From e78c64ee30983243530922db59513c29ccf26d30 Mon Sep 17 00:00:00 2001 From: Don Badrak Date: Wed, 15 Jan 2020 13:27:07 -0500 Subject: [PATCH] intial rds-oracle --- rds-oracle/main.tf | 51 +++++++++++++++++++++++++++++++++++++++++ rds-oracle/output.tf | 9 ++++++++ rds-oracle/ports.tf | 14 +++++++++++ rds-oracle/variables.tf | 37 ++++++++++++++++++++++++++++++ rds-oracle/versions.tf | 4 ++++ 5 files changed, 115 insertions(+) create mode 100644 rds-oracle/main.tf create mode 100644 rds-oracle/output.tf create mode 100644 rds-oracle/ports.tf create mode 100644 rds-oracle/variables.tf create mode 100644 rds-oracle/versions.tf diff --git a/rds-oracle/main.tf b/rds-oracle/main.tf new file mode 100644 index 0000000..e2ae845 --- /dev/null +++ b/rds-oracle/main.tf @@ -0,0 +1,51 @@ +/** +* # About +* +* This describes how to use the aws-common-security-groups submodule for rds-oracle +* +* # Usage +* +* ```code +* module "rds-oracle" { +* source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//rds-oracle" +* +* # name = "m-rds-oracle" +* vpc_id = var.vpc_id +* # Name, CostAllocation, and Environment are pre-set +* # tags = { } +* } +* ``` +*/ + +resource "aws_security_group" "this_security_group" { + name = local.name + description = local.description + vpc_id = var.vpc_id + +# portlist + dynamic "ingress" { + for_each = local.ports_map + iterator = p + content { + description = "${local.description}: ${p.value["description"]}" + from_port = p.value["from"] + to_port = p.value["to"] + protocol = p.value["proto"] + cidr_blocks = length(p.value["cidr"]) == 0 ? local.ingress_networks : p.value["cidr"] + } + } + + egress { + description = "${local.description}: All" + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = local.egress_networks + } + + tags = merge( + var.tags, + map("VPC", var.vpc_full_name), + map("Name", "sg-${local.name}"), + ) +} diff --git a/rds-oracle/output.tf b/rds-oracle/output.tf new file mode 100644 index 0000000..f9c3840 --- /dev/null +++ b/rds-oracle/output.tf @@ -0,0 +1,9 @@ +output "this_security_group_id" { + description = "Created security group ID" + value = aws_security_group.this_security_group.id +} + +output "this_security_group_arn" { + description = "Created security group ARN" + value = aws_security_group.this_security_group.arn +} diff --git a/rds-oracle/ports.tf b/rds-oracle/ports.tf new file mode 100644 index 0000000..15a2dd0 --- /dev/null +++ b/rds-oracle/ports.tf @@ -0,0 +1,14 @@ +locals { + description = "module: Oracle common ports" + name = var.name + ports = [ + [ 1521, 1521, "tcp", "oracle-db", [] ], + [ 1570, 1571, "tcp", "oracle-db", [] ], + [ 3872, 3872, "tcp", "inbound-oracle-OEM", [ "172.24.101.9/32", "172.24.101.10/32", "172.24.32.251/32" ] ], + [ 7799, 7799, "tcp", "oracle-OEM", [] ], + ] + ingress_networks = var.networks + egress_networks = var.egress_networks + ports_fields = ["from","to","proto","description","cidr"] + ports_map = [ for p in local.ports: zipmap(local.ports_fields,p) ] +} diff --git a/rds-oracle/variables.tf b/rds-oracle/variables.tf new file mode 100644 index 0000000..440d3da --- /dev/null +++ b/rds-oracle/variables.tf @@ -0,0 +1,37 @@ +variable "vpc_id" { + description = "VPC ID Number" + type = string +} + +variable "vpc_full_name" { + description = "VPC Name" + type = string + default = "" +} + +variable "name" { + description = "Security group Name" + type = string + default = "m-rds-oracle" +} + +variable "networks" { + description = "List of ingress networks (applies to all ports)" + type = list(string) + default = [ "0.0.0.0/0" ] +} + +variable "egress_networks" { + description = "List of egress networks (all ports)" + type = list(string) + default = [ "0.0.0.0/0" ] +} + +variable "tags" { + description = "Extra security group tags" + type = map + default = { + "CostAllocation" = "csvd:infrastructure" + "Environment" = "csvd-infrastructure" + } +} diff --git a/rds-oracle/versions.tf b/rds-oracle/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/rds-oracle/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}