Update EFS & ECS components to allow using EFS in ECS (cloudposse…

…/terraform-aws-components#979)
cloudposse-terraform-components · Feb 20, 2024 · 5f48b55 · 5f48b55
1 parent 105c149
commit 5f48b55
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/src/README.md b/src/README.md
@@ -17,6 +17,14 @@ components:
         name: shared-files
         dns_name: shared-files
         provisioned_throughput_in_mibps: 10
+      # additional_security_group_rules:
+      #   - key: "fargate_efs"
+      #     type: "ingress"
+      #     from_port: 2049
+      #     to_port: 2049
+      #     protocol: "tcp"
+      #     description: "Allow Fargate EFS Volume mounts"
+      #     cidr_blocks: ["0.0.0.0/0"]
 ```
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -37,7 +45,7 @@ components:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_efs"></a> [efs](#module\_efs) | cloudposse/efs/aws | 0.32.7 |
+| <a name="module_efs"></a> [efs](#module\_efs) | cloudposse/efs/aws | 0.35.0 |
 | <a name="module_eks"></a> [eks](#module\_eks) | cloudposse/stack-config/yaml//modules/remote-state | 1.5.0 |
 | <a name="module_gbl_dns_delegated"></a> [gbl\_dns\_delegated](#module\_gbl\_dns\_delegated) | cloudposse/stack-config/yaml//modules/remote-state | 1.5.0 |
 | <a name="module_iam_roles"></a> [iam\_roles](#module\_iam\_roles) | ../account-map/modules/iam-roles | n/a |
@@ -57,6 +65,7 @@ components:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_security_group_rules"></a> [additional\_security\_group\_rules](#input\_additional\_security\_group\_rules) | A list of Security Group rule objects to add to the created security group, in addition to the ones<br>this module normally creates. (To suppress the module's rules, set `create_security_group` to false<br>and supply your own security group via `associated_security_group_ids`.)<br>The keys and values of the objects are fully compatible with the `aws_security_group_rule` resource, except<br>for `security_group_id` which will be ignored, and the optional "key" which, if provided, must be unique and known at "plan" time.<br>To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `[]` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |

diff --git a/src/main.tf b/src/main.tf
@@ -17,12 +17,13 @@ locals {
 
 module "efs" {
   source  = "cloudposse/efs/aws"
-  version = "0.32.7"
+  version = "0.35.0"
 
   region                          = var.region
   vpc_id                          = local.vpc_id
   subnets                         = local.private_subnet_ids
   allowed_security_group_ids      = local.allowed_security_groups
+  additional_security_group_rules = var.additional_security_group_rules
   performance_mode                = var.performance_mode
   provisioned_throughput_in_mibps = var.provisioned_throughput_in_mibps
   throughput_mode                 = var.throughput_mode

diff --git a/src/variables.tf b/src/variables.tf
@@ -46,3 +46,16 @@ variable "eks_component_names" {
   description = "The names of the eks components"
   default     = ["eks/cluster"]
 }
+
+variable "additional_security_group_rules" {
+  type        = list(any)
+  default     = []
+  description = <<-EOT
+    A list of Security Group rule objects to add to the created security group, in addition to the ones
+    this module normally creates. (To suppress the module's rules, set `create_security_group` to false
+    and supply your own security group via `associated_security_group_ids`.)
+    The keys and values of the objects are fully compatible with the `aws_security_group_rule` resource, except
+    for `security_group_id` which will be ignored, and the optional "key" which, if provided, must be unique and known at "plan" time.
+    To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule .
+    EOT
+}