Merge pull request #7 from phidatalab/resource-naming

Differentiate resources by the cluster name
RADAR-base · Dec 7, 2023 · 20e01e4 · 20e01e4
2 parents fe1334f + 59037c6
commit 20e01e4
Show file tree

Hide file tree

Showing 9 changed files with 58 additions and 54 deletions.
diff --git a/cluster/eks.tf b/cluster/eks.tf
@@ -2,7 +2,7 @@ module "vpc_cni_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name             = "${var.environment}-radar-base-vpc-cni-irsa"
+  role_name             = "${var.eks_cluster_name}-vpc-cni-irsa"
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
 
@@ -13,14 +13,14 @@ module "vpc_cni_irsa" {
     }
   }
 
-  tags = merge(tomap({ "Name" : "radar-base-vpc-cni-irsa" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-vpc-cni-irsa" }), var.common_tags)
 }
 
 module "ebs_csi_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name             = "radar-base-ebs-csi-irsa"
+  role_name             = "${var.eks_cluster_name}-ebs-csi-irsa"
   attach_ebs_csi_policy = true
 
 
@@ -31,7 +31,7 @@ module "ebs_csi_irsa" {
     }
   }
 
-  tags = merge(tomap({ "Name" : "radar-base-ebs-csi-irsa" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-ebs-csi-irsa" }), var.common_tags)
 }
 
 module "eks" {

diff --git a/cluster/iam.tf b/cluster/iam.tf
@@ -2,7 +2,7 @@ module "allow_eks_access_iam_policy" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
   version = "5.15.0"
 
-  name          = "${var.environment}-radar-base-allow-eks-access"
+  name          = "${var.eks_cluster_name}-allow-eks-access"
   create_policy = true
 
   policy = jsonencode({
@@ -18,15 +18,15 @@ module "allow_eks_access_iam_policy" {
     ]
   })
 
-  tags = merge(tomap({ "Name" : "radar-base-allow-eks-access" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-allow-eks-access" }), var.common_tags)
 }
 
 module "eks_admins_iam_role" {
   source           = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
   version          = "5.15.0"
   role_description = "The administrative role for the EKS cluster"
 
-  role_name         = "${var.environment}-radar-base-admin-role"
+  role_name         = "${var.eks_cluster_name}-admin-role"
   create_role       = true
   role_requires_mfa = false
 
@@ -36,15 +36,15 @@ module "eks_admins_iam_role" {
     "arn:aws:iam::${module.vpc.vpc_owner_id}:root"
   ]
 
-  tags = merge(tomap({ "Name" : "radar-base-admin-role" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-admin-role" }), var.common_tags)
 }
 
 
 module "allow_assume_eks_admins_iam_policy" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
   version = "5.15.0"
 
-  name          = "${var.environment}-radar-base-allow-assume-eks-admin-role"
+  name          = "${var.eks_cluster_name}-allow-assume-eks-admin-role"
   create_policy = true
 
   policy = jsonencode({
@@ -60,26 +60,26 @@ module "allow_assume_eks_admins_iam_policy" {
     ]
   })
 
-  tags = merge(tomap({ "Name" : "radar-base-allow-assume-eks-admin-role" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-allow-assume-eks-admin-role" }), var.common_tags)
 }
 
 module "eks_admins_iam_group" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
   version = "5.15.0"
 
-  name                              = "${var.environment}-radar-base-eks-admin-group"
+  name                              = "${var.eks_cluster_name}-eks-admin-group"
   attach_iam_self_management_policy = false
   create_group                      = true
   group_users                       = var.eks_admins_group_users
   custom_group_policy_arns          = [module.allow_assume_eks_admins_iam_policy.arn]
 
-  tags = merge(tomap({ "Name" : "radar-base-eks-admin-group" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-eks-admin-group" }), var.common_tags)
 }
 
 module "iam_user" {
   source = "terraform-aws-modules/iam/aws//modules/iam-user"
 
-  name                          = "${var.environment}-radar-base-ecr-readonly-user"
+  name                          = "${var.eks_cluster_name}-ecr-readonly-user"
   create_iam_user_login_profile = false
   create_iam_access_key         = true
   force_destroy                 = false
@@ -88,11 +88,11 @@ module "iam_user" {
     "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly",
   ]
 
-  tags = merge(tomap({ "Name" : "radar-base-ecr-readonly-user" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-ecr-readonly-user" }), var.common_tags)
 }
 
 resource "aws_iam_policy" "s3_access" {
-  name = "radar-base-${var.environment}-s3-access-policy"
+  name = "${var.eks_cluster_name}-s3-access-policy"
   path = "/eks/"
 
   policy = jsonencode({
@@ -107,17 +107,19 @@ resource "aws_iam_policy" "s3_access" {
           "s3:DeleteObject"
         ]
         Resource = [
-          "arn:aws:s3:::radar-base-${var.environment}-intermediate-output-storage/*",
-          "arn:aws:s3:::radar-base-${var.environment}-output-storage/*",
-          "arn:aws:s3:::radar-base-${var.environment}-velero-backups/*",
+          "arn:aws:s3:::${var.eks_cluster_name}-intermediate-output-storage/*",
+          "arn:aws:s3:::${var.eks_cluster_name}-output-storage/*",
+          "arn:aws:s3:::${var.eks_cluster_name}-velero-backups/*",
         ]
       }
     ]
   })
+
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-s3-access-policy" }), var.common_tags)
 }
 
 resource "aws_iam_policy" "ecr_access" {
-  name = "radar-base-${var.environment}-ecr-access-policy"
+  name = "${var.eks_cluster_name}-ecr-access-policy"
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -143,11 +145,11 @@ resource "aws_iam_policy" "ecr_access" {
     ]
   })
 
