Skip to content

Commit

Permalink
Merge pull request #20 from aws-ia/optimize
Browse files Browse the repository at this point in the history 
Removed plugins and requirements object creation
  • Loading branch information
@vara-bonthu
vara-bonthu authored Jul 7, 2022
2 parents 46710b5 + 6be5b8d commit a243519
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 31 deletions.
2 changes: 0 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,6 @@ No modules.
| [aws_s3_bucket_public_access_block.mwaa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.mwaa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_versioning.mwaa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
| [aws_s3_object.plugins](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
| [aws_s3_object.python_requirements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
| [aws_security_group.mwaa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.mwaa_sg_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.mwaa_sg_inbound_vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
Expand Down
45 changes: 16 additions & 29 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,24 +9,26 @@ resource "aws_mwaa_environment" "mwaa" {
max_workers = var.max_workers
kms_key = var.kms_key

dag_s3_path = var.dag_s3_path
plugins_s3_object_version = var.plugins_s3_object_version
plugins_s3_path = var.plugins_s3_path
requirements_s3_path = var.requirements_s3_path
schedulers = var.schedulers
execution_role_arn = local.execution_role_arn
airflow_configuration_options = local.airflow_configuration_options
dag_s3_path = var.dag_s3_path
plugins_s3_object_version = var.plugins_s3_object_version
plugins_s3_path = var.plugins_s3_path
requirements_s3_path = var.requirements_s3_path
requirements_s3_object_version = var.requirements_s3_object_version
schedulers = var.schedulers
execution_role_arn = local.execution_role_arn
airflow_configuration_options = local.airflow_configuration_options

source_bucket_arn = local.source_bucket_arn
webserver_access_mode = var.webserver_access_mode
weekly_maintenance_window_start = var.weekly_maintenance_window_start

tags = var.tags

network_configuration {
security_group_ids = local.security_group_ids
subnet_ids = var.private_subnet_ids
}

source_bucket_arn = local.source_bucket_arn
webserver_access_mode = var.webserver_access_mode
weekly_maintenance_window_start = var.weekly_maintenance_window_start
requirements_s3_object_version = var.requirements_s3_object_version

logging_configuration {
dag_processing_logs {
enabled = try(var.logging_configuration.dag_processing_logs.enabled, true)
Expand Down Expand Up @@ -54,8 +56,6 @@ resource "aws_mwaa_environment" "mwaa" {
}
}

tags = var.tags

lifecycle {
ignore_changes = [
plugins_s3_object_version,
Expand Down Expand Up @@ -113,6 +113,7 @@ resource "aws_s3_bucket_acl" "mwaa" {
acl = "private"
}

#tfsec:ignore:aws-s3-encryption-customer-key
resource "aws_s3_bucket_server_side_encryption_configuration" "mwaa" {
count = var.create_s3_bucket ? 1 : 0

Expand Down Expand Up @@ -146,20 +147,6 @@ resource "aws_s3_bucket_public_access_block" "mwaa" {
ignore_public_acls = true
}

resource "aws_s3_object" "plugins" {
count = var.create_s3_bucket ? 1 : 0

key = "plugins.zip"
bucket = aws_s3_bucket.mwaa[0].id
}

resource "aws_s3_object" "python_requirements" {
count = var.create_s3_bucket ? 1 : 0

key = "requirements.txt"
bucket = aws_s3_bucket.mwaa[0].id
}

# ---------------------------------------------------------------------------------------------------------------------
# MWAA Security Group
# ---------------------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -201,7 +188,7 @@ resource "aws_security_group_rule" "mwaa_sg_inbound_vpn" {
description = "VPN Access for Airflow UI"
}

#tfsec:ignore:AWS007
#tfsec:ignore:aws-vpc-no-public-egress-sgr
resource "aws_security_group_rule" "mwaa_sg_outbound" {
count = var.create_security_group ? 1 : 0

Expand Down

0 comments on commit a243519

Please sign in to comment.