switching networks, vpcs, and regions

SCT-Engineering · Apr 15, 2025 · 93bb7f6 · 93bb7f6
1 parent 06aa850
commit 93bb7f6
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 50 deletions.
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,11 @@
+
+locals {
+  common_tags = {
+    environment           = var.environment
+    environment_abbr      = var.environment_abbr
+    organization          = var.organization
+    finops_project_name   = var.finops_project_name
+    finops_project_number = var.finops_project_number
+    finops_project_role   = var.finops_project_role
+  }
+}
diff --git a/main.tf b/main.tf
@@ -1,25 +1,3 @@
-provider "aws" {
-  default_tags {
-    tags = {
-      organization          = "census:ocio:csvd"
-      finops_project_name   = "csvd_platformbaseline"
-      finops_project_number = "fs0000000078"
-      finops_project_role   = "csvd_platformbaseline_app"
-    }
-  }
-}
-
-locals {
-  common_tags = {
-    environment            = var.environment
-    environment_abbr      = var.environment_abbr
-    organization          = var.organization
-    finops_project_name   = var.finops_project_name
-    finops_project_number = var.finops_project_number
-    finops_project_role   = var.finops_project_role
-  }
-}
-
 # API Gateway
 resource "aws_api_gateway_rest_api" "eks_automation" {
   name = "eks-automation-api"
@@ -33,17 +11,17 @@ resource "aws_api_gateway_resource" "eks_automation" {
 }
 
 resource "aws_api_gateway_method" "eks_automation" {
-  rest_api_id   = aws_api_gateway_rest_api.eks_automation.id
-  resource_id   = aws_api_gateway_resource.eks_automation.id
-  http_method   = "POST"
-  authorization = "NONE"
+  rest_api_id      = aws_api_gateway_rest_api.eks_automation.id
+  resource_id      = aws_api_gateway_resource.eks_automation.id
+  http_method      = "POST"
+  authorization    = "NONE"
   api_key_required = true
 }
 
 resource "aws_api_gateway_integration" "lambda" {
-  rest_api_id = aws_api_gateway_rest_api.eks_automation.id
-  resource_id = aws_api_gateway_resource.eks_automation.id
-  http_method = aws_api_gateway_method.eks_automation.http_method
+  rest_api_id             = aws_api_gateway_rest_api.eks_automation.id
+  resource_id             = aws_api_gateway_resource.eks_automation.id
+  http_method             = aws_api_gateway_method.eks_automation.http_method
   integration_http_method = "POST"
   type                    = "AWS_PROXY"
   uri                     = aws_lambda_function.eks_automation.invoke_arn
@@ -90,7 +68,7 @@ resource "aws_api_gateway_method_response" "options" {
   resource_id = aws_api_gateway_resource.eks_automation.id
   http_method = aws_api_gateway_method.options.http_method
   status_code = "200"
-  
+
   response_parameters = {
     "method.response.header.Access-Control-Allow-Headers" = true,
     "method.response.header.Access-Control-Allow-Methods" = true,
@@ -145,20 +123,20 @@ resource "aws_api_gateway_usage_plan_key" "eks_automation" {
 
 # Lambda Layer
 resource "aws_lambda_layer_version" "git" {
-  filename            = "layer.zip"  # Make sure to create this zip file with Git binaries
-  layer_name         = "git-lambda-layer"
-  description        = "Git Lambda Layer"
+  filename            = "layer.zip" # Make sure to create this zip file with Git binaries
+  layer_name          = "git-lambda-layer"
+  description         = "Git Lambda Layer"
   compatible_runtimes = ["python3.9", "python3.10", "python3.11"]
 }
 
 # Lambda Function
 resource "aws_lambda_function" "eks_automation" {
-  filename      = "eks_automation.zip"  # Make sure to create this zip file
+  filename      = "eks_automation.zip" # Make sure to create this zip file
   function_name = "eks-automation"
-  role         = aws_iam_role.lambda_role.arn
-  handler      = "app.lambda_handler"
-  runtime      = "python3.11"
-  timeout      = var.lambda_timeout
+  role          = aws_iam_role.lambda_role.arn
+  handler       = "app.lambda_handler"
+  runtime       = "python3.11"
+  timeout       = var.lambda_timeout
 
   vpc_config {
     subnet_ids         = var.vpc_subnet_ids
@@ -210,9 +188,9 @@ resource "aws_iam_role_policy" "lambda_ssm_access" {
     Version = "2012-10-17"
     Statement = [
       {
-        Sid    = "SSMDescribeParametersPolicy"
-        Effect = "Allow"
-        Action = ["ssm:DescribeParameters"]
+        Sid      = "SSMDescribeParametersPolicy"
+        Effect   = "Allow"
+        Action   = ["ssm:DescribeParameters"]
         Resource = "*"
       },
       {

diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,6 @@
+provider "aws" {
+  region = var.aws_region
+  default_tags {
+    tags = local.common_tags
+  }
+}
diff --git a/varfiles/sct-engineering.tfvars b/varfiles/sct-engineering.tfvars
@@ -0,0 +1,15 @@
+environment           = "development"
+environment_abbr      = "dev"
+organization          = "census:ocio:csvd"
+finops_project_name   = "csvd_platformbaseline"
+finops_project_number = "fs0000000078"
+finops_project_role   = "csvd_platformbaseline_app"
+vpc_security_group_ids = [
+  "sg-0641c697588b9aa6b",
+  "sg-0cc69de0fa6f337c5"
+]
+vpc_subnet_ids = [
+  "subnet-062189d742937204e"
+]
+lambda_timeout = 30
+aws_region     = "us-gov-west-1"
diff --git a/variables.tf b/variables.tf
@@ -1,53 +1,50 @@
 variable "environment" {
   description = "Environment name"
   type        = string
-  default     = "development"
 }
 
 variable "environment_abbr" {
   description = "Environment abbreviation"
   type        = string
-  default     = "dev"
 }
 
 variable "organization" {
   description = "Organization name"
   type        = string
-  default     = "census:ocio:csvd"
 }
 
 variable "finops_project_name" {
   description = "FinOps project name"
   type        = string
-  default     = "csvd_platformbaseline"
 }
 
 variable "finops_project_number" {
   description = "FinOps project number"
   type        = string
-  default     = "fs0000000078"
 }
 
 variable "finops_project_role" {
   description = "FinOps project role"
   type        = string
-  default     = "csvd_platformbaseline_app"
 }
 
 variable "vpc_security_group_ids" {
   description = "List of VPC security group IDs"
   type        = list(string)
-  default     = ["sg-03cbf2a626ed55c7e"]
 }
 
 variable "vpc_subnet_ids" {
   description = "List of VPC subnet IDs"
   type        = list(string)
-  default     = ["subnet-05192178ac094f639", "subnet-022370a5a03585376"]
 }
 
 variable "lambda_timeout" {
   description = "Lambda function timeout in seconds"
   type        = number
-  default     = 30
 }
+
+variable "aws_region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-gov-west-2"
+}