Terraform Module - AWS Rubrik Cloud Native Exocompute Networking

This module provides a working example of how to configure the network that the Exocompute EKS cluster will run on. While there are many networking designs this module takes the example of the EKS cluster running on 2 private subnets. Internet access is provided via a NAT gateway to a public subnet, which the module also defines. It is also important to note that this module tags the subnets and any other resources so that the EKS cluster will consume and use them. The minimum network ports have been opened in the NACLs and Security Groups for the Exocompute cluster to function, either privately or publicity.

Prerequisites

There are a few services you'll need in order to get this project off the ground:

Terraform v1.5.6 or greater
Install the AWS CLI - Needed for Terraform to authenticate with AWS

Usage

module "polaris-aws-cloud-native-exocompute-networking" {
  source  = "rubrikinc/polaris-cloud-native-exocompute-networking/aws"
  
  aws_exocompute_subnet_public_cidr   = "172.21.0.0/24"
  aws_exocompute_subnet_1_cidr        = "172.21.1.0/24"
  aws_exocompute_subnet_2_cidr        = "172.21.2.0/24"
  aws_exocompute_vpc_cidr             = "172.21.0.0/16"
  aws_profile                         = var.aws_profile
  rsc_exocompute_region               = var.exocompute_region
}

Requirements

Name	Version
terraform	>=1.5.6
aws	~>5.26.0

Providers

Name	Version
aws	~>5.26.0

Resources

Name	Type
aws_eip.rsc_exocompute_nat_eip	resource
aws_internet_gateway.rsc_exocompute	resource
aws_nat_gateway.rsc_exocompute	resource
aws_route.rsc_exocompute_private_nat_gateway	resource
aws_route.rsc_exocompute_public_internet_gateway	resource
aws_route_table.rsc_exocompute_private	resource
aws_route_table.rsc_exocompute_public	resource
aws_route_table_association.rsc_exocompute_private_1	resource
aws_route_table_association.rsc_exocompute_private_2	resource
aws_route_table_association.rsc_exocompute_public	resource
aws_security_group.control-plane	resource
aws_security_group.worker-node	resource
aws_subnet.rsc_exocompute_public	resource
aws_subnet.rsc_exocompute_subnet_1	resource
aws_subnet.rsc_exocompute_subnet_2	resource
aws_vpc.rsc_exocompute	resource
aws_vpc_endpoint.autoscaling	resource
aws_vpc_endpoint.ec2	resource
aws_vpc_endpoint.ecr_api	resource
aws_vpc_endpoint.ecr_dkr	resource
aws_vpc_endpoint.eks	resource
aws_vpc_endpoint.rsc_exocompute	resource
aws_vpc_security_group_egress_rule.control-plane_any_ipv4	resource
aws_vpc_security_group_egress_rule.control-plane_worker-node_1025_65535	resource
aws_vpc_security_group_egress_rule.worker_all_ipv4	resource
aws_vpc_security_group_ingress_rule.control-plane_worker-node_443	resource
aws_vpc_security_group_ingress_rule.worker-node_control-plane_443	resource
aws_vpc_security_group_ingress_rule.worker-node_worker-node_all	resource
aws_vpc_security_group_ingress_rule.worker_cluster_1025_65535	resource
aws_region.current	data source

Modules

No modules.

Inputs

Name	Description	Type	Default	Required
aws_eks_cluster_name	EKS cluster name.	`string`	`"Rubrik-Exocompute-Customer-Managed"`	no
aws_exocompute_igw_name	Name for the Internet Gateway that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Internet Gateway"`	no
aws_exocompute_nat_eip_name	Name for the Elastic IP that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute NAT EIP"`	no
aws_exocompute_nat_gateway_name	Name for the NAT Gateway that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute NAT Gateway"`	no
aws_exocompute_private_route_table_name	Name for the private route table that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Private Route Table"`	no
aws_exocompute_public_route_table_name	Name for the public route table that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Public Route Table"`	no
aws_exocompute_security_group_control_plane_name	Name for the security group that Exocompute will use for the EKS control plane in the AWS account and region.	`string`	`"Exocompute-eks-control-plane-customer-managed"`	no
aws_exocompute_security_group_worker_node_name	Name for the security group that Exocompute will use for the EKS nodes in the AWS account and region.	`string`	`"Exocompute-eks-worker-node-customer-managed"`	no
aws_exocompute_subnet_1_cidr	Subnet 1 CIDR for the AWS account hosting Exocompute.	`string`	n/a	yes
aws_exocompute_subnet_2_cidr	Subnet 2 CIDR for the AWS account hosting Exocompute.	`string`	n/a	yes
aws_exocompute_subnet_private_1_name	Name for the first private subnet that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Subnet 1"`	no
aws_exocompute_subnet_private_2_name	Name for the second private subnet that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Subnet 2"`	no
aws_exocompute_subnet_public_cidr	Public subnet CIDR for the AWS account hosting Exocompute.	`string`	n/a	yes
aws_exocompute_subnet_public_name	Name for the public subnet that Exocompute will use in the AWS account and region.	`string`	`"Rubrik Exocompute Public Subnet"`	no
aws_exocompute_vpc_cidr	VPC CIDR for the AWS account hosting Exocompute.	`string`	n/a	yes
aws_exocompute_vpc_endpoint_autoscaling_name	Autoscaling VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC Autoscaling Endpoint"`	no
aws_exocompute_vpc_endpoint_ec2_name	EC2 VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC EC2 Endpoint"`	no
aws_exocompute_vpc_endpoint_ecr_api_name	ECR API VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC ECR API Endpoint"`	no
aws_exocompute_vpc_endpoint_ecr_dkr_name	ECR DKR VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC ECR DKR Endpoint"`	no
aws_exocompute_vpc_endpoint_eks_name	EKS VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC EKS Endpoint"`	no
aws_exocompute_vpc_endpoint_s3_name	S3 VPC endpoint name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC S3 Endpoint"`	no
aws_exocompute_vpc_name	VPC name for the AWS account hosting Exocompute.	`string`	`"Rubrik Exocompute VPC"`	no
aws_profile	AWS profile name.	`string`	n/a	yes
rsc_exocompute_region	AWS region for the Exocompute cluster.	`string`	n/a	yes

Outputs

Name	Description
aws_security_group_control-plane_id	n/a
aws_security_group_worker-node_id	n/a
rsc_exocompute_subnet_1_id	n/a
rsc_exocompute_subnet_2_id	n/a

rubrikinc/terraform-aws-polaris-cloud-native-exocompute-networking