Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

modules added #2

Merged
merged 21 commits into from
Oct 5, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
code added for networking ,shared , dev account
d4kverma committed Oct 5, 2023
commit 585efa5e03b3d7854b257a99882a3f56a5a97cb3
26 changes: 25 additions & 1 deletion .github/workflows/tf-checks.yml
Original file line number Diff line number Diff line change
@@ -12,4 +12,28 @@ jobs:
aws_credentials: true
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
networking:
uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
with:
working_directory: './_examples/multi-account/networking'
aws_credentials: true
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
shared:
uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
with:
working_directory: './_examples/multi-account/shared'
aws_credentials: true
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
dev:
uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
with:
working_directory: './_examples/multi-account/dev'
aws_credentials: true
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.TEST_AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
10 changes: 10 additions & 0 deletions _examples/multi-account/dev/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
################################################################################
# backend
################################################################################
terraform {
backend "s3" {
bucket = "eks-automated-s3-bucket"
key = "ct/dev.tfstate"
region = "us-east-1"
}
}
66 changes: 38 additions & 28 deletions _examples/multi-account/dev/main.tf
Original file line number Diff line number Diff line change
@@ -1,43 +1,53 @@
# ------------------------------------------------------------------------------
# Resources
# ------------------------------------------------------------------------------
locals {}

#VPC
#Transit
#KMS (multi region)
#ACM ()
#Route53 dev.xyz.ca
#SecurtyBaseline
#Cloudtrail
#GuardDuty
#SecutyHub
#GuardRails

#EKS
#RDS
#EFS
#EBS Encryption

locals {
name = "ct"
environment = "dev"
region = "us-east-1"
role_arn = "arn:aws:iam::******:role/CT-dev-test-sw" #Provide dev account role ARN
cidr_block = "10.12.0.0/16"
}

data "aws_caller_identity" "current" {}

Check warning on line 9 in _examples/multi-account/dev/main.tf

GitHub Actions / tf-lint / tflint

data "aws_caller_identity" "current" is declared but not used

provider "aws" {
region = local.region
}

provider "aws" {
alias = "networking"
assume_role {
role_arn = local.role_arn
}
region = local.region
}

# ------------------------------------------------------------------------------
# Resources
# ------------------------------------------------------------------------------
module "CT" {
source = "../../"
providers = {
aws = aws.networking
}
source = "../../../"
name = local.name
environment = local.environment
region = local.region

cidr_block = "10.0.20.0/16"
subnet_type = private
## VPC
cidr_block = local.cidr_block

}
## SUBNET
subnet_type = var.subnet_type

## SECURTIY-GROUP
ssh_allow_ip = local.cidr_block

## ACM
domain = var.domain

## Route53
records = var.records

## TGW-HUB
tgw_spoke_enable = var.tgw_spoke_enable
spoke_destination_cidr = var.spoke_destination_cidr
transit_gateway_id = var.transit_gateway_id
resource_share_arn = var.resource_share_arn

}
1 change: 1 addition & 0 deletions _examples/multi-account/dev/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# ------------------------------------------------------------------------------
# Outputs
# ------------------------------------------------------------------------------

6 changes: 6 additions & 0 deletions _examples/multi-account/dev/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
subnet_type = "private"
domain = "clouddrove.ca"
records = []
spoke_destination_cidr = ["0.0.0.0/0"]
transit_gateway_id = ""
resource_share_arn = ""
3 changes: 0 additions & 3 deletions _examples/multi-account/dev/variables.auto.tfvars

This file was deleted.

