Resource Packs

Cloud

Example

Flavor

Feature

Redis

Example: redis resource based on AWS ElastiCache

Configuration

This example configures a redis Resource Definition using AWS ElastiCache. A workload using the redis resource to create redis cluster looks like:

resources:
  ...
  redis:
    type: redis

Infrastructure setup 

graph TD;
  subgraph VPC
    cache["AWS Elasticache"]
  
    subgraph EKS Cluster
      pod[workload pod]
    end
  end
  cache --> pod

Orchestrator setup 

graph LR;
  workload_1 --> cache_1["cache_1, resource_type: redis"]
  workload_2 --> cache_2["cache_2, resource_type: redis"]
  workload_2 --> shared.cache_1["shared.cache_1, resource_type: redis"]
  workload_3 --> shared.cache_1["shared.cache_1, resource_type: redis"]

Terraform docs

Requirements

Name Version
terraform >= 1.3.0
aws ~> 5.0
humanitec ~> 1.0
random ~> 3.5

Providers

Name Version
aws ~> 5.0
humanitec ~> 1.0
random ~> 3.5

Modules

Name Source Version
redis ../../humanitec-resource-defs/redis/basic n/a

Resources

Name Type
aws_elasticache_subnet_group.redis resource
aws_iam_role.humanitec_provisioner resource
aws_iam_role_policy_attachment.humanitec_provisioner resource
aws_security_group.redis resource
aws_vpc_security_group_ingress_rule.k8s_node_redis resource
humanitec_application.example resource
humanitec_resource_account.humanitec_provisioner resource
humanitec_resource_definition_criteria.redis resource
random_password.external_id resource
aws_iam_policy_document.instance_assume_role_policy data source

Inputs

Name Description Type Default Required
k8s_node_security_group_id AWS Security Group ID of the kubernetes nodes to allow access to the AWS ElastiCache cluster string n/a yes
region AWS Region string n/a yes
subnet_ids AWS Subnet IDs to use for the AWS ElastiCache cluster set(string) n/a yes
vpc_id AWS VPC ID string n/a yes
name Name of the example application string "hum-rp-redis-example" no
prefix Prefix of the created resources string "hum-rp-redis-ex-" no
resource_packs_aws_rev AWS Resource Pack git branch string "refs/heads/main" no
resource_packs_aws_url AWS Resource Pack git url string "https://github.com/humanitec-architecture/resource-packs-aws.git" no

main.tf (view on GitHub) :

# AWS IAM role used by Humanitec to provision resources

locals {
  admin_policy_arn   = "arn:aws:iam::aws:policy/AdministratorAccess"
  humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec"
}

resource "random_password" "external_id" {
  length  = 16
  special = false
}

data "aws_iam_policy_document" "instance_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = [local.humanitec_user_arn]
    }

    condition {
      test     = "StringEquals"
      variable = "sts:ExternalId"
      values   = [random_password.external_id.result]
    }
  }
}

resource "aws_iam_role" "humanitec_provisioner" {
  name = var.name

  assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json
}

resource "aws_iam_role_policy_attachment" "humanitec_provisioner" {
  role       = aws_iam_role.humanitec_provisioner.name
  policy_arn = local.admin_policy_arn
}

resource "humanitec_resource_account" "humanitec_provisioner" {
  id   = var.name
  name = var.name
  type = "aws-role"
  credentials = jsonencode({
    aws_role    = aws_iam_role.humanitec_provisioner.arn
    external_id = random_password.external_id.result
  })

  depends_on = [
    # Otherwise the account looses permissions before the resources are deleted
    aws_iam_role_policy_attachment.humanitec_provisioner
  ]
}

# Prepare ElastiCache subnet group and security group

resource "aws_elasticache_subnet_group" "redis" {
  name       = "redis"
  subnet_ids = var.subnet_ids
}

resource "aws_security_group" "redis" {
  name        = "redis"
  description = "redis"
  vpc_id      = var.vpc_id
}

resource "aws_vpc_security_group_ingress_rule" "k8s_node_redis" {
  security_group_id = aws_security_group.redis.id

  referenced_security_group_id = var.k8s_node_security_group_id
  from_port                    = 6379
  ip_protocol                  = "tcp"
  to_port                      = 6379
}

# Example application and resource definition criteria

resource "humanitec_application" "example" {
  id   = var.name
  name = var.name
}

module "redis" {
  source = "github.com/humanitec-architecture/resource-packs-aws//humanitec-resource-defs/redis/basic"

  resource_packs_aws_url = var.resource_packs_aws_url
  resource_packs_aws_rev = var.resource_packs_aws_rev
  append_logs_to_error   = true
  driver_account         = humanitec_resource_account.humanitec_provisioner.id

  region = var.region

  prefix             = var.prefix
  subnet_group_name  = aws_elasticache_subnet_group.redis.name
  security_group_ids = [aws_security_group.redis.id]
}

resource "humanitec_resource_definition_criteria" "redis" {
  resource_definition_id = module.redis.id
  app_id                 = humanitec_application.example.id

  force_delete = true
}

providers.tf (view on GitHub) :

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    humanitec = {
      source  = "humanitec/humanitec"
      version = "~> 1.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "~> 3.5"
    }
  }

  required_version = ">= 1.3.0"
}

provider "aws" {
  default_tags {
    tags = {
      "managed_by" = "terraform"
      "source"     = "github.com/humanitec-architecture/resource-pack-aws"
    }
  }
}

provider "humanitec" {}

provider "random" {}

terraform.tfvars.example (view on GitHub) :


# AWS Security Group ID of the kubernetes nodes to allow access to the AWS ElastiCache cluster
k8s_node_security_group_id = ""

# Name of the example application
name = "hum-rp-redis-example"

# Prefix of the created resources
prefix = "hum-rp-redis-ex-"

# AWS Region
region = ""

# AWS Resource Pack git branch
resource_packs_aws_rev = "refs/heads/main"

# AWS Resource Pack git url
resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git"

# AWS Subnet IDs to use for the AWS ElastiCache cluster
subnet_ids = ""

# AWS VPC ID
vpc_id = ""

variables.tf (view on GitHub) :

variable "region" {
  description = "AWS Region"
  type        = string
}

variable "vpc_id" {
  description = "AWS VPC ID"
  type        = string
}

variable "subnet_ids" {
  description = "AWS Subnet IDs to use for the AWS ElastiCache cluster"
  type        = set(string)
}

variable "k8s_node_security_group_id" {
  description = "AWS Security Group ID of the kubernetes nodes to allow access to the AWS ElastiCache cluster"
  type        = string
}

variable "resource_packs_aws_url" {
  description = "AWS Resource Pack git url"
  type        = string
  default     = "https://github.com/humanitec-architecture/resource-packs-aws.git"
}

variable "resource_packs_aws_rev" {
  description = "AWS Resource Pack git branch"
  type        = string
  default     = "refs/heads/main"
}

variable "name" {
  description = "Name of the example application"
  type        = string
  default     = "hum-rp-redis-example"
}

variable "prefix" {
  description = "Prefix of the created resources"
  type        = string
  default     = "hum-rp-redis-ex-"
}