xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: Removed resource tagging. Tags are set with provider default-tags.

Browse Source
This commit is contained in:
xpk 2024-09-06 10:35:52 +08:00
parent 533ac3713c
commit beb218d542
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
5 changed files with 39 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/networking/vpc-endpoints/provider.tf
View File

@ -1,7 +1,7 @@
# requires 1.3.0 for postcondition validation # requires 1.3.0 for postcondition validation
# https://learn.hashicorp.com/tutorials/terraform/custom-conditions # https://learn.hashicorp.com/tutorials/terraform/custom-conditions
terraform { terraform {
required_version = "~> 1.3.0" required_version = ">= 1.3.0"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"

4
modules/networking/vpc_subnets/outputs.tf
View File

@ -23,9 +23,9 @@ output vpc-cidr {
} }
output private-rtb-id { output private-rtb-id {
value = aws_route_table.private-route-table[0].id value = try(aws_route_table.private-route-table[0].id, null)
} }
output public-rtb-id { output public-rtb-id {
value = aws_route_table.public-route-table[0].id value = try(aws_route_table.public-route-table[0].id, null)
} }

2
modules/networking/vpc_subnets/variables.tf
View File

@ -2,7 +2,7 @@ variable "customer-name" {}
variable "environment" {} variable "environment" {}
variable "project" {} variable "project" {}
variable "application" {} variable "application" {}
variable "default-tags" {} # variable "default-tags" {}
variable "aws-region" {} variable "aws-region" {}
locals { locals {

24
modules/networking/vpc_subnets/vpc-flowlog.tf
View File

@ -1,30 +1,26 @@
resource "aws_flow_log" "vpc-flowlog" { resource "aws_flow_log" "vpc-flowlog" {
count = var.enable-flow-log ? 1 : 0 count = var.enable-flow-log ? 1 : 0
iam_role_arn = aws_iam_role.vpcflowlog-role.arn iam_role_arn = aws_iam_role.vpcflowlog-role.arn
log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn
traffic_type = "ALL" traffic_type = "ALL"
vpc_id = aws_vpc.vpc.id vpc_id = aws_vpc.vpc.id
tags = merge( tags = {
var.default-tags,
{
Name = "${local.resource-prefix}-vpcflowlog" Name = "${local.resource-prefix}-vpcflowlog"
}, }
)
} }
resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" { resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" {
count = var.enable-flow-log ? 1 : 0 count = var.enable-flow-log ? 1 : 0
name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/" name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/"
kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn
retention_in_days = var.vpcflowlog-retain-days retention_in_days = var.vpcflowlog-retain-days
tags = var.default-tags
} }
resource "aws_iam_role" "vpcflowlog-role" { resource "aws_iam_role" "vpcflowlog-role" {
name = "${local.resource-prefix}-vpcflowlog" name = "${local.resource-prefix}-vpcflowlog"
path = "/service/" path = "/service/"
assume_role_policy = <<EOF assume_role_policy = <<EOF
{ {
"Version": "2012-10-17", "Version": "2012-10-17",

