Code quality + Fargate + ECR + VPC

.gitignore

@@ -34,3 +34,7 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+kubeconfig/*
+provider.tf
+backend.tf

main.tf

@@ -1,64 +1,102 @@
-provider "aws" {
-  region = "ap-south-1"
-}
-terraform {
-  required_version = ">= 0.12.0"
-}
-
-resource "aws_eks_cluster" "eks_cluster" {
-  name     = "${var.eks_cluster_prefix}-${var.eks_cluster_environment}"
-  role_arn = aws_iam_role.eks_cluster_role.arn
-  version  = var.kubernetes_version
-
-  vpc_config {
-    subnet_ids = var.subnet_ids
-  }
-  kubernetes_network_config {
-    service_ipv4_cidr = var.eks_cluster_service_ipv4_cidr
-  }
-
-  timeouts {
-    create = var.eks_cluster_create_timeout
-    delete = var.eks_cluster_delete_timeout
-    update = var.eks_cluster_update_timeout
-  }
-
-  depends_on = [
-    aws_iam_role_policy_attachment.eks_cluster_policy,
-    aws_iam_role_policy_attachment.eks_vpc_resource_controller_policy,
-    aws_cloudwatch_log_group.eks_cluster_cloudwatch_log_group
-  ]
-
-  tags = {
-    Name        = "${var.eks_cluster_prefix}-${var.eks_cluster_environment}"
-    Environment = var.eks_cluster_environment
-  }
-}
-
-# data "tls_certificate" "eks_cluster_tls_certificate" {
-#   url = aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer
-# }
-
-# resource "aws_iam_openid_connect_provider" "eks_cluster_openid_connect_provider" {
-#   client_id_list  = ["sts.amazonaws.com"]
-#   thumbprint_list = [data.tls_certificate.eks_cluster_tls_certificate.certificates[0].sha1_fingerprint]
-#   url             = aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer
-# }
-
-# data "aws_iam_policy_document" "eks_cluster_assume_role_policy" {
-#   statement {
-#     actions = ["sts:AssumeRoleWithWebIdentity"]
-#     effect  = "Allow"
-
-#     condition {
-#       test     = "StringEquals"
-#       variable = "${replace(aws_iam_openid_connect_provider.eks_cluster_openid_connect_provider.url, "https://", "")}:sub"
-#       values   = ["system:serviceaccount:kube-system:aws-node"]
-#     }
-
-#     principals {
-#       identifiers = [aws_iam_openid_connect_provider.eks_cluster_openid_connect_provider.arn]
-#       type        = "Federated"
-#     }
-#   }
-# }
+#######################################################
+# Terraform Configuration
+#######################################################
+
+# Specify the required providers and backend for Terraform state
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  backend "s3" {
+    # Backend configuration for S3 will be added here
+  }
+}
+
+# AWS provider configuration
+provider "aws" {
+  region = var.region
+}
+
+#######################################################
+# VPC Module
+#######################################################
+
+# Create the VPC and subnets using a module
+module "vpc" {
+  source         = "./modules/vpc"
+  cluster_prefix = var.cluster_prefix
+  cidr           = var.cidr
+  subnet_bits    = var.subnet_bits
+}
+
+#######################################################
+# EKS Cluster Module
+#######################################################
+
+# Create the EKS cluster using a module
+module "eks" {
+  source                        = "./modules/eks"
+  cluster_prefix                = var.cluster_prefix
+  kubernetes_version            = var.kubernetes_version
+  private_subnet_ids            = module.vpc.private_subnet_ids
+  eks_cluster_enabled_log_types = var.eks_cluster_enabled_log_types
+}
+
+#######################################################
+# EKS Node Groups Module
+#######################################################
+
+# Create EKS node groups using a module
+module "nodes" {
+  depends_on       = [module.eks]
+  for_each         = var.nodes
+  source           = "./modules/eks/nodes"
+  cluster_prefix   = var.cluster_prefix
+  node_environment = each.key
+  subnet_ids       = module.vpc.private_subnet_ids
+  cluster_name     = module.eks.cluster_name
+  node_type        = each.value.node_type
+  instance_type    = try(each.value.instance_type, null)
+  desired_size     = try(each.value.desired_size, null)
+  max_size         = try(each.value.max_size, null)
+  min_size         = try(each.value.min_size, null)
+  selector         = each.value.node_type == "fargate" ? each.value.selector : null
+}
+
+#######################################################
+# RDS Database Module
+#######################################################
+
+# Create RDS instances using a module
+module "database" {
+  for_each          = var.databases
+  source            = "./modules/rds"
+  cluster_prefix    = var.cluster_prefix
+  db_environment    = each.key
+  db_engine         = each.value.db_engine
+  db_instance_class = each.value.db_instance_class
+  db_version        = each.value.db_version
+  db_storage        = each.value.db_storage
+  db_name           = each.value.db_name
+  db_username       = each.value.db_username
+  db_password       = each.value.db_password
+  vpc_id            = module.vpc.vpc_id
+  subnet_ids        = module.vpc.storage_subnet_ids
+}
+
+##########################################################################
+# ECR Module
+#########################################################################
+
+module "ecr" {
+  for_each = var.ecr
+  source   = "./modules/ecr"
+
+  repository_name     = each.value.repositories  # Assuming 'repositories' is the correct attribute
+  cluster_prefix      = var.cluster_prefix
+  image_tag_mutability = "MUTABLE"  # Ensure this matches the desired mutability setting
+  scan_on_push        = false       # Adjust as per your requirements
+}

modules/ecr/main.tf

@@ -0,0 +1,19 @@
+###################################################################################
+# Ecr Configuration
+###################################################################################
+
+resource "aws_ecr_repository" "ecr" {
+  for_each = { for repo in var.repository_name : repo => repo }
+
+  name                 = "${var.cluster_prefix}-${each.key}"
+  image_tag_mutability = var.image_tag_mutability
+  image_scanning_configuration {
+    scan_on_push = var.scan_on_push
+  }
+}
+
+
+# resource "aws_ecr_lifecycle_policy" "this" {
+#   repository = aws_ecr_repository.ecr.name
+#   policy     = var.lifecycle_policy
+# }

modules/ecr/outputs.tf

@@ -0,0 +1,12 @@
+###################################################################################
+# Output Configuration
+###################################################################################
+
+output "ecr_repository_urls" {
+  value = { for repo, details in aws_ecr_repository.ecr : repo => details.repository_url }
+}
+
+output "repository_names" {
+  description = "The names of the repositories"
+  value       = { for key, _ in aws_ecr_repository.ecr : key => aws_ecr_repository.ecr[key].name }
+}

modules/ecr/variables.tf

@@ -0,0 +1,27 @@
+###################################################################################
+# Variables
+###################################################################################
+
+
+variable "cluster_prefix" {
+  description = "Prefix for the ECR repositories"
+  type        = string
+}
+
+variable "repository_name" {
+  description = "The name of the ECR repository"
+  type        = list(string)
+}
+
+variable "image_tag_mutability" {
+  description = "The tag mutability setting for the repository. Valid values are MUTABLE and IMMUTABLE."
+  type        = string
+  default     = "MUTABLE"
+}
+
+
+variable "scan_on_push" {
+  description = "Indicates whether images are scanned after being pushed to the repository (true/false)."
+  type        = bool
+  default     = false
+}