diff --git a/examples/shared-vpc-interfaces-endpoints/locals.tf b/examples/shared-vpc-interfaces-endpoints/locals.tf deleted file mode 100644 index 630807e..0000000 --- a/examples/shared-vpc-interfaces-endpoints/locals.tf +++ /dev/null @@ -1,13 +0,0 @@ -locals { - base_tags = { - "boc:created_by" = "terraform" - } - - vpc_id = data.terraform_remote_state.vpc_REGION_VPCN.outputs.vpc_id - sg_web_id = data.terraform_remote_state.vpc_REGION_VPCN.outputs.sg_web_id - - tags = { - CostAllocation = "csvd:infrastructure" - Environment = var.vpc_environment - } -} diff --git a/examples/shared-vpc-interfaces-endpoints/provider.route53_main.tf b/examples/shared-vpc-interfaces-endpoints/provider.route53_main.tf deleted file mode 100644 index 1b63eae..0000000 --- a/examples/shared-vpc-interfaces-endpoints/provider.route53_main.tf +++ /dev/null @@ -1,21 +0,0 @@ -#--- -# network prod -#--- -provider "aws" { - alias = "route53_main_east" - region = var.region_map["east"] - assume_role { - role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id) - session_name = var.os_username - } -} - -provider "aws" { - alias = "route53_main_west" - region = var.region_map["west"] - assume_role { - role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id) - session_name = var.os_username - } -} - diff --git a/examples/shared-vpc-interfaces-endpoints/region.tf b/examples/shared-vpc-interfaces-endpoints/region.tf deleted file mode 100644 index b7b1696..0000000 --- a/examples/shared-vpc-interfaces-endpoints/region.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - region = var.region -} - diff --git a/examples/shared-vpc-interfaces-endpoints/tf-run.data b/examples/shared-vpc-interfaces-endpoints/tf-run.data deleted file mode 100644 index c8df7a2..0000000 --- a/examples/shared-vpc-interfaces-endpoints/tf-run.data +++ /dev/null @@ -1,19 +0,0 @@ -VERSION 1.0.2 -REMOTE-STATE -COMMAND tf-directory-setup.py -l none -f -COMMAND setup-new-directory.sh -COMMAND tf-init -upgrade - -LINKTOP includes.d/variables.account_tags.tf -LINKTOP includes.d/variables.account_tags.auto.tfvars -LINKTOP includes.d/variables.infrastructure_tags.tf -LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars -LINKTOP includes.d/variables.application_tags.tf -LINKTOP includes.d/variables.application_tags.auto.tfvars -LINK variables.vpc.tf -LINK variables.vpc.auto.tfvars - -ALL -COMMAND tf-directory-setup.py -l s3 - - diff --git a/examples/shared-vpc-interfaces-endpoints/variables.route53.tf b/examples/shared-vpc-interfaces-endpoints/variables.route53.tf deleted file mode 100644 index 140e7f2..0000000 --- a/examples/shared-vpc-interfaces-endpoints/variables.route53.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "route53_endpoints" { - description = "Map of target route53 endpoints (for inbound) central VPCs" - type = map(map(string)) - default = { - route53_main = { - "account_id" = "057405694017" - "us-gov-east-1" = "vpc-0871ba8a6040d623a" - "us-gov-west-1" = "vpc-0f03ea065333f72c5" - } - route53_main_legacy = { - "account_id" = "107742151971" - "us-gov-east-1" = "vpc-099a991da7c4eb8a5" - "us-gov-west-1" = "vpc-77877a12" - } - } -} diff --git a/examples/shared-vpc-interfaces-endpoints/variables.username.tf b/examples/shared-vpc-interfaces-endpoints/variables.username.tf deleted file mode 100644 index 46f8f47..0000000 --- a/examples/shared-vpc-interfaces-endpoints/variables.username.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "os_username" { - description = "OS username from environment variable, ideally as $USER" - type = string - default = null -} diff --git a/examples/shared-vpc-interfaces-endpoints/variables.vpc-endpoints.tf b/examples/shared-vpc-interfaces-endpoints/variables.vpc-endpoints.tf deleted file mode 100644 index 8faf3f9..0000000 --- a/examples/shared-vpc-interfaces-endpoints/variables.vpc-endpoints.tf +++ /dev/null @@ -1,16 +0,0 @@ -locals { - - # Use this to select specific vpc endpoints to share from the central account. An empty list will share everything defined - # in the central account (network-prod). If you try to share something, and it's not there it shoud probably be added to the - # central account. By default, you most likely want this to be an empty list []. If this is null, no sharing will be setup. - - shared_vpc_endpoints = [] - - # Use this to create non-shared VPC endpoints. This should be rare, and restricted to specific specialty services. - # This is a map of service naem, and a value of: - # "" (empty string): this means use this service name as is - # null: this means this service will NOT be created (disabled) - # string: A string used to find the service name. This is very service specific. sagemaker notebooks are one example. - - vpc_endpoints = {} -} diff --git a/examples/shared-vpc-interfaces-endpoints/versions.tf b/examples/shared-vpc-interfaces-endpoints/versions.tf deleted file mode 100644 index