77
modules/networking/vpc_subnets/vpc.tf
View File

@ -24,12 +24,9 @@ resource "aws_subnet" "private-subnets" {
# cidr_block = cidrsubnet(local.subnet_start[0], 2, count.index) # cidr_block = cidrsubnet(local.subnet_start[0], 2, count.index)
# cidr_block = var.private-subnet-cidrs[count.index] # cidr_block = var.private-subnet-cidrs[count.index]
cidr_block = local.private-subnets[count.index] cidr_block = local.private-subnets[count.index]
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-private-${split("-", element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index + 1}"
{ }
Name = "${local.resource-prefix}-private-${split("-", element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index + 1}"
},
)
} }
resource "aws_subnet" "public-subnets" { resource "aws_subnet" "public-subnets" {
@ -41,12 +38,9 @@ resource "aws_subnet" "public-subnets" {
# cidr_block = cidrsubnet(local.subnet_start[1], 2, count.index) # cidr_block = cidrsubnet(local.subnet_start[1], 2, count.index)
# cidr_block = var.public-subnet-cidrs[count.index] # cidr_block = var.public-subnet-cidrs[count.index]
cidr_block = local.public-subnets[count.index] cidr_block = local.public-subnets[count.index]
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-public-${split("-", element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index + 1}"
{ }
Name = "${local.resource-prefix}-public-${split("-", element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index + 1}"
},
)
} }
resource "aws_vpc" "vpc" { resource "aws_vpc" "vpc" {
@ -54,12 +48,9 @@ resource "aws_vpc" "vpc" {
enable_dns_hostnames = true enable_dns_hostnames = true
enable_dns_support = true enable_dns_support = true
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-vpc"
{ }
Name = "${local.resource-prefix}-vpc"
},
)
lifecycle { lifecycle {
create_before_destroy = true create_before_destroy = true
@ -70,18 +61,14 @@ resource "aws_internet_gateway" "igw" {
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0 count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id vpc_id = aws_vpc.vpc.id
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-igw"
{ }
Name = "${local.resource-prefix}-igw"
},
)
} }
resource "aws_eip" "ngw-eip" { resource "aws_eip" "ngw-eip" {
count = var.create-nat-gateway ? 1 : 0 count = var.create-nat-gateway ? 1 : 0
vpc = true domain = "vpc"
tags = var.default-tags
depends_on = [aws_internet_gateway.igw] depends_on = [aws_internet_gateway.igw]
} }
@ -90,12 +77,9 @@ resource "aws_nat_gateway" "ngw" {
allocation_id = aws_eip.ngw-eip[0].id allocation_id = aws_eip.ngw-eip[0].id
subnet_id = aws_subnet.public-subnets[0].id subnet_id = aws_subnet.public-subnets[0].id
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-ngw"
{ }
Name = "${local.resource-prefix}-ngw"
},
)
depends_on = [aws_internet_gateway.igw] depends_on = [aws_internet_gateway.igw]
} }
@ -103,23 +87,17 @@ resource "aws_nat_gateway" "ngw" {
resource "aws_route_table" "public-route-table" { resource "aws_route_table" "public-route-table" {
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0 count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id vpc_id = aws_vpc.vpc.id
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-public"
{ }
Name = "${local.resource-prefix}-publicroutetable"
},
)
} }
resource "aws_route_table" "private-route-table" { resource "aws_route_table" "private-route-table" {
count = var.number-of-private-subnets-per-az > 0 ? 1 : 0 count = var.number-of-private-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id vpc_id = aws_vpc.vpc.id
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-private"
{ }
Name = "${local.resource-prefix}-privateroutetable"
},
)
} }
resource "aws_route" "public-routes" { resource "aws_route" "public-routes" {
@ -171,12 +149,9 @@ resource "aws_default_security_group" "default-sg" {
self = true self = true
description = "Allow traffic going to this SG" description = "Allow traffic going to this SG"
} }
tags = merge( tags = {
var.default-tags, Name = "${local.resource-prefix}-defaultsg"
{ }
Name = "${local.resource-prefix}-defaultsg"
},
)
} }
# Enable gateway endpoints which are free # Enable gateway endpoints which are free
@ -184,10 +159,8 @@ module "vpc-ep" {
count = var.create-free-vpc-endpoints ? 1 : 0 count = var.create-free-vpc-endpoints ? 1 : 0
source = "../vpc-endpoints" source = "../vpc-endpoints"
default-tags = var.default-tags
gateway-ep-services = ["s3", "dynamodb"] gateway-ep-services = ["s3", "dynamodb"]
interface-ep-services = [] interface-ep-services = []
resource-prefix = local.resource-prefix resource-prefix = local.resource-prefix
vpc-id = aws_vpc.vpc.id vpc-id = aws_vpc.vpc.id
aws-region = var.aws-region
} }