Back to one resource provisioner

Author: heerener

hpc/main.tf

@@ -91,7 +91,6 @@ module "efs" {
 module "resource-provisioner" {
   source = "./resource-provisioner/"
 
-  suffix                                     = "prod"
   hpc_resource_provisioner_role              = module.security.resource_provisioner_iam_role_arn
   hpc_resource_provisioner_subnet_ids        = [module.networking.lambda_subnet_id]
   hpc_resource_provisioner_sg_ids            = [var.obp_vpc_default_sg_id, module.security.vpc_peering_security_group_id, module.security.resource_provisioner_security_group_id]
@@ -111,29 +110,6 @@ module "resource-provisioner" {
   pcluster_ami_id      = var.pcluster_ami_id
 }
 
-module "resource-provisioner-dev" {
-  source = "./resource-provisioner/"
-
-  suffix                                     = "dev"
-  hpc_resource_provisioner_role              = module.security.resource_provisioner_iam_role_arn
-  hpc_resource_provisioner_subnet_ids        = [module.networking.lambda_subnet_id]
-  hpc_resource_provisioner_sg_ids            = [var.obp_vpc_default_sg_id, module.security.vpc_peering_security_group_id, module.security.resource_provisioner_security_group_id]
-  aws_region                                 = var.aws_region
-  account_id                                 = var.account_id
-  hpc_resource_provisioner_container_version = var.hpc_resource_provisioner_container_dev_version
-  aws_security_group_efa_id                  = module.security.aws_security_group_efa_id
-
-  sbo_nexusdata_bucket = var.sbo_nexusdata_bucket
-  containers_bucket    = var.containers_bucket
-  scratch_bucket       = var.scratch_bucket
-  scratch_bucket_arn   = var.scratch_bucket_arn
-  infra_assets_bucket  = var.sboinfrastructureassets_bucket_name
-  fsx_policy_arn       = module.security.fsx_policy_arn
-  fs_subnet_ids        = module.networking.fs_subnet_ids
-  fs_sg_id             = module.security.compute_efs_sg_id
-  pcluster_ami_id      = var.pcluster_ami_id
-}
-
 module "dynamodb" {
   source        = "./dynamodb/"
   is_production = var.is_production

hpc/resource-provisioner/api_gateway.tf

@@ -1,5 +1,5 @@
 resource "aws_api_gateway_rest_api" "hpc_resource_provisioner_api" {
-  name = "hpc_resource_provisioner-${var.suffix}"
+  name = "hpc_resource_provisioner"
 }
 
 resource "aws_api_gateway_resource" "hpc_resource_provisioner_res_provisioner" {

hpc/resource-provisioner/dashboard.tf

@@ -1,5 +1,4 @@
 resource "aws_cloudwatch_dashboard" "resource_provisioner_dashboard" {
-  count          = var.suffix == "prod" ? 1 : 0
   dashboard_name = "HPC-Resource-Provisioner"
   dashboard_body = jsonencode({
     "widgets" : [

hpc/resource-provisioner/eventbridge.tf

@@ -1,7 +1,6 @@
 # EventBridge, aka The Service Formerly Known As CloudWatch Events - hence the names of the resources
 
 resource "aws_cloudwatch_event_rule" "dra_event" {
-  count       = var.suffix == "dev" ? 1 : 0
   name        = "dra-event"
   description = "Whenever a DRA is ready, trigger resource provisioner"
   event_pattern = jsonencode(
@@ -17,9 +16,8 @@ resource "aws_cloudwatch_event_rule" "dra_event" {
 }
 
 resource "aws_cloudwatch_event_target" "resource_provisioner_dra" {
-  count = var.suffix == "dev" ? 1 : 0
-  arn   = "${aws_api_gateway_stage.hpc_resource_provisioner_api_stage.execution_arn}/POST/hpc-provisioner/dra"
-  rule  = aws_cloudwatch_event_rule.dra_event[0].id
+  arn  = "${aws_api_gateway_stage.hpc_resource_provisioner_api_stage.execution_arn}/POST/hpc-provisioner/dra"
+  rule = aws_cloudwatch_event_rule.dra_event.id
 
   http_target {
     query_string_parameters = {

hpc/resource-provisioner/iam.tf

@@ -1,17 +1,14 @@
 resource "aws_iam_role" "resource_provisioner_eventbridge" {
-  count              = var.suffix == "dev" ? 1 : 0
   name               = "hpc_resource_provisioner_eventbridge_role"
   assume_role_policy = file("${path.module}/hpc_resource_provisioner_eventbridge_assume_role_policy.json")
 }
 
 resource "aws_iam_role_policy_attachment" "resource_provisioner_eventbridge" {
-  count      = var.suffix == "dev" ? 1 : 0
-  role       = aws_iam_role.resource_provisioner_eventbridge[0].name
-  policy_arn = aws_iam_policy.resource_provisioner_eventbridge[0].arn
+  role       = aws_iam_role.resource_provisioner_eventbridge.name
+  policy_arn = aws_iam_policy.resource_provisioner_eventbridge.arn
 }
 
