copy files

examples/shared-vpc-setup-tf-upgrade/.gitignore

@@ -0,0 +1 @@
+vpn-configs

examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mariadb.tf

@@ -0,0 +1,9 @@
+module "maria" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//rds-maria?ref=tf-upgrade"
+  vpc_id = module.vpc.vpc_id
+}
+
+output "sg_maria_id" {
+  description = "Common MariaDB security group"
+  value       = module.maria.this_security_group_id
+}

examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mssql.tf

@@ -0,0 +1,11 @@
+module "rds-mssql" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//rds-mssql?ref=tf-upgrade"
+  vpc_id = module.vpc.vpc_id
+  #vpc_full_name = var.vpc_full_name
+}
+
+output "sg_rds-mssql_id" {
+  description = "RDS MSSQL security group id"
+  value       = module.rds-mssql.this_security_group_id
+}
+

examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-mysql.tf

@@ -0,0 +1,9 @@
+module "sg_mysql" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//rds-mysql?ref=tf-upgrade"
+  vpc_id = module.vpc.vpc_id
+}
+
+output "sg_mysql_id" {
+  description = "Common MySQL security group"
+  value       = module.sg_mysql.this_security_group_id
+}

examples/shared-vpc-setup-tf-upgrade/OFF/sg-rds-postgres.tf

@@ -0,0 +1,9 @@
+module "sg_postgres" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//rds-postgres?ref=tf-upgrade"
+  vpc_id = module.vpc.vpc_id
+}
+
+output "sg_postgres_id" {
+  description = "Common Postgres security group"
+  value       = module.sg_postgres.this_security_group_id
+}

examples/shared-vpc-setup-tf-upgrade/README.md

@@ -0,0 +1,78 @@
+<!-- Replace all the {fields} with appropriate values -->
+# About
+
+This directory constructs the appropriate resources for the vpc2-dice-dev VPC, including:
+
+* VPC
+* Subnets
+* Route Tables
+* Network ACLs
+* VPN (CGW, VPG, VPN Connectiosn)
+* Flow Logs
+* Securtity Groups (base, others)
+
+<!-- Add additional text here -->
+
+# Application Information
+
+* Application: DICE
+* Environment: development
+* Organization: ADSD, CTO
+* Project: DICE
+* Point of Contact(s): 
+* Creation Date: 2021-05-10
+* References:
+  * Requirements: https://github.e.it.census.gov/terraform/cloud-information/blob/master/aws/projects/dice/
+  * Remedy Ticket: {number}
+  * Other: {other}
+* Related Configurations:
+  * {directory-path}
+
+# Application Requirements
+
+# Terraform Directions
+
+## Update files to reflect proper configuration
+
+1. get this module in a temporary location
+   * cd /tmp
+   * git clone git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git
+   * cd aws-vpc-setup
+   * git checkout tf-upgrade
+   * cd examples/full-setup-tf-upgrade
+1. rsync this code to your ACCOUNTREPO/vpc/region/vpcN directory
+1. Go to your repo ACCOUNTREPO/vpc/region/vpcN
+1. remove the /tmp/aws-vpc-setup directory
+1. start branch like 'configure-vpcN' (use N as the number)
+1. flowlogs.tf
+   * set correct region (east, west) in `flowlog_bucket_arn`
+1. variables.vpc.auto.tfvars
+   * put proper values for
+     * vpc_name
+     * vpc_cidr_block
+     * vpc_index (this is the number from vpc{number}-{name}
+     * vpc_short_name (vpc{number})
+     * vpc_full_name (vpc_short_name "-" vpc_name)
+     * vpc_environment
+     * vpc_domain_name (usually {vpc_environment}.PROGRAM.census.gov)
+     * proper `ip_address` for the VPN settings (replace NNN with the value from TCO)
+1. variables.subnets.auto.tfvars
+   * comment out public subnet objects (leaving public_subets = [], in essence; we are no longer using this)
+   * fill in the correct values for the base cidrs, starting with the blocks as shown.  These will be validated in a PR
+1. commit, push, and do a PR. This must be merged before any apply.  Keep your branch, as you'll have more to add to it.
+
+Once you have a merged PR you can run through the setup
+
+```script
+tf-run apply
+```
+
+Follow the diections from `tf-run`.  You'll add all the files to git, do another commit, push and PR, before things are complete.
+
+<!-- Enter commands needed in markdown andor special configuration text for plan and apply of this code -->
+
+<!-- No editing needed beyond this point -->
+# Details
+
+<!-- BEGIN_TF_DOCS -->
+<!-- END_TF_DOCS -->

examples/shared-vpc-setup-tf-upgrade/apps/.terraform-docs.yml

@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show: 
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+## output-values:
+##   enabled: false
+##   from: ""
+## 
+## sort:
+##   enabled: true
+##   by: name
+## 
+## settings:
+##   anchor: true
+##   color: true
+##   default: true
+##   description: false
+##   escape: true
+##   indent: 2
+##   required: true
+##   sensitive: true
+##   type: true

examples/shared-vpc-setup-tf-upgrade/apps/dns/.terraform-docs.yml

@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show: 
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+## output-values:
+##   enabled: false
+##   from: ""
+## 
+## sort:
+##   enabled: true
+##   by: name
+## 
+## settings:
+##   anchor: true
+##   color: true
+##   default: true
+##   description: false
+##   escape: true
+##   indent: 2
+##   required: true
+##   sensitive: true
+##   type: true

