add vpc

terraform-modules · May 3, 2021 · 9b6ab94 · 9b6ab94
1 parent dd26bf0
commit 9b6ab94
Show file tree

Hide file tree

Showing 16 changed files with 547 additions and 0 deletions.
diff --git a/vpc/data.tf b/vpc/data.tf
@@ -0,0 +1 @@
+../common/data.tf
diff --git a/vpc/defaults.tf b/vpc/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
diff --git a/vpc/locals.tf b/vpc/locals.tf
@@ -0,0 +1,31 @@
+locals {
+  az_list       = data.aws_availability_zones.zones.names
+  az_count      = length(local.az_list)
+  az_count_list = range(local.az_count)
+  region        = data.aws_region.current.name
+}
+
+data "aws_availability_zones" "zones" {
+  state = "available"
+}
+
+data "aws_availability_zone" "zone" {
+  count = length(data.aws_availability_zones.zones.names)
+  state = "available"
+  name  = data.aws_availability_zones.zones.names[count.index]
+}
+
+output "availability_zone_names" {
+  description = "VPC Availability zone name list (3)"
+  value       = data.aws_availability_zones.zones.names
+}
+
+output "availability_zone_ids" {
+  description = "VPC Availability zone id list (3)"
+  value       = data.aws_availability_zones.zones.zone_ids
+}
+
+output "availability_zone_suffixes" {
+  description = "VPC Availability zone suffix list (3)"
+  value       = data.aws_availability_zone.zone[*].name_suffix
+}
diff --git a/vpc/main.tf b/vpc/main.tf
@@ -0,0 +1,74 @@
+/*
+* # About aws-vpc-setup :: vpc
+* 
+* This submodule creates a VPC with DHCP setting.  Used in conjunction with other submodules (routing, subnets, etc.)
+* it allows for a complete setup.  See the [main module](../README.md) documentation for more details.
+* 
+* # Usage
+* 
+* ```hcl
+* module "vpc" {
+*   source               = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc"
+*   vpc_name             = var.vpc_name
+*   vpc_cidr_block       = var.vpc_cidr_block
+*   vpc_index            = var.vpc_index
+*   vpc_short_name       = var.vpc_short_name
+*   vpc_full_name        = var.vpc_full_name
+*   vpc_environment      = var.vpc_environment
+*   vpc_domain_name      = var.vpc_domain_name
+*   vpc_dns_servers      = var.vpc_dns_servers
+*   vpc_ntp_servers      = var.vpc_ntp_servers
+*
+*   # optional
+*   enable_dns_support   = true
+*   enable_dns_hostnames = true
+* 
+*   tags = {}
+* }
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:created_by"        = "terraform"
+  }
+}
+
+#---
+# dhcp options
+#---
+resource "aws_vpc_dhcp_options" "vpc" {
+  domain_name         = var.vpc_domain_name != "" ? var.vpc_domain_name : "unknown.census.gov"
+  domain_name_servers = var.vpc_dns_servers
+  ntp_servers         = var.vpc_ntp_servers
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    map("Name", format("%v-dhcp-options", var.vpc_full_name)),
+  )
+}
+
+resource "aws_vpc_dhcp_options_association" "vpc" {
+  vpc_id          = aws_vpc.vpc.id
+  dhcp_options_id = aws_vpc_dhcp_options.vpc.id
+}
+
+#---
+# vpc
+#---
+resource "aws_vpc" "vpc" {
+  cidr_block           = var.vpc_cidr_block
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    map("Name", var.vpc_full_name),
+  )
+}
+
diff --git a/vpc/original-README.md b/vpc/original-README.md
@@ -0,0 +1,110 @@
+
+1. copy from prior vpc
+
+cd e1-vpc1-services
+rsync -avRWH . ../e1-vpc2-production/ --exclude=.terraform --exclude=logs
+
+1. update remote_state.yml to change the directory line to reflect the current vpc
+
+directory: "vpc/e1-vpc2"
+
+1. run the script
+
+./init/setup-generate-rs-backend.py
+
+{'account_alias': 'do2-govcloud',
