fix terraform lint and terraform fmt issues

.github/workflows/tf-lint.yaml

@@ -0,0 +1,36 @@
+name: Terraform Lint and Format Check
+
+on: 
+  push: 
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform_checks:
+    name: Run Terraform Lint and Format Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: "~1"
+
+      - name: Install tflint
+        run: |
+          curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+
+      - name: Initialize TFLint
+        run: tflint --init
+
+      - name: Run tflint
+        run: tflint
+
+      - name: Check Terraform formatting
+        run: terraform fmt -check -recursive

main.tf

@@ -32,8 +32,8 @@ module "file_storage" {
 }
 
 locals {
-  bucket_name       = local.use_external_bucket ? var.bucket_name : module.file_storage.0.bucket_name
-  bucket_queue_name = local.use_internal_queue ? null : module.file_storage.0.bucket_queue_name
+  bucket_name       = local.use_external_bucket ? var.bucket_name : module.file_storage[0].bucket_name
+  bucket_queue_name = local.use_internal_queue ? null : module.file_storage[0].bucket_queue_name
 }
 
 module "networking" {
@@ -57,7 +57,8 @@ locals {
   network_private_subnets      = var.create_vpc ? module.networking.private_subnets : var.network_private_subnets
   network_private_subnet_cidrs = var.create_vpc ? module.networking.private_subnet_cidrs : var.network_private_subnet_cidrs
 
-  network_database_subnets             = var.create_vpc ? module.networking.database_subnets : var.network_database_subnets
+  network_database_subnets = var.create_vpc ? module.networking.database_subnets : var.network_database_subnets
+  # tflint-ignore: terraform_unused_declarations
   network_database_subnet_cidrs        = var.create_vpc ? module.networking.database_subnet_cidrs : var.network_database_subnet_cidrs
   network_database_create_subnet_group = !var.create_vpc
   network_database_subnet_group_name   = var.create_vpc ? module.networking.database_subnet_group_name : "${var.namespace}-database-subnet"
@@ -146,7 +147,7 @@ module "app_eks" {
   ])
 
   bucket_arn           = data.aws_s3_bucket.file_storage.arn
-  bucket_sqs_queue_arn = local.use_internal_queue ? null : data.aws_sqs_queue.file_storage.0.arn
+  bucket_sqs_queue_arn = local.use_internal_queue ? null : data.aws_sqs_queue.file_storage[0].arn
 
   network_id              = local.network_id
   network_private_subnets = local.network_private_subnets
@@ -155,7 +156,7 @@ module "app_eks" {
   database_security_group_id   = module.database.security_group_id
 
   create_elasticache_security_group = var.create_elasticache
-  elasticache_security_group_id     = var.create_elasticache ? module.redis.0.security_group_id : null
+  elasticache_security_group_id     = var.create_elasticache ? module.redis[0].security_group_id : null
 
   cluster_version                      = var.eks_cluster_version
   cluster_endpoint_public_access       = var.kubernetes_public_access
@@ -292,8 +293,8 @@ module "wandb" {
         }
 
         redis = {
-          host = module.redis.0.host
-          port = "${module.redis.0.port}?tls=true&ttlInSeconds=604800"
+          host = module.redis[0].host
+          port = "${module.redis[0].port}?tls=true&ttlInSeconds=604800"
         }
       }
 

modules/app_eks/add-ons.tf

@@ -32,43 +32,43 @@ resource "aws_iam_role" "oidc" {
 ### add-ons for eks version 1.28
 
 resource "aws_eks_addon" "aws_efs_csi_driver" {
-   depends_on = [
-     aws_eks_addon.vpc_cni
-   ]
-   cluster_name               = var.namespace
-   addon_name                 = "aws-efs-csi-driver"
-   addon_version              = "v2.0.4-eksbuild.1"
-   resolve_conflicts          = "OVERWRITE"
+  depends_on = [
+    aws_eks_addon.vpc_cni
+  ]
+  cluster_name      = var.namespace
+  addon_name        = "aws-efs-csi-driver"
+  addon_version     = "v2.0.4-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "aws_ebs_csi_driver" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "aws-ebs-csi-driver"
-  addon_version               = "v1.31.0-eksbuild.1"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "aws-ebs-csi-driver"
+  addon_version     = "v1.31.0-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "coredns" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "coredns"
-  addon_version               = "v1.10.1-eksbuild.11"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "coredns"
+  addon_version     = "v1.10.1-eksbuild.11"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "kube_proxy" {
   depends_on = [
     aws_eks_addon.vpc_cni
   ]
-  cluster_name                = var.namespace
-  addon_name                  = "kube-proxy"
-  addon_version               = "v1.28.8-eksbuild.5"
-  resolve_conflicts           = "OVERWRITE"
+  cluster_name      = var.namespace
+  addon_name        = "kube-proxy"
+  addon_version     = "v1.28.8-eksbuild.5"
+  resolve_conflicts = "OVERWRITE"
 }
 