46 changes: 46 additions & 0 deletions _examples/multi-account/dev/variables.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,49 @@
# ------------------------------------------------------------------------------
# Variables
# ------------------------------------------------------------------------------

## SUBNET
variable "subnet_type" {
type = string
default = ""
description = "Type of subnets to create (`private` or `public`)."
}

## ACM
variable "domain" {
type = string
default = ""
description = "A domain name for which the certificate should be issued."
}

## Route53
variable "records" {
type = any
default = []
description = "List of objects of DNS records"
}

## TGW-HUB
variable "tgw_spoke_enable" {
type = bool
default = true
description = "Enable subnet to create or not."
}

variable "transit_gateway_id" {
type = string
default = ""
description = "The ID of gateway id."
}

variable "spoke_destination_cidr" {
type = list(any)
default = []
description = "The destination CIDR block (VPC)."
}

variable "resource_share_arn" {
type = string
default = ""
description = "Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable."
}
11 changes: 11 additions & 0 deletions _examples/multi-account/dev/version.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Terraform version
terraform {
required_version = ">= 1.5.7"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.19.0"
}
}
}
4 changes: 2 additions & 2 deletions _examples/multi-account/networking/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
## examples/complete
## examples/basic

An example which shows _complete_ usage of the module.
An example which shows _basic_ usage of the module.
10 changes: 10 additions & 0 deletions _examples/multi-account/networking/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
################################################################################
# backend
################################################################################
terraform {
backend "s3" {
bucket = "eks-automated-s3-bucket"
key = "ct/networking.tfstate"
region = "us-east-1"
}
}
67 changes: 42 additions & 25 deletions _examples/multi-account/networking/main.tf
Original file line number Diff line number Diff line change
@@ -1,40 +1,57 @@
# ------------------------------------------------------------------------------
# Resources
# ------------------------------------------------------------------------------
locals {}

#2 VPC (Dev & Prod)
#Transit
#KMS (multi region)
#ACM ()
#Route53 networking.identos.ca
#SecurtyBaseline
#Cloudtrail
#GuardDuty
#SecutyHub
#GuardRails
# VPN
# Bastion host

locals {
name = "ct"
environment = "networking"
region = "us-east-1"
role_arn = "arn:aws:iam::${data.aws_caller_identity.current.id}:role/CT-networking-test-sw"
cidr_block = "10.10.0.0/16"
}

data "aws_caller_identity" "current" {}

provider "aws" {
region = local.region
}

provider "aws" {
alias = "networking"
assume_role {
role_arn = local.role_arn
}
region = local.region
}

# ------------------------------------------------------------------------------
# Resources
# ------------------------------------------------------------------------------
module "CT" {
source = "../../"
providers = {
aws = aws.networking
}
source = "../../../"
name = local.name
environment = local.environment
region = local.region

cidr_block = "10.0.10.0/16"
subnet_type = private
## VPC
cidr_block = local.cidr_block

}
## SUBNET
subnet_type = var.subnet_type
nat_gateway_enabled = var.nat_gateway_enabled
single_nat_gateway = var.single_nat_gateway

## SECURTIY-GROUP
ssh_allow_ip = local.cidr_block

## ACM
domain = var.domain

## Route53
records = var.records

## TGW-HUB
tgw_hub_enable = var.tgw_hub_enable
hub_destination_cidr = var.hub_destination_cidr
resource_share_account_ids = var.resource_share_account_ids

## VPN
vpn_enable = var.vpn_enable
vpn_cidr_block = var.vpn_cidr_block
}
14 changes: 14 additions & 0 deletions _examples/multi-account/networking/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
# ------------------------------------------------------------------------------
# Outputs
# ------------------------------------------------------------------------------
output "transit_gateway_id" {
value = module.CT.transit_gateway_id
description = "The ID of the Transit Gateway."
}

output "resource_share_arn" {
value = module.CT.resource_share_arn
description = "The ARN of the RAM."
}

output "vpn_id" {
value = module.CT.vpn_id
description = "The ID of the Client VPN endpoint."
}
6 changes: 6 additions & 0 deletions _examples/multi-account/networking/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
subnet_type = "public-private"
domain = "clouddrove.ca"
records = []
hub_destination_cidr = ["10.11.0.0/16", "10.12.0.0/16"]
vpn_cidr_block = "172.16.0.0/16"
resource_share_account_ids = ["******", "*****"] # Add account id of all other accounts where to Peer
3 changes: 0 additions & 3 deletions _examples/multi-account/networking/variables.auto.tfvars

This file was deleted.

Loading