+ 'account_id': '107742151971',
+ 'aws_environment': 'govcloud',
+ 'bucket': 'inf-tfstate-107742151971',
+ 'bucket_region': 'us-gov-west-1',
+ 'directory': 'vpc/e1-vpc2',
+ 'profile': '107742151971-do2-govcloud',
+ 'region': 'us-gov-east-1',
+ 'regions': ['us-gov-east-1']}
+
+* creating file remote_state.backend.tf.new
+* creating file remote_state.vpc_e1-vpc2.tf.s3
+* touching file remote_state.vpc_e1-vpc2.tf.none
+* sample ln commands to run
+
+# ln -sf remote_state.vpc_e1-vpc2.tf.none remote_state.vpc_e1-vpc2.tf
+# ln -sf remote_state.vpc_e1-vpc2.tf.s3 remote_state.vpc_e1-vpc2.tf
+
+1. rename the remote_state.backend.tf.new to remote_state.backend.tf (this will be unnecessary shortly)
+
+mv remote_state.backend.tf.new remote_state.backend.tf
+
+1. run first ln, since there is no state in s3 yet
+
+ln -sf remote_state.vpc_e1-vpc2.tf.none remote_state.vpc_e1-vpc2.tf
+
+1. remove files from a previous vpc
+
+rm remote_state.vpc_e1-vpc1*
+
+1. update these files for the proper configurations for the vpc
+
+* variables.vpc.auto.tfvars
+
+This has the main cidr block and other settings
+
+vpc_index               = 2
+vpc_short_name          = "vpc2"
+vpc_environment         = "production"
+vpc_full_name           = "vpc2-production"
+vpc_cidr_block          = "10.197.32.0/19"
+vpc_vpn_dynamic_routing = true
+vpc_enable_igw          = false
+vpc_enable_nat          = false
+vpc_enable_vpn          = true
+
+vpn_connections = {
+  hq : {
+    "asn_id" : 65510,
+    "ip" : "148.129.160.13"
+  }
+  bcc : {
+    "asn_id" : 65511,
+    "ip" : "148.129.90.13"
+  }
+}
+
+* variables.subnet.auto.tfvars
+
+This lists the subnets
+
+subnet_maps = [
+  {
+    label   = "web"
+    bits    = 2
+    private = true
+  },
+  .
+  .
+]
+
+* subnet.local.tf
+
+This sets up the breakdown of subnet cidrs for the subnets listed in variables.subnet.auto.tfvars
+
+locals {
+  subnet_cidrs = cidrsubnets(var.vpc_cidr_block, 3, 3, 3, 4, 5)
+}
+
+* variables.peers.auto.tfvars.disabled
+
+This is for when peering is enabled.
+
+# After Apply
+
+1. run second ln, since there is now a  state in s3
+
+ln -sf remote_state.vpc_e1-vpc2.tf.s3 remote_state.vpc_e1-vpc2.tf
+
+
+1. download config for vpn from vpn connection
+
+save respectively as:
+
+hq_(filename)
+bcc_(filename)
diff --git a/vpc/outputs.tf b/vpc/outputs.tf
@@ -0,0 +1,30 @@
+output "vpc_id" {
+  description = "VPC ID"
+  value       = aws_vpc.vpc.id
+}
+
+output "vpc_arn" {
+  description = "VPC ARN"
+  value       = aws_vpc.vpc.arn
+}
+
+output "vpc_domain_name" {
+  description = "VPC domain name"
+  value       = var.vpc_domain_name
+}
+
+output "vpc_dns_servers" {
+  description = "VPC DNS Servers"
+  value       = var.vpc_dns_servers
+}
+
+output "vpc_info" {
+  description = "VPC info"
+  value = {
+    "vpc_id"        = aws_vpc.vpc.id
+    "vpc_arn"       = aws_vpc.vpc.arn
+    "vpc_full_name" = var.vpc_full_name
+    #    "s3_endpoint_id"       = aws_vpc_endpoint.s3.id
+    #    "dynamodb_endpoint_id" = aws_vpc_endpoint.dynamodb.id
+  }
+}
diff --git a/vpc/parameters.tf b/vpc/parameters.tf
@@ -0,0 +1,19 @@
+# data "template_file" "dns_parameters" {
+#   template = file("${path.root}/templates/setting_dns.json.tpl")
+#   vars = {
+#     vpc_domain_name = var.vpc_environment == "shared" || var.vpc_environment == "prod" ? var.vpc_domain_name : "${var.vpc_environment}.${var.vpc_domain_name}"
+#     vpc_dns_servers = join(",", var.vpc_dns_servers)
+#   }
+# }
+# 
+# resource "aws_ssm_parameter" "dns_parameters" {
