NEW: Exercise 3

.gitignore

@@ -34,3 +34,4 @@ bin/
 *.tfstate.backup
 .idea
 .terraform.lock.hcl
+terraform-training.iml

NetworkContentDelivery/Exercise3/README.md

@@ -0,0 +1,40 @@
+<!-- This readme file is generated with terraform-docs -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 1.3.0 |
+| aws | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| random | 3.6.2 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| iam | terraform-aws-modules/iam/aws//modules/iam-group-with-policies | 5.39.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| GroupName | Name of IAM group |
+| last-updated | n/a |
+ 
+---
+## Authorship
+This module was developed by xpk.

NetworkContentDelivery/Exercise3/main.tf

@@ -0,0 +1,86 @@
+data "aws_availability_zones" "available" {}
+
+module "Vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "5.8.1"
+
+  name = var.VpcName
+  cidr = var.VpcCidr
+  azs  = slice(data.aws_availability_zones.available.names, 0, 2)
+
+  private_subnets          = var.PrivateSubnets
+  private_subnet_names     = ["${var.VpcName}Private1", "${var.VpcName}Private2"]
+  enable_dns_hostnames     = true
+  enable_dns_support       = true
+  enable_nat_gateway       = false
+  enable_dhcp_options      = true
+  dhcp_options_domain_name = "${var.VpcName}.aws"
+}
+
+module "VpcEndpoints" {
+  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  version = "5.8.1"
+
+  vpc_id                = module.Vpc.vpc_id
+  create_security_group = false
+  endpoints = {
+    s3 = {
+      service      = "s3"
+      service_type = "Gateway"
+      route_table_ids = flatten([
+        module.Vpc.intra_route_table_ids, module.Vpc.private_route_table_ids, module.Vpc.public_route_table_ids
+      ])
+      policy = data.aws_iam_policy_document.s3_endpoint_policy.json
+      tags   = { Name = "S3VpcEp" }
+    },
+    dynamodb = {
+      service      = "dynamodb"
+      service_type = "Gateway"
+      route_table_ids = flatten([
+        module.Vpc.intra_route_table_ids, module.Vpc.private_route_table_ids, module.Vpc.public_route_table_ids
+      ])
+      policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
+      tags   = { Name = "DynamodbVpcEp" }
+    }
+  }
+}
+
+data "aws_iam_policy_document" "s3_endpoint_policy" {
+  statement {
+    effect    = "Deny"
+    actions   = ["s3:*"]
+    resources = ["*"]
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    condition {
+      test     = "StringNotEquals"
+      variable = "aws:sourceVpc"
+
+      values = [module.Vpc.vpc_id]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
+  statement {
+    effect    = "Deny"
+    actions   = ["dynamodb:*"]
+    resources = ["*"]
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    condition {
+      test     = "StringNotEquals"
+      variable = "aws:sourceVpc"
+
+      values = [module.Vpc.vpc_id]
+    }
+  }
+}

NetworkContentDelivery/Exercise3/outputs.tf

@@ -0,0 +1,7 @@
+output "VpcId" {
+  value = module.Vpc.vpc_id
+}
+
+output "VpcCidr" {
+  value = module.Vpc.vpc_cidr_block
+}

NetworkContentDelivery/Exercise3/provider.tf

@@ -0,0 +1,27 @@
+provider "aws" {
+  region = "us-east-1"
+
+  default_tags {
+    tags = {
+      ServiceProvider = "RackspaceTechnology"
+      Environment     = "Training"
+      Project         = "Iac"
+      TerraformMode   = "managed"
+      TerraformDir    = "${reverse(split("/", path.cwd))[1]}/${reverse(split("/", path.cwd))[0]}"
+    }
+  }
+}
+
+output "last-updated" {
+  value = timestamp()
+}
+
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}

NetworkContentDelivery/Exercise3/terraform.tfvars

@@ -0,0 +1,3 @@
+VpcName        = "TrainingVpc"
+VpcCidr        = "192.168.0.0/16"
+PrivateSubnets = ["192.168.100.0/24", "192.168.101.0/24"]

NetworkContentDelivery/Exercise3/variables.tf

@@ -0,0 +1,14 @@
+variable "VpcName" {
+  type        = string
+  description = "Name of VPC"
+}
+
+variable "VpcCidr" {
+  type        = string
+  description = "VPC CIDR"
+}
+
+variable "PrivateSubnets" {
+  type        = list(string)
+  description = "List of private subnets"
+}