95d..31cd62a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,29 +1,104 @@ -# ------------------------------------------------------------------------------ -# Outputs -# ------------------------------------------------------------------------------ -output "label_order" { - value = local.label_order - description = "Label order." -} +# output "broker_id" { +# value = join("", aws_mq_broker.default.*.id) +# description = "AmazonMQ broker ID" +# } + +# output "broker_arn" { +# value = join("", aws_mq_broker.default.*.arn) +# description = "AmazonMQ broker ARN" +# } + +# output "primary_console_url" { +# value = try(aws_mq_broker.default[0].instances[0].console_url, "") +# description = "AmazonMQ active web console URL" +# } + +# output "primary_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[0].endpoints[0], "") +# description = "AmazonMQ primary SSL endpoint" +# } + +# output "primary_amqp_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[0].endpoints[1], "") +# description = "AmazonMQ primary AMQP+SSL endpoint" +# } + +# output "primary_stomp_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[0].endpoints[2], "") +# description = "AmazonMQ primary STOMP+SSL endpoint" +# } + +# output "primary_mqtt_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[0].endpoints[3], "") +# description = "AmazonMQ primary MQTT+SSL endpoint" +# } + +# output "primary_wss_endpoint" { +# value = try(aws_mq_broker.default[0].instances[0].endpoints[4], "") +# description = "AmazonMQ primary WSS endpoint" +# } -# If you want to add more outputs related to VPC, Subnet, and Security Groups, you can uncomment and customize as needed. +# output "primary_ip_address" { +# value = try(aws_mq_broker.default[0].instances[0].ip_address, "") +# description = "AmazonMQ primary IP address" +# } + +# output "secondary_console_url" { +# value = try(aws_mq_broker.default[0].instances[1].console_url, "") +# description = "AmazonMQ secondary web console URL" +# } + +# output "secondary_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[1].endpoints[0], "") +# description = "AmazonMQ secondary SSL endpoint" +# } + +# output "secondary_amqp_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[1].endpoints[1], "") +# description = "AmazonMQ secondary AMQP+SSL endpoint" +# } + +# output "secondary_stomp_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[1].endpoints[2], "") +# description = "AmazonMQ secondary STOMP+SSL endpoint" +# } + +# output "secondary_mqtt_ssl_endpoint" { +# value = try(aws_mq_broker.default[0].instances[1].endpoints[3], "") +# description = "AmazonMQ secondary MQTT+SSL endpoint" +# } + +# output "secondary_wss_endpoint" { +# value = try(aws_mq_broker.default[0].instances[1].endpoints[4], "") +# description = "AmazonMQ secondary WSS endpoint" +# } + +# output "secondary_ip_address" { +# value = try(aws_mq_broker.default[0].instances[1].ip_address, "") +# description = "AmazonMQ secondary IP address" +# } -# output "vpc_id" { -# value = module.vpc.vpc_id +# output "admin_username" { +# value = local.mq_admin_user +# description = "AmazonMQ admin username" # } -# output "subnet_ids" { -# value = module.public_subnet.subnet_ids +# output "application_username" { +# value = local.mq_application_user +# description = "AmazonMQ application username" # } -# output "security_group_ids" { -# value = module.security_group.security_group_id +# output "security_group_id" { +# value = module.security_group.id +# description = "The ID of the created security group" # } -# output "vpc_cidr_block" { -# value = aws_vpc.this.cidr_block +# output "security_group_arn" { +# value = module.security_group.arn +# description = "The ARN of the created security group" # } -# output "subnet_id" { -# value = aws_subnet.this.id +# output "security_group_name" { +# value = module.security_group.name +# description = "The name of the created security group" # } diff --git a/variables.tf b/variables.tf index 4059fbb..d6b78ab 100644 --- a/variables.tf +++ b/variables.tf @@ -1,118 +1,85 @@ -# ------------------------------------------------------------------------------ -# Variables -# ------------------------------------------------------------------------------ -variable "label_order" { - type = list(string) - default = ["name", "environment"] - description = "Label order, e.g. `name`,`environment`." +variable "apply_immediately" { + type = bool + description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window" + default = false } -# AWS Region where the broker will be deployed -variable "aws_region" { - description = "The AWS region to deploy resources." - type = string - default = "" +variable "auto_minor_version_upgrade" { + type = bool + description = "Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions" + default = false } -# The name of the broker -variable "broker_name" { - description = "The name of the broker." +variable "deployment_mode" { type = string - default = "" + description = "The deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ" + default = "ACTIVE_STANDBY_MULTI_AZ" +} +variable "security_group_id" { + description = "Security group ID to associate with the MQ broker" + type = list(any) + default = [""] # Default to an empty string, not an empty list +} +variable "additional_security_group_ids" { + description = "List of additional security group IDs to associate with the broker" + type = list(string) + default = [] # You can provide a default or leave it empty } -# The broker engine type (ActiveMQ, RabbitMQ, etc.) variable "engine_type" { - description = "The broker engine type." type = string - default = "" + description = "Type of broker engine, `ActiveMQ` or `RabbitMQ`" + default = "ActiveMQ" } -# The version of the broker engine variable "engine_version" { - description = "The version of the broker engine." type = string - default = "5.18" + description = "The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details" + default = "5.17.6" } -# The instance type of the broker (e.g., mq.t3.micro, mq.m5.large, etc.) variable "host_instance_type" { - description = "The instance type of the broker." type = string - default = "" + description = "The broker's instance type. e.g. mq.t2.micro or mq.m4.large" + default = "mq.t3.micro" } -# The deployment mode of the broker (SINGLE_INSTANCE or ACTIVE_STANDBY_MULTI_AZ) -variable "deployment_mode" { - description = "The deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ" - type = string - default = "" +variable "publicly_accessible" { + type = bool + description = "Whether to enable connections from applications outside of the VPC that hosts the broker's subnets" + default = false } -# Maintenance day of the week for the broker -variable "maintenance_day_of_week" { - description = "The day of the week for maintenance." - type = string - default = "Sun" +variable "general_log_enabled" { + type = bool + description = "Enables general logging via CloudWatch" + default = true } -# Maintenance time of the day for the broker -variable "maintenance_time" { - description = "The time of day for maintenance." - type = string - default = "13:05" +variable "audit_log_enabled" { + type = bool + description = "Enables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged" + default = true } -# The time zone for the maintenance window (e.g., UTC, EST, etc.) -variable "time_zone" { - description = "The time zone for the maintenance window." +variable "maintenance_day_of_week" { type = string - default = "UTC" + description = "The maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY" + default = "SUNDAY" } -# Tags for the broker -variable "tags" { - description = "Tags to apply to the broker." - type = map(string) - default = {} -} - -# VPC CIDR block for the broker -variable "vpc_cidr_block" { - description = "CIDR block for the VPC." +variable "maintenance_time_of_day" { type = string - default = "" + description = "The maintenance time, in 24-hour format. e.g. 02:00" + default = "03:00" } -# Subnet CIDR block for the broker -variable "subnet_cidr_block" { - description = "CIDR block for the subnet." +variable "maintenance_time_zone" { type = string - default = "" -} - -# Port for AMQP SSL -variable "amqp_ssl_port" { - description = "Port for AMQP SSL." - type = number - default = 0 -} - -# Port for STOMP SSL -variable "stomp_ssl_port" { - description = "Port for STOMP SSL." - type = number - default = 0 -} - -# CIDR blocks to allow for ingress traffic to the broker -variable "ingress_cidr_blocks" { - description = "CIDR blocks to allow for ingress traffic." - type = list(string) - default = [] + description = "The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET" + default = "UTC" } -# Admin and Application user credentials variable "mq_admin_user" { description = "Admin username for the MQ broker." type = string @@ -125,334 +92,250 @@ variable "mq_admin_password" { sensitive = true default = "" } - -variable "mq_application_username" { - description = "Application username for the MQ broker." - type = string - default = "demo" -} - -variable "mq_application_password" { - description = "Application password for the MQ broker." - type = string - sensitive = true - default = "" +variable "tags" { + description = "Tags to be applied to resources" + type = map(string) + default = {} } +# variable "mq_admin_password" { +# type = list(string) +# description = "Admin password" +# default = [] +# sensitive = true +# } -# Declare the variable for the application user variable "mq_application_user" { - description = "Username for the MQ application user" - type = string - default = "test" # Leave default as empty string or set your own default -} - -# Apply changes immediately or during the next maintenance window -variable "apply_immediately" { - description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window." - type = bool - default = false -} - -# Enables automatic upgrades to new minor versions -variable "auto_minor_version_upgrade" { - description = "Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions." - type = bool - default = false -} - -# Whether the broker should be publicly accessible -variable "publicly_accessible" { - description = "Whether to enable connections from applications outside of the VPC that hosts the broker's subnets." - type = bool - default = false -} - -# Enable/disable general logging via CloudWatch -variable "general_log_enabled" { - description = "Enables general logging via CloudWatch." - type = bool - default = false -} - -# Enable/disable audit logging for user management actions -variable "audit_log_enabled" { - description = "Enables audit logging. User management actions made using JMX or the ActiveMQ Web Console are logged." - type = bool - default = false -} - -# Maintenance time of day for the broker in 24-hour format (e.g., 03:00) -variable "maintenance_time_of_day" { - description = "The maintenance time, in 24-hour format. e.g. 02:00" - type = string - default = "06:00" + type = list(string) + description = "Application username" + default = [] } -# Maintenance time zone for the broker -variable "maintenance_time_zone" { - description = "The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET" - type = string - default = "UTC" +variable "mq_application_password" { + type = list(string) + description = "Application password" + default = [] + sensitive = true } -# VPC ID for the broker variable "vpc_id" { - description = "The ID of the VPC to create the broker in." type = string - default = "" + description = "The ID of the VPC to create the broker in" } -# Subnet IDs for the broker variable "subnet_ids" { - description = "List of VPC subnet IDs." type = list(string) - default = [] + description = "List of VPC subnet IDs" } -# Format for SSM parameter names variable "ssm_parameter_name_format" { - description = "SSM parameter name format" type = string - default = "%s%s" + description = "SSM parameter name format" + default = "/%s/%s" } -# Path to be used in the SSM parameter name variable "ssm_path" { - description = "The first parameter to substitute in `ssm_parameter_name_format`" type = string - default = "/myapp" + description = "The first parameter to substitute in `ssm_parameter_name_format`" + default = "mq" } -# SSM parameter name for Admin username variable "mq_admin_user_ssm_parameter_name" { - description = "SSM parameter name for Admin username." type = string - default = "" + description = "SSM parameter name for Admin username" + default = "mq_admin_username" } -# SSM parameter name for Admin password variable "mq_admin_password_ssm_parameter_name" { - description = "SSM parameter name for Admin password." type = string - default = "" + description = "SSM parameter name for Admin password" + default = "mq_admin_password" } -# SSM parameter name for Application username variable "mq_application_user_ssm_parameter_name" { - description = "SSM parameter name for Application username." type = string - default = "" + description = "SSM parameter name for Application username" + default = "mq_application_username" } -# SSM parameter name for Application password variable "mq_application_password_ssm_parameter_name" { - description = "SSM parameter name for Application password." type = string - default = "" + description = "SSM parameter name for Application password" + default = "mq_application_password" } -# ARN of the KMS key used for SSM encryption + + variable "kms_ssm_key_arn" { - description = "ARN of the AWS KMS key used for SSM encryption." type = string - default = "" + description = "ARN of the AWS KMS key used for SSM encryption" + default = "alias/aws/ssm" } -# Flag to enable or disable Amazon MQ encryption variable "encryption_enabled" { - description = "Flag to enable/disable Amazon MQ encryption at rest." type = bool - default = false + description = "Flag to enable/disable Amazon MQ encryption at rest" + default = true } -# ARN of the KMS key used for MQ encryption variable "kms_mq_key_arn" { - description = "ARN of the AWS KMS key used for Amazon MQ encryption." type = string - default = "" + description = "ARN of the AWS KMS key used for Amazon MQ encryption" + default = null } -# Flag to use AWS owned KMS CMK for MQ encryption variable "use_aws_owned_key" { - description = "Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption." type = bool - default = false + description = "Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account" + default = true } -# List of allowed TCP ports for ingress traffic variable "allowed_ingress_ports" { - description = "List of TCP ports to allow access to in the created security group." type = list(number) + description = <<-EOT + List of TCP ports to allow access to in the created security group. + Default is to allow access to all ports. Set `create_security_group` to `false` to disable. + Note: List of ports must be known at "plan" time. + EOT default = [] } - -variable "alias" { - description = "The alias name for the KMS key" - type = string - default = "" -} - -# List of additional security group IDs to associate with the broker -variable "additional_security_group_ids" { - description = "List of additional security group IDs to associate with the broker." - type = list(string) - default = [] -} - -# List of groups the MQ admin user will belong to -variable "mq_admin_groups" { - description = "List of groups the MQ admin user will belong to." - type = list(string) - default = [] -} - -# Whether the MQ admin user should have console access -variable "console_access" { - description = "Whether the MQ admin user should have console access." +variable "enabled" { + description = "Whether the broker is enabled" type = bool - default = false -} - -# List of MQ broker names -variable "mq_broker_name" { - description = "The name of the MQ broker." - type = string - default = "my-mq-broker" + default = true } -# ARN of the KMS key for encryption purposes in other places (optional) -variable "kms_key_arn" { - description = "ARN of the AWS KMS key for encryption." +variable "broker_name" { + description = "Name of the broker" type = string - default = "kms-test" } -# Variable to allow bypassing the KMS policy lockout safety check -variable "bypass_policy_lockout_safety_check" { - description = "Flag to bypass KMS policy lockout safety check." - type = bool - default = false -} - -# Variable to specify if the KMS key should be multi-region -variable "multi_region" { - description = "Flag to indicate if the KMS key is multi-region." - type = bool - default = false -} - -# Variable for KMS key policy -variable "policy" { - description = "The KMS key policy in JSON format." - type = string - default = "" -} +# variable "deployment_mode" { +# description = "Deployment mode for the broker" +# type = string +# default = "ACTIVE" +# } -# Variable for the Customer Master Key (CMK) spec (e.g., ECC, RSA, etc.) -variable "customer_master_key_spec" { - description = "The customer master key (CMK) spec for KMS key." - type = string - default = "SYMMETRIC_DEFAULT" -} +# variable "engine_type" { +# description = "The engine type (e.g., ActiveMQ, RabbitMQ)" +# type = string +# } -# Variable to enable key rotation for KMS keys -variable "enable_key_rotation" { - description = "Flag to enable automatic key rotation for the KMS key." - type = bool - default = true -} +# variable "engine_version" { +# description = "Engine version" +# type = string +# } -# Variable to specify the deletion window for KMS keys in days -variable "deletion_window_in_days" { - description = "The window of time, in days, before a KMS key is deleted." - type = number - default = 30 -} +# variable "host_instance_type" { +# description = "Host instance type for the broker" +# type = string +# } -# Flag to indicate if the KMS key is enabled or not -variable "kms_key_enabled" { - description = "Flag to enable or disable the KMS key." - type = bool - default = true -} +# variable "auto_minor_version_upgrade" { +# description = "Whether to enable auto minor version upgrades" +# type = bool +# } -# Variable for the description of the KMS key -variable "description" { - description = "Description of the KMS key." - type = string - default = "Default KMS Key" -} +# variable "apply_immediately" { +# description = "Whether to apply changes immediately" +# type = bool +# } -# Key Usage for KMS Key -variable "key_usage" { - description = "Specifies the intended use of the KMS key (ENCRYPT_DECRYPT, GENERATE_VERIFY_MAC, etc.)