Fix auto-drive networking (#402)

autonomys · Jan 23, 2025 · e395f58 · e395f58
1 parent 07a4ed4
commit e395f58
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 57 deletions.
diff --git a/auto-drive/main.tf b/auto-drive/main.tf
@@ -29,14 +29,14 @@ locals {
 module "vpc" {
   source = "../templates/terraform/aws/vpc"
 
-  name            = "${local.name}-vpc"
-  cidr            = var.vpc_cidr
-  azs             = local.azs
-  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+  name           = "${local.name}-vpc"
+  cidr           = var.vpc_cidr
+  azs            = local.azs
+  public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
 
-  enable_nat_gateway = true
-  single_nat_gateway = true
+  # Configure NAT gateways and private subnets settings
+  enable_nat_gateway = false # Set to true to use NAT gateways and private subnets without public IPs
+  single_nat_gateway = false # Set to true to use a single NAT gateway
 
   tags = local.tags
 }
@@ -125,11 +125,19 @@ module "ec2_auto_drive" {
   count                       = var.auto_drive_instance_count
   ami                         = data.aws_ami.ubuntu_amd64.id
   instance_type               = var.auto_drive_instance_type
-  availability_zone           = element(local.azs, count.index % length(local.azs))
-  subnet_id                   = element(module.vpc.private_subnets, count.index % length(module.vpc.private_subnets))
+  availability_zone           = element(module.vpc.azs, 0)
+  subnet_id                   = element(module.vpc.public_subnets, 0)
   vpc_security_group_ids      = [aws_security_group.auto_drive_sg.id]
-  associate_public_ip_address = false # Auto-drive instances use EIPs
+  associate_public_ip_address = false # Gateway instances use EIPs
+  create_eip                  = true
+  disable_api_stop            = false
+
+  create_iam_instance_profile = true
   ignore_ami_changes          = true
+  iam_role_description        = "IAM role for EC2 instance"
+  iam_role_policies = {
+    AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess"
+  }
   root_block_device = [
     {
       device_name = "/dev/sdf"
@@ -156,11 +164,20 @@ module "ec2_gateway" {
   count                       = var.gateway_instance_count
   ami                         = data.aws_ami.ubuntu_amd64.id
   instance_type               = var.gateway_instance_type
-  availability_zone           = element(local.azs, count.index % length(local.azs))
-  subnet_id                   = element(module.vpc.private_subnets, count.index % length(module.vpc.private_subnets))
+  availability_zone           = element(module.vpc.azs, 0)
+  subnet_id                   = element(module.vpc.public_subnets, 0)
   vpc_security_group_ids      = [aws_security_group.auto_drive_sg.id]
   associate_public_ip_address = false # Gateway instances use EIPs
+  create_eip                  = true
+  disable_api_stop            = false
+
+  create_iam_instance_profile = true
   ignore_ami_changes          = true
+  iam_role_description        = "IAM role for EC2 instance"
+  iam_role_policies = {
+    AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess"
+  }
+
   root_block_device = [
     {
       device_name = "/dev/sdf"
@@ -176,29 +193,3 @@ module "ec2_gateway" {
   )
   tags = merge(local.tags, { Role = "gateway" })
 }
-
-################################################################################
-# Elastic IPs for Auto-Drive Instances
-################################################################################
-
-resource "aws_eip" "auto_drive_eip" {
-  count = var.auto_drive_instance_count
-
-  instance = module.ec2_auto_drive[count.index].id
-  tags = {
-    Name = "${local.name}-backend-eip-${count.index}"
-  }
-}
-
-################################################################################
-# Elastic IPs for Gateway Instances
-################################################################################
-
-resource "aws_eip" "gateway_eip" {
-  count = var.gateway_instance_count
-
-  instance = module.ec2_gateway[count.index].id
-  tags = {
-    Name = "${local.name}-gateway-eip-${count.index}"
-  }
-}
diff --git a/auto-drive/outputs.tf b/auto-drive/outputs.tf
@@ -68,12 +68,12 @@ output "ec2_gateway_availability_zones" {
 
 output "auto_drive_eip" {
   description = "Elastic IPs for Auto-Drive instances"
-  value       = aws_eip.auto_drive_eip[*].public_ip
+  value       = module.ec2_auto_drive[*].public_ip
 }
 
 output "gateway_eip" {
   description = "Elastic IPs for Gateway instances"
-  value       = aws_eip.gateway_eip[*].public_ip
+  value       = module.ec2_gateway[*].public_ip
 }
 
 

diff --git a/auto-drive/variables.tf b/auto-drive/variables.tf
@@ -70,13 +70,13 @@ variable "kms_key_id" {
 variable "auto_drive_instance_count" {
   description = "Number of auto-drive instances to create."
   type        = number
-  default     = 2
+  default     = 1
 }
 
 variable "gateway_instance_count" {
   description = "Number of gateway instances to create."
   type        = number
-  default     = 2
+  default     = 1
 }
 
 variable "ingress_cidr_blocks" {

diff --git a/templates/terraform/aws/ec2/main.tf b/templates/terraform/aws/ec2/main.tf
@@ -1,7 +1,7 @@
 data "aws_partition" "current" {}
 
 locals {
-  create = var.create && var.putin_khuylo
+  create = var.create
 
   is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false
 

diff --git a/templates/terraform/aws/ec2/variables.tf b/templates/terraform/aws/ec2/variables.tf
@@ -351,11 +351,6 @@ variable "disable_api_stop" {
   default     = null
 
 }
-variable "putin_khuylo" {
-  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
-  type        = bool
-  default     = true
-}
 
 ################################################################################
 # IAM Role / Instance Profile

diff --git a/templates/terraform/aws/rds/main.tf b/templates/terraform/aws/rds/main.tf
@@ -1,7 +1,7 @@
 locals {
-  create_db_subnet_group    = var.create_db_subnet_group && var.putin_khuylo
-  create_db_parameter_group = var.create_db_parameter_group && var.putin_khuylo
-  create_db_instance        = var.create_db_instance && var.putin_khuylo
+  create_db_subnet_group    = var.create_db_subnet_group
+  create_db_parameter_group = var.create_db_parameter_group
+  create_db_instance        = var.create_db_instance
 
   db_subnet_group_name    = var.create_db_subnet_group ? module.db_subnet_group.db_subnet_group_id : var.db_subnet_group_name
   parameter_group_name_id = var.create_db_parameter_group ? module.db_parameter_group.db_parameter_group_id : var.parameter_group_name

diff --git a/templates/terraform/aws/rds/variables.tf b/templates/terraform/aws/rds/variables.tf
@@ -611,12 +611,6 @@ variable "cloudwatch_log_group_tags" {
   default     = {}
 }
 
-variable "putin_khuylo" {
-  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
-  type        = bool
-  default     = true
-}
-
 ################################################################################
 # DB Instance Role Association
 ################################################################################