Output SGID and EC2 SG RDS add (#63)

* Adding sg_outputs and ec2 sg

* Adding ports output

* db_port

Author: LeoDiazL

action.yaml

@@ -946,46 +946,70 @@ outputs:
   instance_endpoint:
     description: "The URL of the generated ec2 instance"
     value: ${{ steps.deploy.outputs.instance_endpoint }}
+  ec2_sg_id:
+    description: "SG ID for the EC2 instance"
+    value: ${{ steps.deploy.outputs.ec2_sg_id }}
   # RDS
   db_endpoint:
-    description: "ECS ALB DNS Record"
+    description: "RDS Endpoint"
     value: ${{ steps.deploy.outputs.db_endpoint }}
   db_secret_details_name:
-    description: "ECS DNS URL"
+    description: "AWS Secret name containing db credentials"
     value: ${{ steps.deploy.outputs.db_secret_details_name }}
+  db_sg_id:
+    description: "SG ID for the RDS instance"
+    value: ${{ steps.deploy.outputs.db_sg_id }}
   db_proxy_rds_endpoint:
     description: "Database proxy endpoint"
-    value: ${{ steps.deploy.outputs.db_proxy_rds }}
+    value: ${{ steps.deploy.outputs.db_proxy_rds_endpoint }}
   db_proxy_secret_name_rds:
-    description: "Database proxy secret_name"
+    description: "AWS Secret name containing proxy credentials"
     value: ${{ steps.deploy.outputs.db_proxy_secret_name_rds }}
+  db_proxy_sg_id_rds:
+    description: "SG ID for the RDS Proxy instance"
+    value: ${{ steps.deploy.outputs.db_proxy_sg_id_rds }}
   # Aurora
   aurora_db_endpoint:
-    description: "ECS ALB DNS Record"
-    value: ${{ steps.deploy.outputs.aurora_endpoint }}
+    description: "Aurora Endpoint"
+    value: ${{ steps.deploy.outputs.aurora_db_endpoint }}
   aurora_db_secret_details_name:
-    description: "ECS DNS URL"
-    value: ${{ steps.deploy.outputs.aurora_secret_details_name }}
+    description: "AWS Secret name containing db credentials"
+    value: ${{ steps.deploy.outputs.aurora_db_secret_details_name }}
+  aurora_db_sg_id:
+    description: "SG ID for the Aurora instance"
+    value: ${{ steps.deploy.outputs.aurora_db_sg_id }}
   aurora_proxy_endpoint:
     description: "Database proxy endpoint"
     value: ${{ steps.deploy.outputs.db_proxy_aurora }}
-  aurora_proxy_secret_name_rds:
-    description: "Database proxy secret_name"
+  aurora_proxy_secret_name:
+    description: "AWS Secret name containing proxy credentials"
     value: ${{ steps.deploy.outputs.db_proxy_secret_name_aurora }}
+  aurora_proxy_sg_id:
+    description: "SG ID for the RDS Proxy instance"
+    value: ${{ steps.deploy.outputs.db_proxy_sg_id_aurora }}
   # DB Proxy
   db_proxy_endpoint:
     description: "Database proxy endpoint"
     value: ${{ steps.deploy.outputs.db_proxy_endpoint }}
   db_proxy_secret_name:
     description: "Database proxy secret_name"
     value: ${{ steps.deploy.outputs.db_proxy_secret_name }}
+  db_proxy_sg_id:
+    description: "SG ID for the RDS Proxy instance"
+    value: ${{ steps.deploy.outputs.db_proxy_sg_id }}
   # ECS
   ecs_load_balancer_dns:
     description: "ECS ALB DNS Record"
     value: ${{ steps.deploy.outputs.ecs_load_balancer_dns }}
   ecs_dns_record:
     description: "ECS DNS URL"
     value: ${{ steps.deploy.outputs.ecs_dns_record }}
+  ecs_sg_id:
+    description: "ECS SG ID"
+    value: ${{ steps.deploy.outputs.ecs_sg_id }}
+  ecs_lb_sg_id:
+    description: "ECS LB SG ID"
+    value: ${{ steps.deploy.outputs.ecs_lb_sg_id }}
   # ECR
   ecr_repository_arn:
     description: "ECR Repo ARN"
@@ -1003,6 +1027,9 @@ outputs:
   redis_connection_string_secret:
     description: "Redis secret containing complete URL to connect directly. (e.g. rediss://user:pass@host:port)"
     value: ${{ steps.deploy.outputs.redis_connection_string_secret }}
+  redis_sg_id:
+    description: "Redis SG ID"
+    value: ${{ steps.deploy.outputs.redis_sg_id }}
 runs:
   using: 'composite'
   steps:
@@ -1373,10 +1400,10 @@ runs:
         AWS_ELB_LISTEN_PORT: ${{ inputs.aws_elb_listen_port }}
         RDS_ENDPOINT: ${{ steps.deploy.outputs.db_endpoint }}
         RDS_SECRETS_NAME: ${{ steps.deploy.outputs.db_secret_details_name }}
-        RDS_PROXY: ${{ steps.deploy.outputs.db_proxy_rds }}
+        RDS_PROXY: ${{ steps.deploy.outputs.db_proxy_rds_endpoint }}
         RDS_PROXY_SECRET: ${{ steps.deploy.outputs.db_proxy_secret_name_rds }}
-        AURORA_ENDPOINT: ${{ steps.deploy.outputs.aurora_endpoint }}
-        AURORA_SECRETS_NAME: ${{ steps.deploy.outputs.aurora_secret_details_name }}
+        AURORA_ENDPOINT: ${{ steps.deploy.outputs.aurora_db_endpoint }}
+        AURORA_SECRETS_NAME: ${{ steps.deploy.outputs.aurora_db_secret_details_name }}
         AURORA_PROXY: ${{ steps.deploy.outputs.db_proxy_aurora }}
         AURORA_PROXY_SECRET: ${{ steps.deploy.outputs.db_proxy_secret_name_aurora }}
         DB_PROXY: ${{ steps.deploy.outputs.db_proxy_endpoint }}

