diff --git a/vpc-transit-gateway-association/README.md b/vpc-transit-gateway-association/README.md index bc025b7..a1e7df1 100644 --- a/vpc-transit-gateway-association/README.md +++ b/vpc-transit-gateway-association/README.md @@ -68,6 +68,7 @@ This sets up the necessary transit gateway configuration for attaching a VPC wit | [aws_ec2_transit_gateway_route_tables.route_tables_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_tables) | data source | | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs diff --git a/vpc-transit-gateway-association/availabilty_zones.tf b/vpc-transit-gateway-association/availabilty_zones.tf deleted file mode 120000 index 00a240c..0000000 --- a/vpc-transit-gateway-association/availabilty_zones.tf +++ /dev/null @@ -1 +0,0 @@ -../common/availabilty_zones.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/availabilty_zones.tf b/vpc-transit-gateway-association/availabilty_zones.tf new file mode 100644 index 0000000..ee62075 --- /dev/null +++ b/vpc-transit-gateway-association/availabilty_zones.tf @@ -0,0 +1,30 @@ +# locals { +# az_list = data.aws_availability_zones.zones.names +# az_count = length(local.az_list) +# az_count_list = range(local.az_count) +# } + +data "aws_availability_zones" "zones" { + state = "available" +} + +data "aws_availability_zone" "zone" { + for_each = toset(sort(data.aws_availability_zones.zones.names)) + state = "available" + name = each.key +} + +output "availability_zone_names" { + description = "VPC Availability zone name list (3)" + value = [for k, v in data.aws_availability_zone.zone : k] +} + +output "availability_zone_ids" { + description = "VPC Availability zone id list (3)" + value = [for k, v in data.aws_availability_zone.zone : v.zone_id] +} + +output "availability_zone_suffixes" { + description = "VPC Availability zone suffix list (3)" + value = [for k, v in data.aws_availability_zone.zone : v.name_suffix] +} diff --git a/vpc-transit-gateway-association/data.tf b/vpc-transit-gateway-association/data.tf deleted file mode 120000 index 995624d..0000000 --- a/vpc-transit-gateway-association/data.tf +++ /dev/null @@ -1 +0,0 @@ -../common/data.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/data.tf b/vpc-transit-gateway-association/data.tf new file mode 100644 index 0000000..f68425f --- /dev/null +++ b/vpc-transit-gateway-association/data.tf @@ -0,0 +1,29 @@ +data "aws_caller_identity" "current" {} + +data "aws_arn" "current" { + arn = data.aws_caller_identity.current.arn +} + +data "aws_region" "current" {} + +data "aws_iam_account_alias" "current" {} + +# output "caller_account_id" { +# value = data.aws_caller_identity.current.account_id +# } +# +# output "account_caller_arn" { +# value = data.aws_caller_identity.current.arn +# } +# +# output "account_caller_arn_partition" { +# value = data.aws_arn.current.partition +# } +# +# output "account_region_name" { +# value = data.aws_region.current.name +# } +# +# output "account_alias" { +# value = data.aws_iam_account_alias.current.account_alias +# } diff --git a/vpc-transit-gateway-association/data.vpc.tf b/vpc-transit-gateway-association/data.vpc.tf new file mode 100644 index 0000000..34f3677 --- /dev/null +++ b/vpc-transit-gateway-association/data.vpc.tf @@ -0,0 +1,3 @@ +data "aws_vpc" "vpc" { + id = var.vpc_id +} diff --git a/vpc-transit-gateway-association/defaults.tf b/vpc-transit-gateway-association/defaults.tf deleted file mode 120000 index a5556ac..0000000 --- a/vpc-transit-gateway-association/defaults.tf +++ /dev/null @@ -1 +0,0 @@ -../common/defaults.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/defaults.tf b/vpc-transit-gateway-association/defaults.tf new file mode 100644 index 0000000..263025b --- /dev/null +++ b/vpc-transit-gateway-association/defaults.tf @@ -0,0 +1,55 @@ +# for the accesss logs for load balancers +# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions + +locals { + _defaults = { + "load-balancer" = { + "gov" = ["190560391635", "048591011584"] + "us-gov-east-1" = "190560391635" + "us-gov-west-1" = "048591011584" + + "ew" = ["127311923021", "033677994240", "027434742980", "797873946194"] + "us-east-1" = "127311923021" + "us-east-2" = "033677994240" + "us-west-1" = "027434742980" + "us-west-2" = "797873946194" + } + "ses" = { + "event_types" = ["bounce", "delivery", "complaint"] + } + #--- + # description = "Map of all rules where each entry is a tuple of: [from_port, to_port, egress, protocol, action, description]" + # type = map(tuple([number, number, bool, string, string, string])) + #--- + "nacl_all_rules" = { + # basic outbounds + ephemeral_outbound = [1024, 65535, true, "tcp", "allow", "ephemeral-outbound"] + all_outbound = [0, 0, true, "all", "allow", "all-outbound"] + http_outbound = [80, 80, true, "tcp", "allow", "http-outbound"] + https_outbound = [443, 443, true, "tcp", "allow", "https-outbound"] + + # basic inbounds + ephemeral_inbound = [1024, 65535, false, "tcp", "allow", "ephemeral-inbound"] + all_inbound = [0, 0, false, "all", "allow", "all-inbound"] + http_inbound = [80, 80, false, "tcp", "allow", "http-inbound"] + https_inbound = [443, 443, false, "tcp", "allow", "https-inbound"] + ssh_inbound = [22, 22, false, "tcp", "allow", "https-inbound"] + } + #--- + # vpc varies by specific VPC cidr block, this will be merged with the actual vpc CIDR + #--- + "nacl_all_cidr_blocks" = { + "all" = ["0.0.0.0/0"] + "enterprise" = ["148.129.0.0/16", "172.16.0.0/12", "192.168.0.0/16", "10.0.0.0/8"] + "vpc" = [] + "endpoints" = [] + "additional" = [] + "peers" = [] + } + "transit-gateway-environments" = ["services", "dev", "test", "stage", "prod", "cre"] + "role" = { + "force_detach_policies" = false + "max_session_duration" = 3600 + } + } +} diff --git a/vpc-transit-gateway-association/prefixes.tf b/vpc-transit-gateway-association/prefixes.tf deleted file mode 120000 index 7e265d5..0000000 --- a/vpc-transit-gateway-association/prefixes.tf +++ /dev/null @@ -1 +0,0 @@ -../common/prefixes.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/prefixes.tf b/vpc-transit-gateway-association/prefixes.tf new file mode 100644 index 0000000..361746b --- /dev/null +++ b/vpc-transit-gateway-association/prefixes.tf @@ -0,0 +1,33 @@ +locals { + _prefixes = { + "efs" = "v-efs-" + "s3" = "v-s3-" + "ebs" = "v-ebs-" + "kms" = "k-kms-" + "role" = "r-" + "policy" = "p-" + "group" = "g-" + "security-group" = "" # "sg-" + # VPC + "vpc" = "" + "dhcp-options" = "" + "vpc-peer" = "vpcp-" + "route-table" = "route-" + "subnet" = "" + "vpc-endpoint" = "vpce-" + "elastic-ip" = "eip-" + "nat-gateway" = "nat-" + "internet-gateway" = "igw-" + "network-acl" = "nacl-" + "customer-gateway" = "cgw-" + "vpn-gateway" = "vpcg-" + "vpn-connection" = "vpn_" + "log-group" = "lg-" + "log-stream" = "lgs-" + "transit-gateway" = "tgw-" + "transit-gateway-peer" = "tgwp-" + "transit-gateway-route-table" = "tgwr-" + "transit-gateway-attachment" = "tgwa-" + "transit-gateway-vpn" = "tgwv-" + } +} diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/routing.tf index ae58c60..72d91e6 100644 --- a/vpc-transit-gateway-association/routing.tf +++ b/vpc-transit-gateway-association/routing.tf @@ -15,7 +15,7 @@ module "routing_attachment_ipv4" { vpc_name = var.vpc_name vpc_short_name = var.vpc_short_name - vpc_cidr_block = var.vpc_cidr_block + vpc_cidr_block = data.aws_vpc.vpc.cidr_block # vpc_index = var.vpc_index tags = merge( diff --git a/vpc-transit-gateway-association/variables.common.availability_zones.tf b/vpc-transit-gateway-association/variables.common.availability_zones.tf deleted file mode 120000 index dca20a3..0000000 --- a/vpc-transit-gateway-association/variables.common.availability_zones.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.availability_zones.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/variables.common.availability_zones.tf b/vpc-transit-gateway-association/variables.common.availability_zones.tf new file mode 100644 index 0000000..3e17e57 --- /dev/null +++ b/vpc-transit-gateway-association/variables.common.availability_zones.tf @@ -0,0 +1,5 @@ +variable "availability_zones" { + description = "AWS Availability Zones to use (by default will use all available)" + type = list(string) + default = [] +} diff --git a/vpc-transit-gateway-association/variables.common.tf b/vpc-transit-gateway-association/variables.common.tf deleted file mode 120000 index 7439ed8..0000000 --- a/vpc-transit-gateway-association/variables.common.