aws-games · danielw-aws · Oct 2, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 17, 2024
diff --git a/modules/unreal/unreal-cloud-ddc-infra/main.tf b/modules/unreal/unreal-cloud-ddc-infra/main.tf
@@ -0,0 +1,27 @@
+output "cluster_name" {
+  value = aws_eks_cluster.unreal_cloud_ddc_eks_cluster.name
+}
+
+output "cluster_endpoint" {
+  value = aws_eks_cluster.unreal_cloud_ddc_eks_cluster.endpoint
+}
+
+output "cluster_arn" {
+  value = aws_eks_cluster.unreal_cloud_ddc_eks_cluster.arn
+}
+
+output "s3_bucket_id" {
+  value = aws_s3_bucket.unreal_ddc_s3_bucket.id
+}
+
+output "oidc_provider_identity" {
+  value = aws_eks_cluster.unreal_cloud_ddc_eks_cluster.identity
+}
+
+output "oidc_provider_arn" {
+  value = aws_iam_openid_connect_provider.unreal_cloud_ddc_oidc_provider.arn
+}
+
+output "cluster_certificate_authority_data" {
+  value = aws_eks_cluster.unreal_cloud_ddc_eks_cluster.certificate_authority[0].data
+}
@@ -0,0 +1,139 @@
+variable "name" {
+  description = "Unreal Cloud DDC Workload Name"
+  type        = string
+  default     = "unreal-cloud-ddc"
+}
+
+variable "vpc_id" {
+  description = "String for VPC ID"
+  type        = string
+}
+
+
+variable "private_subnets" {
+  type        = list(string)
+  default     = []
+  description = "Private subnets you want scylla and the worker nodes to be installed into."
+}
+
+variable "scylla_ami_name" {
+  type        = string
+  default     = "ScyllaDB 6.0.1"
+  description = "Name of the Scylla AMI to be used to get the AMI ID"
+  nullable    = false
+}
+
+variable "scylla_instance_type" {
+  type        = string
+  default     = "i4i.2xlarge"
+  description = "The type and size of the Scylla instance."
+  nullable    = false
+}
+
+variable "scylla_architecture" {
+  type        = string
+  default     = "x86_64"
+  description = "The chip architecture to use when finding the scylla image. Valid"
+  nullable    = false
+}
+
+variable "scylla_private_subnets" {
+  type        = list(string)
+  default     = []
+  description = "The subnets you want Scylla to be installed into. Can repeat subnet ids to install into the same subnet/az. This will also determine how many Scylla instances are deployed."
+  nullable    = false
+}
+
+variable "peer_cidr_blocks" {
+  type        = list(string)
+  default     = []
+  description = "The peered cidr blocks you want your vpc to communicate with if you have a multi region ddc."
+  nullable    = false
+}
+
+
+variable "scylla_dns" {
+  type        = string
+  default     = null
+  description = "The local private dns name that you want Scylla to be queryable on."
+}
+
+variable "scylla_db_storage" {
+  type        = number
+  default     = 100
+  description = "Size of gp3 ebs volumes attached to Scylla DBs"
+  nullable    = false
+}
+
+variable "scylla_db_throughput" {
+  type        = number
+  default     = 200
+  description = "Throughput of gp3 ebs volumes attached to Scylla DBs"
+  nullable    = false
+}
+
+variable "nvme_managed_node_instance_type" {
+  type        = string
+  default     = "i3en.xlarge"
+  description = "Nvme managed node group instance type"
+  nullable    = false
+}
+variable "nvme_managed_node_desired_size" {
+  type        = number
+  default     = 2
+  description = "Desired number of nvme managed node group instances"
+  nullable    = false
+}
+
+variable "nvme_managed_node_max_size" {
+  type        = number
+  default     = 2
+  description = "Max number of nvme managed node group instances"
+  nullable    = false
+}
+
+variable "worker_managed_node_instance_type" {
+  type        = string
+  default     = "c5.xlarge"
+  description = "Worker managed node group instance type."
