Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tflint and update kms version #53

Merged
merged 4 commits into from
Oct 3, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 73 additions & 24 deletions _example/ec2-network-mode-awsvpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ provider "aws" {
region = "eu-west-1"
}

locals {
vpc_cidr_block = module.vpc.vpc_cidr_block
additional_cidr_block = "172.16.0.0/16"
}
##---------------------------------------------------------------------------------------------------------------------------
## A key pair is a combination of a public key that is used to encrypt data and a private key that is used to decrypt data.
##--------------------------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -54,48 +58,93 @@ module "subnets" {
ipv6_cidr_block = module.vpc.ipv6_cidr_block
}

##-----------------------------------------------------
## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with ssh.
##-----------------------------------------------------
#tfsec:ignore:aws-ec2-no-public-ingress-sgr
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
module "http_https" {
# ################################################################################
# Security Groups module call
################################################################################

module "ssh" {
source = "clouddrove/security-group/aws"
version = "2.0.0"

name = "http-https"
name = "ssh"
environment = "test"
label_order = ["name", "environment"]
vpc_id = module.vpc.vpc_id
new_sg_ingress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
description = "Allow ssh traffic."
}]

vpc_id = module.vpc.vpc_id
allowed_ip = ["0.0.0.0/0"]
allowed_ports = [80, 443]
## EGRESS Rules
new_sg_egress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
description = "Allow ssh outbound traffic."
}]
}

##-----------------------------------------------------
## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with ssh.
##-----------------------------------------------------
#tfsec:ignore:aws-ec2-no-public-egress-sgr
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
module "ssh" {
module "http_https" {
source = "clouddrove/security-group/aws"
version = "2.0.0"

name = "ssh"
name = "http-https"
environment = "test"
label_order = ["name", "environment"]

vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [22]
vpc_id = module.vpc.vpc_id
## INGRESS Rules
new_sg_ingress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block]
description = "Allow ssh traffic."
},
{
rule_count = 2
from_port = 80
protocol = "tcp"
to_port = 80
cidr_blocks = [local.vpc_cidr_block]
description = "Allow http traffic."
},
{
rule_count = 3
from_port = 443
protocol = "tcp"
to_port = 443
cidr_blocks = [local.vpc_cidr_block]
description = "Allow https traffic."
}
]

## EGRESS Rules
new_sg_egress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow all traffic."
}
]
}

##-----------------------------------------------------
## AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and AWS services.
##-----------------------------------------------------
module "kms_key" {
source = "clouddrove/kms/aws"
version = "1.3.0"
version = "1.3.1"

name = "kms"
repository = "https://github.com/clouddrove/terraform-aws-kms"
Expand Down Expand Up @@ -161,7 +210,7 @@ module "ecs" {
## Network
vpc_id = module.vpc.vpc_id
subnet_ids = module.subnets.private_subnet_id
additional_security_group_ids = [module.ssh.security_group_ids, module.http_https.security_group_ids]
additional_security_group_ids = [module.ssh.security_group_id, module.http_https.security_group_id]
listener_certificate_arn = module.acm.arn

## EC2
Expand All @@ -172,8 +221,8 @@ module "ecs" {
min_size = 1
max_size = 3
volume_size = 8
lb_security_group = module.ssh.security_group_ids
service_lb_security_group = [module.http_https.security_group_ids]
lb_security_group = module.ssh.security_group_id
service_lb_security_group = [module.http_https.security_group_id]
cloudwatch_prefix = "ecs-logs"

## ECS Cluster
Expand Down
4 changes: 2 additions & 2 deletions _example/ec2-network-mode-awsvpc/versions.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Terraform version
terraform {
required_version = ">= 1.5.0"
required_version = ">= 1.5.7"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.9.0"
version = ">= 5.18.1"
}
}
}
96 changes: 73 additions & 23 deletions _example/ec2-network-mode-bridge/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ provider "aws" {
region = "eu-west-1"
}

locals {
vpc_cidr_block = module.vpc.vpc_cidr_block
additional_cidr_block = "172.16.0.0/16"
}
##---------------------------------------------------------------------------------------------------------------------------
## A key pair is a combination of a public key that is used to encrypt data and a private key that is used to decrypt data.
##--------------------------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -54,48 +58,94 @@ module "subnets" {
ipv6_cidr_block = module.vpc.ipv6_cidr_block
}

##-----------------------------------------------------
## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with ssh.
##-----------------------------------------------------
#tfsec:ignore:aws-ec2-no-public-ingress-sgr
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
module "http_https" {
# ################################################################################
# Security Groups module call
################################################################################

module "ssh" {
source = "clouddrove/security-group/aws"
version = "2.0.0"

name = "http-https"
name = "ssh"
environment = "test"
label_order = ["name", "environment"]
vpc_id = module.vpc.vpc_id
new_sg_ingress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
description = "Allow ssh traffic."
}]

vpc_id = module.vpc.vpc_id
allowed_ip = ["0.0.0.0/0"]
allowed_ports = [80, 443]
## EGRESS Rules
new_sg_egress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block]
description = "Allow ssh outbound traffic."
}]
}

##-----------------------------------------------------
## An AWS security group acts as a virtual firewall for incoming and outgoing traffic with ssh.
##-----------------------------------------------------
#tfsec:ignore:aws-ec2-no-public-egress-sgr
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
module "ssh" {
module "http_https" {
source = "clouddrove/security-group/aws"
version = "2.0.0"

name = "ssh"
name = "http-https"
environment = "test"
label_order = ["name", "environment"]

vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [22]
vpc_id = module.vpc.vpc_id
## INGRESS Rules
new_sg_ingress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = [local.vpc_cidr_block]
description = "Allow ssh traffic."
},
{
rule_count = 2
from_port = 80
protocol = "tcp"
to_port = 80
cidr_blocks = [local.vpc_cidr_block]
description = "Allow http traffic."
},
{
rule_count = 3
from_port = 443
protocol = "tcp"
to_port = 443
cidr_blocks = [local.vpc_cidr_block]
description = "Allow https traffic."
}
]

## EGRESS Rules
new_sg_egress_rules_with_cidr_blocks = [{
rule_count = 1
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow all traffic."
}
]
}

##-----------------------------------------------------
## AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and AWS services.
##-----------------------------------------------------
module "kms_key" {
source = "clouddrove/kms/aws"
version = "1.3.0"
version = "1.3.1"

name = "kms"
repository = "https://github.com/clouddrove/terraform-aws-kms"
Expand Down Expand Up @@ -161,7 +211,7 @@ module "ecs" {
vpc_id = module.vpc.vpc_id
subnet_ids = module.subnets.private_subnet_id

additional_security_group_ids = [module.ssh.security_group_ids, module.http_https.security_group_ids]
additional_security_group_ids = [module.ssh.security_group_id, module.http_https.security_group_id]
listener_certificate_arn = module.acm.arn

## EC2
Expand All @@ -172,8 +222,8 @@ module "ecs" {
min_size = 1
max_size = 3
volume_size = 8
lb_security_group = module.ssh.security_group_ids
service_lb_security_group = [module.http_https.security_group_ids]
lb_security_group = module.ssh.security_group_id
service_lb_security_group = [module.http_https.security_group_id]
cloudwatch_prefix = "ecs-logs"

## ECS Cluster
Expand Down
4 changes: 2 additions & 2 deletions _example/ec2-network-mode-bridge/versions.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Terraform version
terraform {
required_version = ">= 1.5.0"
required_version = ">= 1.5.7"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.9.0"
version = ">= 5.18.1"
}
}
}
Loading