refactor: Remove aws-resource-tags module and its usage from bluepr…

…ints (#551)
aws-ia · May 26, 2022 · 4757dd4 · 4757dd4
1 parent 415dbc4
commit 4757dd4
Show file tree

Hide file tree

Showing 113 changed files with 2,011 additions and 2,588 deletions.
diff --git a/.github/workflows/e2e-parallel-destroy.yml b/.github/workflows/e2e-parallel-destroy.yml
@@ -8,9 +8,6 @@ on:
         required: true
         default: 'true'
 
-env:
-  DEFAULT_DEPLOY_ORDER: 'module.e2e_test.module.aws_vpc,module.e2e_test.module.eks_blueprints,module.e2e_test.module.eks_blueprints_kubernetes_addons'
-
 concurrency: e2e-parallel-destroy
 
 jobs:
@@ -27,108 +24,46 @@ jobs:
       matrix:
         include:
           - example_path: examples/analytics/emr-on-eks
-            tenant_name: 'emr-eks'
           - example_path: examples/analytics/spark-k8s-operator
-            tenant_name: 'spark'
-          - example_path: examples/gitops/argocd
-            tenant_name: 'argo'
           - example_path: examples/aws-efs-csi-driver
-            tenant_name: 'efs'
           - example_path: examples/crossplane
-            tenant_name: 'crossplane'
           - example_path: examples/eks-cluster-with-new-vpc
-            tenant_name: 'new-vpc'
           - example_path: examples/fully-private-eks-cluster
-            tenant_name: 'private'
-            deployment_order:
-              [
-                'module.e2e_test.module.aws_vpc',
-                'module.e2e_test.module.vpc_endpoint_gateway',
-                'module.e2e_test.module.vpc_endpoints',
-                'module.e2e_test.module.eks_blueprints',
-              ]
           - example_path: examples/game-tech/agones-game-controller
-            tenant_name: 'agones'
-          - example_path: examples/ingress-controllers/nginx
-            tenant_name: 'nginx'
-            deployment_order:
-              [
-                'module.e2e_test.module.aws_vpc',
-                'module.e2e_test.module.eks_blueprints',
-                'module.e2e_test.module.eks_blueprints_kubernetes_addons',
-                'module.e2e_test.module.aws_load_balancer_controller',
-                'module.e2e_test.module.ingress_nginx',
-              ]
+          - example_path: examples/gitops/argocd
+          # - example_path: examples/ingress-controllers/nginx # ignoring due to https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1629
+          - example_path: examples/ipv6-eks-cluster
           - example_path: examples/karpenter
-            tenant_name: 'karpenter'
-          - example_path: examples/node-groups/managed-node-groups
-            tenant_name: 'managed'
           - example_path: examples/multi-tenancy-with-teams
-            tenant_name: 'teams'
+          - example_path: examples/node-groups/fargate-profiles
+          - example_path: examples/node-groups/managed-node-groups
           - example_path: examples/node-groups/self-managed-node-groups
-            tenant_name: 'self'
           - example_path: examples/node-groups/windows-node-groups
-            tenant_name: 'windows'
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Pre Setup
-        id: pre-setup
-        run: |
-          mkdir -p deploy/e2e-test
-          if [[ ${{ matrix.example_path }} == deploy/* ]]
-          then
-            echo "Skipping pre-setup for ${{ matrix.example_path }}"
-            cp -R ${{ matrix.example_path }}/* deploy/e2e-test/
-          else
-            echo "Running pre-setup for ${{ matrix.example_path }}"
-            cp -R deploy/e2e-template/* deploy/e2e-test/
-            sed -i "s!REPLACE_ME!${{ matrix.tenant_name }}!g" deploy/e2e-test/base.tfvars
-            sed -i "s!TF_STATE_PATH!${{ matrix.example_path }}!g" deploy/e2e-test/backend.conf
-            sed -i "s!EXAMPLE_PATH!${{ matrix.example_path }}!g" deploy/e2e-test/main.tf
-          fi
-
-      - name: Setup Deployment Order
-        id: setup-deployment-order
-        run: |
-          export MATRIX_DEPLOYMENT_ORDER=${{join(matrix.deployment_order,',') }}
+      - name: Setup backend
+        # Un-comment remote backend for use in workflow
+        run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf
 
