add aws resources and outputs

Author: pen-pal

aws-resources.tf

@@ -0,0 +1,105 @@
+#######################################
+### AWS KMS Key
+#######################################
+resource "aws_kms_key" "default" {
+  count                    = var.create && var.encryption_enabled ? 1 : 0
+  deletion_window_in_days  = var.deletion_window_in_days
+  enable_key_rotation      = var.enable_key_rotation
+  policy                   = var.policy
+  description              = var.description
+  key_usage                = var.key_usage
+  customer_master_key_spec = var.customer_master_key_spec
+  multi_region             = var.multi_region
+  tags                     = var.tags
+}
+
+resource "aws_kms_alias" "default" {
+  count = var.create && var.encryption_enabled ? 1 : 0
+  name  = var.alias
+  #name          = coalesce(var.alias, format("alias/%v", module.this.id))
+  target_key_id = join("", aws_kms_key.default.*.id)
+}
+########################################
+### AWS Roles
+########################################
+resource "aws_iam_role_policy" "policy" {
+  count  = var.create && var.encryption_enabled ? 1 : 0
+  name   = "mongodb_atlas_setup_policy"
+  role   = aws_iam_role.role[0].id
+  policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+		"Action": "*",
+		"Resource": "*"
+      }
+    ]
+  }
+  EOF
+  depends_on = [
+    aws_iam_role.role
+  ]
+}
+
+resource "aws_iam_role" "role" {
+  count = var.create && var.encryption_enabled ? 1 : 0
+  name  = "mongodb_setup_role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "${mongodbatlas_cloud_provider_access_setup.setup_only[0].aws_config[0].atlas_aws_account_arn}"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "${mongodbatlas_cloud_provider_access_setup.setup_only[0].aws_config[0].atlas_assumed_role_external_id}"
+        }
+      }
+    }
+  ]
+}
+EOF
+}
+########################################################
+### Mongdb atlas and AWS VPC Private Link
+########################################################
+resource "mongodbatlas_privatelink_endpoint" "default" {
+  count         = local.free_tier == false && var.create && var.create_privatelink_endpoint == true ? 1 : 0
+  project_id    = mongodbatlas_project.project[0].id
+  provider_name = local.cloud_provider
+  region        = var.region
+}
+
+resource "aws_vpc_endpoint" "ptfe_service" {
+  count              = local.free_tier == false && var.create && var.create_privatelink_endpoint == true ? 1 : 0
+  vpc_id             = var.vpc_id
+  service_name       = mongodbatlas_privatelink_endpoint.default[0].endpoint_service_name
+  vpc_endpoint_type  = var.vpc_endpoint_type
+  subnet_ids         = var.subnet_ids
+  security_group_ids = var.security_group_ids
+
+  depends_on = [
+    mongodbatlas_privatelink_endpoint.default
+  ]
+}
+
+resource "mongodbatlas_privatelink_endpoint_service" "test" {
+  count               = local.free_tier == false && var.create && var.create_privatelink_endpoint == true ? 1 : 0
+  project_id          = mongodbatlas_project.project[0].id
+  private_link_id     = mongodbatlas_privatelink_endpoint.default[0].private_link_id
+  endpoint_service_id = aws_vpc_endpoint.ptfe_service[0].id
+  provider_name       = "AWS"
+
+  depends_on = [
+    mongodbatlas_privatelink_endpoint.default,
+    aws_vpc_endpoint.ptfe_service
+  ]
+
+}

outputs.tf

@@ -0,0 +1,19 @@
+output "key_arn" {
+  value       = join("", aws_kms_key.default.*.arn)
+  description = "Key ARN"
+}
+
+output "key_id" {
+  value       = join("", aws_kms_key.default.*.key_id)
+  description = "Key ID"
+}
+
+output "alias_arn" {
+  value       = join("", aws_kms_alias.default.*.arn)
+  description = "Alias ARN"
+}
+
+output "alias_name" {
+  value       = join("", aws_kms_alias.default.*.name)
+  description = "Alias name"
+}