setup git repo

.gitignore

@@ -0,0 +1,13 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
+
+.terraform/*
+logs
+common/README.md

.pre-commit-config.yaml

@@ -0,0 +1,18 @@
+repos:
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.48.0
+  hooks:
+#    - id: terraform_validate
+    - id: terraform_fmt
+    - id: terraform_docs_replace
+      args: ['table']
+      exclude: common/*.tf
+      exclude: version.tf
+    - id: terraform_tflint 
+      args:  [ "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"]
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v3.4.0
+  hooks:
+    - id: check-symlinks
+    - id: detect-aws-credentials
+    - id: detect-private-key

.tflint.hcl

@@ -0,0 +1,21 @@
+config {
+  module = true
+  force = false
+  disabled_by_default = false
+
+#  ignore_module = {
+#    "terraform-aws-modules/vpc/aws"            = true
+#    "terraform-aws-modules/security-group/aws" = true
+#  }
+
+#  varfile = ["example1.tfvars", "example2.tfvars"]
+#  variables = ["foo=bar", "bar=[\"baz\"]"]
+}
+
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+plugin "aws" {
+  enabled = true
+}

CHANGELOG.md

@@ -0,0 +1,4 @@
+# Versions
+
+* v1.0.0 -- 20210502
+  - initial creation

common/data.tf

@@ -0,0 +1,23 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_arn" "current" {
+  arn = data.aws_caller_identity.current.arn
+}
+
+data "aws_region" "current" {}
+
+# output "caller_account_id" {
+#   value = data.aws_caller_identity.current.account_id
+# }
+#
+# output "account_caller_arn" {
+#   value = data.aws_caller_identity.current.arn
+# }
+#
+# output "account_caller_arn_partition" {
+#   value = data.aws_arn.current.partition
+# }
+#
+# output "account_region_name" {
+#   value = data.aws_region.current.name
+# }

common/defaults.tf

@@ -0,0 +1,22 @@
+# for the accesss logs for load balancers
+# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
+
+locals {
+  _defaults = {
+    "load-balancer" = {
+      "gov"           = ["190560391635", "048591011584"]
+      "us-gov-east-1" = "190560391635"
+      "us-gov-west-1" = "048591011584"
+
+      "ew"        = ["127311923021", "033677994240", "027434742980", "797873946194"]
+      "us-east-1" = "127311923021"
+      "us-east-2" = "033677994240"
+      "us-west-1" = "027434742980"
+      "us-west-2" = "797873946194"
+    }
+    "ses" = {
+      "event_types" = ["bounce", "delivery", "complaint"]
+    }
+  }
+}
+

common/prefixes.tf

@@ -0,0 +1,26 @@
+locals {
+  _prefixes = {
+    "efs"            = "v-efs-"
+    "s3"             = "v-s3-"
+    "ebs"            = "v-ebs-"
+    "kms"            = "k-kms-"
+    "role"           = "r-"
+    "policy"         = "p-"
+    "group"          = "g-"
+    "security-group" = "" # "sg-"
+    # VPC
+    "vpc"              = ""
+    "dhcp-options"     = ""
+    "vpc-peer"         = "vpcp-"
+    "route-table"      = "route-"
+    "subnet"           = ""
+    "vpc-endpoint"     = "vpce-"
+    "elastic-ip"       = "eip-"
+    "nat-gateway"      = "nat-"
+    "internet-gateway" = "igw-"
+    "network-acl"      = "nacl-"
+    "customer-gateway" = "cgw-"
+    "vpn-gateweay"     = "vpcg-"
+    "vpn-connection"   = "vpn_"
+  }
+}

common/variables.common.tf

@@ -0,0 +1,26 @@
+#---
+# account info
+#---
+variable "account_id" {
+  description = "AWS Account ID (default will pull from current user)"
+  type        = string
+  default     = ""
+}
+
+variable "account_alias" {
+  description = "AWS Account Alias"
+  type        = string
+  default     = ""
+}
+
+variable "override_prefixes" {
+  description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things"
+  type        = map(string)
+  default     = {}
+}
+
+variable "tags" {
+  description = "AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data_safeguard field for such things."
+  type        = map(string)
+  default     = {}
+}

common/variables.common.vpc.tf

@@ -0,0 +1,32 @@
+#---
+# common variables for defining specific VPC components used throughout the submodules
+#---
+variable "vpc_name" {
+  description = "VPC name component used through the VPC descrbing its purpose (ex: dice-dev)"
+  type        = string
+  default     = null
+}
+
+variable "vpc_short_name" {
+  description = "VPC short name component (vpc{index})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_full_name" {
+  description = "VPC full name component (vpc{index}-{vpc_name})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_index" {
+  description = "VPC index number (integer starting at 1)"
+  type        = number
+  default     = null
+}
+
+variable "vpc_environment" {
+  description = "VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod)"
+  type        = string
+  default     = null
+}

common/version.tf

@@ -0,0 +1,3 @@
+locals {
+  _module_version = "1.0.0"
+}

security-groups/data.tf

@@ -0,0 +1 @@
+../common/data.tf

security-groups/defaults.tf

@@ -0,0 +1 @@
+../common/defaults.tf

security-groups/main.tf

@@ -0,0 +1,70 @@
+/*
+* # About aws-vpc-setup :: security-groups
+* 
+* This sets up the default base security groups needed in each VPC from the `aws-common-security-groups` module
+* and associated submodules.
+* * it-linux-base
+* * it-windows-base
+* * ois-scanner
+* 
+* # Usage
+* 
+* ```hcl
+* module "vpc-base-security-groups"
+*   source          = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//security-groups"
+*   vpc_id          = "vpc-1234568"
+*   vpc_full_name   = "vpc2-dice-dev"
+*   vpc_environment = "dev"
+*   tags            = {}
+* }
+* ```
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:created_by"        = "terraform"
+  }
+}
+
+module "sg-linux-base" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//it-linux-base"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.base_tags,
+    local.tags,
+    map("Environment", var.vpc_environment),
+  )
+}
+
+module "sg-windows-base" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//it-windows-base"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.base_tags,
+    local.tags,
+    map("Environment", var.vpc_environment),
+  )
+}
+
+module "sg-ois-scanner" {
+  source        = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//ois-scanner"
+  vpc_id        = var.vpc_id
+  vpc_full_name = var.vpc_full_name
+  use_vpc_cidr  = false
+  enable_self   = false
+  tags = merge(
+    local.tags,
+    local.base_tags,
+    map("Environment", var.vpc_environment),
+  )
+}

security-groups/prefixes.tf

@@ -0,0 +1 @@
+../common/prefixes.tf

security-groups/variables.common.tf

@@ -0,0 +1 @@
+../common/variables.common.tf

security-groups/variables.common.vpc.tf

@@ -0,0 +1 @@
+../common/variables.common.vpc.tf

security-groups/variables.tf

@@ -0,0 +1,5 @@
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+}
+

security-groups/version.tf

@@ -0,0 +1 @@
+../common/version.tf