xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cdcadc444e
terraform.aws-baseline-infra/examples/bea-adc/main.tf

48 lines
2.0 KiB
Terraform
Raw Normal View History

UPD: clean up
2023-02-28 16:38:16 +08:00
module "vpc-subnets" {
source = "../../modules/networking/vpc_subnets"
application = var.application
aws-region = var.aws-region
customer-name = var.customer-name
default-tags = local.default-tags
environment = var.environment
project = var.project
vpc-cidr = var.vpc-cidr
number-of-private-subnets-per-az = var.number-of-private-subnets-per-az
number-of-public-subnets-per-az = var.number-of-public-subnets-per-az
create-nat-gateway = false
enable-flow-log = true
vpcflowlog-retain-days = 90
vpcflowlog-cwl-loggroup-key-arn = ""
create-free-vpc-endpoints = false
}
# S3 flow log needs to be created separately. it's not supported by vpc_subnets module
resource "aws_flow_log" "vpc-log-s3" {
log_destination = var.vpc-flowlog-bucket-arn
log_destination_type = "s3"
traffic_type = "ALL"
vpc_id = module.vpc-subnets.vpc_id
}
/*
After adc is deployed by terraform, the following tasks need to be performed manually.
They cannot be managed by terraform
1. Edit security group created for adconnector. SG name is d-???_controllers
2. Enable client LDAPS communication
3. Setup maintenance notification through SNS
4. Enable SSO application. Setting enable_sso in member account results in error. alias is deliberately not set
*/
module "adconnector" {
source = "../../modules/security_identity_compliance/ds-adconnector"
adc-dns-ips = var.adc-dns-ips
adc-domainname = var.adc-domainname
adc-service-account-password = var.adc-service-account-password
adc-service-account-username = var.adc-service-account-username
adc-size = var.adc-size
adc-subnet-ids = module.vpc-subnets.private-subnet-ids
adc-vpc-id = module.vpc-subnets.vpc_id
default-tags = local.default-tags
}
Reference in New Issue Copy Permalink