diff --git a/examples/aws-atlas-privatelink/Readme.md b/examples/aws-atlas-privatelink/Readme.md new file mode 100644 index 0000000000..61d83d039a --- /dev/null +++ b/examples/aws-atlas-privatelink/Readme.md @@ -0,0 +1,109 @@ +# Example - AWS and Atlas PrivateLink with Terraform + +This project aims to provide a very straight-forward example of setting up PrivateLink connection between AWS and MongoDB Atlas. + + +## Dependencies + +* Terraform v0.13 +* An AWS account - provider.aws: version = "~> 3.3" +* A MongoDB Atlas account - provider.mongodbatlas: version = "~> 0.6" + +## Usage + +**1\. Ensure your AWS and MongoDB Atlas credentials are set up.** + +This can be done using environment variables: + +``` bash +$ export AWS_SECRET_ACCESS_KEY='your secret key' +$ export AWS_ACCESS_KEY_ID='your key id' +``` + +```bash +export MONGODB_ATLAS_PUBLIC_KEY="xxxx" +export MONGODB_ATLAS_PRIVATE_KEY="xxxx" +``` + +... or the `~/.aws/credentials` file. + +``` +$ cat ~/.aws/credentials +[default] +aws_access_key_id = your key id +aws_secret_access_key = your secret key + +``` +... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values and make sure **not to commit it**. + +**2\. Review the Terraform plan.** + +Execute the below command and ensure you are happy with the plan. + +``` bash +$ terraform plan +``` +This project currently does the below deployments: + +- MongoDB cluster - M10 +- AWS Custom VPC, Internet Gateway, Route Tables, Subnets with Public and Private access +- PrivateLink Connection at MongoDB Atlas +- Create VPC Endpoint in AWS + +**3\. Configure the security group as required.** + +The security group in this configuration allows All Traffic access in Inbound and Outbound Rules. + +**4\. Execute the Terraform apply.** + +Now execute the plan to provision the AWS and Atlas resources. + +``` bash +$ terraform apply +``` + +**5\. Destroy the resources.** + +Once you are finished your testing, ensure you destroy the resources to avoid unnecessary charges. + +``` bash +$ terraform destroy +``` + +**Important Point** + +To fetch the connection string follow the below steps: +``` +output "atlasclusterstring" { + value = mongodbatlas_cluster.cluster-atlas.connection_strings +} +``` +**Outputs:** +``` +atlasclusterstring = [ + { + "aws_private_link" = { + "vpce-0ebb76559e8affc96" = "mongodb://pl-0-us-east-1.za3fb.mongodb.net:1024,pl-0-us-east-1.za3fb.mongodb.net:1025,pl-0-us-east-1.za3fb.mongodb.net:1026/?ssl=true&authSource=admin&replicaSet=atlas-d177ke-shard-0" + } + "aws_private_link_srv" = { + "vpce-0ebb76559e8affc96" = "mongodb+srv://cluster-atlas-pl-0.za3fb.mongodb.net" + } + "private" = "" + "private_srv" = "" + "standard" = "mongodb://cluster-atlas-shard-00-00.za3fb.mongodb.net:27017,cluster-atlas-shard-00-01.za3fb.mongodb.net:27017,cluster-atlas-shard-00-02.za3fb.mongodb.net:27017/?ssl=true&authSource=admin&replicaSet=atlas-d177ke-shard-0" + "standard_srv" = "mongodb+srv://cluster-atlas.za3fb.mongodb.net" + }, +] +``` + +To fetch a particular connection string, use the **lookup()** function of terraform as below: + +``` +output "plstring" { + value = lookup(mongodbatlas_cluster.cluster-atlas.connection_strings[0].aws_private_link_srv, aws_vpc_endpoint.ptfe_service.id) +} +``` +**Output:** +``` +plstring = mongodb+srv://cluster-atlas-pl-0.za3fb.mongodb.net +``` diff --git a/examples/aws-atlas-privatelink/atlas-cluster.tf b/examples/aws-atlas-privatelink/atlas-cluster.tf new file mode 100644 index 0000000000..b669bdadf3 --- /dev/null +++ b/examples/aws-atlas-privatelink/atlas-cluster.tf @@ -0,0 +1,24 @@ +resource "mongodbatlas_cluster" "cluster-atlas" { + project_id = var.atlasprojectid + name = "cluster-atlas" + num_shards = 1 + replication_factor = 3 + provider_backup_enabled = true + auto_scaling_disk_gb_enabled = true + mongo_db_major_version = "4.2" + + //Provider settings + provider_name = "AWS" + disk_size_gb = 10 + provider_disk_iops = 100 + provider_volume_type = "STANDARD" + provider_encrypt_ebs_volume = true + provider_instance_size_name = "M10" + provider_region_name = var.atlas_region +} +output "atlasclusterstring" { + value = mongodbatlas_cluster.cluster-atlas.connection_strings +} +output "plstring" { + value = lookup(mongodbatlas_cluster.cluster-atlas.connection_strings[0].aws_private_link_srv, aws_vpc_endpoint.ptfe_service.id) +} \ No newline at end of file diff --git a/examples/aws-atlas-privatelink/atlas-pl.tf b/examples/aws-atlas-privatelink/atlas-pl.tf new file mode 100644 index 0000000000..bb15d8732e --- /dev/null +++ b/examples/aws-atlas-privatelink/atlas-pl.tf @@ -0,0 +1,19 @@ +resource "mongodbatlas_private_endpoint" "atlaspl" { + project_id = var.atlasprojectid + provider_name = "AWS" + region = var.aws_region +} + +resource "aws_vpc_endpoint" "ptfe_service" { + vpc_id = aws_vpc.primary.id + service_name = mongodbatlas_private_endpoint.atlaspl.endpoint_service_name + vpc_endpoint_type = "Interface" + subnet_ids = [aws_subnet.primary-az1.id, aws_subnet.primary-az2.id] + security_group_ids = [aws_security_group.primary_default.id] +} + +resource "mongodbatlas_private_endpoint_interface_link" "atlaseplink" { + project_id = mongodbatlas_private_endpoint.atlaspl.project_id + private_link_id = mongodbatlas_private_endpoint.atlaspl.private_link_id + interface_endpoint_id = aws_vpc_endpoint.ptfe_service.id +} diff --git a/examples/aws-atlas-privatelink/aws-vpc.tf b/examples/aws-atlas-privatelink/aws-vpc.tf new file mode 100644 index 0000000000..fd79e26be7 --- /dev/null +++ b/examples/aws-atlas-privatelink/aws-vpc.tf @@ -0,0 +1,59 @@ +//Create Primary VPC +resource "aws_vpc" "primary" { + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true +} + +//Create IGW +resource "aws_internet_gateway" "primary" { + vpc_id = aws_vpc.primary.id +} + +//Route Table +resource "aws_route" "primary-internet_access" { + route_table_id = aws_vpc.primary.main_route_table_id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.primary.id +} + +//Subnet-A +resource "aws_subnet" "primary-az1" { + vpc_id = aws_vpc.primary.id + cidr_block = "10.0.1.0/24" + map_public_ip_on_launch = true + availability_zone = "${var.aws_region}a" +} + +//Subnet-B +resource "aws_subnet" "primary-az2" { + vpc_id = aws_vpc.primary.id + cidr_block = "10.0.2.0/24" + map_public_ip_on_launch = false + availability_zone = "${var.aws_region}b" +} + +/*Security-Group +Ingress - Port 80 -- limited to instance + Port 22 -- Open to ssh without limitations +Egress - Open to All*/ + +resource "aws_security_group" "primary_default" { + name_prefix = "default-" + description = "Default security group for all instances in ${aws_vpc.primary.id}" + vpc_id = aws_vpc.primary.id + ingress { + from_port = 0 + to_port = 0 + protocol = "tcp" + cidr_blocks = [ + "0.0.0.0/0", + ] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/examples/aws-atlas-privatelink/provider.tf b/examples/aws-atlas-privatelink/provider.tf new file mode 100644 index 0000000000..e075e34d7e --- /dev/null +++ b/examples/aws-atlas-privatelink/provider.tf @@ -0,0 +1,9 @@ +provider "mongodbatlas" { + public_key = var.public_key + private_key = var.private_key +} +provider "aws" { + access_key = var.access_key + secret_key = var.secret_key + region = var.aws_region +} diff --git a/examples/aws-atlas-privatelink/variables.tf b/examples/aws-atlas-privatelink/variables.tf new file mode 100644 index 0000000000..034167b1d7 --- /dev/null +++ b/examples/aws-atlas-privatelink/variables.tf @@ -0,0 +1,32 @@ +variable "public_key" { + description = "The public API key for MongoDB Atlas" +} +variable "private_key" { + description = "The private API key for MongoDB Atlas" +} +variable "atlasprojectid" { + description = "Atlas project ID" +} +variable "access_key" { + description = "The access key for AWS Account" +} +variable "secret_key" { + description = "The secret key for AWS Account" +} +variable "atlas_region" { + default = "US_EAST_1" + description = "Atlas Region" +} +variable "aws_region" { + default = "us-east-1" + description = "AWS Region" +} +variable "aws_account_id" { + description = "My AWS Account ID" +} +variable "atlasorgid" { + description = "Atlas Org ID" +} +variable "atlas_vpc_cidr" { + description = "Atlas CIDR" +} diff --git a/examples/aws-atlas-privatelink/versions.tf b/examples/aws-atlas-privatelink/versions.tf new file mode 100644 index 0000000000..8a2097545a --- /dev/null +++ b/examples/aws-atlas-privatelink/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + mongodbatlas = { + source = "terraform-providers/mongodbatlas" + } + } + required_version = ">= 0.13" +} diff --git a/examples/mongodbatlas-azure-vnet-peering/Readme.md b/examples/mongodbatlas-azure-vnet-peering/Readme.md new file mode 100644 index 0000000000..29336ca5f7 --- /dev/null +++ b/examples/mongodbatlas-azure-vnet-peering/Readme.md @@ -0,0 +1,81 @@ +# Example - Microsoft Azure and MongoDB Atlas VNET Peering + +This project aims to provide an example of using Azure and MongoDB Atlas together. + + +## Dependencies + +* Terraform v0.13 +* Microsoft Azure account +* A MongoDB Atlas account + +``` +Terraform v0.13.0 ++ provider registry.terraform.io/hashicorp/azuread v1.0.0 ++ provider registry.terraform.io/hashicorp/azurerm v2.31.1 ++ provider registry.terraform.io/terraform-providers/mongodbatlas v0.6.5 +``` + +## Usage + +**1\. Ensure your Azure credentials are set up.** + +1. Install the Azure CLI by following the steps from the [official Azure documentation](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli). +2. Run the command `az login` and this will take you to the default browser and perform the authentication. +3. Once authenticated, it will print the user details as below: + +``` +⇒ az login +You have logged in. Now let us find all the subscriptions to which you have access... +The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access. +XXXXX +[ + { + "cloudName": "AzureCloud", + "homeTenantId": "XXXXX", + "id": "XXXXX", + "isDefault": true, + "managedByTenants": [], + "name": "Pay-As-You-Go", + "state": "Enabled", + "tenantId": "XXXXX", + "user": { + "name": "person@domain.com", + "type": "user" + } + } +] +``` + +**2\. TFVARS** + +Now create **terraform.tfvars** file with all the variable values and make sure **not to commit it**. + +**3\. Review the Terraform plan. ** + +Execute the below command and ensure you are happy with the plan. + +``` bash +$ terraform plan +``` +This project currently does the below deployments: + +- MongoDB Atlas Azure cluster - M10 +- Azure Resource Group, VNET, Service Principal, Role-Definition, Role-Association +- Azure-MongoDB Atlas VNET Peering + +**4\. Execute the Terraform apply.** + +Now execute the plan to provision the AWS resources. + +``` bash +$ terraform apply +``` + +**5\. Destroy the resources.