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/variables.common.tf b/vpc-transit-gateway-association/variables.common.tf new file mode 100644 index 0000000..2039ab9 --- /dev/null +++ b/vpc-transit-gateway-association/variables.common.tf @@ -0,0 +1,26 @@ +#--- +# account info +#--- +variable "account_id" { + description = "AWS Account ID (default: will pull from current user)" + type = string + default = "" +} + +variable "account_alias" { + description = "AWS Account Alias (default: will pull from current account_alias)" + type = string + default = "" +} + +variable "override_prefixes" { + description = "Override built-in prefixes by component. This should be used primarily for common infrastructure things" + type = map(string) + default = {} +} + +variable "tags" { + description = "AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data_safeguard field for such things." + type = map(string) + default = {} +} diff --git a/vpc-transit-gateway-association/variables.common.vpc.tf b/vpc-transit-gateway-association/variables.common.vpc.tf deleted file mode 120000 index 5e77d37..0000000 --- a/vpc-transit-gateway-association/variables.common.vpc.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.vpc.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/variables.common.vpc.tf b/vpc-transit-gateway-association/variables.common.vpc.tf new file mode 100644 index 0000000..30643a3 --- /dev/null +++ b/vpc-transit-gateway-association/variables.common.vpc.tf @@ -0,0 +1,32 @@ +#--- +# common variables for defining specific VPC components used throughout the submodules +#--- +variable "vpc_name" { + description = "VPC name component used through the VPC descrbing its purpose (ex: dice-dev)" + type = string + default = null +} + +variable "vpc_short_name" { + description = "VPC short name component (vpc{index})" + type = string + default = null +} + +variable "vpc_full_name" { + description = "VPC full name component (vpc{index}-{vpc_name})" + type = string + default = null +} + +variable "vpc_index" { + description = "VPC index number (integer starting at 1)" + type = number + default = null +} + +variable "vpc_environment" { + description = "VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod)" + type = string + default = null +} diff --git a/vpc-transit-gateway-association/variables.common.vpc_id.tf b/vpc-transit-gateway-association/variables.common.vpc_id.tf deleted file mode 120000 index 296b297..0000000 --- a/vpc-transit-gateway-association/variables.common.vpc_id.tf +++ /dev/null @@ -1 +0,0 @@ -../common//variables.common.vpc_id.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/variables.common.vpc_id.tf b/vpc-transit-gateway-association/variables.common.vpc_id.tf new file mode 100644 index 0000000..38ced37 --- /dev/null +++ b/vpc-transit-gateway-association/variables.common.vpc_id.tf @@ -0,0 +1,5 @@ +variable "vpc_id" { + description = "VPC ID" + type = string +} + diff --git a/vpc-transit-gateway-association/variables.create.tf b/vpc-transit-gateway-association/variables.create.tf deleted file mode 120000 index de1275b..0000000 --- a/vpc-transit-gateway-association/variables.create.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.create.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/variables.create.tf b/vpc-transit-gateway-association/variables.create.tf new file mode 100644 index 0000000..7613cac --- /dev/null +++ b/vpc-transit-gateway-association/variables.create.tf @@ -0,0 +1,5 @@ +variable "create" { + description = "Flag to indicate whether to create the resources or not (default: true)" + type = bool + default = true +} diff --git a/vpc-transit-gateway-association/version.tf b/vpc-transit-gateway-association/version.tf deleted file mode 120000 index b83c5b7..0000000 --- a/vpc-transit-gateway-association/version.tf +++ /dev/null @@ -1 +0,0 @@ -../common/version.tf \ No newline at end of file diff --git a/vpc-transit-gateway-association/version.tf b/vpc-transit-gateway-association/version.tf new file mode 100644 index 0000000..fe43deb --- /dev/null +++ b/vpc-transit-gateway-association/version.tf @@ -0,0 +1,23 @@ +locals { + _module_version = "2.4.0" + _module_names = { + "_main_" = "aws-vpc-setup" + + "flowlogs" = "aws-vpc-setup/flowlogs" + "flowlogs-transit-gateway" = "aws-vpc-setup/flowlogs-transit-gateway" + "flowlogs-role" = "aws-vpc-setup/flowlogs-role" + "nacl-rules" = "aws-vpc-setup/nacl-rules" + "nacls" = "aws-vpc-setup/nacls" + "peer" = "aws-vpc-setup/peer" + "routing" = "aws-vpc-setup/routing" + "security-groups" = "aws-vpc-setup/security-groups" + "subnets" = "aws-vpc-setup/subnets" + "tag-shared-vpc-resources" = "aws-vpc-setup/tag-shared-vpc-resources" + "vpc" = "aws-vpc-setup/vpc" + "vpc-interface-endpoint" = "aws-vpc-setup/vpc-interface-endpoint" + "vpn" = "aws-vpc-setup/vpn" + "vpn-transit-gateway" = "aws-vpc-setup/vpn-transit-gateway" + "vpn-transit-gateway" = "aws-vpc-setup/vpn-transit-gateway" + "vpc-transit-gateway-association" = "aws-vpc-setup/vpc-transit-gateway-association" + } +}