xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: Enabled EBS encryption on EMR. Added managed scaling policy

Browse Source
This commit is contained in:
xpk 2024-01-06 10:25:56 +08:00
parent f3cd4b79bb
commit 7bdc1ea455
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
2 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
examples/emr/main.tf
View File

@ -45,6 +45,11 @@ module "emr" {
instance_type_configs = [ instance_type_configs = [
{ {
instance_type = "c6g.xlarge" instance_type = "c6g.xlarge"
ebs_config = {
size = 20
type = "gp3"
volumes_per_instance = 1
}
} }
] ]
} }
@ -109,6 +114,18 @@ module "emr" {
AmazonEMRServicePolicy_v2 = "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2" AmazonEMRServicePolicy_v2 = "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2"
PowerUser = "arn:aws:iam::aws:policy/PowerUserAccess" PowerUser = "arn:aws:iam::aws:policy/PowerUserAccess"
} }
iam_instance_profile_policies = {
AmazonElasticMapReduceforEC2Role = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
PowerUser = "arn:aws:iam::aws:policy/PowerUserAccess"
}
# Use managed scaling policy to refill spot instances
managed_scaling_policy = {
unit_type = "InstanceFleetUnits"
minimum_capacity_units = 1
maximum_capacity_units = 4
maximum_ondemand_capacity_units = 0
maximum_core_capacity_units = 4
}
} }
resource "random_id" "this" { resource "random_id" "this" {
@ -142,20 +159,33 @@ module "s3_bucket" {
} }
} }
resource "aws_kms_key" "ebs" {
description = "KMS key for EBS volumes"
deletion_window_in_days = 7
}
resource "aws_emr_security_configuration" "security_config" { resource "aws_emr_security_configuration" "security_config" {
name = "${local.name}-emr-security-config" name = "${local.name}-emr-security-config"
configuration = jsonencode( configuration = jsonencode(
{ {
"EncryptionConfiguration" : { EncryptionConfiguration = {
"AtRestEncryptionConfiguration" : { AtRestEncryptionConfiguration = {
"S3EncryptionConfiguration" : { LocalDiskEncryptionConfiguration = {
"EncryptionMode" : "SSE-S3" AwsKmsKey = aws_kms_key.ebs.arn
}, EnableEbsEncryption = true
}, EncryptionKeyProviderType = "AwsKms"
"EnableInTransitEncryption" : false, }
"EnableAtRestEncryption" : true S3EncryptionConfiguration = {
EncryptionMode = "SSE-S3"
}
}
EnableAtRestEncryption = true
EnableInTransitEncryption = false
}
InstanceMetadataServiceConfiguration = {
HttpPutResponseHopLimit = 1
MinimumInstanceMetadataServiceVersion = 2
} }
} }
) )

1
examples/emr/provider.tf
View File

@ -2,7 +2,6 @@ provider "aws" {
region = var.aws-region region = var.aws-region
default_tags { default_tags {
tags = { tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment Environment = var.environment
Project = var.project Project = var.project
Application = var.application Application = var.application