 resource "aws_iam_policy" "resource_provisioner_eventbridge" {
-  count  = var.suffix == "dev" ? 1 : 0
   name   = "eventbridge_fire_lambda_policy"
   policy = templatefile("${path.module}/hpc_resource_provisioner_eventbridge_policy.tftpl", { "account_id" = var.account_id, "aws_region" = var.aws_region, "api_deployment_id" = aws_api_gateway_deployment.hpc_resource_provisioner_api_deployment.id })
 }

hpc/resource-provisioner/lambda.tf

@@ -8,7 +8,7 @@ resource "aws_lambda_permission" "hpc_resource_provisioner_permission_post" {
 
 # tfsec:ignore:aws-lambda-enable-tracing
 resource "aws_lambda_function" "hpc_resource_provisioner_lambda" {
-  function_name    = "hpc-resource-provisioner-${var.suffix}"
+  function_name    = "hpc-resource-provisioner"
   role             = var.hpc_resource_provisioner_role
   package_type     = "Image"
   architectures    = ["x86_64"]
@@ -30,10 +30,9 @@ resource "aws_lambda_function" "hpc_resource_provisioner_lambda" {
       FSX_POLICY_ARN       = var.fsx_policy_arn
       FS_SUBNET_IDS        = jsonencode(var.fs_subnet_ids)
       FS_SG_ID             = var.fs_sg_id
-      SUFFIX               = var.suffix
       # API_GW_STAGE_ARN     = aws_api_gateway_stage.hpc_resource_provisioner_api_stage.arn
       API_GW_STAGE_ARN     = "arn:aws:execute-api:${var.aws_region}:${var.account_id}:kmlnf84csk/" # TODO: don't hardcode, find a way to do this without a cycle
-      EVENTBRIDGE_ROLE_ARN = var.suffix == "dev" ? aws_iam_role.resource_provisioner_eventbridge[0].arn : "NOT SET"
+      EVENTBRIDGE_ROLE_ARN = aws_iam_role.resource_provisioner_eventbridge.arn
     }
   }
 }
@@ -45,7 +44,7 @@ data "aws_ecr_image" "hpc_resource_provisioner_image" {
 
 # tfsec:ignore:aws-lambda-enable-tracing
 resource "aws_lambda_function" "hpc_resource_provisioner_async_lambda" {
-  function_name    = "hpc-resource-provisioner-creator-${var.suffix}"
+  function_name    = "hpc-resource-provisioner-creator"
   role             = var.hpc_resource_provisioner_role
   package_type     = "Image"
   architectures    = ["x86_64"]

hpc/resource-provisioner/variables.tf

@@ -58,10 +58,6 @@ variable "fs_sg_id" {
   type = string
 }
 
-variable "suffix" {
-  type = string
-}
-
 variable "pcluster_ami_id" {
   type = string
 }

hpc/variables.tf

@@ -90,10 +90,6 @@ variable "hpc_resource_provisioner_container_version" {
   type = string
 }
 
-variable "hpc_resource_provisioner_container_dev_version" {
-  type = string
-}
-
 variable "sbo_nexusdata_bucket" {
   type = string
 }

main.tf

@@ -324,36 +324,35 @@ module "github_notebook_service_ecs_redeploy_role" {
 module "hpc" {
   source = "./hpc"
 