-          if [ -z "$MATRIX_DEPLOYMENT_ORDER" ]
-          then
-            DEPLOYMENT_ORDER=${{env.DEFAULT_DEPLOY_ORDER}}
-          else
-            DEPLOYMENT_ORDER=$MATRIX_DEPLOYMENT_ORDER
-          fi
-          echo "DEPLOYMENT_ORDER=$DEPLOYMENT_ORDER" >> $GITHUB_ENV
-
-      - name: Configure AWS credentials from Test account
+      - name: Auth AWS
         uses: aws-actions/configure-aws-credentials@v1
         with:
           role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
           aws-region: us-west-2
           role-duration-seconds: 3600
           role-session-name: GithubActions-Session
 
-      - name: Terraform Job
+      - name: Setup Terraform
         uses: hashicorp/setup-terraform@v1
         with:
           terraform_version: 1.0.0
 
-      - name: Terraform Init
-        id: init
-        run: terraform init  -backend-config backend.conf -reconfigure
-        working-directory: deploy/e2e-test
-
       - name: Terraform Destroy
-        id: destroy
-        working-directory: deploy/e2e-test
+        working-directory: ${{ matrix.example_path }}
         run: |
-          reverse_array=$(echo ${{ env.DEPLOYMENT_ORDER }}  | awk -F, '{for (i=NF; i>0; --i) printf "%s%s", (i<NF ? "," : ""), $i; printf "\n"}')
-          IFS=',' read -r -a array <<< "$reverse_array"
-          for element in "${array[@]}"
-          do
-            terraform destroy -target="$element" -var-file base.tfvars -no-color -input=false -auto-approve
-            sleep 45
-          done
-          terraform destroy -var-file base.tfvars -no-color -input=false -auto-approve
+          terraform init -upgrade=true
+          terraform destroy -target=module.eks_blueprints_kubernetes_addons  -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints  -no-color -input=false -auto-approve
+          terraform destroy -no-color -input=false -auto-approve
diff --git a/.github/workflows/e2e-parallel-full.yml b/.github/workflows/e2e-parallel-full.yml
@@ -7,8 +7,6 @@ on:
         description: 'Destroy TF Automatically (false/true) - Default: true'
         required: true
         default: 'true'
-env:
-  DEFAULT_DEPLOY_ORDER: 'module.e2e_test.module.aws_vpc,module.e2e_test.module.eks_blueprints,module.e2e_test.module.eks_blueprints_kubernetes_addons'
 
