aws_network

~> The resource's API may change in subsequent versions to simplify user experience. Because CelerData needs to deploy clusters in users' VPC, thus during the deploying process, users need to define the subnet to which they want to deploy a cluster. They also need to define a security group which controls how the cluster nodes integrate with each other. For more information about how to set up the subnet and security group, see Create a network configuration.

Manages network configurations for AWS in CelerData Cloud BYOC.

A network configuration for AWS in CelerData enables connectivity between cluster nodes within your own VPC and between CelerData's VPC and your own VPC.

This resource depends on the following resources:

• celerdatabyoc_aws_data_credential_policy
• celerdatabyoc_aws_data_credential_assume_policy
• aws_iam_role
• aws_iam_instance_profile
• celerdatabyoc_aws_deployment_credential_policy
• celerdatabyoc_aws_deployment_credential_assume_policy
• celerdatabyoc_aws_data_credential
• celerdatabyoc_aws_deployment_role_credential

You must have configured these resources before you can implement this resource.

Example Usage

// Prerequisites for the celerdatabyoc_aws_network resource
resource "celerdatabyoc_aws_data_credential_policy" "role" {
   bucket = "<S3_bucket>"
}

data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}

resource "aws_iam_role" "celerdata_data_cred_role" {
  name               = "celerdata_data_cred_role"
  assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
  description        = "Celerdata Data Credential"
  inline_policy {
    name   = "celerdata_data_cred_role_policy"
    policy = celerdatabyoc_aws_data_credential_policy.role.json
  }
}

resource "aws_iam_instance_profile" "celerdata_data_cred_profile" {
  name = "celerdata_data_cred_profile"
  role = aws_iam_role.celerdata_data_cred_role.name
}


resource "celerdatabyoc_aws_deployment_credential_policy" "role_policy" {
  bucket = local.s3_bucket
  data_role_arn = aws_iam_role.celerdata_data_cred_role.arn 
}

resource "celerdatabyoc_aws_deployment_credential_assume_policy" "role_policy" {}

resource "aws_iam_role" "deploy_cred_role" {
  name               = "deploy_cred_role"
  assume_role_policy = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.json
  description        = "Celerdata Deploy Credential"
  inline_policy {
    name   = "deploy_cred_role-policy"
    policy = celerdatabyoc_aws_deployment_credential_policy.role_policy.json 
  }
}

resource "celerdatabyoc_aws_data_credential" "data_credential" {
  name = "data-credential"
  role_arn = aws_iam_role.celerdata_data_cred_role.arn 
  instance_profile_arn = aws_iam_instance_profile.celerdata_data_cred_profile.arn
  bucket_name = local.s3_bucket
  policy_version = celerdatabyoc_aws_data_credential_policy.role.version
}

resource "celerdatabyoc_aws_deployment_role_credential" "deployment_role_credential" {
  name = "deployment-role-credential"
  role_arn = aws_iam_role.deploy_cred_role.arn
  external_id = celerdatabyoc_aws_deployment_credential_assume_policy.role_policy.external_id 
  policy_version = celerdatabyoc_aws_deployment_credential_policy.role_policy.version 
}

// The celerdatabyoc_aws_network resource
resource "celerdatabyoc_aws_network" "network" {
  name = "<network_name>"
  subnet_id = "<subnet_id>"
  // subnet_ids = ["<subnet_id_1>, <subnet_id_2>, <subnet_id_3>"]
  security_group_id = "<security_group_id>"
  region = "<AWS_VPC_region>"
  deployment_credential_id = celerdatabyoc_aws_deployment_role_credential.deployment_role_credential.id
  vpc_endpoint_id = "<vpc_endpoint_id>"
}

Argument Reference

~> This section explains only the arguments of the celerdatabyoc_aws_network resource. For the explanation of arguments of other resources, see the corresponding resource topics.

This resource contains the following required and optional arguments:

Required

• name: (String, Forces new resource) The name of the network configuration. Enter a unique name. If omitted, Terraform will assign a random, unique name.

  ~> The name must be unique within your CelerData cloud account.

• security_group_id: (String, Forces new resource) The ID of the security group that you use to enable connectivity between cluster nodes within your own VPC and between CelerData's VPC and your own VPC over TLS.

• region: (String, Forces new resource) The ID of the AWS region in which you want to create deployments. See Supported cloud platforms and regions.

• deployment_credential_id: (String, Forces new resource) The ID of the deployment credential. Set it to celerdatabyoc_aws_deployment_role_credential.deployment_role_credential.id.

Optional

~> You can only specify either subnet_id or subnet_ids.

• subnet_id: (String, Forces new resource) The ID of the subnet in which you use to deploy cluster nodes.

• subnet_ids: (List of strings, Forces new resources) The IDs of the subnets in which you use to deploy cluster nodes if you want to enable Multi-AZ Deployment for the cluster. Please note that Multi-AZ Deployment is only available for elastic clusters. You must reference three subnets in this argument. The three subnets must be under the same VPC in different availability zones. They must all be private subnets or public subnets. For more information, see Multi-AZ Deployment.

• vpc_endpoint_id: (String, Forces new resource) The ID of the VPC from which you want to connect to your CelerData cluster. You need to specify this argument if you want to connect to your CelerData cluster from your own VPC using PrivateLink.

  ~> Your VPC must be in the same AWS region where your CelerData cluster is located. Additionally, if you do not specify a VPC endpoint ID, CelerData's VPC communicates with your own VPC over the Internet.

Attribute Reference

This resource exports the following attribute:

• id: (String) The ID of this resource.

See Also

• Manage network configurations for AWS
• Create a VPC endpoint