intial rds-oracle

terraform-modules · Jan 15, 2020 · e78c64e · e78c64e
1 parent e99dc12
commit e78c64e
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 0 deletions.
diff --git a/rds-oracle/main.tf b/rds-oracle/main.tf
@@ -0,0 +1,51 @@
+/**
+* # About
+* 
+* This describes how to use the aws-common-security-groups submodule for rds-oracle
+* 
+* # Usage
+* 
+* ```code
+* module "rds-oracle" {
+*   source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//rds-oracle"
+* 
+*   # name = "m-rds-oracle"
+*   vpc_id = var.vpc_id
+*   # Name, CostAllocation, and Environment are pre-set
+*   # tags = { }
+* }
+* ```
+*/
+
+resource "aws_security_group" "this_security_group" {
+  name        = local.name
+  description = local.description
+  vpc_id      = var.vpc_id
+
+# portlist
+  dynamic "ingress" {
+    for_each = local.ports_map
+    iterator = p
+    content {
+      description = "${local.description}: ${p.value["description"]}"
+      from_port   = p.value["from"]
+      to_port     = p.value["to"]
+      protocol    = p.value["proto"]
+      cidr_blocks = length(p.value["cidr"]) == 0 ? local.ingress_networks : p.value["cidr"]
+    }
+  }
+
+  egress {
+    description = "${local.description}: All"
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = local.egress_networks
+  }
+
+  tags = merge(
+    var.tags,
+    map("VPC", var.vpc_full_name),
+    map("Name", "sg-${local.name}"),
+  )
+}
diff --git a/rds-oracle/output.tf b/rds-oracle/output.tf
@@ -0,0 +1,9 @@
+output "this_security_group_id" {
+  description = "Created security group ID"
+  value = aws_security_group.this_security_group.id
+}
+
+output "this_security_group_arn" {
+  description = "Created security group ARN"
+  value = aws_security_group.this_security_group.arn
+}
diff --git a/rds-oracle/ports.tf b/rds-oracle/ports.tf
@@ -0,0 +1,14 @@
+locals {
+  description = "module: Oracle common ports"
+  name        = var.name
+  ports = [
+    [ 1521, 1521, "tcp", "oracle-db", [] ],
+    [ 1570, 1571, "tcp", "oracle-db", [] ],
+    [ 3872, 3872, "tcp", "inbound-oracle-OEM", [ "172.24.101.9/32", "172.24.101.10/32", "172.24.32.251/32" ] ],
+    [ 7799, 7799, "tcp", "oracle-OEM", [] ],
+  ]
+  ingress_networks = var.networks
+  egress_networks = var.egress_networks
+  ports_fields = ["from","to","proto","description","cidr"]
+  ports_map = [ for p in local.ports: zipmap(local.ports_fields,p) ]
+}
diff --git a/rds-oracle/variables.tf b/rds-oracle/variables.tf
@@ -0,0 +1,37 @@
+variable "vpc_id" {
+  description = "VPC ID Number"
+  type = string
+}
+
+variable "vpc_full_name" {
+  description = "VPC Name"
+  type = string
+  default = ""
+}
+
+variable "name" {
+  description = "Security group Name"
+  type = string
+  default = "m-rds-oracle"
+}
+
+variable "networks" {
+  description = "List of ingress networks (applies to all ports)"
+  type = list(string)
+  default = [ "0.0.0.0/0" ]
+}
+
+variable "egress_networks" {
+  description = "List of egress networks (all ports)"
+  type = list(string)
+  default = [ "0.0.0.0/0" ]
+}
+
+variable "tags" {
+  description = "Extra security group tags"
+  type    = map
+  default = {
+    "CostAllocation" = "csvd:infrastructure"
+    "Environment" = "csvd-infrastructure"
+  }
+}
diff --git a/rds-oracle/versions.tf b/rds-oracle/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}