examples/shared-vpc-setup-tf-upgrade/apps/dns/README.md

@@ -0,0 +1,55 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_aws.east_main_dns"></a> [aws.east\_main\_dns](#provider\_aws.east\_main\_dns) | n/a |
+| <a name="provider_aws.west_main_dns"></a> [aws.west\_main\_dns](#provider\_aws.west\_main\_dns) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_resolver_rule_association.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
+| [aws_route53_vpc_association_authorization.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
+| [aws_route53_zone.ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
+| [aws_route53_zone_association.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_resolver_rules.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_resolver_rules) | data source |
+| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dns_zone_create"></a> [dns\_zone\_create](#input\_dns\_zone\_create) | Flag determing to create (true) or associate (false) the main forward zone.  Used for the same VPC domain name across different regions or VPCs | `bool` | `true` | no |
+| <a name="input_dns_zone_description_prefix"></a> [dns\_zone\_description\_prefix](#input\_dns\_zone\_description\_prefix) | Zone description with the org-project-program-environment | `string` | `""` | no |
+| <a name="input_main_dns_profile"></a> [main\_dns\_profile](#input\_main\_dns\_profile) | Profile name for AWS for the main DNS central account | `string` | `"107742151971-do2-govcloud"` | no |
+| <a name="input_main_dns_vpcs"></a> [main\_dns\_vpcs](#input\_main\_dns\_vpcs) | Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS | `map(string)` | <pre>{<br>  "us-gov-east-1": "vpc-099a991da7c4eb8a5",<br>  "us-gov-west-1": "vpc-77877a12"<br>}</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_all_zones"></a> [all\_zones](#output\_all\_zones) | DNS zone list |
+| <a name="output_domain_zone_id"></a> [domain\_zone\_id](#output\_domain\_zone\_id) | DNS Zone ID |
+| <a name="output_domain_zone_ns"></a> [domain\_zone\_ns](#output\_domain\_zone\_ns) | DNS Zone Nameservers |
+| <a name="output_ptr_zone_id"></a> [ptr\_zone\_id](#output\_ptr\_zone\_id) | DNS PTR Zone IDs |
+| <a name="output_ptr_zone_info"></a> [ptr\_zone\_info](#output\_ptr\_zone\_info) | DNS PTR Zone Info |
+| <a name="output_ptr_zone_ns"></a> [ptr\_zone\_ns](#output\_ptr\_zone\_ns) | DNS PTR Zone Nameservers |
+<!-- END_TF_DOCS -->

examples/shared-vpc-setup-tf-upgrade/apps/dns/associate-shared.tf

@@ -0,0 +1,25 @@
+## locals {
+##   reverse_zones = flatten([
+##     "10.in-addr.arpa",
+##     "168.192.in-addr.arpa",
+##     "129.148.in-addr.arpa",
+##     [for x in range(16, 32) : format("%v.172.in-addr.arpa", x)],
+##   ])
+##   reverse_rules  = formatlist("reverse-%v", local.reverse_zones)
+##   forward_rules  = ["forward-all-onprem", "amazon"]
+##   all_main_rules = formatlist("resolver-%v", concat(local.forward_rules, local.reverse_rules))
+## }
+
+data "aws_route53_resolver_rules" "all_rules" {
+  share_status = "SHARED_WITH_ME"
+}
+
+data "aws_route53_resolver_rules" "all_rules_me" {
+  share_status = "SHARED_BY_ME"
+}
+
+resource "aws_route53_resolver_rule_association" "all_rules" {
+  for_each         = length(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) > 0 ? toset(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) : (var.profile != var.main_dns_profile ? toset(data.aws_route53_resolver_rules.all_rules_me.resolver_rule_ids) : toset([]))
+  resolver_rule_id = each.key
+  vpc_id           = local.vpc_id
+}

examples/shared-vpc-setup-tf-upgrade/apps/dns/locals.tf

@@ -0,0 +1,13 @@
+locals {
+  base_tags = {
+    "boc:created_by" = "terraform"
+  }
+}
+
+locals {
+  vpc_info       = data.terraform_remote_state.vpc_REGION_vpcN.outputs.vpc_info
+  vpc_id         = local.vpc_info["vpc_id"]
+  domain_name    = local.vpc_info["vpc_domain_name"]
+  dns_servers    = local.vpc_info["vpc_dns_servers"]
+  vpc_short_name = local.vpc_info["vpc_short_name"]
+}

examples/shared-vpc-setup-tf-upgrade/apps/dns/provider.main_dns.tf

@@ -0,0 +1,11 @@
+provider "aws" {
+  alias   = "east_main_dns"
+  region  = var.region_map["east"]
+  profile = var.main_dns_profile
+}
+
+provider "aws" {
+  alias   = "west_main_dns"
+  region  = var.region_map["west"]
+  profile = var.main_dns_profile
+}

examples/shared-vpc-setup-tf-upgrade/apps/dns/region.tf

@@ -0,0 +1,3 @@
+locals {
+  region = var.region
+}

examples/shared-vpc-setup-tf-upgrade/apps/dns/sort-ip.py

@@ -0,0 +1,19 @@
+#!/bin/env python
+
+import json
+import sys
+import ipaddress
+
+r=0
+outdata={'ip_addresses_sorted':''}
+try:
+  indata=json.load(sys.stdin)
+  ipa=indata['ip_addresses'].split(',')
+  ips=sorted(ipa,key=ipaddress.ip_address)
+  outdata['ip_addresses_sorted']=','.join(ips)
+  print(json.dumps(outdata))
+except:
+  sys.stderr.write("unable to parse input address\n")
+  r=1
+
+sys.exit(r)