Adds EIP provisioning (#7)

* Adds EIP provisioning * eof newline * Auto Format * Update variables.tf Co-authored-by: nitrocode <[email protected]> * Update outputs.tf Co-authored-by: nitrocode <[email protected]> * Auto Format * Update variable name to match the rest of cloud posse patterns * Auto Format * Update examples/vpc/main.tf * Forgot to change a variable name Co-authored-by: cloudpossebot <[email protected]> Co-authored-by: nitrocode <[email protected]>
cloudposse · Aug 4, 2021 · b1f86ce · b1f86ce
1 parent 5bbb1fd
commit b1f86ce
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -155,6 +155,7 @@ Available targets:
 
 | Name | Type |
 |------|------|
+| [aws_eip.sftp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -179,6 +180,7 @@ Available targets:
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | Where your files are stored. S3 or EFS | `string` | `"S3"` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Domain to use when connecting to the SFTP endpoint | `string` | `""` | no |
+| <a name="input_eip_enabled"></a> [eip\_enabled](#input\_eip\_enabled) | Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet. | `bool` | `false` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Forces the AWS Transfer Server to be destroyed | `bool` | `false` | no |
@@ -204,6 +206,7 @@ Available targets:
 
 | Name | Description |
 |------|-------------|
+| <a name="output_elastic_ips"></a> [elastic\_ips](#output\_elastic\_ips) | Provisioned Elastic IPs |
 | <a name="output_id"></a> [id](#output\_id) | ID of the created example |
 | <a name="output_transfer_endpoint"></a> [transfer\_endpoint](#output\_transfer\_endpoint) | The endpoint of the Transfer Server |
 <!-- markdownlint-restore -->

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -25,6 +25,7 @@
 
 | Name | Type |
 |------|------|
+| [aws_eip.sftp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -49,6 +50,7 @@
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | Where your files are stored. S3 or EFS | `string` | `"S3"` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Domain to use when connecting to the SFTP endpoint | `string` | `""` | no |
+| <a name="input_eip_enabled"></a> [eip\_enabled](#input\_eip\_enabled) | Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet. | `bool` | `false` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Forces the AWS Transfer Server to be destroyed | `bool` | `false` | no |
@@ -74,6 +76,7 @@
 
 | Name | Description |
 |------|-------------|
+| <a name="output_elastic_ips"></a> [elastic\_ips](#output\_elastic\_ips) | Provisioned Elastic IPs |
 | <a name="output_id"></a> [id](#output\_id) | ID of the created example |
 | <a name="output_transfer_endpoint"></a> [transfer\_endpoint](#output\_transfer\_endpoint) | The endpoint of the Transfer Server |
 <!-- markdownlint-restore -->
diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
@@ -55,22 +55,15 @@ module "s3_bucket" {
   context = module.this.context
 }
 
-resource "aws_eip" "sftp" {
-  count = length(module.dynamic_subnets.public_subnet_ids)
-
-  vpc = true
-}
-
 module "example" {
   source = "../.."
 
+  eip_enabled            = true
+  s3_bucket_name         = module.s3_bucket.bucket_id
   sftp_users             = var.sftp_users
+  subnet_ids             = [module.dynamic_subnets.public_subnet_ids[0]]
   vpc_id                 = module.vpc.vpc_id
-  subnet_ids             = module.dynamic_subnets.public_subnet_ids
   vpc_security_group_ids = [module.security_group.id]
-  address_allocation_ids = aws_eip.sftp.*.id
-
-  s3_bucket_name = module.s3_bucket.bucket_id
 
   context = module.this.context
 }
diff --git a/main.tf b/main.tf
@@ -28,7 +28,7 @@ resource "aws_transfer_server" "default" {
       subnet_ids             = var.subnet_ids
       security_group_ids     = var.vpc_security_group_ids
       vpc_id                 = var.vpc_id
-      address_allocation_ids = var.address_allocation_ids
+      address_allocation_ids = var.eip_enabled ? aws_eip.sftp.*.id : var.address_allocation_ids
     }
   }
 
@@ -60,6 +60,12 @@ resource "aws_transfer_ssh_key" "default" {
   ]
 }
 
+resource "aws_eip" "sftp" {
+  count = local.enabled && var.eip_enabled ? length(var.subnet_ids) : 0
+
+  vpc = local.is_vpc
+}
+
 # Custom Domain
 resource "aws_route53_record" "main" {
   count = local.enabled && length(var.domain_name) > 0 && length(var.zone_id) > 0 ? 1 : 0

diff --git a/outputs.tf b/outputs.tf
@@ -5,5 +5,10 @@ output "id" {
 
 output "transfer_endpoint" {
   description = "The endpoint of the Transfer Server"
-  value       = join("", aws_transfer_server.default[*].endpoint)
+  value       = module.this.enabled ? join("", aws_transfer_server.default.*.endpoint) : null
+}
+
+output "elastic_ips" {
+  description = "Provisioned Elastic IPs"
+  value       = module.this.enabled && var.eip_enabled ? aws_eip.sftp.*.id : null
 }
diff --git a/variables.tf b/variables.tf
@@ -72,4 +72,10 @@ variable "zone_id" {
   type        = string
   description = "Route53 Zone ID to add the CNAME"
   default     = ""
-}
+}
+
+variable "eip_enabled" {
+  type        = bool
+  description = "Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet."
+  default     = false
+}