Terraform Modules for HyperPod EKS (#586)

* updated instance cound environment variables

* updated message for IAM execution role creation

* added check_jq function

* removed old todos

* updated order of hyperpod cluster config message

* updated hyperpod cluster stack to conditionally disable deep health checks

* put S3 endpoint into separate cfn stack

* updated helm chart injector to use kube-system namespace

* syntax fix in lambda function

* enabled pathrough of existing resource ids from tmp_env_vars to env_vars

* fixed execution role stack boolean variable and security group stack display

* bump k8s version to 1.31

* breaking ground on terraform support

* adding boilerplate module files

* added child modules and default values in root

* made output and variable corrections

* bug fixes on helm chart and eks auth mode

* Remove .terraform.lock.hcl file

* Added .terraform.lock.hcl to gitignore

* remane parent directory hyperpod-eks-tf

* added readme and env vars script

* code tidy after testing

* Update 1.architectures/7.sagemaker-hyperpod-eks/terraform-modules/README.md

Co-authored-by: Keita Watanabe <mlkeita@amazon.com>

---------

Co-authored-by: Keita Watanabe <mlkeita@amazon.com>

Author: bluecrayon52

1.architectures/7.sagemaker-hyperpod-eks/terraform-modules/.gitignore

@@ -0,0 +1,34 @@
+# Ignore local Terraform directories
+**/.terraform/*
+
+# Ignore state files and backups
+*.tfstate
+*.tfstate.*
+
+# Ignore variable files with sensitive data
+# *.tfvars
+# *.tfvars.json
+
+# Ignore crash logs
+crash.log
+crash.*.log
+
+# Ignore override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore plan output files
+*.tfplan
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore hashes of provider binaries
+.terraform.lock.hcl
+
+# Ignore environment variables 
+env_vars.sh
+terraform_outputs.json

1.architectures/7.sagemaker-hyperpod-eks/terraform-modules/README.md

@@ -0,0 +1,82 @@
+# Deploy HyperPod Infrastructure using Terraform
+
+## Modules
+
+The diagram below depicts the Terraform modules that have been bundled into a single project to enable you to deploy a full HyperPod cluster environment all at once. 
+
+<img src="./smhp_tf_modules.png" width="50%"/>
+
+## Configuration
+Start by reviewing the default configurations in the `terraform.tfvars` file and make modifications as needed to suit your needs. 
+
+```bash 
+vim hyperpod-eks-tf/terraform.tfvars 
+```
+For example, you may want to add or modify the HyperPod instance groups to be created:
+```
+instance_groups = {
+  group1 = {
+    instance_type               = "ml.g5.8xlarge"
+    instance_count             = 8
+    ebs_volume_size           = 100
+    threads_per_core          = 2
+    enable_stress_check       = true
+    enable_connectivity_check = true
+    lifecycle_script          = "on_create.sh"
+  }
+}
+```
+If you wish to reuse any cloud resources rather than creating new ones, set the associated `create_*` variable to `false` and provide the id for the corresponding resource as the value of the `existing_*` variable. 
+
+For example, if you want to reuse an existing VPC, set `create_vpc ` to `false`, then set `existing_vpc_id` to your VPC ID, like `vpc-1234567890abcdef0`. 
+
+## Deployment 
+Run `terraform init` to initialize the Terraform working directory, install necessary provider plugins, download modules, set up state storage, and configure the backend for managing infrastructure state: 
+
+```bash 
+terraform -chdir=hyperpod-eks-tf init
+```
+Run `terraform plan` to generate and display an execution plan that outlines the changes Terraform will make to your infrastructure, allowing you to review and validate the proposed updates before applying them.
+
+```bash 
+terraform -chdir=hyperpod-eks-tf plan
+```
+Run `terraform apply` to execute the proposed changes outlined in the Terraform plan, creating, updating, or deleting infrastructure resources according to your configuration, and updating the state to reflect the new infrastructure setup.
+
+```bash 
+terraform -chdir=hyperpod-eks-tf apply 
+```
+When prompted to confirm, type `yes` and press enter.
+
+You can also run `terraform apply` with the `-auto-approve` flag to avoid being prompted for confirmation, but use with caution to avoid unintended changes to your infrastructure. 
+
+## Environment Variables
+Run the `terraform_outputs.sh` script, which populates the `env_vars.sh` script with your environment variables for future reference: 
+```bash 
+chmod +x terraform_outputs.sh
+./terraform_outputs.sh
+cat env_vars.sh 
+```
+Source the `env_vars.sh` script to set your environment variables: 
+```bash 
+source env_vars.sh
+```
+Verify that your environment variables are set: 
+```bash
+echo $EKS_CLUSTER_NAME
+echo $PRIVATE_SUBNET_ID
+echo $SECURITY_GROUP_ID
+```
+
+## Clean Up
+
+Before cleaning up, validate the changes by running a speculative destroy plan: 
+
+```bash
+terraform -chdir=hyperpod-eks-tf plan -destroy
+```
+
+Once you've validated the changes, you can proceed to destroy the resources: 
+```bash 
+terraform -chdir=hyperpod-eks-tf destroy
+```

1.architectures/7.sagemaker-hyperpod-eks/terraform-modules/hyperpod-eks-tf/main.tf

