hashicorp · jkerry · Apr 3, 2024 · Apr 3, 2024
@@ -222,20 +222,19 @@ module "settings" {
   count  = var.is_replicated_deployment ? 1 : 0
 
   # TFE Base Configuration
-  consolidated_services_enabled = var.consolidated_services_enabled
-  custom_image_tag              = var.custom_image_tag
-  custom_agent_image_tag        = var.custom_agent_image_tag
-  hairpin_addressing            = var.hairpin_addressing
-  production_type               = var.operational_mode
-  disk_path                     = local.enable_disk ? var.disk_path : null
-  iact_subnet_list              = var.iact_subnet_list
-  iact_subnet_time_limit        = var.iact_subnet_time_limit
-  metrics_endpoint_enabled      = var.metrics_endpoint_enabled
-  metrics_endpoint_port_http    = var.metrics_endpoint_port_http
-  metrics_endpoint_port_https   = var.metrics_endpoint_port_https
-  trusted_proxies               = local.trusted_proxies
-  release_sequence              = var.release_sequence
-  pg_extra_params               = var.pg_extra_params
+  custom_image_tag            = var.custom_image_tag
+  custom_agent_image_tag      = var.custom_agent_image_tag
+  hairpin_addressing          = var.hairpin_addressing
+  production_type             = var.operational_mode
+  disk_path                   = local.enable_disk ? var.disk_path : null
+  iact_subnet_list            = var.iact_subnet_list
+  iact_subnet_time_limit      = var.iact_subnet_time_limit
+  metrics_endpoint_enabled    = var.metrics_endpoint_enabled
+  metrics_endpoint_port_http  = var.metrics_endpoint_port_http
+  metrics_endpoint_port_https = var.metrics_endpoint_port_https
+  trusted_proxies             = local.trusted_proxies
+  release_sequence            = var.release_sequence
+  pg_extra_params             = var.pg_extra_params
 
   extra_no_proxy = local.no_proxy
 

@@ -79,30 +79,29 @@ module "tfe" {
   friendly_name_prefix  = local.friendly_name_prefix
   tfe_license_secret_id = try(module.secrets[0].tfe_license_secret_id, var.tfe_license_secret_id)
 
-  ami_id                        = data.aws_ami.rhel.id
-  aws_access_key_id             = var.aws_access_key_id
-  aws_secret_access_key         = var.aws_secret_access_key
-  bypass_preflight_checks       = true
-  ca_certificate_secret_id      = data.aws_secretsmanager_secret.ca_certificate.arn
-  consolidated_services_enabled = var.consolidated_services_enabled
-  distribution                  = "rhel"
-  health_check_grace_period     = 3000
-  iact_subnet_list              = ["0.0.0.0/0"]
-  iam_role_policy_arns          = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  instance_type                 = "m5.xlarge"
-  key_name                      = local.utility_module_test ? var.key_name : aws_key_pair.main[0].key_name
-  kms_key_arn                   = module.kms.key
-  load_balancing_scheme         = local.load_balancing_scheme
-  object_storage_iam_user       = data.aws_iam_user.object_storage
-  node_count                    = 2
-  proxy_ip                      = module.test_proxy.proxy_ip
-  proxy_port                    = local.http_proxy_port
-  redis_encryption_at_rest      = false
-  redis_encryption_in_transit   = false
-  redis_use_password_auth       = false
-  tfe_subdomain                 = local.test_name
-  vm_certificate_secret_id      = data.aws_secretsmanager_secret.vm_certificate.id
-  vm_key_secret_id              = data.aws_secretsmanager_secret.vm_key.id
+  ami_id                      = data.aws_ami.rhel.id
+  aws_access_key_id           = var.aws_access_key_id
+  aws_secret_access_key       = var.aws_secret_access_key
+  bypass_preflight_checks     = true
+  ca_certificate_secret_id    = data.aws_secretsmanager_secret.ca_certificate.arn
+  distribution                = "rhel"
+  health_check_grace_period   = 3000
+  iact_subnet_list            = ["0.0.0.0/0"]
+  iam_role_policy_arns        = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+  instance_type               = "m5.xlarge"
+  key_name                    = local.utility_module_test ? var.key_name : aws_key_pair.main[0].key_name
+  kms_key_arn                 = module.kms.key
+  load_balancing_scheme       = local.load_balancing_scheme
+  object_storage_iam_user     = data.aws_iam_user.object_storage
+  node_count                  = 2
+  proxy_ip                    = module.test_proxy.proxy_ip
+  proxy_port                  = local.http_proxy_port
+  redis_encryption_at_rest    = false
+  redis_encryption_in_transit = false
+  redis_use_password_auth     = false
+  tfe_subdomain               = local.test_name
+  vm_certificate_secret_id    = data.aws_secretsmanager_secret.vm_certificate.id
+  vm_key_secret_id            = data.aws_secretsmanager_secret.vm_key.id
 
   asg_tags = local.common_tags
 

@@ -31,12 +31,6 @@ variable "ca_private_key_secret_name" {
   description = "The secrets manager secret name of the Base64 encoded CA private key."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "domain_name" {
   type        = string
   description = "Domain for creating the Terraform Enterprise subdomain on."