-  tags = merge(tomap({ "Name" : "radar-base-ecr-access-policy" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-ecr-access-policy" }), var.common_tags)
 }
 
 resource "aws_iam_policy" "ecr_pull_through_cache" {
-  name = "radar-base-${var.environment}-ecr-pull-through-cache-policy"
+  name = "${var.eks_cluster_name}-ecr-pull-through-cache-policy"
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -164,5 +166,5 @@ resource "aws_iam_policy" "ecr_pull_through_cache" {
     ]
   })
 
-  tags = merge(tomap({ "Name" : "radar-base-ecr-pull-through-cache-policy" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-ecr-pull-through-cache-policy" }), var.common_tags)
 }
diff --git a/cluster/variables.tf b/cluster/variables.tf
@@ -39,7 +39,7 @@ variable "common_tags" {
   type        = map(string)
   description = "Common tags associated to resources created"
   default = {
-    Project     = "radar-base-development"
+    Project     = "radar-base"
     Environment = "dev"
   }
 }

diff --git a/config/karpenter.tf b/config/karpenter.tf
@@ -10,7 +10,7 @@ module "karpenter" {
   create_iam_role = false
   iam_role_arn    = data.aws_eks_node_group.worker.node_role_arn
 
-  tags = merge(tomap({ "Name" : "radar-base-karpenter" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-karpenter" }), var.common_tags)
 }
 
 resource "helm_release" "karpenter" {

diff --git a/config/msk.tf b/config/msk.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_role" "msk_role" {
-  name = "${var.environment}-msk-role"
+  name = "${var.eks_cluster_name}-msk-role"
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
@@ -14,7 +14,7 @@ resource "aws_iam_role" "msk_role" {
     ]
   })
 
-  tags = merge(tomap({ "Name" : "msk-role" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-msk-role" }), var.common_tags)
 }
 
 resource "aws_iam_role_policy_attachment" "msk_policy_attachment" {
@@ -23,7 +23,7 @@ resource "aws_iam_role_policy_attachment" "msk_policy_attachment" {
 }
 
 resource "aws_security_group" "msk_cluster_access" {
-  name_prefix = "${var.environment}-radar-base-msk-"
+  name_prefix = "${var.eks_cluster_name}-msk-"
   description = "This security group is for accessing the MSK cluster"
   vpc_id      = data.aws_vpc.main.id
 
@@ -41,12 +41,12 @@ resource "aws_security_group" "msk_cluster_access" {
     security_groups = [data.aws_security_group.node.id]
   }
 
-  tags = merge(tomap({ "Name" : "msk-cluster-access-sg" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-msk-cluster-access-sg" }), var.common_tags)
 }
 
 resource "aws_msk_configuration" "msk_configuration" {
   kafka_versions = [var.kafka_version]
-  name           = "radar-base-${var.environment}-msk-configuration"
+  name           = "${var.eks_cluster_name}-msk-configuration"
 
   server_properties = <<PROPERTIES
 auto.create.topics.enable=false
@@ -66,7 +66,7 @@ PROPERTIES
 }
 
 resource "aws_msk_cluster" "msk_cluster" {
-  cluster_name           = "radar-base-${var.environment}"
+  cluster_name           = "${var.eks_cluster_name}-msk-cluster"
   kafka_version          = var.kafka_version
   number_of_broker_nodes = 3
   enhanced_monitoring    = "DEFAULT"

diff --git a/config/rds.tf b/config/rds.tf
@@ -1,10 +1,10 @@
 resource "aws_db_subnet_group" "rds_subnet" {
-  name       = "radar-base-${var.environment}-rds-subnet"
+  name       = "${var.eks_cluster_name}-rds-subnet"
   subnet_ids = data.aws_subnets.private.ids
 }
 
 resource "aws_security_group" "rds_access" {
-  name_prefix = "radar-base-${var.environment}-"
+  name_prefix = "${var.eks_cluster_name}-"
   description = "This security group is for accessing the RDS DB"
   vpc_id      = data.aws_vpc.main.id
 
@@ -29,13 +29,13 @@ resource "aws_security_group" "rds_access" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
-  tags = merge(tomap({ "Name" : "radar-base-rds-access" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-rds-access" }), var.common_tags)
 
