feat: Add support for Neptune cluster networking

[jrouly]

Description

Adding support for Neptune cluster networking. Basically duplicating the existing support for RDS and adding it for Neptune.

Motivation and Context

Neptune is a relatively new AWS database offering. Without top-level support for Neptune networking in the VPC module, the alternative is re-using database (RDS) networking infrastructure. Which isn't a problem, but isn't necessarily ideal.

Breaking Changes

I don't think any of these are breaking changes, just minor version changes since there are new properties being added. No existing properties are being changed.

How Has This Been Tested?

• I have tested and validated these changes using one or more of the provided examples/* projects

[jrouly]

This is the tf apply output after running the complete example on master and then on this PR branch:

click to show

$ tf apply

...

Terraform will perform the following actions:

  # module.vpc.aws_neptune_subnet_group.neptune[0] will be created
  + resource "aws_neptune_subnet_group" "neptune" {
      + arn         = (known after apply)
      + description = "Neptune subnet group for complete-example"
      + id          = (known after apply)
      + name        = "complete-example"
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
      + tags        = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + tags_all    = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
    }

  # module.vpc.aws_route_table_association.neptune[0] will be created
  + resource "aws_route_table_association" "neptune" {
      + id             = (known after apply)
      + route_table_id = "rtb-01b3308216a92ccac"
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.neptune[1] will be created
  + resource "aws_route_table_association" "neptune" {
      + id             = (known after apply)
      + route_table_id = "rtb-01b3308216a92ccac"
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.neptune[2] will be created
  + resource "aws_route_table_association" "neptune" {
      + id             = (known after apply)
      + route_table_id = "rtb-01b3308216a92ccac"
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_subnet.neptune[0] will be created
  + resource "aws_subnet" "neptune" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "eu-west-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "20.10.61.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + vpc_id                          = "vpc-070f54dfd8cdea070"
    }

  # module.vpc.aws_subnet.neptune[1] will be created
  + resource "aws_subnet" "neptune" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "eu-west-1b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "20.10.62.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + vpc_id                          = "vpc-070f54dfd8cdea070"
    }

  # module.vpc.aws_subnet.neptune[2] will be created
  + resource "aws_subnet" "neptune" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "eu-west-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "20.10.63.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "staging"
          + "Name"        = "complete"
          + "Owner"       = "user"
        }
      + vpc_id                          = "vpc-070f54dfd8cdea070"
    }

Plan: 7 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.vpc.aws_subnet.neptune[0]: Creating...
module.vpc.aws_subnet.neptune[2]: Creating...
module.vpc.aws_subnet.neptune[1]: Creating...
module.vpc.aws_subnet.neptune[1]: Creation complete after 2s [id=subnet-0739a3eb000e5363d]
module.vpc.aws_subnet.neptune[2]: Creation complete after 2s [id=subnet-0687f7f9f7bd3a255]
module.vpc.aws_subnet.neptune[0]: Creation complete after 2s [id=subnet-0a84091c24c2acb09]
module.vpc.aws_route_table_association.neptune[2]: Creating...
module.vpc.aws_route_table_association.neptune[1]: Creating...
module.vpc.aws_neptune_subnet_group.neptune[0]: Creating...
module.vpc.aws_route_table_association.neptune[0]: Creating...
module.vpc.aws_route_table_association.neptune[0]: Creation complete after 1s [id=rtbassoc-09172409925237207]
module.vpc.aws_route_table_association.neptune[1]: Creation complete after 1s [id=rtbassoc-00cf803f614b5bd82]
module.vpc.aws_route_table_association.neptune[2]: Creation complete after 1s [id=rtbassoc-08babd4a2ae80de12]
module.vpc.aws_neptune_subnet_group.neptune[0]: Creation complete after 2s [id=complete-example]

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

Outputs:

...

[jrouly]

ping @antonbabenko let me know if you need anything more from me for this PR.

[DrFaust92]

@antonbabenko i wonder if we should have a generic "subnets" submodule (inline with vpc endpoints) to reuse (at least for new stuff) as there seems to be a lot of copy/paste for each of these (redshift, neptune, any new service)

this would make maintenance easier

also @bryantbiggs opinion appreciated

other pending examples:

#609
#667

[antonbabenko]

Subnets are different from VPC endpoints because subnets are heavily used in all other resources as arguments, so I don't think it will make a lot of sense to make it a reusable submodule.

I think we should be good to have prescribed types of subnets available like we have now plus add those for the services that have extra resources (eg, Neptune has aws_neptune_subnet_group). This PR is pretty good, I will queue it for review.

We can also add support for generic subnets if users want to create some for any reason (eg, their custom requirements). I think it can be developed at the same time as this - #535 .

[jrouly]

@antonbabenko I have rebased this PR and re-run pre-commit. Ready for review again at your convenience, assuming you want to move forward with this prior to extracting more generic subnet modules.

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[github-actions]

This PR was automatically closed because of stale in 10 days

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.