+#   name        = "/${var.vpc_environment}/settings/dns"
+#   description = "DNS settings for environment ${var.vpc_environment}"
+#   type        = "String"
+#   value       = data.template_file.dns_parameters.rendered
+# 
+#   tags = merge(
+#     local.common_tags,
+#     map("Name", "${var.vpc_name}-${var.vpc_environment}-dns-settings")
+#   )
+# }
diff --git a/vpc/prefixes.tf b/vpc/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
diff --git a/vpc/templates/setting_dns.json.tpl b/vpc/templates/setting_dns.json.tpl
@@ -0,0 +1,4 @@
+{
+  "domain": "${vpc_domain_name}",
+  "nameservers": "${vpc_dns_servers}"
+}
diff --git a/vpc/variables.common.tf b/vpc/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
diff --git a/vpc/variables.common.vpc.tf b/vpc/variables.common.vpc.tf
@@ -0,0 +1 @@
+../common/variables.common.vpc.tf
diff --git a/vpc/variables.tf b/vpc/variables.tf
@@ -0,0 +1,97 @@
+variable "vpc_cidr_block" {
+  description = "VPC CIDR Block"
+  type        = string
+}
+
+variable "enable_dns_support" {
+  description = "Enable DNS support within the VPC"
+  type        = bool
+  default     = true
+}
+
+variable "enable_dns_hostnames" {
+  description = "Enable DNS hostnames within the VPC"
+  type        = bool
+  default     = true
+}
+
+###
+## 
+## variable "vpc_domain_name" {
+##   description = "Domain Name"
+##   default     = "csp1.census.gov"
+## }
+## 
+## variable "dhcp_vpc_domain_name" {
+##   description = "Domain Name for DHCP Options"
+##   default     = "compute.csp1.census.gov"
+## }
+## 
+## variable "vpc_dns_servers" {
+##   description = "Enterprise DNS Servers"
+##   #  default     = ["10.193.0.22", "10.193.2.22" ]
+##   default = ["148.129.127.22", "148.129.191.22"]
+##   # add 10.193.0.22, 10.193.2.22
+## }
+## 
+## variable "vpc_ntp_servers" {
+##   description = "Enterprise NTP Servers"
+##   default     = ["148.129.127.23", "148.129.191.23"]
+## }
+## 
+## variable "network_census" {
+##   description = "Census Subnets"
+##   type        = list
+##   default     = ["148.129.0.0/16", "172.16.0.0/12", "192.168.0.0/16"]
+## }
+## 
+## variable "network_peers" {
+##   description = "Census AWS Peer Subnets"
+##   type        = list
+##   default     = ["10.193.0.0/19"]
+##   #  default = [ ]
+## }
+## 
+## variable "vpn_connections" {
+##   description = "VPN Connection Details"
+##   type        = map
+## }
+## 
+## variable "vpc_vpn_dynamic_routing" {
+##   description = "Dyanmic routing with BGP (true | false)"
+##   type        = bool
+## }
+## 
+## variable "vpc_enable_igw" {
+##   description = "Enable AWS Internet Gateway (IGW) on the VPC (true | false[x])"
+##   type        = bool
+##   default     = false
+## }
+## 
+## variable "vpc_enable_nat" {
+##   description = "Enable AWS NAT Gateway on the VPC (true | false[x])"
+##   type        = bool
+##   default     = false
+## }
+## 
+## variable "vpc_enable_vpn" {
+##   description = "Enable AWS VPN Configuration on the VPC (true[x] | false)"
+##   type        = bool
+##   default     = true
+## }
+## 
+## # bits is the extra size of the bits from the subnet, which is split from the size of the vpc cidr
+## #   vpc_cidr = /19
+## #   cidr_subnets defines values (19 + N)
+## #   this bits gets you (19 + N + bits)
+## #   example: /19 vpc cidr, 3 for cidr means a /22 (19+3) and then 2 for bits means /24
+## variable "subnet_maps" {
+##   description = "Subnet objects"
+##   type = list(object(
+##     {
+##       label   = string
+##       bits    = number
+##       private = bool
+##   }))
+## }
+##