+  nullable    = false
+}
+
+variable "worker_managed_node_desired_size" {
+  type        = number
+  default     = 1
+  description = "Desired number of worker managed node group instances."
+  nullable    = false
+}
+variable "worker_managed_node_max_size" {
+  type        = number
+  default     = 1
+  description = "Max number of worker managed node group instances."
+  nullable    = false
+}
+
+variable "system_managed_node_instance_type" {
+  type        = string
+  default     = "m5.large"
+  description = "Monitoring managed node group instance type."
+  nullable    = false
+}
+
+variable "system_managed_node_desired_size" {
+  type        = number
+  default     = 1
+  description = "Desired number of monitoring managed node group instances."
+  nullable    = false
+}
+
+variable "system_managed_node_max_size" {
+  type        = number
+  default     = 2
+  description = "Max number of monitoring managed node group instances."
+  nullable    = false
+}
+
+variable "eks_cluster_access_cidr" {
+  type        = list(string)
+  description = "List of the CIDR Ranges you want to grant public access to the EKS Cluster."
+}
@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.38"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0.5"
+    }
+  }
+}
@@ -0,0 +1,113 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.38 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.9.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >=2.24.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.38 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >=2.9.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >=2.24.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws_load_balancer_controller"></a> [aws\_load\_balancer\_controller](#module\_aws\_load\_balancer\_controller) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints-addon.git | 327207ad17f3069fdd0a76c14d3e07936eff4582 |
+| <a name="module_cert_manager"></a> [cert\_manager](#module\_cert\_manager) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints-addon.git | 327207ad17f3069fdd0a76c14d3e07936eff4582 |
+| <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-role-for-service-accounts-eks | ccb4f252cc340d85fd70a8a1fb1cae496a698c1f |
+| <a name="module_eks_blueprints_all_other_addons"></a> [eks\_blueprints\_all\_other\_addons](#module\_eks\_blueprints\_all\_other\_addons) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints-addons.git | a9963f4a0e168f73adb033be594ac35868696a91 |
+| <a name="module_eks_service_account_iam_role"></a> [eks\_service\_account\_iam\_role](#module\_eks\_service\_account\_iam\_role) | git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-assumable-role-with-oidc | ccb4f252cc340d85fd70a8a1fb1cae496a698c1f |
+| <a name="module_s3_iam_policy"></a> [s3\_iam\_policy](#module\_s3\_iam\_policy) | git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-policy | ccb4f252cc340d85fd70a8a1fb1cae496a698c1f |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.unreal_cloud_ddc](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.unreal_cloud_ddc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_service_account.unreal_cloud_ddc_service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [aws_eks_cluster.unreal_cloud_ddc_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_iam_policy_document.aws_load_balancer_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_s3_bucket.unreal_cloud_ddc_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cert_manager_hosted_zone_arns"></a> [cert\_manager\_hosted\_zone\_arns](#input\_cert\_manager\_hosted\_zone\_arns) | List of ARNs to be passed to Certificate Manager Addon | `list(string)` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS Cluster | `string` | n/a | yes |
+| <a name="input_external_secrets_secret_manager_arn_list"></a> [external\_secrets\_secret\_manager\_arn\_list](#input\_external\_secrets\_secret\_manager\_arn\_list) | List of ARNS for Secret Manager Secrets to use in Unreal Cloud DDC | `list(string)` | `[]` | no |
+| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | ARN of the OIDC Provider from EKS Cluster | `string` | n/a | yes |