operations/deployment/terraform/aws/bitovi_main.tf

@@ -31,6 +31,21 @@ module "ec2" {
   }
 }
 
+module "ec2_sg_to_rds" {
+  source = "../modules/aws/sg/add_rule"
+  count  = var.aws_ec2_instance_create && var.aws_rds_db_enable ? 1 : 0
+  # Inputs 
+  sg_type                  = "ingress"
+  sg_rule_description      = "${var.aws_resource_identifier} - EC2 Incoming"
+  sg_rule_from_port        = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port)
+  sg_rule_to_port          = try(module.db_proxy_rds[0].db_proxy_port,module.rds[0].db_port)
+  sg_rule_protocol         = "tcp"
+  source_security_group_id = module.ec2[0].aws_security_group_ec2_sg_id
+  target_security_group_id = try(module.db_proxy_rds[0].db_proxy_sg_id,module.rds[0].rds_sg_id)
+  
+  depends_on = [ module.ec2,module.rds ]
+}
+
 module "aws_certificates" {
   source = "../modules/aws/certificates"
   count  = ( var.aws_ec2_instance_create || var.aws_ecs_enable ) && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0
@@ -646,6 +661,11 @@ output "instance_endpoint" {
   value       = local.ec2_endpoint
 }
 
+output "ec2_sg_id" {
+  description = "SG ID for the EC2 instance"
+  value       = try(module.ec2[0].aws_security_group_ec2_sg_id,null)
+}
+
 output "aws_elb_dns_name" {
   description = "Public DNS address of the LB"
   value       = try(module.aws_elb[0].aws_elb_dns_name,null)
@@ -661,47 +681,59 @@ output "vm_url" {
 }
 
 # Aurora
-output "aurora_endpoint" {
+output "aurora_db_endpoint" {
   value = try(module.aurora_rds[0].aurora_db_endpoint,null)
 }
-
-output "aurora_secret_details_name" {
+output "aurora_db_secret_details_name" {
   value = try(module.aurora_rds[0].aurora_secret_name,null)
 }
+output "aurora_db_sg_id" {
+  value = try(module.aurora_rds[0].aurora_sg_id,null)
+}
 
+# Aurora Proxy 
 output "db_proxy_aurora" {
   value = try(module.db_proxy_aurora[0].db_proxy_endpoint,null)
 }
-
 output "db_proxy_secret_name_aurora" {
   value = try(module.db_proxy_aurora[0].db_proxy_secret_name,null)
 }
+output "db_proxy_sg_id_aurora" {
+  value = try(module.db_proxy_aurora[0].db_proxy_sg_id,null)
+}
 
 # RDS
 output "db_endpoint" {
   value = try(module.rds[0].db_endpoint,null)
 }
-
 output "db_secret_details_name" {
   value = try(module.rds[0].db_secret_name,null)
 }
+output "db_sg_id" {
+  value = try(module.rds[0].db_sg_id,null)
+}
 
-output "db_proxy_rds" {
+# RDS Proxy
+output "db_proxy_rds_endpoint" {
   value = try(module.db_proxy_rds[0].db_proxy_endpoint,null)
 }
-
-# Proxy
 output "db_proxy_secret_name_rds" {
   value = try(module.db_proxy_rds[0].db_proxy_secret_name,null)
 }
+output "db_proxy_sg_id_rds" {
+  value = try(module.db_proxy_rds[0].db_proxy_sg_id,null)
+}
 
+# Proxy
 output "db_proxy_endpoint" {
   value = try(module.db_proxy[0].db_proxy_endpoint,null)
 }
-
 output "db_proxy_secret_name" {
   value = try(module.db_proxy[0].db_proxy_secret_name,null)
 }
+output "db_proxy_sg_id" {
+  value = try(module.db_proxy[0].db_proxy_sg_id,null)
+}
 
 # ECS
 output "ecs_dns_record" {
@@ -712,6 +744,14 @@ output "ecs_load_balancer_dns" {
   value = try(module.aws_ecs[0].load_balancer_dns,null)
 }
 
+output "ecs_sg_id" {
+  value = try(module.aws_ecs[0].ecs_sg.id,null)
+}
+
+output "ecs_lb_sg_id" {
+  value = try(module.aws_ecs[0].ecs_lb_sg.id,null)
+}
+
 # Redis
 output "redis_secret_name" {
   value = try(module.redis[0].redis_secret_name,null)
@@ -723,4 +763,8 @@ output "redis_endpoint" {
 
 output "redis_connection_string_secret" {
   value = try(module.redis[0].redis_connection_string_secret,null)
+}
+
+output "redis_sg_id" {
+  value = try(module.redis[0].redis_sg_id,null)
 }

operations/deployment/terraform/modules/aws/aurora/aws_aurora.tf

@@ -250,6 +250,14 @@ output "aurora_db_endpoint" {
   value = aws_rds_cluster.aurora.endpoint
 }
 
+output "db_port" {
+  value = aws_rds_cluster.aurora.port
+}
+
 output "random_string" {
   value = random_string.random_sm.result
+}
+
+output "aurora_sg_id" {
+    value = aws_security_group.aurora_security_group.id
 }

operations/deployment/terraform/modules/aws/db_proxy/aws_db_proxy.tf

@@ -269,6 +269,10 @@ output "db_proxy_endpoint" {
   value = aws_db_proxy.rds_proxy[0].endpoint
 }
 
+output "db_proxy_port" {
+  value = local.db_port
+}
+
 output "db_proxy_secret_name" {
   value = aws_secretsmanager_secret.proxy_credentials.name
 }
@@ -283,3 +287,7 @@ resource "random_string" "random_sm" {
 locals {
   random_string = var.incoming_random_string != null ? var.incoming_random_string : random_string.random_sm.result
 }
+
+output "db_proxy_sg_id" {
+    value = aws_security_group.sg_rds_proxy.id
+}

