Merge pull request #149 from ExpediaGroup/feature/enable_vpce

githubjianli · web-flow · commit 32079e170e4a · 2024-12-10T10:18:10.000-08:00
feat: add waggledance vpce
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,13 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [4.5.6] - 2024-12-10
+### Added
+- Added waggledance VPC endpoint service
+- Added following new variables to support waggledance VPC endpint service:
+  - `enable_vpc_endpoint_services`
+  - `waggledance_customer_accounts`
+
 ## [4.5.5] - 2024-10-04
 ### Added
 - Added variables to control Waggledance deployment dns policy and config.
diff --git a/endpoints.tf b/endpoints.tf
@@ -72,3 +72,17 @@ resource "aws_route53_record" "metastore_alias" {
   ttl     = "60"
   records = [aws_vpc_endpoint.remote_metastores[count.index].dns_entry[0].dns_name]
 }
+
+
+data "aws_lb" "waggledance_lb" {
+  count = var.wd_instance_type == "k8s" && var.enable_vpc_endpoint_services ? 1 : 0
+  name  = split("-", split(".", kubernetes_service.waggle_dance[0].status.0.load_balancer.0.ingress.0.hostname).0).0
+}
+
+resource "aws_vpc_endpoint_service" "waggledance" {
+  count                      = var.enable_vpc_endpoint_services ? 1 : 0
+  network_load_balancer_arns = var.wd_instance_type == "ecs" ? aws_lb.waggledance[0].*.arn : data.aws_lb.waggledance_lb[0].*.arn
+  acceptance_required        = false
+  allowed_principals         = formatlist("arn:aws:iam::%s:root", var.waggledance_customer_accounts)
+  tags                       = merge(tomap({"Name"="${local.instance_alias}"}), var.tags)
+}
diff --git a/variables.tf b/variables.tf
@@ -524,3 +524,15 @@ variable "extended_server_config" {
   type        = string
   default     = ""
 }
+
+variable "enable_vpc_endpoint_services" {
+  description = "Enable metastore NLB, Route53 entries VPC access and VPC endpoint services, for cross-account access."
+  type        = bool
+  default     = false
+}
+
+variable "waggledance_customer_accounts" {
+  description = "Waggledance VPC Endpoint customer accounts"
+  type        = list(string)
+  default     = []
+}
