discover vpc cidr block

vpc-transit-gateway-association/README.md

@@ -68,6 +68,7 @@ This sets up the necessary transit gateway configuration for attaching a VPC wit
 | [aws_ec2_transit_gateway_route_tables.route_tables_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_tables) | data source |
 | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
 

vpc-transit-gateway-association/availabilty_zones.tf

@@ -0,0 +1,30 @@
+# locals {
+#   az_list       = data.aws_availability_zones.zones.names
+#   az_count      = length(local.az_list)
+#   az_count_list = range(local.az_count)
+# }
+
+data "aws_availability_zones" "zones" {
+  state = "available"
+}
+
+data "aws_availability_zone" "zone" {
+  for_each = toset(sort(data.aws_availability_zones.zones.names))
+  state    = "available"
+  name     = each.key
+}
+
+output "availability_zone_names" {
+  description = "VPC Availability zone name list (3)"
+  value       = [for k, v in data.aws_availability_zone.zone : k]
+}
+
+output "availability_zone_ids" {
+  description = "VPC Availability zone id list (3)"
+  value       = [for k, v in data.aws_availability_zone.zone : v.zone_id]
+}
+
+output "availability_zone_suffixes" {
+  description = "VPC Availability zone suffix list (3)"
+  value       = [for k, v in data.aws_availability_zone.zone : v.name_suffix]
+}

vpc-transit-gateway-association/data.tf

@@ -0,0 +1,29 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_arn" "current" {
+  arn = data.aws_caller_identity.current.arn
+}
+
+data "aws_region" "current" {}
+
+data "aws_iam_account_alias" "current" {}
+
+# output "caller_account_id" {
+#   value = data.aws_caller_identity.current.account_id
+# }
+#
+# output "account_caller_arn" {
+#   value = data.aws_caller_identity.current.arn
+# }
+#
+# output "account_caller_arn_partition" {
+#   value = data.aws_arn.current.partition
+# }
+#
+# output "account_region_name" {
+#   value = data.aws_region.current.name
+# }
+#
+# output "account_alias" {
+#   value = data.aws_iam_account_alias.current.account_alias
+# }

vpc-transit-gateway-association/data.vpc.tf

@@ -0,0 +1,3 @@
+data "aws_vpc" "vpc" {
+  id = var.vpc_id
+}

vpc-transit-gateway-association/defaults.tf

@@ -0,0 +1,55 @@
+# for the accesss logs for load balancers
+# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
+
+locals {
+  _defaults = {
+    "load-balancer" = {
+      "gov"           = ["190560391635", "048591011584"]
+      "us-gov-east-1" = "190560391635"
+      "us-gov-west-1" = "048591011584"
+
+      "ew"        = ["127311923021", "033677994240", "027434742980", "797873946194"]
+      "us-east-1" = "127311923021"
+      "us-east-2" = "033677994240"
+      "us-west-1" = "027434742980"
+      "us-west-2" = "797873946194"
+    }
+    "ses" = {
+      "event_types" = ["bounce", "delivery", "complaint"]
+    }
+    #---
+    #   description = "Map of all rules where each entry is a tuple of: [from_port, to_port, egress, protocol, action, description]"
+    #   type        = map(tuple([number, number, bool, string, string, string]))
+    #---
+    "nacl_all_rules" = {
+      # basic outbounds
+      ephemeral_outbound = [1024, 65535, true, "tcp", "allow", "ephemeral-outbound"]
+      all_outbound       = [0, 0, true, "all", "allow", "all-outbound"]
+      http_outbound      = [80, 80, true, "tcp", "allow", "http-outbound"]
+      https_outbound     = [443, 443, true, "tcp", "allow", "https-outbound"]
+
+      # basic inbounds
+      ephemeral_inbound = [1024, 65535, false, "tcp", "allow", "ephemeral-inbound"]
+      all_inbound       = [0, 0, false, "all", "allow", "all-inbound"]
+      http_inbound      = [80, 80, false, "tcp", "allow", "http-inbound"]
+      https_inbound     = [443, 443, false, "tcp", "allow", "https-inbound"]
+      ssh_inbound       = [22, 22, false, "tcp", "allow", "https-inbound"]
+    }
+    #---
+    # vpc varies by specific VPC cidr block, this will be merged with the actual vpc CIDR
+    #---
+    "nacl_all_cidr_blocks" = {
+      "all"        = ["0.0.0.0/0"]
+      "enterprise" = ["148.129.0.0/16", "172.16.0.0/12", "192.168.0.0/16", "10.0.0.0/8"]
+      "vpc"        = []
+      "endpoints"  = []
+      "additional" = []
+      "peers"      = []
+    }
+    "transit-gateway-environments" = ["services", "dev", "test", "stage", "prod", "cre"]
+    "role" = {
+      "force_detach_policies" = false
+      "max_session_duration"  = 3600
+    }
+  }
+}