." - type = string - default = "ENCRYPT_DECRYPT" # Common default for symmetric keys -} +# variable "publicly_accessible" { +# description = "Whether the broker is publicly accessible" +# type = bool +# } -# Flag to enable or disable the resource -variable "enabled" { - description = "Flag to enable or disable the creation of the resource." - type = bool - default = true # Default to true if you want to enable by default -} +# variable "subnet_ids" { +# description = "The subnet IDs for the broker" +# type = list(string) +# } -variable "enable_cloudwatch_logs" { - description = "Enable CloudWatch logs for MQ broker" - type = bool - default = true -} +# variable "tags" { +# description = "Tags for the broker" +# type = map(string) +# default = {} +# } -variable "cloudwatch_log_group_name" { - description = "The name of the CloudWatch log group" - type = string - default = "/aws/mq/logs" +variable "security_groups" { + description = "Security group IDs for the broker" + type = list(string) + default = [] } -variable "cloudwatch_log_retention_days" { - description = "The retention period (in days) for CloudWatch logs" - type = number - default = 7 # Retain logs for 7 days -} +# variable "encryption_enabled" { +# description = "Whether encryption is enabled" +# type = bool +# default = false +# } -variable "use_secrets_manager" { - description = "Flag to determine if Secrets Manager should be used for storing passwords." - type = bool - default = true # Set to true if you want to use Secrets Manager -} +# variable "kms_mq_key_arn" { +# description = "KMS Key ARN for encryption" +# type = string +# default = "" +# } -variable "secret_manager_key_prefix" { - description = "Prefix for Secrets Manager secret keys." - type = string - default = "/aws/mq" # Default value, adjust based on your use case -} +# variable "use_aws_owned_key" { +# description = "Whether to use AWS owned KMS key" +# type = bool +# default = true +# } # variable "general_log_enabled" { -# description = "Enable general MQ broker logs" +# description = "Whether general logging is enabled" # type = bool -# default = true +# default = false # } # variable "audit_log_enabled" { -# description = "Enable audit logs for MQ broker" +# description = "Whether audit logging is enabled" # type = bool -# default = true +# default = false # } -# variable "tags" { -# description = "Tags to be applied to resources" -# type = map(string) -# default = {} +# variable "maintenance_day_of_week" { +# description = "Day of the week for maintenance" +# type = string +# default = "Monday" # } -variable "security_group_id" { - description = "Security group ID to associate with the MQ broker" - type = list(any) - default = [""] # Default to an empty string, not an empty list -} +# variable "maintenance_time_of_day" { +# description = "Time of day for maintenance" +# type = string +# default = "00:00" +# } -variable "use_hardcoded_values" { - description = "Flag to decide whether to use hardcoded credentials or not." +# variable "maintenance_time_zone" { +# description = "Time zone for the maintenance window" +# type = string +# default = "UTC" +# } + +variable "mq_admin_user_enabled" { + description = "Whether the admin user is enabled" type = bool - default = false # Set to `true` if you want hardcoded values to be used by default + default = false } + +# variable "mq_admin_user" { +# description = "Admin user for the broker" +# type = string +# default = "" +# } + +# variable "mq_admin_password" { +# description = "Admin password for the broker" +# type = string +# default = "" +# } + +# variable "mq_application_user" { +# description = "Application user for the broker" +# type = string +# default = "" +# } + +# variable "mq_application_password" { +# description = "Application password for the broker" +# type = string +# default = "" +# } From 8ad30dad4bfd3880ea00fb32c13789494885ec0c Mon Sep 17 00:00:00 2001 From: Vishwajit Nagulkar <119565952+VishwajitNagulkar@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:20:19 +0530 Subject: [PATCH 2/2] feat: updated trigger --- .github/workflows/changelog.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 1ee6f78..2e07edf 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -1,9 +1,9 @@ name: changelog permissions: write-all on: - push: - tags: - - "*" + # push: + # tags: + # - "*" workflow_dispatch: jobs: changelog: