diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..50ae842 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Aplyca + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..28de380 --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +Terraform AWS EFS module +======================== + +Create a EFS file system and mount targets + +Example +------- + +``` +module "efs" { + source = "Aplyca/route53/efs" + + name = "EFS file system" + vpc_id = "vpc-ssfe2j4h" + subnets = ["subnet-d03nf8n6"] +} +``` diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..a8f164d --- /dev/null +++ b/main.tf @@ -0,0 +1,53 @@ +locals { + id = "${replace(var.name, " ", "-")}" +} + +# ---------------------------------------- +# CREATE AND MOUNT EFS +# ---------------------------------------- +resource "aws_efs_file_system" "this" { + creation_token = "${local.id}" + tags = "${merge(var.tags, map("Name", var.name))}" + encrypted = true +} + +# Security group EFS access +resource "aws_security_group" "this" { + name = "${local.id}-EFS" + description = "Access to ports EFS (2049)" + vpc_id = "${var.vpc_id}" + + ingress { + from_port = 2049 + to_port = 2049 + protocol = "tcp" + security_groups = ["${var.access_sg_ids}"] + description = "Open to incoming EFS traffic from App instances" + } + + ingress { + from_port = 111 + to_port = 111 + protocol = "tcp" + security_groups = ["${var.access_sg_ids}"] + description = "Open to incoming EFS traffic from App instances" + } + + egress { + from_port = 0 + to_port = 0 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Open to all outgoing traffic" + } + + tags = "${merge(var.tags, map("Name", "${var.name} EFS"))}" +} + +#Terraform Does not support an array for "subnet_id" by now create 3 targets should be used instead. +resource "aws_efs_mount_target" "this" { + count = "${length(var.subnets)}" + file_system_id = "${aws_efs_file_system.this.id}" + subnet_id = "${element(var.subnets, count.index)}" + security_groups = ["${aws_security_group.this.id}"] +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..05cc7d5 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,3 @@ +output "efs_dns" { + value = "${aws_efs_mount_target.this.0.dns_name}" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..d38ddee --- /dev/null +++ b/variables.tf @@ -0,0 +1,25 @@ +variable "name" { + description = "Name prefix for all EFS resources." + default = "App" +} + +variable "access_sg_ids" { + description = "A list of security groups Ids to grant access." + type = "list" + default = [] +} + +variable "subnets" { + description = "A list of subnets to associate with." + type = "list" + default = [] +} + +variable "vpc_id" { + description = "VPC Id where the EFS resources will be deployed." +} + +variable "tags" { + description = "A mapping of tags to assign to the resource." + default = {} +}