X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/aa22d3f08b5eae6c81a730a94825eea4ad1a191a..6b08327fb62cc3cfba12c628ab5a947912ebf749:/tools/salt-install/terraform/aws/vpc/main.tf

diff --git a/tools/salt-install/terraform/aws/vpc/main.tf b/tools/salt-install/terraform/aws/vpc/main.tf
index 5ac836b687..dbd17e062c 100644
--- a/tools/salt-install/terraform/aws/vpc/main.tf
+++ b/tools/salt-install/terraform/aws/vpc/main.tf
@@ -3,9 +3,11 @@
 # SPDX-License-Identifier: CC-BY-SA-3.0
 
 terraform {
+  required_version = "~> 1.3.0"
   required_providers {
     aws = {
       source = "hashicorp/aws"
+      version = "~> 4.38.0"
     }
   }
 }
@@ -60,16 +62,34 @@ resource "aws_subnet" "private_subnet" {
   }
 }
 
+#
+# Additional subnet on a different AZ is required if RDS is enabled
+#
+resource "aws_subnet" "additional_rds_subnet" {
+  count = (var.additional_rds_subnet_id == "" && local.use_rds) ? 1 : 0
+  vpc_id = local.arvados_vpc_id
+  availability_zone = data.aws_availability_zones.available.names[1]
+  cidr_block = "10.1.3.0/24"
+
+  lifecycle {
+    precondition {
+      condition = (var.vpc_id == "")
+      error_message = "additional_rds_subnet_id should be set if vpc_id is also set"
+    }
+  }
+}
+
 #
 # VPC S3 access
 #
 resource "aws_vpc_endpoint" "s3" {
+  count = var.vpc_id == "" ? 1 : 0
   vpc_id = local.arvados_vpc_id
   service_name = "com.amazonaws.${var.region_name}.s3"
 }
 resource "aws_vpc_endpoint_route_table_association" "compute_s3_route" {
   count = var.private_subnet_id == "" ? 1 : 0
-  vpc_endpoint_id = aws_vpc_endpoint.s3.id
+  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
   route_table_id = aws_route_table.private_subnet_rt[0].id
 }