-  aws_region                                     = local.aws_region
-  account_id                                     = local.account_id
-  obp_vpc_id                                     = local.vpc_id
-  obp_vpc_default_sg_id                          = local.vpc_default_sg_id
-  sbo_billing                                    = "hpc"
-  slurm_mysql_admin_username                     = "slurm_admin"
-  create_compute_instances                       = false
-  num_compute_instances                          = 0
-  create_slurmdb                                 = false # TODO-SLURMDB: re-enable when redeploying the cluster
-  compute_instance_type                          = "m7g.medium"
-  create_jumphost                                = false
-  compute_nat_access                             = false
-  compute_subnet_count                           = 16
-  av_zone_suffixes                               = ["a"]
-  peering_route_tables                           = [local.route_table_private_subnets_id, local.route_table_public_id]
-  lambda_subnet_cidr                             = "10.0.16.0/24"
-  is_production                                  = var.is_production
-  aws_endpoints_subnet_cidr                      = module.networking.endpoints_subnet_cidr
-  endpoints_route_table_id                       = local.route_table_private_subnets_id
-  hpc_slurm_secrets_arn                          = local.hpc_slurm_secrets_arn
-  hpc_resource_provisioner_container_version     = var.hpc_resource_provisioner_container_version
-  hpc_resource_provisioner_container_dev_version = var.hpc_resource_provisioner_container_dev_version
-  sbo_nexusdata_bucket                           = var.hpc_resource_provisioner_sbo_nexusdata_bucket
-  containers_bucket                              = var.hpc_resource_provisioner_containers_bucket
-  scratch_bucket                                 = var.hpc_resource_provisioner_scratch_bucket
-  scratch_bucket_arn                             = var.hpc_resource_provisioner_scratch_bucket_arn
-  private_alb_https_listener_arn                 = local.private_alb_https_listener_arn
-  is_hpc_dev                                     = true
-  sboinfrastructureassets_bucket_name            = var.sbo_infrastructureassets_bucket
-  pcluster_ami_id                                = var.pcluster_ami_id
+  aws_region                                 = local.aws_region
+  account_id                                 = local.account_id
+  obp_vpc_id                                 = local.vpc_id
+  obp_vpc_default_sg_id                      = local.vpc_default_sg_id
+  sbo_billing                                = "hpc"
+  slurm_mysql_admin_username                 = "slurm_admin"
+  create_compute_instances                   = false
+  num_compute_instances                      = 0
+  create_slurmdb                             = false # TODO-SLURMDB: re-enable when redeploying the cluster
+  compute_instance_type                      = "m7g.medium"
+  create_jumphost                            = false
+  compute_nat_access                         = false
+  compute_subnet_count                       = 16
+  av_zone_suffixes                           = ["a"]
+  peering_route_tables                       = [local.route_table_private_subnets_id, local.route_table_public_id]
+  lambda_subnet_cidr                         = "10.0.16.0/24"
+  is_production                              = var.is_production
+  aws_endpoints_subnet_cidr                  = module.networking.endpoints_subnet_cidr
+  endpoints_route_table_id                   = local.route_table_private_subnets_id
+  hpc_slurm_secrets_arn                      = local.hpc_slurm_secrets_arn
+  hpc_resource_provisioner_container_version = var.hpc_resource_provisioner_container_version
+  sbo_nexusdata_bucket                       = var.hpc_resource_provisioner_sbo_nexusdata_bucket
+  containers_bucket                          = var.hpc_resource_provisioner_containers_bucket
+  scratch_bucket                             = var.hpc_resource_provisioner_scratch_bucket
+  scratch_bucket_arn                         = var.hpc_resource_provisioner_scratch_bucket_arn
+  private_alb_https_listener_arn             = local.private_alb_https_listener_arn
+  is_hpc_dev                                 = true
+  sboinfrastructureassets_bucket_name        = var.sbo_infrastructureassets_bucket
+  pcluster_ami_id                            = var.pcluster_ami_id
 }
 
 module "static-server" {

production.tfvars

@@ -36,11 +36,10 @@ keycloak_task_size = {
   cpu    = 2048
   memory = 4096
 }
-coreservices_public_key                        = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO8QAh2WZ/WcZnNeojPNhadeodMO2l3PssaUFJWfvEFNzkuo5ci7nxb39M2FH6RyFAfqykV/v89KfDIg9K2ebJQZS+x6Enrqm7+ROmZjCdpYkFm7l2NCoKLus92DaPX6k1Tv5hcI76BqWN4nOKQxzb7ziJxFl5wzLgTwnXZvY33dA3Pu6aimksv071KnQ3hJKk6Omx/l7Hv/D7c0tU8vRCUefzHT3TkRpRgTTq+Wd8S0pGSmMB4drk5PiUzEVczxuIfmYGCWV2va6aT34yuMOw/6y2Cr9guCkyR2FkFm7q0MPw0aKGFBwTT05eiEWBWKQQbqi1qMtSwd6tp4qv6crN SSH key for AWS SBO POC"
-hpc_resource_provisioner_container_version     = "latest"
-hpc_resource_provisioner_container_dev_version = "latest-dev"
-core_web_app_deployment_env                    = "production"
-core_web_app_next_public_matomo_site_id        = "1"
+coreservices_public_key                    = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO8QAh2WZ/WcZnNeojPNhadeodMO2l3PssaUFJWfvEFNzkuo5ci7nxb39M2FH6RyFAfqykV/v89KfDIg9K2ebJQZS+x6Enrqm7+ROmZjCdpYkFm7l2NCoKLus92DaPX6k1Tv5hcI76BqWN4nOKQxzb7ziJxFl5wzLgTwnXZvY33dA3Pu6aimksv071KnQ3hJKk6Omx/l7Hv/D7c0tU8vRCUefzHT3TkRpRgTTq+Wd8S0pGSmMB4drk5PiUzEVczxuIfmYGCWV2va6aT34yuMOw/6y2Cr9guCkyR2FkFm7q0MPw0aKGFBwTT05eiEWBWKQQbqi1qMtSwd6tp4qv6crN SSH key for AWS SBO POC"
+hpc_resource_provisioner_container_version = "latest"
+core_web_app_deployment_env                = "production"
+core_web_app_next_public_matomo_site_id    = "1"
 
 hpc_resource_provisioner_sbo_nexusdata_bucket = ""
 sbo_infrastructureassets_bucket               = "s3://sboinfrastructureassets"