Merge pull request #7 from Trapesys/fix-targeted-apply

Fix targeted apply and add basic example
aws-ia · Aug 13, 2022 · 96f213e · 96f213e
2 parents 4970d6b + cb70443
commit 96f213e
Show file tree

Hide file tree

Showing 11 changed files with 140 additions and 70 deletions.
diff --git a/.header.md b/.header.md
@@ -2,7 +2,7 @@
   <img src="https://raw.githubusercontent.com/0xPolygon/polygon-edge/develop/.github/banner.jpg" alt="Polygon Edge" width="100%">
 </p>
 
-# <center>Polygon Edge AWS Terraform</center>
+# Polygon Edge AWS Terraform
 
 Polygon Edge is a modular and extensible framework for building Ethereum-compatible blockchain networks.
 
@@ -55,13 +55,19 @@ This deployment uses `ubuntu-focal-20.04-amd64-server` AWS AMI. It will **not**
 
 If, for some reason, base AMI is required to get updated, 
 it can be achieved by running `terraform taint` command for each instance, before `terraform apply`.   
-Instances can be tainted by running the `terraform taint module.instances[<AZ>].aws_instance.polygon_edge_instance` command, 
-where `<AZ>` is the availability zone
-Example with default configuration:
+Instances can be tainted by running the `terraform taint module.instances[<instance_number>].aws_instance.polygon_edge_instance` command.
+
+Example:
 ```shell
-terraform taint module.instances[\"us-west-2a\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2b\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2c\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2d\"].aws_instance.polygon_edge_instance
+terraform taint module.instances[0].aws_instance.polygon_edge_instance
+terraform taint module.instances[1].aws_instance.polygon_edge_instance
+terraform taint module.instances[2].aws_instance.polygon_edge_instance
+terraform taint module.instances[3].aws_instance.polygon_edge_instance
 terraform apply
-```
+```
+
+### Resources cleanup
+
+When cleaning up all resources by running `terraform destory`, the only thing that needs to be manually deleted 
+are **validator keys** from **AWS SSM Parameter Store** as they are not stored via Terraform, but with `polygon-edge`
+process itself.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
   <img src="https://raw.githubusercontent.com/0xPolygon/polygon-edge/develop/.github/banner.jpg" alt="Polygon Edge" width="100%">
 </p>
 
-# <center>Polygon Edge AWS Terraform</center>
+# Polygon Edge AWS Terraform
 
 Polygon Edge is a modular and extensible framework for building Ethereum-compatible blockchain networks.
 
@@ -56,17 +56,23 @@ This deployment uses `ubuntu-focal-20.04-amd64-server` AWS AMI. It will **not**
 
 If, for some reason, base AMI is required to get updated,
 it can be achieved by running `terraform taint` command for each instance, before `terraform apply`.   
-Instances can be tainted by running the `terraform taint module.instances[<AZ>].aws_instance.polygon_edge_instance` command,
-where `<AZ>` is the availability zone
-Example with default configuration:
+Instances can be tainted by running the `terraform taint module.instances[<instance_number>].aws_instance.polygon_edge_instance` command.
+
+Example:
 ```shell
-terraform taint module.instances[\"us-west-2a\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2b\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2c\"].aws_instance.polygon_edge_instance
-terraform taint module.instances[\"us-west-2d\"].aws_instance.polygon_edge_instance
+terraform taint module.instances[0].aws_instance.polygon_edge_instance
+terraform taint module.instances[1].aws_instance.polygon_edge_instance
+terraform taint module.instances[2].aws_instance.polygon_edge_instance
+terraform taint module.instances[3].aws_instance.polygon_edge_instance
 terraform apply
 ```
 
+### Resources cleanup
+
+When cleaning up all resources by running `terraform destory`, the only thing that needs to be manually deleted
+are **validator keys** from **AWS SSM Parameter Store** as they are not stored via Terraform, but with `polygon-edge`
+process itself.
+
 ## Requirements
 
 | Name | Version |
@@ -80,6 +86,7 @@ terraform apply
 
 | Name | Version |
 |------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | >=3.1.1 |
 
 ## Modules
@@ -92,13 +99,14 @@ terraform apply