** + +Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Azure and Atlas charges. + +``` bash +$ terraform destroy +``` diff --git a/examples/mongodbatlas-azure-vnet-peering/atlas.tf b/examples/mongodbatlas-azure-vnet-peering/atlas.tf new file mode 100644 index 0000000000..c7cb0db622 --- /dev/null +++ b/examples/mongodbatlas-azure-vnet-peering/atlas.tf @@ -0,0 +1,34 @@ +# Configure the MongoDB Atlas Provider and connect via a key +provider "mongodbatlas" { + public_key = var.public_key + private_key = var.private_key +} +# Create the mongodb atlas Azure cluster +resource "mongodbatlas_cluster" "azure-cluster" { + project_id = var.project_id + name = var.name + num_shards = 1 + + replication_factor = 3 + backup_enabled = false + auto_scaling_disk_gb_enabled = true + mongo_db_major_version = "4.2" + + //Provider settings block in this case it is Azure + provider_name = "AZURE" + provider_disk_type_name = var.provider_disk_type_name + provider_instance_size_name = var.provider_instance_size_name + provider_region_name = var.provider_region_name +} + +# Create the peering connection request +resource "mongodbatlas_network_peering" "test" { + project_id = var.project_id + container_id = mongodbatlas_cluster.azure-cluster.container_id + provider_name = "AZURE" + azure_directory_id = data.azurerm_client_config.current.tenant_id + azure_subscription_id = data.azurerm_client_config.current.subscription_id + resource_group_name = var.resource_group_name + vnet_name = var.vnet_name + atlas_cidr_block = var.atlas_cidr_block +} diff --git a/examples/mongodbatlas-azure-vnet-peering/azure.tf b/examples/mongodbatlas-azure-vnet-peering/azure.tf new file mode 100644 index 0000000000..aee1601023 --- /dev/null +++ b/examples/mongodbatlas-azure-vnet-peering/azure.tf @@ -0,0 +1,51 @@ +provider "azurerm" { + # The "feature" block is required for AzureRM provider 2.x. + # If you're using version 1.x, the "features" block is not allowed. + version = "~>2.0" + features {} +} +data "azurerm_client_config" "current" { +} + +output "subscription_id" { + value = data.azurerm_client_config.current.subscription_id +} +output "tenant_id" { + value = data.azurerm_client_config.current.tenant_id +} +resource "azurerm_resource_group" "resourcegroup" { + name = var.resource_group_name + location = var.location +} + +resource "azurerm_virtual_network" "vnet" { + name = var.vnet_name + resource_group_name = azurerm_resource_group.resourcegroup.name + address_space = [var.address_space] + location = var.location +} +resource "azuread_service_principal" "sp" { + application_id = var.application_id + app_role_assignment_required = true +} +resource "azurerm_role_definition" "rd" { + name = "my-custom-role-definition" + scope = "/subscriptions/${var.application_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Network/virtualNetworks/${var.vnet_name}" + + permissions { + actions = ["Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete", + "Microsoft.Network/virtualNetworks/peer/action"] + not_actions = [] + } + + assignable_scopes = [ + "/subscriptions/${var.application_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Network/virtualNetworks/${var.vnet_name}", + ] +} +resource "azurerm_role_assignment" "ra" { + scope = "/subscriptions/${var.application_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Network/virtualNetworks/${var.vnet_name}" + role_definition_id = azurerm_role_definition.rd.role_definition_resource_id + principal_id = azuread_service_principal.sp.id +} diff --git a/examples/mongodbatlas-azure-vnet-peering/variables.tf