Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow passing existing subnet-group #9

Open
iaacautomation opened this issue Mar 28, 2020 · 4 comments
Open

Allow passing existing subnet-group #9

iaacautomation opened this issue Mar 28, 2020 · 4 comments

Comments

@iaacautomation
Copy link

Is it possible to allow existing subnet-group to be passed? I think its not much of change just some more check.
change in resource "aws_docdb_cluster" "default" {:
db_subnet_group_name = join("", aws_docdb_subnet_group.default.*.name)
to
db_subnet_group_name = var.db_subnet_group ? va.db_subnet_group: join("", aws_docdb_subnet_group.default.*.name)

and
change in resource "aws_docdb_subnet_group" "default" {
count = var.enabled ? 1 : 0
to
count = var.enabled && !var.db_subnet_group? 1 : 0

I would make a pull request but I still have no idea how. So just suggestions.
@haidargit
Copy link
Contributor

@iaacautomation,
this feature is already available in the module. So, we should be able to pass our existing subnet group.

currently, the value of join("", aws_docdb_subnet_group.default.*.name)

terraform-aws-documentdb-cluster/main.tf

Line 76 in e498148

db_subnet_group_name = join("", aws_docdb_subnet_group.default[*].name)


can be retrieved from the module resource aws_docdb_subnet_group.default..

terraform-aws-documentdb-cluster/main.tf

Line 102 in e498148

subnet_ids = var.subnet_ids


you can define your own subnet group through the variable subnet_ids, kindly check the example of the module 👍🏻

terraform-aws-documentdb-cluster/examples/complete/main.tf

Line 48 in e498148

subnet_ids = module.subnets.private_subnet_ids

in this context, the example of the module uses another cloudposse subnet module to generate the subnet resources. You can use that or define your own string value for the existing subnet resource in your AWS.

terraform-aws-documentdb-cluster/examples/complete/main.tf

Line 26 in e498148

module "subnets" {

@haidargit
Copy link
Contributor

subnet_ids = ["YourSubnetID"]

@ssamantasinghar
Copy link

ssamantasinghar commented Aug 20, 2024
edited
Loading

So I tried this without making any changes to the module or in the module call file by just providing the subnet_ids and it is still trying to create the subnet. Here is the tfvars

subnet_ids = ["subnet-0123456789abcdef0", "subnet-abcdef01234567890"]

Below is the full tfvars

clusters = [
  {
    id                        = "cluster1"
    vpc_id                    = "vpc-0123456789abcdef0"
    availability_zones        = ["us-east-1a", "us-east-1b"]
    db_port                   = 27017
    master_username           = "admin"
    master_password           = "secret"
    retention_period          = 7
    preferred_backup_window   = "07:00-09:00"
    preferred_maintenance_window = "Mon:09:00-Mon:09:30"
    final_snapshot_identifier = "final-snapshot-cluster1"
    skip_final_snapshot       = false
    deletion_protection       = true
    apply_immediately         = true
    storage_encrypted         = true
    storage_type              = "standard"
    kms_key_id                = "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef"
    snapshot_identifier       = ""
    external_security_group_id_list = []
    subnet_ids                = ["subnet-0123456789abcdef0", "subnet-abcdef01234567890"]
    cluster_parameters        = [
      {
        name         = "parameter1"
        value        = "value1"
        apply_method = "immediate"
      }
    ]
    cluster_family            = "documentdb5.6"
    engine                    = "docdb"
    engine_version            = "5.6"
    enabled_cloudwatch_logs_exports = ["audit", "profiler"]
    allow_major_version_upgrade = true
    tags                      = {
      Name = "DocumentDB Cluster 1"
    }
    ssm_parameter_enabled     = true
    ssm_parameter_path_prefix = "/myapp/documentdb/"
    context                   = {
      env = "production"
    }
    cluster_size              = 3
    cluster_identifier        = "docdb-cluster-1"
  },
]

The plan is still proposing creation of all these resources which not all are needed

Terraform will perform the following actions:

  # module.documentdb["cluster1"].aws_docdb_cluster.default[0] will be created
  + resource "aws_docdb_cluster" "default" {
      + allow_major_version_upgrade     = true
      + apply_immediately               = true
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 7
      + cluster_identifier              = "docdb-cluster-1"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = "documentdb-cluster"
      + db_subnet_group_name            = "docdb-poc-subnet"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
          + "profiler",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = "5.6"
      + final_snapshot_identifier       = "documentdb-poc-cluster"
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef"
      + master_password                 = (sensitive value)
      + master_username                 = "admin"
      + port                            = 27017
      + preferred_backup_window         = "07:00-09:00"
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = false
      + storage_encrypted               = true
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[0] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-1"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[1] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-2"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[2] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-3"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_parameter_group.default[0] will be created
  + resource "aws_docdb_cluster_parameter_group" "default" {
      + arn         = (known after apply)
      + description = "DB cluster parameter group"
      + family      = "documentdb5.6"
      + id          = (known after apply)
      + name        = "documentdb-cluster"
      + name_prefix = (known after apply)
      + tags        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all    = {
          + "Name" = "DocumentDB Cluster 1"
        }

      + parameter {
          + apply_method = "immediate"
          + name         = "parameter1"
          + value        = "value1"
        }
    }

  # module.documentdb["cluster1"].aws_docdb_subnet_group.default[0] will be created
  + resource "aws_docdb_subnet_group" "default" {
      + arn         = (known after apply)
      + description = "Allowed subnets for DB cluster instances"
      + id          = (known after apply)
      + name        = "docdb-poc-subnet"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0123456789abcdef0",
          + "subnet-abcdef01234567890",
        ]
      + tags        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all    = {
          + "Name" = "DocumentDB Cluster 1"
        }
    }

  # module.documentdb["cluster1"].aws_security_group.default[0] will be created
  + resource "aws_security_group" "default" {
      + arn                    = (known after apply)
      + description            = "Security Group for DocumentDB cluster"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all               = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + vpc_id                 = "vpc-0123456789abcdef0"
    }

  # module.documentdb["cluster1"].aws_security_group_rule.egress[0] will be created
  + resource "aws_security_group_rule" "egress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "Allow outbound traffic from CIDR blocks"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"
    }

  # module.subnets.aws_network_acl.private[0] will be created
  + resource "aws_network_acl" "private" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Attributes" = "private"
          + "Name"       = "private"
        }
      + tags_all   = {
          + "Attributes" = "private"
          + "Name"       = "private"
        }
      + vpc_id     = (known after apply)
    }

  # module.subnets.aws_network_acl.public[0] will be created
  + resource "aws_network_acl" "public" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + tags_all   = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + vpc_id     = (known after apply)
    }

  # module.subnets.aws_network_acl_rule.private4_egress[0] will be created
  + resource "aws_network_acl_rule" "private4_egress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.private4_ingress[0] will be created
  + resource "aws_network_acl_rule" "private4_ingress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.public4_egress[0] will be created
  + resource "aws_network_acl_rule" "public4_egress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.public4_ingress[0] will be created
  + resource "aws_network_acl_rule" "public4_ingress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_route.public[0] will be created
  + resource "aws_route" "public" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = (known after apply)
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + tags_all         = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table.private[1] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + tags_all         = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table.public[0] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + tags_all         = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table_association.private[0] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.private[1] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_subnet.private[0] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + tags_all                                       = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.private[1] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + tags_all                                       = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "public"
          + "Name"       = "public-use1a"
        }
      + tags_all                                       = {
          + "Attributes" = "public"
          + "Name"       = "public-use1a"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "public"
          + "Name"       = "public-use1b"
        }
      + tags_all                                       = {
          + "Attributes" = "public"
          + "Name"       = "public-use1b"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.vpc.aws_default_security_group.default[0] will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "-default"
        }
      + tags_all               = {
          + "Name" = "-default"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_internet_gateway.default[0] will be created
  + resource "aws_internet_gateway" "default" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags_all = (known after apply)
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_vpc.default[0] will be created
  + resource "aws_vpc" "default" {
      + arn                                  = (known after apply)
      + assign_generated_ipv6_cidr_block     = true
      + cidr_block                           = "170.20.30.0/20"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = false
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags_all                             = (known after apply)
    }

Plan: 29 to add, 0 to change, 0 to destroy.

Please suggest if I am missing any changes

@ssamantasinghar
Copy link

please ignore!
I was able to figure out myself and yes subnet_ids worked like a charm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iaacautomation @haidargit @ssamantasinghar