 | <a name="module_s3"></a> [s3](#module\_s3) | terraform-aws-modules/s3-bucket/aws | >= 3.3.0 |
 | <a name="module_security"></a> [security](#module\_security) | ./modules/security | n/a |
 | <a name="module_user_data"></a> [user\_data](#module\_user\_data) | ./modules/user-data | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 1.4.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | = 1.4.1 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [null_data_source.downloaded_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/data-sources/data_source) | data source |
 
 ## Inputs

diff --git a/data.tf b/data.tf
@@ -0,0 +1,8 @@
+data "null_data_source" "downloaded_package" {
+  inputs = {
+    id       = null_resource.download_package.id
+    filename = local.downloaded
+  }
+}
+
+data "aws_availability_zones" "current" {}
diff --git a/examples/basic/.header.md b/examples/basic/.header.md
@@ -0,0 +1,21 @@
+# Polygon Edge simple deployment on AWS
+
+## Prerequisites
+
+Three variables that must be provided, before running the deployment:
+
+* `account_id` - the AWS account ID that the Polygon Edge blockchain cluster will be deployed on.
+* `alb_ssl_certificate` - the ARN of the certificate from AWS Certificate Manager to be used by ALB for https protocol.   
+  The certificate must be generated before starting the deployment, and it must have **Issued** status.
+* `premine` - the account/s that will receive pre mined native currency.
+  Value must follow the official [CLI](https://docs.polygon.technology/docs/edge/get-started/cli-commands#genesis-flags) flag specification.
+
+## Deployment
+To get Polygon Edge cluster quickly up and running default values:
+* include this module 
+* define mandatory variables or provide them at cli prompt    
+* `terraform init` - to initialize modules   
+* `terraform apply` - to deploy the infrastructure
+
+After everything is deployed the JSON-RPC URL should be outputted in the CLI, which needs to be set as a CNAME target 
+for a domain that you've created the certificate for.
diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -1,29 +1,55 @@
 <!-- BEGIN_TF_DOCS -->
+# Polygon Edge simple deployment on AWS
+
+## Prerequisites
+
+Three variables that must be provided, before running the deployment:
+
+* `account_id` - the AWS account ID that the Polygon Edge blockchain cluster will be deployed on.
+* `alb_ssl_certificate` - the ARN of the certificate from AWS Certificate Manager to be used by ALB for https protocol.   
+  The certificate must be generated before starting the deployment, and it must have **Issued** status.
+* `premine` - the account/s that will receive pre mined native currency.
+  Value must follow the official [CLI](https://docs.polygon.technology/docs/edge/get-started/cli-commands#genesis-flags) flag specification.
+
+## Deployment
+To get Polygon Edge cluster quickly up and running default values:
+* include this module
+* define mandatory variables or provide them at cli prompt    
+* `terraform init` - to initialize modules   
+* `terraform apply` - to deploy the infrastructure
+
+After everything is deployed the JSON-RPC URL should be outputted in the CLI, which needs to be set as a CNAME target
+for a domain that you've created the certificate for.
+
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.9.0 |
+No requirements.
 
 ## Providers
 
 No providers.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_polygon-edge"></a> [polygon-edge](#module\_polygon-edge) | aws-ia/polygon-technology-edge/aws | >=0.0.1 |
 
 ## Resources
 
 No resources.
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | Your AWS Account ID | `string` | n/a | yes |
+| <a name="input_alb_ssl_certificate"></a> [alb\_ssl\_certificate](#input\_alb\_ssl\_certificate) | The ARN of SSL certificate that will be placed on JSON-RPC ALB | `string` | n/a | yes |
+| <a name="input_premine"></a> [premine](#input\_premine) | Public account that will receive premined native currency | `string` | n/a | yes |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_json_rpc_dns_name"></a> [json\_rpc\_dns\_name](#output\_json\_rpc\_dns\_name) | The dns name for the JSON-RPC API |
 <!-- END_TF_DOCS -->