c6f5c66..0000000 --- a/examples/shared-vpc-interfaces-endpoints/versions.tf +++ /dev/null @@ -1,37 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.0" - } - ldap = { - source = "trevex/ldap" - version = ">= 0.5.4" - } - external = { - source = "hashicorp/external" - version = ">= 1.0" - } - null = { - source = "hashicorp/null" - version = ">= 1.0" - } - random = { - source = "hashicorp/random" - version = ">= 1.0" - } - template = { - source = "hashicorp/template" - version = ">= 1.0" - } - infoblox = { - source = "infobloxopen/infoblox" - version = ">= 2.1.0" - } - time = { - source = "hashicorp/time" - version = ">= 0.9" - } - } - required_version = ">= 1.0.0" -} diff --git a/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.shared.tf b/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.shared.tf deleted file mode 100644 index d7f95db..0000000 --- a/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.shared.tf +++ /dev/null @@ -1,75 +0,0 @@ -data "aws_ssm_parameters_by_path" "vpce_east" { - provider = aws.route53_main_east - path = format("/enterprise/%v/vpc-endpoints/", data.aws_arn.current.partition) - recursive = true -} - -data "aws_ssm_parameters_by_path" "vpce_west" { - provider = aws.route53_main_west - path = format("/enterprise/%v/vpc-endpoints/", data.aws_arn.current.partition) - recursive = true -} - -locals { - vpc_endpoints_ssm_east = { for k, v in zipmap(data.aws_ssm_parameters_by_path.vpce_east.names, data.aws_ssm_parameters_by_path.vpce_east.values) : k => jsondecode(v) } - vpc_endpoints_ssm_west = { for k, v in zipmap(data.aws_ssm_parameters_by_path.vpce_west.names, data.aws_ssm_parameters_by_path.vpce_west.values) : k => jsondecode(v) } -} - -# selects all available zones for this region -# settings: -# shared_vpc_endpoints = null do not use any shared endpoints (from SSM param) -# shared_vpc_endpoints = [] use all available shared endpoints (from SSM param) *recommended -# shared_vpc_endpoints = [ "sms", "kms", ] use selected VPC endpoints - -module "vpce_shared_east" { - count = local.shared_vpc_endpoints == null ? 0 : 1 - providers = { - aws.self = aws - aws.peer = aws.route53_main_east - } - - source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/vpc?ref=tf-upgrade" - region = local.region - vpc_id = local.vpc_id - zone_ids = compact([for k, v in nonsensitive(local.vpc_endpoints_ssm_east) : v.zone_id if length(local.shared_vpc_endpoints) == 0 || try(contains(local.shared_vpc_endpoints, v.name), true)]) - - tags = merge( - local.common_tags, - var.account_tags, - var.application_tags, - ) -} - -module "vpce_shared_west" { - count = local.shared_vpc_endpoints == null ? 0 : 1 - providers = { - aws.self = aws - aws.peer = aws.route53_main_west - } - - source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/vpc?ref=tf-upgrade" - region = local.region - vpc_id = local.vpc_id - zone_ids = compact([for k, v in nonsensitive(local.vpc_endpoints_ssm_west) : v.zone_id if length(local.shared_vpc_endpoints) == 0 || try(contains(local.shared_vpc_endpoints, v.name), true)]) - - tags = merge( - local.common_tags, - var.account_tags, - var.application_tags, - ) -} - -## data "aws_ssm_parameter" "vpce" { -## for_each = toset(data.aws_ssm_parameters_by_path.vpce.names) -## name = each.key -## } -## -## "/enterprise/aws-us-gov/vpc-endpoints/us-gov-west-1/elasticloadbalancing" = { -## "create_time" = 1680897055 -## "dns_name" = "elasticloadbalancing.us-gov-west-1.amazonaws.com" -## "id" = "vpce-0dcf1e1c5b81b5dce" -## "name" = "elasticloadbalancing" -## "region" = "us-gov-west-1" -## "zone" = "elasticloadbalancing.us-gov-west-1.amazonaws.com" -## "zone_id" = "Z0438795ORVM3AZOHHAV" -## } diff --git a/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.tf b/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.tf deleted file mode 100644 index 0c4b61c..0000000 --- a/examples/shared-vpc-interfaces-endpoints/vpc-endpoints.tf +++ /dev/null @@ -1,40 +0,0 @@ -# there is no need to change this file. use variables.vpc-endpoints.tf (for the locals needing to be set) - -locals { - security_group_ids = [local.sg_web_id] - - # these are defined in variables.vpc-endpoints.tf - ## shared_vpc_endpoints = [] - ## vpc_endpoints = { } -} - -data "aws_subnets" "endpoint_subnets" { - filter { - name = "vpc-id" - values = [local.vpc_id] - } - filter { - name = "tag:Name" - values = ["*-endpoints-*"] - } -} - -module "vpce" { - for_each = local.vpc_endpoints - source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-interface-endpoint?ref=tf-upgrade" - - service = each.value == "" ? each.key : each.value - subnet_ids = tolist(data.aws_subnets.endpoint_subnets.ids) - security_group_ids = local.security_group_ids - - vpc_id = local.vpc_id - vpc_full_name = var.vpc_full_name - vpc_environment = var.vpc_environment - - tags = merge( - local.common_tags, - local.tags, - var.account_tags, - var.application_tags, - ) -}