Add lattice-shared-service-network and lattice-shared-service (#15)

Author: posquit0

.github/labeler.yaml

@@ -29,6 +29,12 @@
 ":floppy_disk: lattice-service":
 - modules/lattice-service/**/*
 
+":floppy_disk: lattice-shared-service-network":
+- modules/lattice-shared-service-network/**/*
+
+":floppy_disk: lattice-shared-service":
+- modules/lattice-shared-service/**/*
+
 ":floppy_disk: reachability-analyzer-path":
 - modules/reachability-analyzer-path/**/*
 

.github/labels.yaml

@@ -70,6 +70,12 @@
 - color: "fbca04"
   description: "This issue or pull request is related to lattice-service module."
   name: ":floppy_disk: lattice-service"
+- color: "fbca04"
+  description: "This issue or pull request is related to lattice-shared-service-network module."
+  name: ":floppy_disk: lattice-shared-service-network"
+- color: "fbca04"
+  description: "This issue or pull request is related to lattice-shared-service module."
+  name: ":floppy_disk: lattice-shared-service"
 - color: "fbca04"
   description: "This issue or pull request is related to reachability-analyzer-path module."
   name: ":floppy_disk: reachability-analyzer-path"

README.md

@@ -16,6 +16,8 @@ Terraform module which creates VPC Connectivity related resources (VPC Peering,
 - [lattice-service-listener](./modules/lattice-service-listener)
 - [lattice-service-network](./modules/lattice-service-network)
 - [lattice-service](./modules/lattice-service)
+- [lattice-shared-service-network](./modules/lattice-shared-service-network)
+- [lattice-shared-service](./modules/lattice-shared-service)
 - [reachability-analyzer-path](./modules/reachability-analyzer-path)
 - [vpc-endpoint-service](./modules/vpc-endpoint-service)
 - [vpc-gateway-endpoint](./modules/vpc-gateway-endpoint)

VERSION

@@ -1 +1 @@
-0.2.0
+0.2.2

modules/lattice-service-network/README.md

@@ -42,6 +42,7 @@ This module creates following resources.
 | [aws_vpclattice_service_network.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service_network) | resource |
 | [aws_vpclattice_service_network_service_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service_network_service_association) | resource |
 | [aws_vpclattice_service_network_vpc_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service_network_vpc_association) | resource |
+| [aws_vpclattice_service_network.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpclattice_service_network) | data source |
 
 ## Inputs
 
@@ -70,11 +71,13 @@ This module creates following resources.
 |------|-------------|
 | <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the service network. |
 | <a name="output_auth_type"></a> [auth\_type](#output\_auth\_type) | The type of authentication and authorization that manages client access to the service network. |
+| <a name="output_created_at"></a> [created\_at](#output\_created\_at) | Date and time that the service network was created, specified in ISO-8601 format. |
 | <a name="output_description"></a> [description](#output\_description) | The description of the service network. |
 | <a name="output_id"></a> [id](#output\_id) | The ID of the service network. |
 | <a name="output_logging"></a> [logging](#output\_logging) | The configuration for access logs of the service network.<br>  Firehose Delivery Stream, Amazon S3 Bucket.<br>    `cloudwatch` - The configuration for access logs to be sent to Amazon CloudWatch Log Group.<br>    `kinesis_data_firehose` - The configuration for access logs to be sent to Amazon Kinesis Data<br>  Firehose Delivery Stream.<br>    `s3` - The configuration for access logs to be sent to Amazon S3 BUcket. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the service network. |
 | <a name="output_service_associations"></a> [service\_associations](#output\_service\_associations) | The list of the service associations with the service network.<br>    `id` - The ID of the association.<br>    `arn` - The ARN of the Association.<br>    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.<br>    `created_by` - The principal that created the association.<br><br>    `service` - The ARN (Amazon Resource Name) of the service. |
 | <a name="output_sharing"></a> [sharing](#output\_sharing) | The configuration for sharing of the Lattice service network.<br>    `status` - An indication of whether the Lattice service network is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`.<br>    `shares` - The list of resource shares via RAM (Resource Access Manager). |
+| <a name="output_updated_at"></a> [updated\_at](#output\_updated\_at) | Date and time that the service network was last updated, specified in ISO-8601 format. |
 | <a name="output_vpc_associations"></a> [vpc\_associations](#output\_vpc\_associations) | The list of VPC associations with the service network.<br>    `id` - The ID of the association.<br>    `arn` - The ARN of the Association.<br>    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.<br>    `created_by` - The principal that created the association.<br><br>    `vpc` - The ID of the VPC.<br>    `security_groups` - A list of the IDs of the security groups. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/lattice-service-network/main.tf

@@ -59,6 +59,10 @@ resource "aws_vpclattice_service_network_vpc_association" "this" {
   )
 }
 