vpc-transit-gateway-association/prefixes.tf

@@ -0,0 +1,33 @@
+locals {
+  _prefixes = {
+    "efs"            = "v-efs-"
+    "s3"             = "v-s3-"
+    "ebs"            = "v-ebs-"
+    "kms"            = "k-kms-"
+    "role"           = "r-"
+    "policy"         = "p-"
+    "group"          = "g-"
+    "security-group" = "" # "sg-"
+    # VPC
+    "vpc"                         = ""
+    "dhcp-options"                = ""
+    "vpc-peer"                    = "vpcp-"
+    "route-table"                 = "route-"
+    "subnet"                      = ""
+    "vpc-endpoint"                = "vpce-"
+    "elastic-ip"                  = "eip-"
+    "nat-gateway"                 = "nat-"
+    "internet-gateway"            = "igw-"
+    "network-acl"                 = "nacl-"
+    "customer-gateway"            = "cgw-"
+    "vpn-gateway"                 = "vpcg-"
+    "vpn-connection"              = "vpn_"
+    "log-group"                   = "lg-"
+    "log-stream"                  = "lgs-"
+    "transit-gateway"             = "tgw-"
+    "transit-gateway-peer"        = "tgwp-"
+    "transit-gateway-route-table" = "tgwr-"
+    "transit-gateway-attachment"  = "tgwa-"
+    "transit-gateway-vpn"         = "tgwv-"
+  }
+}

vpc-transit-gateway-association/routing.tf

@@ -15,7 +15,7 @@ module "routing_attachment_ipv4" {
 
   vpc_name       = var.vpc_name
   vpc_short_name = var.vpc_short_name
-  vpc_cidr_block = var.vpc_cidr_block
+  vpc_cidr_block = data.aws_vpc.vpc.cidr_block
   #  vpc_index      = var.vpc_index
 
   tags = merge(

vpc-transit-gateway-association/variables.common.availability_zones.tf

@@ -0,0 +1,5 @@
+variable "availability_zones" {
+  description = "AWS Availability Zones to use (by default will use all available)"
+  type        = list(string)
+  default     = []
+}

vpc-transit-gateway-association/variables.common.tf

@@ -0,0 +1,26 @@
+#---
+# account info
+#---
+variable "account_id" {
+  description = "AWS Account ID (default: will pull from current user)"
+  type        = string
+  default     = ""
+}
+
+variable "account_alias" {
+  description = "AWS Account Alias (default: will pull from current account_alias)"
+  type        = string
+  default     = ""
+}
+
+variable "override_prefixes" {
+  description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things"
+  type        = map(string)
+  default     = {}
+}
+
+variable "tags" {
+  description = "AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data_safeguard field for such things."
+  type        = map(string)
+  default     = {}
+}

vpc-transit-gateway-association/variables.common.vpc.tf

@@ -0,0 +1,32 @@
+#---
+# common variables for defining specific VPC components used throughout the submodules
+#---
+variable "vpc_name" {
+  description = "VPC name component used through the VPC descrbing its purpose (ex: dice-dev)"
+  type        = string
+  default     = null
+}
+
+variable "vpc_short_name" {
+  description = "VPC short name component (vpc{index})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_full_name" {
+  description = "VPC full name component (vpc{index}-{vpc_name})"
+  type        = string
+  default     = null
+}
+
+variable "vpc_index" {
+  description = "VPC index number (integer starting at 1)"
+  type        = number
+  default     = null
+}
+
+variable "vpc_environment" {
+  description = "VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod)"
+  type        = string
+  default     = null
+}

vpc-transit-gateway-association/variables.common.vpc_id.tf

@@ -0,0 +1,5 @@
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+}
+

vpc-transit-gateway-association/variables.create.tf

@@ -0,0 +1,5 @@
+variable "create" {
+  description = "Flag to indicate whether to create the resources or not (default: true)"
+  type        = bool
+  default     = true
+}

vpc-transit-gateway-association/version.tf

@@ -0,0 +1,23 @@
+locals {
+  _module_version = "2.4.0"
+  _module_names = {
+    "_main_" = "aws-vpc-setup"
+
+    "flowlogs"                        = "aws-vpc-setup/flowlogs"
+    "flowlogs-transit-gateway"        = "aws-vpc-setup/flowlogs-transit-gateway"
+    "flowlogs-role"                   = "aws-vpc-setup/flowlogs-role"
+    "nacl-rules"                      = "aws-vpc-setup/nacl-rules"
+    "nacls"                           = "aws-vpc-setup/nacls"
+    "peer"                            = "aws-vpc-setup/peer"
+    "routing"                         = "aws-vpc-setup/routing"
+    "security-groups"                 = "aws-vpc-setup/security-groups"
+    "subnets"                         = "aws-vpc-setup/subnets"
+    "tag-shared-vpc-resources"        = "aws-vpc-setup/tag-shared-vpc-resources"
+    "vpc"                             = "aws-vpc-setup/vpc"
+    "vpc-interface-endpoint"          = "aws-vpc-setup/vpc-interface-endpoint"
+    "vpn"                             = "aws-vpc-setup/vpn"
+    "vpn-transit-gateway"             = "aws-vpc-setup/vpn-transit-gateway"
+    "vpn-transit-gateway"             = "aws-vpc-setup/vpn-transit-gateway"
+    "vpc-transit-gateway-association" = "aws-vpc-setup/vpc-transit-gateway-association"
+  }
+}