+| <a name="input_s3_bucket_id"></a> [s3\_bucket\_id](#input\_s3\_bucket\_id) | ID of the S3 Bucket for Unreal Cloud DDC to use | `string` | n/a | yes |
+| <a name="input_unreal_cloud_ddc_helm_values"></a> [unreal\_cloud\_ddc\_helm\_values](#input\_unreal\_cloud\_ddc\_helm\_values) | List of YAML files for Unreal Cloud DDC | `list(string)` | `[]` | no |
+| <a name="input_unreal_cloud_ddc_namespace"></a> [unreal\_cloud\_ddc\_namespace](#input\_unreal\_cloud\_ddc\_namespace) | Namespace for Unreal Cloud DDC | `string` | `"unreal-cloud-ddc"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.38 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.9.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >=2.24.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.65.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.15.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cert_manager"></a> [cert\_manager](#module\_cert\_manager) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints-addon.git | 327207ad17f3069fdd0a76c14d3e07936eff4582 |
+| <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-role-for-service-accounts-eks | ccb4f252cc340d85fd70a8a1fb1cae496a698c1f |
+| <a name="module_eks_blueprints_all_other_addons"></a> [eks\_blueprints\_all\_other\_addons](#module\_eks\_blueprints\_all\_other\_addons) | git::https://github.com/aws-ia/terraform-aws-eks-blueprints-addons.git | a9963f4a0e168f73adb033be594ac35868696a91 |
+| <a name="module_eks_service_account_iam_role"></a> [eks\_service\_account\_iam\_role](#module\_eks\_service\_account\_iam\_role) | git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-assumable-role-with-oidc | ccb4f252cc340d85fd70a8a1fb1cae496a698c1f |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.s3_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [helm_release.unreal_cloud_ddc](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.unreal_cloud_ddc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_service_account.unreal_cloud_ddc_service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
+| [aws_eks_cluster.unreal_cloud_ddc_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_iam_policy_document.cert_manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_s3_bucket.unreal_cloud_ddc_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS Cluster | `string` | n/a | yes |
+| <a name="input_external_secrets_secret_manager_arn_list"></a> [external\_secrets\_secret\_manager\_arn\_list](#input\_external\_secrets\_secret\_manager\_arn\_list) | List of ARNS for Secret Manager Secrets to use in Unreal Cloud DDC | `list(string)` | `[]` | no |
+| <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | ARN of the OIDC Provider from EKS Cluster | `string` | n/a | yes |
+| <a name="input_s3_bucket_id"></a> [s3\_bucket\_id](#input\_s3\_bucket\_id) | ID of the S3 Bucket for Unreal Cloud DDC to use | `string` | n/a | yes |
+| <a name="input_unreal_cloud_ddc_helm_values"></a> [unreal\_cloud\_ddc\_helm\_values](#input\_unreal\_cloud\_ddc\_helm\_values) | List of YAML files for Unreal Cloud DDC | `list(string)` | `[]` | no |
+| <a name="input_unreal_cloud_ddc_namespace"></a> [unreal\_cloud\_ddc\_namespace](#input\_unreal\_cloud\_ddc\_namespace) | Namespace for Unreal Cloud DDC | `string` | `"unreal-cloud-ddc"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
@@ -0,0 +1,34 @@
+data "aws_partition" "current" {}
+
+data "aws_eks_cluster" "unreal_cloud_ddc_cluster" {
+  name = var.cluster_name
+}
+
+data "aws_s3_bucket" "unreal_cloud_ddc_bucket" {
+  bucket = var.s3_bucket_id
+}
+
+data "aws_iam_policy_document" "cert_manager" {
+
+
+  statement {
+    actions   = ["route53:GetChange", ]
+    resources = ["arn:${local.partition}:route53:::change/*"]
+  }
+
+  statement {
+    actions = [
+      "route53:ChangeResourceRecordSets",
+      "route53:ListResourceRecordSets",
+    ]
+    resources = [
+      "arn:${local.partition}:route53:::*",
+      "arn:${local.partition}:route53:::change/*"
+    ]
+  }
+
+  statement {
+    actions   = ["route53:ListHostedZonesByName"]
+    resources = ["*"]
+  }
+}