+data "aws_vpclattice_service_network" "this" {
+  service_network_identifier = aws_vpclattice_service_network.this.id
+}
+
 
 ###################################################
 # Service Associations of Service Network

modules/lattice-service-network/outputs.tf

@@ -112,6 +112,16 @@ output "logging" {
   }
 }
 
+output "created_at" {
+  description = "Date and time that the service network was created, specified in ISO-8601 format."
+  value       = data.aws_vpclattice_service_network.this.created_at
+}
+
+output "updated_at" {
+  description = "Date and time that the service network was last updated, specified in ISO-8601 format."
+  value       = data.aws_vpclattice_service_network.this.last_updated_at
+}
+
 output "sharing" {
   description = <<EOF
   The configuration for sharing of the Lattice service network.

modules/lattice-shared-service-network/README.md

@@ -0,0 +1,61 @@
+# lattice-shared-service-network
+
+This module creates following resources.
+
+- `aws_vpclattice_service_network_vpc_association` (optional)
+- `aws_vpclattice_service_network_service_association` (optional)
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.17.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_vpclattice_service_network_service_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service_network_service_association) | resource |
+| [aws_vpclattice_service_network_vpc_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service_network_vpc_association) | resource |
+| [aws_vpclattice_service_network.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpclattice_service_network) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_id"></a> [id](#input\_id) | (Required) The ID of the service network. | `string` | n/a | yes |
+| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
+| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
+| <a name="input_service_associations"></a> [service\_associations](#input\_service\_associations) | (Optional) The configuration for the service associations with the service network. To facilitate network client access to your service, you will need to associate your service to the relevant service networks. Only service networks created in the same account, or that have been shared with you (by way of Resource Access Manager), are available for you to create associations with. Each block of `service_associations` as defined below.<br>    (Required) `name` - The name of the service association.<br>    (Required) `service` - The ID or ARN (Amazon Resource Name) of the service.<br>    (Optional) `tags` - A map of tags to add to the service association. | <pre>list(object({<br>    name    = string<br>    service = string<br>    tags    = optional(map(string), {})<br>  }))</pre> | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| <a name="input_vpc_associations"></a> [vpc\_associations](#input\_vpc\_associations) | (Optional) The configuration for VPC associations with the service network. It enables all the resources within that VPC to be clients and communicate with other services in the service network. Each block of `vpc_associations` as defined below.<br>    (Required) `vpc` - The ID of the VPC.<br>    (Optional) `security_groups` - A list of the IDs of the security groups.<br>    (Optional) `tags` - A map of tags to add to the vpc association. | <pre>list(object({<br>    vpc             = string<br>    security_groups = optional(set(string), [])<br>    tags            = optional(map(string), {})<br>  }))</pre> | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the service network. |
+| <a name="output_auth_type"></a> [auth\_type](#output\_auth\_type) | The type of authentication and authorization that manages client access to the service network. |
+| <a name="output_created_at"></a> [created\_at](#output\_created\_at) | Date and time that the service network was created, specified in ISO-8601 format. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the service network. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the service network. |
+| <a name="output_service_associations"></a> [service\_associations](#output\_service\_associations) | The list of the service associations with the service network.<br>    `id` - The ID of the association.<br>    `arn` - The ARN of the Association.<br>    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.<br>    `created_by` - The principal that created the association.<br><br>    `service` - The ARN (Amazon Resource Name) of the service. |
+| <a name="output_updated_at"></a> [updated\_at](#output\_updated\_at) | Date and time that the service network was last updated, specified in ISO-8601 format. |
+| <a name="output_vpc_associations"></a> [vpc\_associations](#output\_vpc\_associations) | The list of VPC associations with the service network.<br>    `id` - The ID of the association.<br>    `arn` - The ARN of the Association.<br>    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.<br>    `created_by` - The principal that created the association.<br><br>    `vpc` - The ID of the VPC.<br>    `security_groups` - A list of the IDs of the security groups. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/lattice-shared-service-network/main.tf