 concurrency: e2e-parallel-full
 
@@ -26,141 +24,60 @@ jobs:
       matrix:
         include:
           - example_path: examples/analytics/emr-on-eks
-            tenant_name: 'emr-eks'
           - example_path: examples/analytics/spark-k8s-operator
-            tenant_name: 'spark'
-          - example_path: examples/multi-tenancy-with-teams
-            tenant_name: 'teams'
-          - example_path: examples/gitops/argocd
-            tenant_name: 'argo'
-          - example_path: examples/crossplane
-            tenant_name: 'crossplane'
           - example_path: examples/aws-efs-csi-driver
-            tenant_name: 'efs'
+          - example_path: examples/crossplane
           - example_path: examples/eks-cluster-with-new-vpc
-            tenant_name: 'new-vpc'
           - example_path: examples/fully-private-eks-cluster
-            tenant_name: 'private'
-            deployment_order:
-              [
-                'module.e2e_test.module.aws_vpc',
-                'module.e2e_test.module.vpc_endpoint_gateway',
-                'module.e2e_test.module.vpc_endpoints',
-                'module.e2e_test.module.eks_blueprints',
-              ]
           - example_path: examples/game-tech/agones-game-controller
-            tenant_name: 'agones'
-          - example_path: examples/ingress-controllers/nginx
-            tenant_name: 'nginx'
-            deployment_order:
-              [
-                'module.e2e_test.module.aws_vpc',
-                'module.e2e_test.module.eks_blueprints',
-                'module.e2e_test.module.eks_blueprints_kubernetes_addons',
-                'module.e2e_test.module.aws_load_balancer_controller',
-                'module.e2e_test.module.ingress_nginx',
-              ]
+          - example_path: examples/gitops/argocd
+          # - example_path: examples/ingress-controllers/nginx # ignoring due to https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1629
+          - example_path: examples/ipv6-eks-cluster
           - example_path: examples/karpenter
-            tenant_name: 'karpenter'
+          - example_path: examples/multi-tenancy-with-teams
+          - example_path: examples/node-groups/fargate-profiles
           - example_path: examples/node-groups/managed-node-groups
-            tenant_name: 'managed'
           - example_path: examples/node-groups/self-managed-node-groups
-            tenant_name: 'self'
           - example_path: examples/node-groups/windows-node-groups
-            tenant_name: 'windows'
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Pre Setup
-        id: pre-setup
-        run: |
-          mkdir -p deploy/e2e-test
-          if [[ ${{ matrix.example_path }} == deploy/* ]]
-          then
-            echo "Skipping pre-setup for ${{ matrix.example_path }}"
-            cp -R ${{ matrix.example_path }}/* deploy/e2e-test/
-          else
-            echo "Running pre-setup for ${{ matrix.example_path }}"
-            cp -R deploy/e2e-template/* deploy/e2e-test/
-            sed -i "s!REPLACE_ME!${{ matrix.tenant_name }}!g" deploy/e2e-test/base.tfvars
-            sed -i "s!TF_STATE_PATH!${{ matrix.example_path }}!g" deploy/e2e-test/backend.conf
-            sed -i "s!EXAMPLE_PATH!${{ matrix.example_path }}!g" deploy/e2e-test/main.tf
-          fi
-
-      - name: Setup Deployment Order
-        id: setup-deployment-order
-        run: |
-          export MATRIX_DEPLOYMENT_ORDER=${{join(matrix.deployment_order,',') }}
-
-          if [ -z "$MATRIX_DEPLOYMENT_ORDER" ]
-          then
-            DEPLOYMENT_ORDER=${{env.DEFAULT_DEPLOY_ORDER}}
-          else
-            DEPLOYMENT_ORDER=$MATRIX_DEPLOYMENT_ORDER
-          fi
-          echo "DEPLOYMENT_ORDER=$DEPLOYMENT_ORDER" >> $GITHUB_ENV
+      - name: Setup backend
+        # Un-comment remote backend for use in workflow
+        run: sed -i "s/# //g" ${{ matrix.example_path }}/versions.tf
 
-      - name: Configure AWS credentials from Test account
+      - name: Auth AWS
         uses: aws-actions/configure-aws-credentials@v1
         with:
           role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
           aws-region: us-west-2
           role-duration-seconds: 3600
           role-session-name: GithubActions-Session
 
-      - name: Terraform Job
+      - name: Setup Terraform
         uses: hashicorp/setup-terraform@v1
         with:
           terraform_version: 1.0.0
 
-      - name: Terraform Fmt
-        id: fmt
-        run: terraform fmt -check -recursive -list -no-color
-
-      - name: Terraform Init
-        id: init
-        run: terraform init  -backend-config backend.conf -reconfigure
-        working-directory: deploy/e2e-test
-
-      - name: Terraform Validate
-        id: validate
-        working-directory: deploy/e2e-test
-        run: terraform validate -no-color
-
-      - name: Terraform Plan
-        id: plan
-        working-directory: deploy/e2e-test
-        run: terraform plan -var-file base.tfvars -no-color
-
       - name: Terraform Apply
         id: apply
-        working-directory: deploy/e2e-test
+        working-directory: ${{ matrix.example_path }}
         run: |
-          IFS=',' read -r -a array <<< "${{ env.DEPLOYMENT_ORDER }}"
-          for element in "${array[@]}"
-          do
-            terraform apply -target="$element" -var-file base.tfvars -no-color -input=false -auto-approve
-          done
-          terraform apply -var-file base.tfvars -no-color -input=false -auto-approve
+          terraform init -upgrade=true
+          terraform apply -no-color -input=false -auto-approve
 
