Merge pull request #137 from DSACMS/wbprice/simplify-subnet-setup

Wbprice/simplify subnet setup

Author: dturner5234

infrastructure/envs/dev/main.tf

@@ -58,8 +58,8 @@ module "api-db" {
   publicly_accessible     = false
   username                = "npd"
   db_name                 = "npd"
+  db_subnet_group_name    = module.networking.private_subnet_group_name
   vpc_security_group_ids  = [module.networking.db_security_group_id]
-  db_subnet_group_name    = module.networking.db_subnet_group_name
   backup_retention_period = 7             # Remove automated snapshots after 7 days
   backup_window           = "03:00-04:00" # 11PM EST
 }
@@ -78,8 +78,8 @@ module "etl-db" {
   publicly_accessible     = false
   username                = "npd_etl"
   db_name                 = "npd_etl"
-  vpc_security_group_ids  = [module.networking.db_security_group_id]
-  db_subnet_group_name    = module.networking.db_subnet_group_name
+  db_subnet_group_name    = module.networking.private_subnet_group_name
+  vpc_security_group_ids  = [module.networking.etl_db_security_group_id]
   backup_retention_period = 7             # Remove automated snapshots after 7 days
   backup_window           = "03:00-04:00" # 11PM EST
 }
@@ -117,7 +117,7 @@ module "fhir-api" {
     db_instance_name                   = module.api-db.db_instance_name
   }
   networking = {
-    db_subnet_ids         = module.networking.db_subnet_ids
+    private_subnet_ids    = module.networking.private_subnet_ids
     public_subnet_ids     = module.networking.public_subnet_ids
     alb_security_group_id = module.networking.alb_security_group_id
     api_security_group_id = module.networking.api_security_group_id
@@ -139,10 +139,10 @@ module "etl" {
     db_instance_name                   = module.etl-db.db_instance_name
   }
   networking = {
-    etl_subnet_ids            = module.networking.etl_subnet_ids
-    etl_security_group_id     = module.networking.etl_security_group_id
-    etl_alb_security_group_id = module.networking.etl_alb_security_group_id
+    private_subnet_ids        = module.networking.private_subnet_ids
     public_subnet_ids         = module.networking.public_subnet_ids
+    etl_alb_security_group_id = module.networking.etl_alb_security_group_id
+    etl_security_group_id     = module.networking.etl_security_group_id
     vpc_id                    = module.networking.vpc_id
   }
 }
@@ -159,6 +159,6 @@ module "github-actions" {
 
   account_name = local.account_name
   vpc_id       = module.networking.vpc_id
-  subnet_id    = module.networking.etl_subnet_ids[0]
+  subnet_id    = module.networking.private_subnet_ids[0]
 }
 

infrastructure/modules/etl/main.tf

@@ -176,7 +176,7 @@ resource "aws_ecs_service" "dagster_daemon" {
   enable_execute_command = true
 
   network_configuration {
-    subnets         = var.networking.etl_subnet_ids
+    subnets         = var.networking.private_subnet_ids
     security_groups = [var.networking.etl_security_group_id]
   }
 
@@ -243,7 +243,7 @@ resource "aws_ecs_service" "dagster-ui" {
   enable_execute_command = true
 
   network_configuration {
-    subnets         = var.networking.etl_subnet_ids
+    subnets         = var.networking.private_subnet_ids
     security_groups = [var.networking.etl_security_group_id]
   }
 

infrastructure/modules/etl/variables.tf

@@ -12,10 +12,10 @@ variable "db" {
 }
 variable "networking" {
   type = object({
-    etl_subnet_ids            = list(string)
+    public_subnet_ids         = list(string)
+    private_subnet_ids        = list(string)
     etl_security_group_id     = string
     etl_alb_security_group_id = string
-    public_subnet_ids         = list(string)
     vpc_id                    = string
   })
 }

infrastructure/modules/fhir-api/main.tf

@@ -233,7 +233,7 @@ resource "aws_ecs_service" "app" {
   desired_count   = 1
 
   network_configuration {
-    subnets          = var.networking.db_subnet_ids
+    subnets          = var.networking.private_subnet_ids
     security_groups  = [var.networking.api_security_group_id]
     assign_public_ip = false
   }

infrastructure/modules/fhir-api/variables.tf

@@ -16,7 +16,7 @@ variable "db" {
 }
 variable "networking" {
   type = object({
-    db_subnet_ids         = list(string)
+    private_subnet_ids    = list(string)
     public_subnet_ids     = list(string)
     alb_security_group_id = string
     api_security_group_id = string

infrastructure/modules/networking/main.tf

@@ -1,26 +1,18 @@
 ## Subnet configuration
-data "aws_subnets" "database_subnets" {
+data "aws_subnets" "private_subnets" {
   filter {
     name = "tag:Name"
     values = [
       "${var.account_name}-private-a",
       "${var.account_name}-private-b",
+      "${var.account_name}-private-c"
     ]
   }
 }
 
-resource "aws_db_subnet_group" "database_subnets" {
-  name       = "${var.account_name}-database-subnets"
-  subnet_ids = data.aws_subnets.database_subnets.ids
-}
-
-data "aws_subnets" "etl_subnets" {
-  filter {
-    name = "tag:Name"
-    values = [
-      "${var.account_name}-private-c"
-    ]
-  }
+resource "aws_db_subnet_group" "private_subnets" {
+  name       = "${var.account_name}-private-subnets"
+  subnet_ids = data.aws_subnets.private_subnets.ids
 }
 
 data "aws_subnets" "public_subnets" {

infrastructure/modules/networking/outputs.tf

@@ -1,11 +1,26 @@
 output "db_security_group_id" {
+  description = "A list of security group IDs for use with the databases"
+  value       = aws_security_group.fhir_api_db_sg.id
+}
+
+output "etl_db_security_group_id" {
   description = "A list of security group IDs for use with the databases"
   value       = aws_security_group.fhir_etl_db_sg.id
 }
 
-output "db_subnet_group_name" {
+output "private_subnet_ids" {
+  description = "The private subnets used for the API"
+  value       = data.aws_subnets.private_subnets.ids
+}
+
+output "private_subnet_group_name" {
   description = "The name of the subnet group used with the databases"
-  value       = aws_db_subnet_group.database_subnets.name
+  value       = aws_db_subnet_group.private_subnets.name
+}
+
+output "public_subnet_ids" {
+  description = "IDs of public subnets"
+  value       = data.aws_subnets.public_subnets.ids
 }
 
 output "api_security_group_id" {
@@ -18,16 +33,6 @@ output "alb_security_group_id" {
   value       = aws_security_group.fhir_api_alb_sg.id
 }
 
-output "db_subnet_ids" {
-  description = "The private subnets used for the API"
-  value       = data.aws_subnets.database_subnets.ids
-}
-
-output "etl_subnet_ids" {
-  description = "The private subnets used for the ETL processes"
-  value       = data.aws_subnets.etl_subnets.ids
-}
-
 output "etl_alb_security_group_id" {
   description = "The security group for the Dagster UI load balancer"
   value       = aws_security_group.etl_webserver_alb_sg.id
@@ -38,11 +43,6 @@ output "etl_security_group_id" {
   value       = aws_security_group.etl_sg.id
 }
 
-output "public_subnet_ids" {
-  description = "IDs of public subnets"
-  value       = data.aws_subnets.public_subnets.ids
-}
-
 output "vpc_id" {
   value = var.vpc_id
 }