@@ -0,0 +1,78 @@
+locals {
+  metadata = {
+    package = "terraform-aws-vpc-connectivity"
+    version = trimspace(file("${path.module}/../../VERSION"))
+    module  = basename(path.module)
+    name    = data.aws_vpclattice_service_network.this.name
+  }
+  module_tags = var.module_tags_enabled ? {
+    "module.terraform.io/package"   = local.metadata.package
+    "module.terraform.io/version"   = local.metadata.version
+    "module.terraform.io/name"      = local.metadata.module
+    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
+    "module.terraform.io/instance"  = local.metadata.name
+  } : {}
+}
+
+
+# TODO: Get data source with service name
+# TODO: Get data source for VPC associations
+# TODO: Get data source for Service Network associations
+###################################################
+# Service Network for VPC Lattice
+###################################################
+
+data "aws_vpclattice_service_network" "this" {
+  service_network_identifier = var.id
+}
+
+
+###################################################
+# VPC Associations of Service Network
+###################################################
+
+resource "aws_vpclattice_service_network_vpc_association" "this" {
+  for_each = {
+    for association in var.vpc_associations :
+    association.vpc => association
+  }
+
+  service_network_identifier = data.aws_vpclattice_service_network.this.id
+
+  vpc_identifier     = each.key
+  security_group_ids = each.value.security_groups
+
+  tags = merge(
+    {
+      "Name" = "${local.metadata.name}/${each.key}"
+    },
+    local.module_tags,
+    var.tags,
+    each.value.tags,
+  )
+}
+
+
+###################################################
+# Service Associations of Service Network
+###################################################
+
+resource "aws_vpclattice_service_network_service_association" "this" {
+  for_each = {
+    for association in var.service_associations :
+    association.name => association
+  }
+
+  service_network_identifier = data.aws_vpclattice_service_network.this.id
+
+  service_identifier = each.value.service
+
+  tags = merge(
+    {
+      "Name" = "${local.metadata.name}/${each.key}"
+    },
+    local.module_tags,
+    var.tags,
+    each.value.tags,
+  )
+}

modules/lattice-shared-service-network/outputs.tf

@@ -0,0 +1,81 @@
+output "id" {
+  description = "The ID of the service network."
+  value       = data.aws_vpclattice_service_network.this.id
+}
+
+output "arn" {
+  description = "The ARN of the service network."
+  value       = data.aws_vpclattice_service_network.this.arn
+}
+
+output "name" {
+  description = "The name of the service network."
+  value       = data.aws_vpclattice_service_network.this.name
+}
+
+output "auth_type" {
+  description = "The type of authentication and authorization that manages client access to the service network."
+  value       = data.aws_vpclattice_service_network.this.auth_type
+}
+
+output "vpc_associations" {
+  description = <<EOF
+  The list of VPC associations with the service network.
+    `id` - The ID of the association.
+    `arn` - The ARN of the Association.
+    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.
+    `created_by` - The principal that created the association.
+
+    `vpc` - The ID of the VPC.
+    `security_groups` - A list of the IDs of the security groups.
+  EOF
+  value = {
+    for vpc, association in aws_vpclattice_service_network_vpc_association.this :
+    vpc => {
+      id         = association.id
+      arn        = association.arn
+      status     = association.status
+      created_by = association.created_by
+
+      vpc             = vpc
+      security_groups = association.security_group_ids
+    }
+  }
+}
+
+output "service_associations" {
+  description = <<EOF
+  The list of the service associations with the service network.
+    `id` - The ID of the association.
+    `arn` - The ARN of the Association.
+    `status` - The operations status. Valid Values are `CREATE_IN_PROGRESS`, `ACTIVE`, `DELETE_IN_PROGRESS`, `CREATE_FAILED`, `DELETE_FAILED`.
+    `created_by` - The principal that created the association.
+
+    `service` - The ARN (Amazon Resource Name) of the service.
+  EOF
+  value = {
+    for name, association in aws_vpclattice_service_network_service_association.this :
+    name => {
+      id         = association.id
+      arn        = association.arn
+      status     = association.status
+      created_by = association.created_by
+
+      service = association.service_identifier
+
+      domain        = one(association.dns_entry[*].domain_name)
+      zone_id       = one(association.dns_entry[*].hosted_zone_id)
+      custom_domain = association.custom_domain_name
+    }
+  }
+}
+
+output "created_at" {
+  description = "Date and time that the service network was created, specified in ISO-8601 format."
+  value       = data.aws_vpclattice_service_network.this.created_at
+}
+
+output "updated_at" {
+  description = "Date and time that the service network was last updated, specified in ISO-8601 format."
+  value       = data.aws_vpclattice_service_network.this.last_updated_at
+}

modules/lattice-shared-service-network/resource-group.tf

@@ -0,0 +1,31 @@
+locals {
+  resource_group_name = (var.resource_group_name != ""
+    ? var.resource_group_name
+    : join(".", [
+      local.metadata.package,
+      local.metadata.module,
+      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
+    ])
+  )
+}
+
+
+module "resource_group" {
+  source  = "tedilabs/misc/aws//modules/resource-group"
+  version = "~> 0.10.0"
+
+  count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
+
+  name        = local.resource_group_name
+  description = var.resource_group_description
+
+  query = {
+    resource_tags = local.module_tags
+  }
+
+  module_tags_enabled = false
+  tags = merge(
+    local.module_tags,
+    var.tags,
+  )
+}