       - name: Terraform Destroy
         if: github.event.inputs.TFDestroy == 'true' && (steps.apply.outcome == 'success' || steps.apply.outcome == 'failure')
-        id: destroy
-        working-directory: deploy/e2e-test
+        working-directory: ${{ matrix.example_path }}
         run: |
-          reverse_array=$(echo ${{ env.DEPLOYMENT_ORDER }}  | awk -F, '{for (i=NF; i>0; --i) printf "%s%s", (i<NF ? "," : ""), $i; printf "\n"}')
-          IFS=',' read -r -a array <<< "$reverse_array"
-          for element in "${array[@]}"
-          do
-            terraform destroy -target="$element" -var-file base.tfvars -no-color -input=false -auto-approve
-            sleep 45
-          done
-          terraform destroy -var-file base.tfvars -no-color -input=false -auto-approve
+          terraform init -upgrade=true
+          terraform destroy -target=module.eks_blueprints_kubernetes_addons  -no-color -input=false -auto-approve
+          terraform destroy -target=module.eks_blueprints  -no-color -input=false -auto-approve
+          terraform destroy -no-color -input=false -auto-approve
 
       - name: Fail if TF apply failed
         if: steps.apply.outcome == 'failure'
-        id: fail-if-tf-apply-failed
         run: |
           echo "Terraform Apply step failed...Please check the logs of the Terraform Apply step."
           echo "Failing the job to avoid false positives."

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.72.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/README.md b/README.md
@@ -137,7 +137,6 @@ If you are interested in contributing to EKS Blueprints, see the [Contribution g
 | <a name="module_aws_eks_self_managed_node_groups"></a> [aws\_eks\_self\_managed\_node\_groups](#module\_aws\_eks\_self\_managed\_node\_groups) | ./modules/aws-eks-self-managed-node-groups | n/a |
 | <a name="module_aws_eks_teams"></a> [aws\_eks\_teams](#module\_aws\_eks\_teams) | ./modules/aws-eks-teams | n/a |
 | <a name="module_aws_managed_prometheus"></a> [aws\_managed\_prometheus](#module\_aws\_managed\_prometheus) | ./modules/aws-managed-prometheus | n/a |
-| <a name="module_eks_tags"></a> [eks\_tags](#module\_eks\_tags) | ./modules/aws-resource-tags | n/a |
 | <a name="module_emr_on_eks"></a> [emr\_on\_eks](#module\_emr\_on\_eks) | ./modules/emr-on-eks | n/a |
 | <a name="module_kms"></a> [kms](#module\_kms) | ./modules/aws-kms | n/a |
 
