-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
132 lines (110 loc) · 3.59 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
provider "aws" {
region = local.aws_region
}
locals {
aws_region = var.main_vpc_aws_region
}
#############################################################
# Data source to get VPC-ID
#############################################################
data "terraform_remote_state" "main_vpc" {
backend = "s3"
config = {
bucket = "terradatum-terraform-state"
encrypt = "true"
region = "us-west-2"
dynamodb_table = "terradatum-terraform-locks"
key = "dev-usw2/main-vpc/terraform.tfstate"
}
}
########################################################################
# Get private VPCs subnets
# ref: https://github.com/hashicorp/terraform/issues/16902
########################################################################
# tricky to save $ they want you to spread across all AZs
data "aws_subnet_ids" "private-2a" {
vpc_id = data.terraform_remote_state.main_vpc.outputs.main_vpc_id
filter {
name = "tag:Name"
values = ["eks-dev-private-us-west-2a"]
}
}
data "aws_subnet_ids" "private-2b" {
vpc_id = data.terraform_remote_state.main_vpc.outputs.main_vpc_id
filter {
name = "tag:Name"
values = ["eks-dev-private-us-west-2b"]
}
}
data "aws_security_group" "msk-sg" {
vpc_id = data.terraform_remote_state.main_vpc.outputs.main_vpc_id
tags = {
Name = "msk-kafka-dev-vpc"
}
}
resource "aws_kms_key" "kms" {
description = "${var.msk_cluster_name}-kms-key"
}
resource "aws_msk_cluster" "msk" {
cluster_name = var.msk_cluster_name
kafka_version = var.msk_kafka_version
number_of_broker_nodes = var.msk_number_of_broker_nodes
broker_node_group_info {
instance_type = var.msk_broker_instance_type
ebs_volume_size = var.msk_broker_ebs_volume_size
client_subnets = flatten([data.aws_subnet_ids.private-2a.ids, data.aws_subnet_ids.private-2b.ids])
security_groups = [data.aws_security_group.msk-sg.id]
}
configuration_info {
arn = aws_msk_configuration.msk.arn
revision = aws_msk_configuration.msk.latest_revision
}
encryption_info {
encryption_at_rest_kms_key_arn = aws_kms_key.kms.arn
encryption_in_transit {
#client_broker = "TLS" # or TLS_PLAINTEXT or PLAINTEXT
client_broker = "TLS_PLAINTEXT"
}
}
tags = var.env_global_tags
lifecycle {
create_before_destroy = true
ignore_changes = [
id,
cluster_name,
]
#prevent_destroy = true
}
}
#aws_msk_configuration.msk.name
########################################################################
# create KSM Kafka Cluster Config
########################################################################
# Ref: MSK cluster destroy doesn't remove `aws_msk_configuration` #9082
# https://github.com/terraform-providers/terraform-provider-aws/issues/9082
resource "random_id" "server" {
keepers = {
msk_cluster_name = var.msk_cluster_name
}
byte_length = 8
}
resource "aws_msk_configuration" "msk" {
kafka_versions = [var.msk_kafka_version]
name = "${var.msk_cluster_name}-${random_id.server.hex}"
# https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html
server_properties = <<PROPERTIES
auto.create.topics.enable = true
delete.topic.enable = true
auto.create.topics.enable = true
default.replication.factor = ${var.msk_number_of_broker_nodes}
min.insync.replicas = 2
num.io.threads = 8
num.network.threads = 5
num.partitions = 2
num.replica.fetchers = 2
socket.request.max.bytes = 104857600
unclean.leader.election.enable = true
log.retention.hours = 168
log.retention.bytes = 187904819200
PROPERTIES
}