@@ -0,0 +1,138 @@
+locals {
+  vpc_id = var.create_vpc ? module.vpc[0].vpc_id : var.existing_vpc_id
+  private_subnet_id = var.create_private_subnet ? module.private_subnet[0].private_subnet_id : var.existing_private_subnet_id
+  security_group_id = var.create_security_group ? module.security_group[0].security_group_id : var.existing_security_group_id
+  s3_bucket_name = var.create_s3_bucket ? module.s3_bucket[0].s3_bucket_name : var.existing_s3_bucket_name
+  eks_cluster_name = var.create_eks ? module.eks_cluster[0].eks_cluster_name : var.existing_eks_cluster_name
+  sagemaker_iam_role_name = var.create_sagemaker_iam_role ? module.sagemaker_iam_role[0].sagemaker_iam_role_name : var.existing_sagemaker_iam_role_name
+}
+
+module "vpc" {
+  count  = var.create_vpc ? 1 : 0
+  source = "./modules/vpc"
+
+  resource_name_prefix = var.resource_name_prefix
+  vpc_cidr             = var.vpc_cidr
+  public_subnet_1_cidr = var.public_subnet_1_cidr
+  public_subnet_2_cidr = var.public_subnet_2_cidr
+}
+
+module "private_subnet" {
+  count  = var.create_private_subnet ? 1 : 0
+  source = "./modules/private_subnet"
+
+  resource_name_prefix = var.resource_name_prefix
+  vpc_id               = local.vpc_id
+  availability_zone_id = var.availability_zone_id
+  private_subnet_cidr  = var.private_subnet_cidr
+  nat_gateway_id       = var.create_vpc ? module.vpc[0].nat_gateway_1_id : var.existing_nat_gateway_id
+}
+
+module "security_group" {
+  count  = var.create_security_group ? 1 : 0
+  source = "./modules/security_group"
+
+  resource_name_prefix       = var.resource_name_prefix
+  vpc_id                     = local.vpc_id
+  create_new_sg              = var.create_eks
+  existing_security_group_id = var.existing_security_group_id
+}
+
+module "eks_cluster" {
+  count  = var.create_eks ? 1 : 0
+  source = "./modules/eks_cluster"
+
+  resource_name_prefix    = var.resource_name_prefix
+  vpc_id                  = local.vpc_id
+  eks_cluster_name        = var.eks_cluster_name
+  kubernetes_version      = var.kubernetes_version
+  security_group_id       = local.security_group_id
+  private_subnet_cidrs = [var.eks_private_subnet_1_cidr, var.eks_private_subnet_2_cidr]
+  private_node_subnet_cidr = var.eks_private_node_subnet_cidr
+  nat_gateway_id       = var.create_vpc ? module.vpc[0].nat_gateway_1_id : var.existing_nat_gateway_id
+
+}
+
+module "s3_bucket" {
+  count  = var.create_s3_bucket ? 1 : 0
+  source = "./modules/s3_bucket"
+
+  resource_name_prefix = var.resource_name_prefix
+}
+
+module "s3_endpoint" {
+  count  = var.create_s3_endpoint ? 1 : 0
+  source = "./modules/s3_endpoint"
+
+  vpc_id                 = local.vpc_id
+  private_route_table_id = var.create_private_subnet ? module.private_subnet[0].private_route_table_id : var.existing_private_route_table_id
+}
+
+module "lifecycle_script" {
+  count  = var.create_lifecycle_script ? 1 : 0
+  source = "./modules/lifecycle_script"
+
+  resource_name_prefix = var.resource_name_prefix
+  s3_bucket_name      = local.s3_bucket_name
+}
+
+module "sagemaker_iam_role" {
+  count  = var.create_sagemaker_iam_role ? 1 : 0
+  source = "./modules/sagemaker_iam_role"
+
+  resource_name_prefix = var.resource_name_prefix
+  s3_bucket_name      = local.s3_bucket_name
+}
+
+module "helm_chart" {
+  count  = var.create_helm_chart ? 1 : 0
+  source = "./modules/helm_chart"
+
+  depends_on = [module.eks_cluster]
+
+  resource_name_prefix = var.resource_name_prefix
+  helm_repo_url       = var.helm_repo_url
+  helm_repo_path      = var.helm_repo_path
+  namespace           = var.namespace
+  helm_release_name   = var.helm_release_name
+  eks_cluster_name    = local.eks_cluster_name
+}
+
+module "hyperpod_cluster" {
+  count  = var.create_hyperpod ? 1 : 0
+  source = "./modules/hyperpod_cluster"
+
+  depends_on = [
+    module.helm_chart,
+    module.eks_cluster,
+    module.private_subnet,
+    module.security_group,
+    module.s3_bucket,
+    module.s3_endpoint,
+    module.sagemaker_iam_role
+  ]
+
+  resource_name_prefix    = var.resource_name_prefix
+  hyperpod_cluster_name   = var.hyperpod_cluster_name
+  node_recovery           = var.node_recovery
+  instance_groups         = var.instance_groups
+  private_subnet_id       = local.private_subnet_id
+  security_group_id       = local.security_group_id
+  eks_cluster_name        = local.eks_cluster_name
+  s3_bucket_name          = local.s3_bucket_name
+  sagemaker_iam_role_name = local.sagemaker_iam_role_name
+
+}
+
+# Data source for current AWS region
+data "aws_region" "current" {}
+
+data "aws_eks_cluster" "existing_eks_cluster" {
+  count  = var.create_eks ? 0 : 1
+  name = var.eks_cluster_name
+}
+
+data "aws_s3_bucket" "existing_s3_bucket" {
+  count  = var.create_s3_bucket ? 0 : 1
+  bucket = var.existing_s3_bucket_name
+}