 resource "aws_eks_addon" "vpc_cni" {

modules/app_lb/outputs.tf

@@ -15,9 +15,9 @@ output "tg_app_arn" {
 }
 
 output "alb_name" {
-value =  aws_lb.alb.arn
+  value = aws_lb.alb.arn
 }
 
 output "nlb_security_group" {
-  value = var.enable_private_only_traffic? aws_security_group.inbound_private[0].id : null
+  value = var.enable_private_only_traffic ? aws_security_group.inbound_private[0].id : null
 }

modules/endpoint/main.tf

@@ -1,9 +1,9 @@
 resource "aws_vpc_endpoint" "default" {
-  vpc_id              = var.network_id
-  service_name        = var.service_name
-  vpc_endpoint_type   = "Gateway" 
-  auto_accept = true
-  route_table_ids  = var.private_route_table_id
+  vpc_id            = var.network_id
+  service_name      = var.service_name
+  vpc_endpoint_type = "Gateway"
+  auto_accept       = true
+  route_table_ids   = var.private_route_table_id
 
   policy = <<POLICY
 {

modules/endpoint/variables.tf

@@ -1,14 +1,14 @@
 variable "network_id" {
-   type = string
-   description = "ID of the network (VPC) where infrastructure resources will be deployed."
- }
+  type        = string
+  description = "ID of the network (VPC) where infrastructure resources will be deployed."
+}
 
 variable "private_route_table_id" {
-  type = list(string)
+  type        = list(string)
   description = "Private route table ID within the specified network (VPC) where resources will be deployed"
 }
 
 variable "service_name" {
-  type = string
+  type        = string
   description = "Name of the service or vpc endpoint"
 }

modules/iam_role/variables.tf

@@ -4,7 +4,7 @@ variable "namespace" {
 }
 
 variable "aws_iam_openid_connect_provider_url" {
-  type        = string
+  type = string
 }
 
 variable "yace_sa_name" {

modules/private_link/main.tf

@@ -1,6 +1,6 @@
 locals {
   max_lb_name_length = 32 - length("-nlb")
-  lb_name_truncated  = var.enable_private_only_traffic ?  "${substr(var.namespace, 0, local.max_lb_name_length)}-private-link-nlb" : "${substr(var.namespace, 0, local.max_lb_name_length)}-nlb"
+  lb_name_truncated  = var.enable_private_only_traffic ? "${substr(var.namespace, 0, local.max_lb_name_length)}-private-link-nlb" : "${substr(var.namespace, 0, local.max_lb_name_length)}-nlb"
 }
 
 resource "aws_lb" "nlb" {
@@ -9,10 +9,10 @@ resource "aws_lb" "nlb" {
   load_balancer_type         = "network"
   subnets                    = var.network_private_subnets
   enable_deletion_protection = var.deletion_protection
-  security_groups = var.enable_private_only_traffic ? [var.nlb_security_group] : []
-lifecycle {
-  create_before_destroy = true
-}
+  security_groups            = var.enable_private_only_traffic ? [var.nlb_security_group] : []
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_lb_target_group" "nlb" {

modules/private_link/variables.tf

@@ -29,8 +29,8 @@ variable "vpc_id" {
 }
 
 variable "enable_private_only_traffic" {
-  type        = bool
+  type = bool
 }
 variable "nlb_security_group" {
-  type        = string
+  type = string
 }

outputs.tf

@@ -36,7 +36,7 @@ output "database_instance_type" {
 }
 
 output "elasticache_connection_string" {
-  value = var.create_elasticache ? module.redis.0.connection_string : null
+  value = var.create_elasticache ? module.redis[0].connection_string : null
 }
 
 output "eks_node_count" {

variables.tf

@@ -63,18 +63,6 @@ variable "database_master_username" {
   default     = "wandb"
 }
 
-variable "database_binlog_format" {
-  description = "Specifies the binlog_format value to set for the database"
-  type        = string
-  default     = "ROW"
-}
-
-variable "database_innodb_lru_scan_depth" {
-  description = "Specifies the innodb_lru_scan_depth value to set for the database"
-  type        = number
-  default     = 128
-}
-
 variable "database_performance_insights_kms_key_arn" {
   default     = ""
   description = "Specifies an existing KMS key ARN to encrypt the performance insights data if performance_insights_enabled is was enabled out of band"
@@ -153,12 +141,6 @@ variable "extra_fqdn" {
 ##########################################
 # Load Balancer                          #
 ##########################################
-variable "ssl_policy" {
-  type        = string
-  default     = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
-  description = "SSL policy to use on ALB listener"
-}
-
 variable "acm_certificate_arn" {
   type        = string
   default     = null