@@ -49,26 +49,25 @@ module "private_active_active" {
   friendly_name_prefix  = local.friendly_name_prefix
   tfe_license_secret_id = try(module.secrets[0].tfe_license_secret_id, var.tfe_license_secret_id)
 
-  ami_id                        = data.aws_ami.rhel.id
-  bypass_preflight_checks       = true
-  distribution                  = "rhel"
-  consolidated_services_enabled = var.consolidated_services_enabled
-  health_check_grace_period     = 3000
-  iact_subnet_list              = ["0.0.0.0/0"]
-  iam_role_policy_arns          = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  instance_type                 = "m5.4xlarge"
-  key_name                      = var.key_name
-  kms_key_arn                   = module.kms.key
-  load_balancing_scheme         = local.load_balancing_scheme
-  node_count                    = 2
-  proxy_ip                      = module.test_proxy.proxy_ip
-  proxy_port                    = local.http_proxy_port
-  redis_encryption_at_rest      = false
-  redis_encryption_in_transit   = true
-  redis_use_password_auth       = true
-  tfe_subdomain                 = local.test_name
-  vm_certificate_secret_id      = data.aws_secretsmanager_secret.vm_certificate.id
-  vm_key_secret_id              = data.aws_secretsmanager_secret.vm_key.id
+  ami_id                      = data.aws_ami.rhel.id
+  bypass_preflight_checks     = true
+  distribution                = "rhel"
+  health_check_grace_period   = 3000
+  iact_subnet_list            = ["0.0.0.0/0"]
+  iam_role_policy_arns        = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+  instance_type               = "m5.4xlarge"
+  key_name                    = var.key_name
+  kms_key_arn                 = module.kms.key
+  load_balancing_scheme       = local.load_balancing_scheme
+  node_count                  = 2
+  proxy_ip                    = module.test_proxy.proxy_ip
+  proxy_port                  = local.http_proxy_port
+  redis_encryption_at_rest    = false
+  redis_encryption_in_transit = true
+  redis_use_password_auth     = true
+  tfe_subdomain               = local.test_name
+  vm_certificate_secret_id    = data.aws_secretsmanager_secret.vm_certificate.id
+  vm_key_secret_id            = data.aws_secretsmanager_secret.vm_key.id
 
   asg_tags = local.common_tags
 

@@ -11,12 +11,6 @@ variable "aws_role_arn" {
   description = "The AWS Role ARN to assume for this module."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "domain_name" {
   type        = string
   description = "Domain for creating the Terraform Enterprise subdomain on."

@@ -52,26 +52,25 @@ module "private_tcp_active_active" {
   friendly_name_prefix  = local.friendly_name_prefix
   tfe_license_secret_id = try(module.secrets[0].tfe_license_secret_id, var.tfe_license_secret_id)
 
-  ami_id                        = data.aws_ami.rhel.id
-  bypass_preflight_checks       = true
-  ca_certificate_secret_id      = data.aws_secretsmanager_secret.ca_certificate.arn
-  consolidated_services_enabled = var.consolidated_services_enabled
-  distribution                  = "rhel"
-  health_check_grace_period     = 3000
-  iact_subnet_list              = ["0.0.0.0/0"]
-  iam_role_policy_arns          = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  instance_type                 = "m5.8xlarge"
-  kms_key_arn                   = module.kms.key
-  load_balancing_scheme         = local.load_balancing_scheme
-  node_count                    = 2
-  proxy_ip                      = module.test_proxy.proxy_ip
-  proxy_port                    = local.http_proxy_port
-  redis_encryption_at_rest      = true
-  redis_encryption_in_transit   = true
-  redis_use_password_auth       = true
-  tfe_subdomain                 = local.test_name
-  vm_certificate_secret_id      = var.certificate_pem_secret_id
-  vm_key_secret_id              = var.private_key_pem_secret_id
+  ami_id                      = data.aws_ami.rhel.id
+  bypass_preflight_checks     = true
+  ca_certificate_secret_id    = data.aws_secretsmanager_secret.ca_certificate.arn
+  distribution                = "rhel"
+  health_check_grace_period   = 3000
+  iact_subnet_list            = ["0.0.0.0/0"]
+  iam_role_policy_arns        = [local.ssm_policy_arn, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+  instance_type               = "m5.8xlarge"
+  kms_key_arn                 = module.kms.key
+  load_balancing_scheme       = local.load_balancing_scheme
+  node_count                  = 2
+  proxy_ip                    = module.test_proxy.proxy_ip
+  proxy_port                  = local.http_proxy_port
+  redis_encryption_at_rest    = true
+  redis_encryption_in_transit = true
+  redis_use_password_auth     = true
+  tfe_subdomain               = local.test_name
+  vm_certificate_secret_id    = var.certificate_pem_secret_id
+  vm_key_secret_id            = var.private_key_pem_secret_id
 
   asg_tags = local.common_tags
 

@@ -26,12 +26,6 @@ variable "certificate_pem_secret_id" {
   description = "The secrets manager secret ID of the Base64 & PEM encoded TLS certificate."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "domain_name" {
   type        = string
   description = "Domain for creating the Terraform Enterprise subdomain on."