 }
 
 resource "aws_db_instance" "radar_postgres" {
-  identifier                   = "radar-base-${var.environment}-postgres"
-  db_name                      = "radarbase${var.environment}"
+  identifier                   = "${var.eks_cluster_name}-postgres"
+  db_name                      = "radarbase"
   engine                       = "postgres"
   engine_version               = var.postgres_version
   instance_class               = "db.t4g.micro"
@@ -51,7 +51,7 @@ resource "aws_db_instance" "radar_postgres" {
   vpc_security_group_ids       = [aws_security_group.rds_access.id]
   performance_insights_enabled = true
 
-  tags = merge(tomap({ "Name" : "radar-base-appserver" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-postgres" }), var.common_tags)
 }
 
 resource "kubectl_manifest" "create_databases" {
@@ -70,9 +70,9 @@ resource "kubectl_manifest" "create_databases" {
                 - "bash"
                 - "-c"
                 - |
-                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase${var.environment} -c 'CREATE DATABASE managementportal;'
-                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase${var.environment} -c 'CREATE DATABASE appserver;'
-                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase${var.environment} -c 'CREATE DATABASE rest_sources_auth;'
+                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase -c 'CREATE DATABASE managementportal;'
+                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase -c 'CREATE DATABASE appserver;'
+                  PGPASSWORD=${var.radar_postgres_password} psql --host=${aws_db_instance.radar_postgres.address} --port=5432 --username=${aws_db_instance.radar_postgres.username} --dbname=radarbase -c 'CREATE DATABASE rest_sources_auth;'
           restartPolicy: Never
   YAML
 

diff --git a/config/route53.tf b/config/route53.tf
@@ -1,6 +1,6 @@
 resource "aws_route53_zone" "primary" {
   name = var.domain_name
-  tags = merge(tomap({ "Name" : "radar-base-primary-zone" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-primary-zone" }), var.common_tags)
 }
 
 resource "aws_route53_record" "main" {
@@ -63,7 +63,7 @@ module "external_dns_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name                     = "${var.environment}-radar-base-external-dns-irsa"
+  role_name                     = "${var.eks_cluster_name}-external-dns-irsa"
   attach_external_dns_policy    = true
   external_dns_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
 
@@ -74,14 +74,14 @@ module "external_dns_irsa" {
     }
   }
 
-  tags = merge(tomap({ "Name" : "radar-base-external-dns-irsa" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-external-dns-irsa" }), var.common_tags)
 }
 
 module "cert_manager_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name                     = "${var.environment}-radar-base-cert-manager-irsa"
+  role_name                     = "${var.eks_cluster_name}-cert-manager-irsa"
   attach_cert_manager_policy    = true
   cert_manager_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
 
@@ -92,7 +92,7 @@ module "cert_manager_irsa" {
     }
   }
 
-  tags = merge(tomap({ "Name" : "radar-base-cert-manager-irsa" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-cert-manager-irsa" }), var.common_tags)
 }
 
 output "radar_base_route53_hosted_zone_id" {

diff --git a/config/s3.tf b/config/s3.tf
@@ -2,7 +2,7 @@ resource "aws_vpc_endpoint" "s3" {
   vpc_id       = data.aws_vpc.main.id
   service_name = "com.amazonaws.${var.AWS_REGION}.s3"
 
-  tags = merge(tomap({ "Name" : "s3-vpc-endpoint" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-s3-vpc-endpoint" }), var.common_tags)
 }
 
 resource "aws_vpc_endpoint_route_table_association" "route_table_association" {
@@ -11,9 +11,9 @@ resource "aws_vpc_endpoint_route_table_association" "route_table_association" {
 }
 
 resource "aws_s3_bucket" "intermediate_output_storage" {
-  bucket = "radar-base-${var.environment}-intermediate-output-storage"
+  bucket = "${var.eks_cluster_name}-intermediate-output-storage"
 
-  tags = merge(tomap({ "Name" : "radar-base-eks-intermediate-output-storage" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-intermediate-output-storage" }), var.common_tags)
 }
 
 resource "aws_s3_bucket_ownership_controls" "intermediate_output" {
@@ -33,9 +33,9 @@ resource "aws_s3_bucket_acl" "intermediate_output" {
 }
 
 resource "aws_s3_bucket" "output_storage" {
-  bucket = "radar-base-${var.environment}-output-storage"
+  bucket = "${var.eks_cluster_name}-output-storage"
 
-  tags = merge(tomap({ "Name" : "radar-base-eks-output-storage" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-output-storage" }), var.common_tags)
 }
 
 resource "aws_s3_bucket_ownership_controls" "output" {
@@ -55,9 +55,9 @@ resource "aws_s3_bucket_acl" "output" {
 }
 
 resource "aws_s3_bucket" "velero_backups" {
-  bucket = "radar-base-${var.environment}-velero-backups"
+  bucket = "${var.eks_cluster_name}-velero-backups"
 
-  tags = merge(tomap({ "Name" : "radar-base-eks-velero-backups" }), var.common_tags)
+  tags = merge(tomap({ "Name" : "${var.eks_cluster_name}-velero-backups" }), var.common_tags)
 }
 
 resource "aws_s3_bucket_ownership_controls" "velero" {