@@ -193,7 +192,6 @@ If you are interested in contributing to EKS Blueprints, see the [Contribution g
 | <a name="input_enable_emr_on_eks"></a> [enable\_emr\_on\_eks](#input\_enable\_emr\_on\_eks) | Enable EMR on EKS | `bool` | `false` | no |
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
 | <a name="input_enable_windows_support"></a> [enable\_windows\_support](#input\_enable\_windows\_support) | Enable Windows support | `bool` | `false` | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | Environment area, e.g. prod or preprod | `string` | `"preprod"` | no |
 | <a name="input_fargate_profiles"></a> [fargate\_profiles](#input\_fargate\_profiles) | Fargate profile configuration | `any` | `{}` | no |
 | <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `list(string)` | `[]` | no |
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | `string` | `null` | no |
@@ -207,17 +205,13 @@ If you are interested in contributing to EKS Blueprints, see the [Contribution g
 | <a name="input_node_security_group_additional_rules"></a> [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | `any` | `{}` | no |
 | <a name="input_node_security_group_tags"></a> [node\_security\_group\_tags](#input\_node\_security\_group\_tags) | A map of additional tags to add to the node security group created | `map(string)` | `{}` | no |
 | <a name="input_openid_connect_audiences"></a> [openid\_connect\_audiences](#input\_openid\_connect\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider | `list(string)` | `[]` | no |
-| <a name="input_org"></a> [org](#input\_org) | tenant, which could be your organization name, e.g. aws' | `string` | `""` | no |
 | <a name="input_platform_teams"></a> [platform\_teams](#input\_platform\_teams) | Map of maps of platform teams to create | `any` | `{}` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnets Ids for the cluster and worker nodes | `list(string)` | `[]` | no |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnets Ids for the worker nodes | `list(string)` | `[]` | no |
 | <a name="input_self_managed_node_groups"></a> [self\_managed\_node\_groups](#input\_self\_managed\_node\_groups) | Self-managed node groups configuration | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no |
-| <a name="input_tenant"></a> [tenant](#input\_tenant) | Account name or unique account id e.g., apps or management or aws007 | `string` | `"aws"` | no |
-| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version | `string` | `"Terraform"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC Id | `string` | n/a | yes |
 | <a name="input_worker_additional_security_group_ids"></a> [worker\_additional\_security\_group\_ids](#input\_worker\_additional\_security\_group\_ids) | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no |
-| <a name="input_zone"></a> [zone](#input\_zone) | zone, e.g. dev or qa or load or ops etc... | `string` | `"dev"` | no |
 
 ## Outputs
 
@@ -233,6 +227,7 @@ If you are interested in contributing to EKS Blueprints, see the [Contribution g
 | <a name="output_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server |
 | <a name="output_eks_cluster_id"></a> [eks\_cluster\_id](#output\_eks\_cluster\_id) | Amazon EKS Cluster Name |
 | <a name="output_eks_cluster_status"></a> [eks\_cluster\_status](#output\_eks\_cluster\_status) | Amazon EKS Cluster Status |
+| <a name="output_eks_cluster_version"></a> [eks\_cluster\_version](#output\_eks\_cluster\_version) | The Kubernetes version for the cluster |
 | <a name="output_eks_oidc_issuer_url"></a> [eks\_oidc\_issuer\_url](#output\_eks\_oidc\_issuer\_url) | The URL on the EKS cluster OIDC Issuer |
 | <a name="output_eks_oidc_provider_arn"></a> [eks\_oidc\_provider\_arn](#output\_eks\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true`. |
 | <a name="output_emr_on_eks_role_arn"></a> [emr\_on\_eks\_role\_arn](#output\_emr\_on\_eks\_role\_arn) | IAM execution role ARN for EMR on EKS |

diff --git a/data.tf b/data.tf
@@ -86,10 +86,7 @@ data "aws_iam_policy_document" "eks_key" {
       type = "AWS"
       identifiers = concat(
         var.cluster_kms_key_additional_admin_arns,
-        [
-          "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${local.cluster_iam_role_name}",
-          data.aws_iam_session_context.current.issuer_arn
-        ]
+        [data.aws_iam_session_context.current.issuer_arn]
       )
     }
   }
@@ -109,7 +106,7 @@ data "aws_iam_policy_document" "eks_key" {
     principals {
       type = "AWS"
       identifiers = [
-        "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${local.cluster_iam_role_name}"
+        local.cluster_iam_role_arn
       ]
     }
   }
@@ -129,7 +126,7 @@ data "aws_iam_policy_document" "eks_key" {
     principals {
       type = "AWS"
       identifiers = [
-        "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:role/${local.cluster_iam_role_name}"
+        local.cluster_iam_role_arn
       ]
     }
 

diff --git a/deploy/e2e-template/README.md b/deploy/e2e-template/README.md