b/examples/mongodbatlas-azure-vnet-peering/variables.tf new file mode 100644 index 0000000000..b0e781aa0f --- /dev/null +++ b/examples/mongodbatlas-azure-vnet-peering/variables.tf @@ -0,0 +1,32 @@ +variable "public_key" { +} +variable "private_key" { +} +variable "project_id" { +} +variable "provider_instance_size_name" { +} +variable "provider_disk_type_name" { +} +variable "resource_group_name" { +} +variable "vnet_name" { +} +variable "atlas_cidr_block" { + default = "192.168.248.0/21" +} +variable "location" { + description = "The Azure region" +} +variable "provider_region_name" { + description = "The Atlas region name" +} +variable "name" { + description = "Atlas cluster name" +} +variable "address_space" { + description = "Azure VNET CIDR" +} +variable "application_id" { + default = "e90a1407-55c3-432d-9cb1-3638900a9d22" +} diff --git a/examples/mongodbatlas-azure-vnet-peering/versions.tf b/examples/mongodbatlas-azure-vnet-peering/versions.tf new file mode 100644 index 0000000000..a683acd1ed --- /dev/null +++ b/examples/mongodbatlas-azure-vnet-peering/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + mongodbatlas = { + source = "terraform-providers/mongodbatlas" + } + azuread = { + source = "hashicorp/azuread" + } + azurerm = { + source = "hashicorp/azurerm" + } + } + required_version = ">= 0.13" +} diff --git a/website/docs/d/private_endpoint_interface_link.html.markdown b/website/docs/d/private_endpoint_interface_link.html.markdown index af35e1fa34..2ae184fbcf 100644 --- a/website/docs/d/private_endpoint_interface_link.html.markdown +++ b/website/docs/d/private_endpoint_interface_link.html.markdown @@ -8,7 +8,7 @@ description: |- # mongodbatlas_private_endpoint_link -`mongodbatlas_private_endpoint_link` describe a Private Endpoint Link. This represents a Private Endpoint Link Connection that wants to retrieve details in an Atlas project. +`mongodbatlas_private_endpoint_interface_link` describe a Private Endpoint Link. This represents a Private Endpoint Link Connection that wants to retrieve details in an Atlas project. -> **NOTE:** Groups and projects are synonymous terms. You may find group_id in the official documentation. @@ -29,13 +29,13 @@ resource "aws_vpc_endpoint" "ptfe_service" { security_group_ids = ["sg-3f238186"] } -resource "mongodbatlas_private_endpoint_link" "test" { +resource "mongodbatlas_private_endpoint_interface_link" "test" { project_id = "${mongodbatlas_private_endpoint.test.project_id}" private_link_id = "${mongodbatlas_private_endpoint.test.private_link_id}" interface_endpoint_id = "${aws_vpc_endpoint.ptfe_service.id}" } -data "mongodbatlas_private_endpoint_link" "test" { +data "mongodbatlas_private_endpoint_interface_link" "test" { project_id = "${mongodbatlas_private_endpoint_link.test.project_id}" private_link_id = "${mongodbatlas_private_endpoint_link.test.private_link_id}" interface_endpoint_id = "${mongodbatlas_private_endpoint_link.test.interface_endpoint_id}" @@ -64,4 +64,4 @@ In addition to all arguments above, the following attributes are exported: * `REJECTED` - AWS failed to establish a connection between Atlas VPC resources to the VPC endpoint in your VPC. * `DELETING` - Atlas is removing the interface endpoint from the private endpoint connection. -See [MongoDB Atlas API](https://docs.atlas.mongodb.com/reference/api/private-endpoint-get-one-interface-endpoint/) Documentation for more information. \ No newline at end of file +See [MongoDB Atlas API](https://docs.atlas.mongodb.com/reference/api/private-endpoint-get-one-interface-endpoint/) Documentation for more information.