operations/deployment/terraform/modules/aws/ec2/aws_ec2.tf

@@ -153,4 +153,12 @@ output "aws_instance_server_id" {
 
 output "private_key_filename" {
   value = local_sensitive_file.private_key.filename
+}
+
+output "aws_security_group_ec2_sg_name" {
+  value = data.aws_security_group.ec2_security_group.name
+}
+
+output "aws_security_group_ec2_sg_id" {
+  value = data.aws_security_group.ec2_security_group.id
 }

operations/deployment/terraform/modules/aws/ec2/aws_ec2_security.tf

@@ -42,13 +42,6 @@ locals {
   aws_ec2_port_list = var.aws_ec2_port_list != "" ? [for n in split(",", var.aws_ec2_port_list) : tonumber(n)] : []
 }
 
-output "aws_security_group_ec2_sg_name" {
-  value = data.aws_security_group.ec2_security_group.name
-}
-output "aws_security_group_ec2_sg_id" {
-  value = data.aws_security_group.ec2_security_group.id
-}
-
 resource "aws_iam_role" "ec2_role" {
   count = var.aws_ec2_iam_instance_profile != "" ? 0 : 1
   name = var.aws_resource_identifier

operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf

@@ -223,4 +223,12 @@ output "load_balancer_protocol" {
 
 output "load_balancer_zone_id" {
   value = aws_alb.ecs_lb.zone_id
+}
+
+output "ecs_sg_id" {
+  value = aws_security_group.ecs_sg.id
+}
+
+output "ecs_lb_sg_id" {
+  value = aws_security_group.ecs_lb_sg.id
 }

operations/deployment/terraform/modules/aws/elb/aws_elb.tf

@@ -111,14 +111,6 @@ resource "aws_elb" "vm_lb" {
     Name = "${var.aws_resource_identifier_supershort}"
   }
 }
-
-output "aws_elb_dns_name" {
-  value = aws_elb.vm_lb.dns_name
-}
-output "aws_elb_zone_id" {
-  value = aws_elb.vm_lb.zone_id
-}
-
 
 # TODO: Fix when a user only passes app_ports, the target length should be the same. 
 # The main idea of the next block is to get what should be opened, mapped, and with which protocol.
@@ -145,4 +137,11 @@ locals {
   # Same but for listen protocols, and if a cert is available, make them SSL
   elb_listen_protocol     = length(local.aws_elb_listen_protocol) < local.aws_ports_ammount ? ( local.elb_ssl_available ? 
     [ for _ in range(local.aws_ports_ammount) : "ssl" ] : [ for _ in range(local.aws_ports_ammount) : "tcp" ] ) : local.aws_elb_listen_protocol
-}
+}
+
+output "aws_elb_dns_name" {
+  value = aws_elb.vm_lb.dns_name
+}
+output "aws_elb_zone_id" {
+  value = aws_elb.vm_lb.zone_id
+}

operations/deployment/terraform/modules/aws/rds/aws_rds.tf

@@ -82,18 +82,6 @@ resource "aws_db_instance" "default" {
   }
 }
 
-output "db_endpoint" {
-  value = aws_db_instance.default.endpoint
-}
-
-output "db_secret_name" {
-  value = aws_secretsmanager_secret.rds_database_credentials.name
-}
-
-output "db_id" {
-  value = aws_db_instance.default.id
-}
-
 // Creates a secret manager secret for the databse credentials
 resource "aws_secretsmanager_secret" "rds_database_credentials" {
   name   = "${var.aws_resource_identifier_supershort}-rdsdb-pub-${random_string.random_sm.result}"
@@ -141,6 +129,26 @@ data "aws_vpc" "selected" {
   id    = var.aws_selected_vpc_id
 }
 
+output "db_endpoint" {
+  value = aws_db_instance.default.endpoint
+}
+
+output "db_secret_name" {
+  value = aws_secretsmanager_secret.rds_database_credentials.name
+}
+
+output "db_id" {
+  value = aws_db_instance.default.id
+}
+
 output "random_string" {
   value = random_string.random_sm.result
+}
+
+output "rds_sg_id" {
+    value = aws_security_group.rds_db_security_group.id
+}
+
+output "db_port" {
+  value = aws_db_instance.default.port
 }