@@ -42,23 +42,22 @@ module "public_active_active" {
   distribution          = "ubuntu"
   tfe_license_secret_id = try(module.secrets[0].tfe_license_secret_id, var.tfe_license_secret_id)
 
-  ami_id                        = data.aws_ami.ubuntu.id
-  bypass_preflight_checks       = true
-  consolidated_services_enabled = var.consolidated_services_enabled
-  health_check_grace_period     = 3000
-  iam_role_policy_arns          = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  iact_subnet_list              = ["0.0.0.0/0"]
-  instance_type                 = "m5.xlarge"
-  key_name                      = var.key_name
-  kms_key_arn                   = module.kms.key
-  load_balancing_scheme         = local.load_balancing_scheme
-  node_count                    = 2
-  redis_encryption_at_rest      = false
-  redis_encryption_in_transit   = false
-  redis_use_password_auth       = false
-  tfe_subdomain                 = local.test_name
-  vm_certificate_secret_id      = data.aws_secretsmanager_secret.vm_certificate.id
-  vm_key_secret_id              = data.aws_secretsmanager_secret.vm_key.id
+  ami_id                      = data.aws_ami.ubuntu.id
+  bypass_preflight_checks     = true
+  health_check_grace_period   = 3000
+  iam_role_policy_arns        = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+  iact_subnet_list            = ["0.0.0.0/0"]
+  instance_type               = "m5.xlarge"
+  key_name                    = var.key_name
+  kms_key_arn                 = module.kms.key
+  load_balancing_scheme       = local.load_balancing_scheme
+  node_count                  = 2
+  redis_encryption_at_rest    = false
+  redis_encryption_in_transit = false
+  redis_use_password_auth     = false
+  tfe_subdomain               = local.test_name
+  vm_certificate_secret_id    = data.aws_secretsmanager_secret.vm_certificate.id
+  vm_key_secret_id            = data.aws_secretsmanager_secret.vm_key.id
 
   asg_tags = local.common_tags
 

@@ -11,12 +11,6 @@ variable "aws_role_arn" {
   description = "The AWS Role ARN to assume for this module."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "domain_name" {
   type        = string
   description = "Domain for creating the Terraform Enterprise subdomain on."

@@ -51,23 +51,22 @@ module "standalone_vault" {
   tfe_license_secret_id = try(module.secrets[0].tfe_license_secret_id, var.tfe_license_secret_id)
   distribution          = "ubuntu"
 
-  bypass_preflight_checks       = true
-  consolidated_services_enabled = var.consolidated_services_enabled
-  health_check_grace_period     = 3000
-  iam_role_policy_arns          = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
-  iact_subnet_list              = ["0.0.0.0/0"]
-  instance_type                 = "m5.xlarge"
-  key_name                      = local.utility_module_test ? var.key_name : "standalone-vault"
-  kms_key_arn                   = module.kms.key
-  load_balancing_scheme         = local.load_balancing_scheme
-  node_count                    = 1
-  operational_mode              = "disk"
-  redis_encryption_at_rest      = false
-  redis_encryption_in_transit   = false
-  redis_use_password_auth       = false
-  tfe_subdomain                 = local.friendly_name_prefix
-  vm_certificate_secret_id      = data.aws_secretsmanager_secret.vm_certificate.id
-  vm_key_secret_id              = data.aws_secretsmanager_secret.vm_key.id
+  bypass_preflight_checks     = true
+  health_check_grace_period   = 3000
+  iam_role_policy_arns        = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
+  iact_subnet_list            = ["0.0.0.0/0"]
+  instance_type               = "m5.xlarge"
+  key_name                    = local.utility_module_test ? var.key_name : "standalone-vault"
+  kms_key_arn                 = module.kms.key
+  load_balancing_scheme       = local.load_balancing_scheme
+  node_count                  = 1
+  operational_mode            = "disk"
+  redis_encryption_at_rest    = false
+  redis_encryption_in_transit = false
+  redis_use_password_auth     = false
+  tfe_subdomain               = local.friendly_name_prefix
+  vm_certificate_secret_id    = data.aws_secretsmanager_secret.vm_certificate.id
+  vm_key_secret_id            = data.aws_secretsmanager_secret.vm_key.id
 
   # Vault
   extern_vault_enable    = true

@@ -11,12 +11,6 @@ variable "aws_role_arn" {
   description = "The AWS Role ARN to assume for this module."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "domain_name" {
   type        = string
   description = "Domain for creating the Terraform Enterprise subdomain on."

@@ -215,12 +215,6 @@ variable "capacity_memory" {
   description = "The maximum amount of memory (in megabytes) that a Terraform plan or apply can use on the system; defaults to `512` for replicated mode and `2048` for FDO."
 }
 
-variable "consolidated_services_enabled" {
-  default     = true
-  type        = bool
-  description = "(Required) True if TFE uses consolidated services."
-}
-
 variable "custom_agent_image_tag" {
   default     = null
   type        = string