testing initial work now

examples/eks_test_fixture/README.md

@@ -16,73 +16,7 @@ The following IAM policy is the minimum needed to execute the module from the te
     {
       "Sid": "Stmt1507789535000",
       "Effect": "Allow",
-      "Action": [
-        "autoscaling:*LoadBalancerTargetGroups",
-        "autoscaling:*AutoScalingGroup",
-        "autoscaling:*LaunchConfiguration",
-        "autoscaling:*AutoScalingGroups",
-        "autoscaling:*LaunchConfigurations",
-        "ec2:AllocateAddress",
-        "ec2:AssignIpv6Addresses",
-        "ec2:AssignPrivateIpAddresses",
-        "ec2:AssociateAddress",
-        "ec2:AssociateDhcpOptions",
-        "ec2:AssociateRouteTable",
-        "ec2:AttachInternetGateway",
-        "ec2:AttachNetworkInterface",
-        "ec2:AuthorizeSecurityGroupEgress",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateDhcpOptions",
-        "ec2:CreateInternetGateway",
-        "ec2:CreateNatGateway",
-        "ec2:CreateNetworkAcl",
-        "ec2:CreateNetworkAclEntry",
-        "ec2:CreateNetworkInterface",
-        "ec2:CreateNetworkInterfacePermission",
-        "ec2:CreateRoute",
-        "ec2:CreateRouteTable",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateSubnet",
-        "ec2:CreateTags",
-        "ec2:CreateVpc",
-        "ec2:DeleteDhcpOptions",
-        "ec2:DeleteInternetGateway",
-        "ec2:DeleteNatGateway",
-        "ec2:DeleteNetworkAcl",
-        "ec2:DeleteNetworkAclEntry",
-        "ec2:DeleteNetworkInterface",
-        "ec2:DeleteRoute",
-        "ec2:DeleteRouteTable",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteSubnet",
-        "ec2:DeleteTags",
-        "ec2:DeleteVpc",
-        "ec2:Describe*",
-        "ec2:DetachInternetGateway",
-        "ec2:DetachNetworkInterface",
-        "ec2:DisassociateAddress",
-        "ec2:DisassociateRouteTable",
-        "ec2:DisassociateSubnetCidrBlock",
-        "ec2:DisassociateVpcCidrBlock",
-        "ec2:ModifySubnetAttribute",
-        "ec2:ModifyVpcAttribute",
-        "ec2:ModifyVpcEndpoint",
-        "ec2:ReleaseAddress",
-        "ec2:RevokeSecurityGroupEgress",
-        "ec2:RevokeSecurityGroupIngress",
-        "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
-        "ec2:UpdateSecurityGroupRuleDescriptionsIngress"
-      ],
-      "Resource": ["*"]
-    },
-    {
-      "Sid": "Stmt1507789655001",
-      "Effect": "Allow",
-      "Action": [
-        "iam:UploadServerCertificate",
-        "iam:DeleteServerCertificate",
-        "iam:GetServerCertificate"
-      ],
+      "Action": [],
       "Resource": ["*"]
     }
   ]

examples/eks_test_fixture/data.tf

@@ -1,21 +0,0 @@
-data "aws_caller_identity" "current" {}
-
-data "aws_availability_zones" "available" {}
-
-data "aws_region" "current" {}
-
-data "aws_ami" "ubuntu" {
-  most_recent = true
-
-  filter {
-    name   = "name"
-    values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  owners = ["099720109477"] # Canonical
-}

examples/eks_test_fixture/locals.tf

@@ -1,7 +0,0 @@
-locals {
-  tags = "${map("Environment", "test",
-                "GithubRepo", "terraform-aws-eks",
-                "GithubOrg", "terraform-aws-modules",
-                "Workspace", "${terraform.workspace}",
-  )}"
-}

examples/eks_test_fixture/main.tf

@@ -11,14 +11,38 @@ provider "random" {
   version = "= 1.3.1"
 }
 
-# resource "random_pet" "suffix" {
-#   length = 1
-# }
+provider "http" {}
 
-# resource "random_string" "suffix" {
-#   length = 8
-#   special = false
-# }
+data "aws_ami" "eks_worker" {
+  filter {
+    name   = "name"
+    values = ["eks-worker-*"]
+  }
+
+  most_recent = true
+  owners      = ["602401143452"] # Amazon
+}
+
+data "aws_availability_zones" "available" {}
+
+data "http" "workstation_external_ip" {
+  url = "http://icanhazip.com"
+}
+
+locals {
+  workstation_external_cidr = "${chomp(data.http.workstation_external_ip.body)}/32"
+
+  tags = "${map("Environment", "test",
+                "GithubRepo", "terraform-aws-eks",
+                "GithubOrg", "terraform-aws-modules",
+                "Workspace", "${terraform.workspace}",
+  )}"
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
 
 module "vpc" {
   source             = "terraform-aws-modules/vpc/aws"
@@ -42,14 +66,11 @@ module "security_group" {
 }
 
 module "eks" {
-  source = "../.."
-
-  # cluster_name    = "test-eks-${random_string.suffix.result}"
-  # cluster_name    = "test-eks-${random_pet.suffix.id}"
-  cluster_name = "test-eks-cluster"
-
-  security_groups = ["${module.security_group.this_security_group_id}"]
-  subnets         = "${module.vpc.public_subnets}"
-  tags            = "${local.tags}"
-  vpc_id          = "${module.vpc.vpc_id}"
+  source                = "../.."
+  cluster_name          = "test-eks-${random_string.suffix.result}"
+  subnets               = "${module.vpc.public_subnets}"
+  tags                  = "${local.tags}"
+  vpc_id                = "${module.vpc.vpc_id}"
+  workers_ami_id        = "${data.aws_ami.eks_worker.id}"
+  cluster_ingress_cidrs = ["${local.workstation_external_cidr}"]
 }

examples/eks_test_fixture/outputs.tf

@@ -2,3 +2,8 @@ output "cluster_endpoint" {
   description = "Endpoint for EKS controlplane."
   value       = "${module.eks.cluster_endpoint}"
 }
+
+output "cluster_security_group_ids" {
+  description = "."
+  value       = "${module.eks.cluster_security_group_ids}"
+}