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -0,0 +1,8 @@
+module "polygon-edge" {
+  source  = "aws-ia/polygon-technology-edge/aws"
+  version = ">=0.0.1"
+
+  account_id          = var.account_id
+  premine             = var.premine
+  alb_ssl_certificate = var.alb_ssl_certificate
+}
diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf
@@ -0,0 +1,4 @@
+output "json_rpc_dns_name" {
+  value       = module.polygon-edge.jsonrpc_dns_name
+  description = "The dns name for the JSON-RPC API"
+}
diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
@@ -1,21 +0,0 @@
-terraform {
-  required_version = ">= 1.1.0"
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.72.0"
-    }
-    awscc = {
-      source  = "hashicorp/awscc"
-      version = ">= 0.11.0"
-    }
-  }
-}
-
-provider "awscc" {
-  user_agent = [{
-    product_name    = "terraform-polygon-technology-edge"
-    product_version = "0.0.1"
-    comment         = "V1/AWS-D69B4015/478186123"
-  }]
-}

diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
@@ -0,0 +1,14 @@
+variable "account_id" {
+  type        = string
+  description = "Your AWS Account ID"
+}
+
+variable "premine" {
+  type        = string
+  description = "Public account that will receive premined native currency"
+}
+
+variable "alb_ssl_certificate" {
+  type        = string
+  description = "The ARN of SSL certificate that will be placed on JSON-RPC ALB"
+}
diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 module "vpc" {
   source  = "aws-ia/vpc/aws"
-  version = ">= 1.4.1"
+  version = "= 1.4.1"
 
   name       = var.vpc_name
   cidr_block = var.vpc_cidr_block
@@ -24,6 +24,17 @@ module "vpc" {
   }
 }
 
+locals {
+  package_url     = var.lambda_function_zip
+  downloaded      = basename(var.lambda_function_zip)
+  azs             = slice(data.aws_availability_zones.current.names, 0, 4)
+  private_subnets = [for _, value in module.vpc.private_subnet_attributes_by_az : value.id]
+  private_azs = {
+    for idx, az_name in local.azs : idx => az_name
+  }
+
+}
+
 module "s3" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = ">= 3.3.0"
@@ -49,13 +60,13 @@ module "security" {
 module "instances" {
   source = "./modules/instances"
 
-  for_each = module.vpc.private_subnet_attributes_by_az
+  for_each = local.private_azs
 
-  internal_subnet             = each.value.id
+  internal_subnet             = local.private_subnets[each.key]
   internal_sec_groups         = [module.security.internal_sec_group_id]
   user_data_base64            = module.user_data[each.key].polygon_edge_node
   instance_iam_role           = module.security.ec2_to_assm_iam_policy_id
-  az                          = each.key
+  az                          = each.value
   instance_type               = var.instance_type
   instance_name               = var.instance_name
   ebs_root_name_tag           = var.ebs_root_name_tag
@@ -69,8 +80,8 @@ module "instances" {
 module "user_data" {
   source = "./modules/user-data"
 
-  for_each  = module.vpc.private_subnet_attributes_by_az
-  node_name = "${var.node_name_prefix}-${each.key}"
+  for_each  = local.private_azs
+  node_name = "${var.node_name_prefix}-${each.value}"
 
   assm_path      = var.ssm_parameter_id
   assm_region    = var.region
@@ -119,10 +130,7 @@ module "alb" {
   nodes_alb_targetgroup_name_prefix = var.nodes_alb_targetgroup_name_prefix
 }
 
-locals {
-  package_url = var.lambda_function_zip
-  downloaded  = basename(var.lambda_function_zip)
-}
+
 
 resource "null_resource" "download_package" {
   triggers = {
@@ -134,13 +142,6 @@ resource "null_resource" "download_package" {
   }
 }
 
-data "null_data_source" "downloaded_package" {
-  inputs = {
-    id       = null_resource.download_package.id
-    filename = local.downloaded
-  }
-}
-
 module "lambda" {
   source  = "terraform-aws-modules/lambda/aws"
   version = ">=3.3.1"

diff --git a/outputs.tf b/outputs.tf
@@ -1,9 +1,4 @@
 output "jsonrpc_dns_name" {
   value       = module.alb.dns_name
   description = "The dns name for the JSON-RPC API"
-}
-
-#output "bastion_instance_public_ip" {
-#  value = module.bastion_instance.bastion_eip
-#  description = "The public ip address of the bastion instance"
-#}
+}